US Pat. No. 10,171,583

DISTRIBUTED GLOBAL DATA VAULTING MECHANISM FOR GRID BASED STORAGE

International Business Ma...

1. A computer program product for distributed global data vaulting in a grid of server computers, the computer program product comprising a computer readable storage medium having computer readable program code embodied therein that executes to perform operations, the operations comprising:at one of the server computers of the grid of server computers,
assigning a plurality of vault devices for each data element of a plurality of data elements based on a resiliency level,
wherein, for a first priority, each of the plurality of vault devices assigned to a data element is at a different server computer of the grid of server computers; and
wherein, for a second priority, in response to determining that there are not enough vault devices to assign each of the plurality of vault devices at a different server computer, at least two of the plurality of vault devices is a different vault device of a same server computer of the grid of server computers; and
creating a vault distribution table that identifies the plurality of vault devices for each data element; and
at each of the server computers of the grid of server computers,
determining that there is a system shutdown; and
for each data element at that server computer,
retrieving a list of one or more vault devices at other server computers from the vault distribution table; and
dumping the data element to the one or more vault devices at the other server computers.

US Pat. No. 10,171,582

METHOD AND APPARATUS FOR CLIENT TO CONTENT APPLIANCE (CA) SYNCHRONIZATION

Barracuda Networks, Inc.,...

1. A system to support file synchronization and sharing with cloud storage, comprising:a client agent running on a local host configured to
discover and connect to a content appliance (CA) by first requesting an Internet Protocol (IP) address of the CA from the cloud storage,
wherein the CA is a storage device/host configured to locally maintain files previously downloaded from the cloud storage,
wherein the IP address of the CA is either an internal IP address if the CA is located within the same internal network as the local host of the client agent behind a firewall or a public IP address accessible by the client agent over a network;
request and receive a file not stored on the local host from the CA instead of requesting and downloading the file directly from the cloud storage;
provide the file that has been revised or updated locally to the CA, wherein changes made to the file are considered as to have been fully committed by the client agent;
said content appliance (CA) configured to:
serve multiple client agents running on different local hosts by establishing separate secured connections with the multiple client agents, wherein the multiple client agents comprise the client agent, and
request and download the file from the cloud storage or another CA or another client agent of the multiple client agents if the CA does not have the file locally; and
synchronize the changes made to the file to the cloud storage, wherein the cloud storage centrally maintains only one authoritative and most up-to-date copy of the file, which is be accessed and synchronized with the file's local copies by the client agent and the CA over a communication network.

US Pat. No. 10,171,581

BLENDED OPERATIONAL TRANSFORMATION FOR MULTI-USER COLLABORATIVE APPLICATIONS

LIVELOOP, INC., Wilmingt...

1. A method for propagating document changes made to a document by a plurality of users that are editing the document concurrently, the method comprising:determining that a first document change comprise a change that is supported by an existing operational transformation of an operational transformation system and:
propagating the first document change to a base version of the document using the existing operational transformation; and
updating the base version of the document with the first document change;
determining that a second document change comprises an opaque change, an opaque change existing when the operational transformation system detects a change has been made to an object in the document but is unable to determine the actual change to the object, and:
converting the second document change to an opaque operation including a binary large object representation of the change and metadata containing instructions to implement the change;
propagating the opaque operation to the base version of the document;
placing the base version of the document into an opaque operation locked out state;
updating the base version of the document with the converted second document change while in the opaque operation locked out state; and
releasing the opaque operation locked out state on the base version of the document when the base version of the document is updated with the opaque operation; and
determining that a third document change comprises a change unsupported by the operational transformation system, a change unsupported by the operational transformation system existing when the change is completely undetected by the operational transformation system or when the change does not expose its content or location to the operational transformation system, and:
converting the third document change to binary-sync operation including a binary large object representation of the entire document including only the third document change and metadata containing instructions to implement the change;
propagating the binary sync operation to the base version of the document;
placing the base version of the document into a binary-sync locked out state;
updating the base version of the document with the binary-sync operation while the base version of the document is in the binary-sync locked out state; and
releasing the binary-sync operation locked out state on the base version of the document when the base version of the document is updated with the binary-sync operation.

US Pat. No. 10,171,580

GRANULAR INSTANT IMPORT OF REPLICATED VTL CARTRIDGE INTO A BACKUP CATALOG

INTERNATIONAL BUSINESS MA...

1. A method for cataloging replicated data in a backup storage environment, by a processor device, comprising:in a storage system using tape library data replication between an originating site and a backup site, replicating catalog data between the originating site and the backup site such that replicated data moved from the originating site to the backup site is placed into a catalog duplicative of the originating site to efficiently import, at the backup site, the replicated data transferred from the originating site; wherein upon completion of initially replicating a volume of a cartridge from the originating site to the backup site such that the volume nor any data thereof has been previously replicated from the originating site to the backup site, the replicated data therein the replicated volume is automatically, and without user intervention, imported into the duplicative catalog of the backup site when the cartridge is moved to an import/export (I/E) slot of the tape library of the backup site in lieu of manually importing the catalog data to the backup site by an administrator, thereby mitigating time spent performing the replication and importation during a disaster recovery (DR) scenario; and
synchronizing appending catalog data by performing each of:
backing up the volume of the cartridge at the originating site;
prior to commencing replication for the replicated data of the volume from the originating site to the backup site, ejecting a copy of the cartridge through a backup application at the backup site; wherein the ejection includes moving the cartridge to the I/E slot of the tape library at the backup site;
responsive to detecting the cartridge is in the I/E slot, automatically shelving the cartridge in the backup application at the backup site;
commencing the replication for the replicated data of the replicated volume from the originating site to the backup site;
subsequent to completing the replication, moving the cartridge back to the I/E slot at the backup site, wherein, upon moving the cartridge back to the I/E slot, the replicated volume is automatically imported into the duplicative catalog of the backup site.

US Pat. No. 10,171,578

TAPERED COAX LAUNCH STRUCTURE FOR A NEAR FIELD COMMUNICATION SYSTEM

TEXAS INSTRUMENTS INCORPO...

1. A system comprising:a module comprising: a substrate on which a radio frequency (RF) transmitter is mounted, the RF transmitter having an output terminal; a housing having a port region at a surface of the housing; and a tapered transmission line with a conductive element, the conductive element having a first end coupled to the output terminal of the RF transmitter and a second end that terminates at the port region, wherein a characteristic impedance of the tapered transmission line increases along a length of the tapered transmission line from the first end to the second end, and the tapered transmission line has an outside surface separated from the conductive element by a dielectric, in which the dielectric is air.

US Pat. No. 10,171,577

LOCAL AREA NETWORKING SYSTEM

WIFIFACE LLC, Toledo, OH...

1. A local area networking method, the method comprising the steps of:providing a system server in communication with a first mobile device over a wide area network and having a processor coupled to a memory, the memory having processor-executable instructions and at least one database embodied thereon, the at least one database including a listing of unique identifiers associated with mobile devices and a local area server registered with the system server, and a listing of user profiles associated with the mobile devices registered with the system server;
correlating, by the system server, the unique identifiers associated with the mobile devices registered with the system server and the unique identifier associated with the local area server to define an electronic communication or collaboration forum of a local area network, wherein the unique identifiers of the mobile devices registered with the system server are a combination of GPS and either MAC or IP, and the unique identifiers associated with the local area server are BSSID or SSID; and
generating, by the system server on a graphical user interface of the first mobile device, a visual representation of the electronic communication or collaboration forum of the local area network including the mobile devices within the local area network and registered with the system server, the visual representation including a name of the local area network,
at least a portion of the user profiles of the mobile devices within the local area network that are registered with the system server and sharing content,
a notifications control providing at least one of friend requests, application requests and messages to the first mobile device from the mobile devices within the local area network, and
a refresh control configured to allow the first mobile device to force an update of the visual representation, and
wherein at least a portion of the visual representation is shared by all of the registered mobile devices in the local area network,
wherein the first mobile device is permitted to communicate or collaborate with the mobile devices registered with the system server and within the local area network via the graphical user interface,
wherein the first mobile device is permitted to subscribe to a physical location associated with the local area network while in the local area network, and to one of view, communicate to a user, share, and identify an activity of the mobile devices within the local area network and registered with the system server from remote locations by interacting with the visual representation of the electronic communication or collaboration forum of the local area network via the wide area network, and
wherein the system server permits an individual to provide at least one of advertisements, feature offers, discounts, promotions, and items for sale on the visual representation of the local area network.

US Pat. No. 10,171,576

METHOD, APPARATUS, AND SYSTEM FOR INTERACTION BETWEEN TERMINALS

TENCENT TECHNOLOGY (SHENZ...

1. A method for interaction between terminals, comprising:acquiring, by a first terminal, to-be-sent data;
sending, by the first terminal, the to-be-sent data to a second terminal;
displaying, by the first terminal, a display interface;
monitoring whether first operation information from the second terminal is received, the first operation information comprising a processing operation performed by a first user of the second terminal on the to-be-sent data;
updating, by the first terminal, the display interface according to the first operation information, once the first operation information sent by the second terminal is received; and
monitoring, in real time, an operation performed by a second user on the display interface of the first terminal and sending second operation information to the second terminal, wherein the second operation information comprises the operation performed by the second user on the display interface of the first terminal,
wherein:
each of the first terminal and the second terminal comprises a sound sensor for sensing a sound frequency and converting the sound frequency into an electrical signal,
the first operation information and the second operation information are respectively obtained by the sound sensors in the second terminal and the first terminal,
the display interface of the first terminal is updated according to an electrical level of the electrical signal contained in the first operation information from the second terminal,
a low frequency filter is applied to the electrical signal in the first operation information to obtain a filtered signal, the first operation information being sent to the first terminal based on the filtered signal, and
updating the display interface according to the first operation information comprises:
when the electrical level of the electrical signal indicates a first sound frequency, updating a first number of virtual objects on the display interface; and
when the electrical level of the electrical signal indicates a second sound frequency, updating a second number of virtual objects on the display interface.

US Pat. No. 10,171,575

DYNAMIC ALLOCATION OF A QUOTA OF CONSUMER NODES CONNECTING TO A RESOURCE NODE OF A PEER-TO-PEER NETWORK

OATH INC., New York, NY ...

1. A method comprising:periodically computing, by a resource node associated with a computing device, a dynamic quota value associated with a channel-swarm in a peer-to-peer network that is dynamically updated based on current connectivity values of each channel in the channel-swarm that are independent from connectivity conditions of the peer-to-peer network, said channel-swarm comprising a plurality of nodes, a portion of said plurality functioning as consumer nodes and a portion functioning as resource nodes, said resource node providing content to said one or more consumer nodes in the channel-swarm according to said dynamic quota value, said dynamic quota value comprising an indication of an acceptable number of connections between the resource node and the one or more consumer nodes, said resource node being a node in the peer-to-peer network that has contributable available bandwidth for said channel swarm, said resource node does not consume real-time multimedia content in said channel swarm,
said computing the dynamic quota value comprising:
reducing the dynamic quota value upon a determination that at least one of the connections between the resource node and any one of the consumer nodes is a bad connection, the quota reduction further comprising:
determining a step down value from the dynamic quota value, and
updating the dynamic quota by the step down value, and
increasing the dynamic quota value upon a determination that no bad connection with any of the consumer nodes has been encountered during a predefined time interval prior to the increasing of the dynamic quota value, the quota increase further comprising:
determining a step up value from the dynamic quota value; and
updating the dynamic quota value by the step up value; and
allocating, via the resource node, an available upload bandwidth to the one or more of the consumer nodes based on the dynamic quota value.

US Pat. No. 10,171,574

COMPUTER SYSTEM, PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM HAVING JOB PROCESSING PROGRAM

FUJITSU LIMITED, Kawasak...

1. A computer system, which has a plurality of computation nodes and performs an arithmetic processing with respect to a job, the computer system comprising:a reference point determining unit that, when the number of pieces of job attribute information is larger than the number of partial networks constituting a network that connects the plurality of computation nodes, allocates a reference point to the partial network, and that, when the number of the pieces of job attribute information is equal to or smaller than the number of partial networks, arranges a plurality of networks to groups as many as the number of the pieces of job attribute information and allocates a common reference point to each of the groups; and
a node set searching unit that searches for a computation node set that is a set of computation nodes satisfying a predetermined condition related to a remote degree that is an estimate index of a communication time from a node allocation reference point in node coordinate spaces and including the computation node that runs no job, based on running job position information that manages a position of a running job allocated to the node coordinate spaces,
the running job position information includes an entry corresponding to a maximum value and a minimum value of a node coordinates of each dimension of the node coordinate spaces, the entry having a pointer of the entry of a management information that manages a running job.

US Pat. No. 10,171,573

SWAPPING NON-VIRTUALIZING AND SELF-VIRTUALIZING DEVICES

International Business Ma...

13. A system for managing cloud computing resources, the system comprising:a consumer device configured to access a cloud computing environment;
a computer, included in the cloud computing environment, wherein the computer comprises a virtualization instance (VI), a first computing device comprising a non-virtualizing type device, and a second computing device comprising a self-virtualizing type device, wherein the VI is configured to use a first virtual device to provide cloud computing services to the consumer device, and wherein the first virtual device comprises a virtual form of the first computing device; and
a QoS manager communicatively coupled to the computer, wherein the QoS manager comprises at least one processor configured to:
receive first Quality of Service (QoS) metrics associated with the VI providing the cloud computing services to the consumer device;
determine, in response to receiving the QoS metrics, and based at least in part on a first comparison of the QoS metrics with VI QoS objectives, that the VI is unable to meet the VI QoS objectives using the first virtual device;
determine, based on the first virtual device comprising the virtual form of the non-virtualizing computing device that a first substitute virtual device, comprising a virtual form of the self-virtualizing computing device, is available to substitute for the first virtual device and that the VI is able to meet the VI QoS objectives using the first substitute virtual device; and
cause, based at least in part on the VI able to meet the VI QoS objectives using the first substitute virtual device, the computer to configure the VI to use the first substitute virtual device in place of the first virtual device.

US Pat. No. 10,171,572

SERVER POOL MANAGEMENT

International Business Ma...

1. A computer-implemented method of managing a system comprising a pool of servers including a number of active servers, the method comprising:monitoring, by one or more processors, utilization of system capacity, the utilization resulting from a workload of the number of active servers; and
detecting a critical utilization of the system, the detecting comprising:
predicting, by the one or more processors, a duration of the detected critical utilization of the system capacity from a monitoring history of the utilization of the system capacity, wherein the predicted duration comprises a first period of time; and
determining, by the one or more processors, based on the predicted duration, if the predicted duration exceeds a defined threshold, wherein the defined threshold comprises a second period of time, wherein by exceeding the defined threshold, the monitored system capacity utilization would deviate from the monitoring history at a relevant point in time by more time than the second period of time, and wherein by exceeding the defined threshold, the one or more processors determine that increased system overhead is required to handle the detected critical utilization for the predicted duration;
based on the predicted duration exceeding the defined threshold, increasing the number of active servers to handle the detected critical utilization for the predicted duration; and
based on the predicted duration not exceeding the defined threshold, invoking an adjustment of throughput performance of the active servers to handle the detected critical utilization for the predicted duration.

US Pat. No. 10,171,571

DETERMINING AND ASSIGNING A DEFAULT VALUE TO A CURRENT SERVER RESPONSE IF THE CURRENT SERVER RESPONSE IS NOT RECEIVED FROM THE SERVER WITHIN A TIME-LIMIT

International Business Ma...

1. A non-transitory computer usable medium having a computer program executed by a data processing system to communicate with a server and to perform operations, the operations comprising:receiving a current submission of a request;
transmitting an indication of the request to the server for receiving a current server response to the current submission of the request;
assigning a default value to the current server response for the request if the current server response is not received from the server within a time limit with respect to the current submission of the request, wherein the default value is assigned to increase responsiveness to the request by avoiding delays beyond the time limit;
logging a set of operations being performed from the assignment of the default value to the current server response;
receiving an actual value of the current server response from the server;
rolling-back the logged operations and resetting the current server response to the actual value if the actual value is different from the default value; and
using the actual value in response to resetting the current server response to the actual value.

US Pat. No. 10,171,569

TRANSMISSION OF DATA TO MULTIPLE COMPUTING DEVICES ACCORDING TO A TRANSMISSION SCHEDULE

Uber Technologies, Inc., ...

1. A network system for managing a network service for a given geographic region comprising:one or more processors; and
one or more memory resources storing instructions that, when executed by the one or more processors, cause the network system to:
receive, from a first user device of a first user, request data corresponding to a first request for service, the request data including information corresponding to a first location;
in response to receiving the request data, identify a set of two or more candidate providers from a plurality of providers, wherein the number of candidate providers identified in the set of two or more candidate providers is based, at least in part, on acceptance metrics of the plurality of providers, and wherein each acceptance metric is indicative of a corresponding service provider's historical record in accepting invitations to fulfill requests for service;
determine a message transmission schedule specifying when to transmit each of a set of invitation messages to a set of two or more provider devices associated with the set of two or more candidate providers, each of the set of invitation messages corresponding to an invitation to fulfill the first request for service and including information corresponding to the first location; and
transmit the set of invitation messages to the set of two or more provider devices in accordance with the message transmission schedule.

US Pat. No. 10,171,568

SELECTING SYSTEM, COMMUNICATION MANAGEMENT SYSTEM, COMMUNICATION SYSTEM, COMPUTER PROGRAM, AND METHOD OF SELECTION

RICOH COMPANY, LIMITED, ...

1. A selecting system that, when a plurality of controllers that control a session between communication terminals are provided, selects a controller to be connected to a requesting communication terminal out of the plurality of controllers, the selecting system comprising:a state management memory that stores, for each controller of the plurality of controllers, state information indicating, for each communication terminal connected to the controller, a state of communication of the communication terminal;
a load management memory that stores, for each state of communication, load information indicating a degree of load related to control to be performed in the corresponding state of communication, wherein the load information stored by the load management memory includes first load information corresponding to a first state in which the communication terminal is in communication with another communication terminal and second load information corresponding to a second state in which the communication terminal is not in communication with any other communication terminal, and the degree of load indicated by the first load information is larger than the degree of load indicated by the second load information; and
processing circuitry configured to
accept a connection request from the requesting communication terminal that is not connected;
calculate, for each controller of the plurality of controllers, the degree of load related to the control based on the state of communication of each communication terminal connected to the controller and the load information for each state of communication stored in the load management memory; and
select a specific controller to be connected to the requesting communication terminal, based on the degree of load calculated for each of the plurality of controllers.

US Pat. No. 10,171,567

LOAD BALANCING COMPUTER DEVICE, SYSTEM, AND METHOD

HUAWEI TECHNOLOGIES CO., ...

1. A method for balancing load among devices, applied to a computer system that comprises at least a first computer device and a second computer device, wherein the first computer device comprises a cloud management platform, and the second computer device comprises at least one virtual machine; the method comprising:obtaining, by the first computer device, configuration information of a load balancer, wherein the configuration information of the load balancer comprises an identifier of the load balancer and a virtual IP address (VIP) of the load balancer;
instructing, by the first computer device, the second computer device to create the load balancer according to the configuration information;
configuring, by the first computer device, a forwarding mode of a service on the second computer device, wherein the service is initiated by the virtual machine, and wherein in the forwarding mode, a service packet of the service is forwarded to the load balancer;
receiving, by the load balancer, the service packet of the service from the virtual machine; and
selecting, by the load balancer, at least one back-end server to execute the service.

US Pat. No. 10,171,566

SERVER-PROCESSOR HYBRID SYSTEM FOR PROCESSING DATA

International Business Ma...

1. A server-processor hybrid system for processing data, comprising:a set of front-end servers configured to receive the data from an external source;
a set of back-end application optimized processors configured to receive the data from the set of front-end servers, process the data, and return processed data to the set of front-end servers; and
an interface within at least one of the set of front-end servers having a set of network interconnects, the interface connecting the set of front-end servers with the set of back-end application optimized processors, the interface configured to:
communicate the data received from the external source, from the set of front-end servers to the set of back-end application optimized processors by selectively invoking a push model or a pull model, and
communicate the processed data from the back-end application optimized processors to the set of front-end servers by selectively invoking the push model or the pull model,
wherein the push model is selectively invoked when the data to be transmitted has a predefined size, and
wherein the pull model is selectively invoked when the data to be transmitted does not have a predefined size.

US Pat. No. 10,171,563

SYSTEMS AND METHODS FOR AN INTELLIGENT DISTRIBUTED WORKING MEMORY

MICROSOFT TECHNOLOGY LICE...

1. A system for intelligent memory sharing and contextual retrieval across multiple devices and multiple applications of a user, the system comprising:at least one processor; and
a memory for storing and encoding computer executable instructions that, when executed by the at least one processor is operative to:
maintain a shared working memory of the user for temporary storage of information until an occurrence of a condition;
collect data from working memories from at least one device of a plurality of devices associated with the user;
store the data on the shared working memory;
analyze the data utilizing world knowledge to determine elements listed within the data, wherein the world knowledge includes network accessible information;
enrich the elements by adding at least one of a tag or an additional element to the elements utilizing the world knowledge to form enriched elements;
collect relationships between the enriched elements;
determine a user context;
analyze the relationships based on the user context;
determine a response based on the analysis of the relationships and the world knowledge;
send the response to a plurality of active devices of the user and store the response in the shared working memory; and
in response to the occurrence of the condition, delete content stored on the shared working memory.

US Pat. No. 10,171,562

SOCIAL MEDIA DRIVEN INFORMATION INTERFACE

Microsoft Technology Lice...

1. A computing device comprising:one or more processing units; and
one or more computer-readable media comprising computer-executable instructions, which, when executed by the one or more processing units, cause the computing device to:
generate, from social media data created by multiple independent and unrelated individuals and directed to multiple distinct and unrelated topics, a first set of time-delineated social media data, comprising only social media data that correspond to a first time range, by applying a time-based filter to the social media data;
subsequently generate, from the generated first set of time-delineated social media data, multiple topic clusters, each topic cluster comprising multiple, different social media entries, each social media entry in a topic cluster having a topic similarity above a topic clustering threshold associated with the topic cluster;
generate multiple event summaries for the first time range based upon at least some of the generated topic clusters, each event summary comprising a combination of only a subset of text or graphics from each of multiple different and distinct social media entries from a corresponding topic cluster;
generate an information interface comprising multiple annotated timeslots, including a first annotated timeslot that comprises at least some of the generated multiple event summaries, the first annotated timeslot being delineated by the first time range; and
transmit the information interface to a second computing device that is separate from the computing device and is communicationally coupled to the computing device through a computer network;
wherein the second computing device visually generates, on a hardware display device communicationally coupled thereto, the information interface, including the first annotated timeslot and the at least some of the generated event summaries.

US Pat. No. 10,171,561

CONSTRUCT DATA MANAGEMENT BETWEEN LOOSELY COUPLED RACKS

International Business Ma...

1. A computer-implemented method comprising:associating at least a portion of a second rack to a construct;
wherein the associating occurs in response to input received by a first management node of a first rack associated with the construct;
wherein the construct includes a set of distributed resources connected via a network and comprising at least a respective portion of a plurality of respective racks and a set of construct data comprising user data, group data, resource data, and authorization policy data;
wherein each respective rack is independently controlled by a respective management node of a plurality of autonomous management nodes including at least the first management node associated with the first rack and a second management node associated with the second rack;
wherein a respective mutual trust relationship exists between each respective pair of autonomous management nodes of the plurality of autonomous management nodes;
determining, by the second management node, that the second management node contains insufficient construct data to execute an operation associated with the construct; and
synchronizing, in response to the first management node receiving a request from the second management node comprising an authenticated first security token based on a public key of the second management node, at least a portion of the construct data between the first management node and the second management node.

US Pat. No. 10,171,560

MODULAR FRAMEWORK TO INTEGRATE SERVICE MANAGEMENT SYSTEMS AND CLOUD ORCHESTRATORS IN A HYBRID CLOUD ENVIRONMENT

International Business Ma...

1. A modular service management (MSM) engine on a computer system including at least one processor that integrates a plurality of cloud orchestrators and service management (SM) platforms to provide a hybrid cloud environment, comprising:an interface system that includes a first gateway for providing communications with SM platforms that adhere to an SM protocol and a second gateway for providing communications with the plurality of cloud orchestrators, wherein the SM protocol defines a set of management processes for handling service requests;
a service request processing system that processes service requests from SM platforms using selected cloud orchestrators, processes change management requests, and matches a change management request corresponding to an inputted service request, wherein the service request processing system includes a set of management modules in which each management module processes activities associated with a different one of the management processes, wherein the set of management modules includes a request management module for detecting an inputted service request, parsing the inputted service request and translating the inputted service request, and managing, tracking, and reformatting at least one activity associated with the inputted service request;
a rules and conditions engine that parses the inputted service request against a set of rules and conditions values and determines based upon the parsed inputted service request a primary cloud orchestrator to be used to service the inputted service request and a secondary cloud orchestrator to be used as a backup to the primary cloud orchestrator;
a set of data conversion modules, wherein each data conversion module includes logic that converts data associated with an SM platform to a data format required by one of the primary cloud orchestrator and secondary cloud orchestrator; and
wherein the set of management modules includes a change management module for checking the approval of the change management request, and a task management module for creating a new task in the SM platform.

US Pat. No. 10,171,559

VXLAN SECURITY IMPLEMENTED USING VXLAN MEMBERSHIP INFORMATION AT VTEPS

Cisco Technology, Inc., ...

1. A method comprising:at a network device configured as a Virtual Extensible Local Area Network (VxLAN) Tunnel Endpoint (VTEP):
storing VTEP membership information that associates VxLANs each with a corresponding set of VTEPs authorized to originate VxLAN packets on that VxLAN, the VTEP membership information including a VxLAN identifier (VNI) of each VxLAN and an Internet Protocol (IP) address representing a respective source IP address of each VTEP in the corresponding set of VTEPs corresponding to that VNI and that are authorized to originate VxLAN packets;
receiving from a communication network a VxLAN packet that includes an original Ethernet frame encapsulated in a VxLAN encapsulation, the VxLAN encapsulation including a VNI that identifies a VxLAN associated with the VxLAN packet, an outer User Datagram Protocol (UDP) header, an outer IP header including a source IP address of an originating VTEP and a destination IP address, and an optional outer IEEE 802.1Q field;
comparing the source IP address of the originating VTEP to the IP addresses of the set of VTEPs associated with the VNI of the VxLAN in the VTEP membership information that matches the VNI of the VxLAN identified by the VxLAN encapsulation of the received VxLAN packet;
if the comparing indicates that the source IP address of the originating VTEP is not included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, discarding the received VxLAN packet and blocking flooding of network frames to local endpoint systems on a local area network connected to the VTEP, wherein the discarding results in discarding the VxLAN packet when the VxLAN packet is a malicious VxLAN packet in which the IP source address and the VNI do not match the IP addresses and the corresponding VNIs of the membership information, respectively; and
if the comparing indicates that the source IP address of the originating VTEP is included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, decapsulating the VxLAN packet to recover the original Ethernet frame, and forwarding the recovered original Ethernet frame to a destination Media Access Control (MAC) address specified therein.

US Pat. No. 10,171,558

CROSS DEVICE APPLICATION DISCOVERY AND CONTROL

Microsoft Technology Lice...

1. A system comprising:a processor;
a memory;
one or more applications stored in the memory and executed, at least in part, by the processor; and
a cross device remote control module, stored in the memory, wherein the cross device remote control module is configured to discover remote applications on one or more target devices, and comprises:
a cross device application model client configured to:
connect to the one or more target devices via a network;
determine a level of trust between a device associated with the cross device remote control module and the one or more target devices is above a pre-determined trust level;
send, to the one or more target devices via the network, an application discovery query comprising a request for capability data corresponding to at least one of device information or application information on the one or more target devices; and
receive, from the one or more target devices via the network, one or more application discovery responses comprising an indication of a capability of the one or more target devices regarding the at least one of the device information or the application information; and
a remote application discovery client configured to:
process the one or more application discovery responses to determine the capability of each of the one or more target devices;
select a target device of the one or more target devices based at least in part on a determination of the capability of the target device; and
send a signal to the target device to perform a particular task.

US Pat. No. 10,171,557

METHOD AND DEVICE FOR PROCESSING MEDIA STREAMS BETWEEN A PLURALITY OF MEDIA TERMINALS AND A PROCESSING UNIT ALL CONNECTED TO ONE ANOTHER OVER A COMMUNICATION NETWORK

ALCATEL LUCENT, Boulogne...

1. A method for processing media streams between a plurality of media terminals and a processing unit over a communication network, the method comprising, by the processing unit:receiving, from each of the media terminals, corresponding media streams comprising video transmission and audio transmissions;
monitoring sound activity of each of the media terminals from the audio transmissions;
selecting the N loudest participants based on the monitored sound activity, wherein the selected participants are identified as active participants and non-selected participants are identified as non-active participants;
pausing audio transmissions while permitting video transmissions from the non-active participants by transmitting a first pause signal to the non-active participants to pause the audio transmissions from the non-active participants;
receiving a request from a moderator terminal to permit a selected non-active participant terminal to resume audio transmissions in addition to the video transmissions;
in response to the request, transmitting a resume signal to the selected non-active participant terminal and transmitting a second pause signal to one or more active participants to pause both audio and video transmissions,
wherein the resume signal, first pause signal, and second pause signal are in the form of and RTP/RTCP real-time communication protocol.

US Pat. No. 10,171,554

DISTRIBUTING SUBSCRIBER DATA IN A MOBILE DATA NETWORK

International Business Ma...

1. A mobile data network comprising:an antenna that communicates with user equipment;
at least one basestation coupled to the antenna that communicates with the user equipment via the antenna;
a plurality of data chunks residing in the mobile data network, each data chunk comprising:
a device address that makes the data chunk addressable as a physical device in the mobile data network;
a data portion corresponding to subscriber data for a subscriber;
a network component coupled to the basestation, the network component comprising a subscriber database that includes information relating to physical devices used by the subscriber to access the mobile data network, wherein the information relating to physical devices used by the subscriber comprises the device address of the data chunk;
a subscriber data mechanism residing in a component in the mobile data network that performs the steps of:
identifying a plurality of data chunks corresponding to a selected subscriber in the mobile data network that comprise subscriber data to be distributed;
identifying a plurality of devices in the mobile data network that each can receive at least one of the data chunks, wherein the identified plurality of devices comprises a plurality of mobile devices used by different subscribers of the mobile data network;
distributing the plurality of data chunks to the plurality of devices;
writing location of the plurality of data chunks to a tracking table in the mobile data network; and
writing the location of the plurality of data chunks to each of the plurality of devices.

US Pat. No. 10,171,553

METHOD FOR MONITORING AND CONTROLLING AN ACCESS CONTROL SYSTEM

1. A method for monitoring and controlling an access control system (12) having at least one server (16) and at least one access control device (22) which is connectable to the at least one server (16) for the purpose of data communication, the method comprising:positioning the at least one access control device in a location that facilitates monitoring and controlling the access of people to a controlled area;
providing a user with data goggles (1) for monitoring and controlling the access control system;
wirelessly connecting the data goggles to the at least one server (16) of the access control system (12) and the at least one access control device (22) for the purpose of data communication and receiving data in real time from at least one of the at least one server (16) and the at least one access control device (22), which enable the monitoring of the access control system (12);
displaying the data to the user of the data goggles (1) with a display device (10) of the data goggles (1);
controlling the access control system (12) with control commands which are input by the user into the data goggles (1) and transmitting the control commands from the data goggles to the at least one of the at least one server (16) and the at least one access control device (22);
inputting the control commands by one of voice control via a microphone (8) integrated in the data goggles (1), gesture control by a camera (7) integrated in the data goggles (1), actuation of a touchpad integrated in the data goggles (1), and eye tracking; and
actuating the at least one access control device based on the control commands input by the user into the data goggles to either allow or deny a person access to the controlled area.

US Pat. No. 10,171,549

NOTIFICATION ALERTS BASED ON INCREASED ACCESS TO A DIGITAL RESOURCE

International Business Ma...

1. A method for event notification, the method comprising:identifying, by one or more processors, a profile of a first user, wherein the profile of the first user includes one or more profile elements;
identifying, by one or more processors, a plurality of users having a corresponding profile that includes at least one profile element in common with the identified profile of the first user;
identifying, by one or more processors, a computer network accessible resource;
determining, by one or more processors, an increase in activity of the identified computer network accessible resource by the identified plurality of users;
identifying, by one or more processors, that the user profile of the first user includes another profile element, wherein the other profile element is associated with a location of the first user during a first period of time;
determining, by one or more processors, based on polling one or more devices of the first user via a network, a current physical location of the first user;
identifying, by one or more processors, a second period of time and a physical location related to a temporal occurrence of an event associated with the identified computer network accessible resource;
determining, by one or more processors, based on the other element of the profile of the first user and the determined current physical location of the first user, that the first user is within a physical and a temporal proximity of the temporal occurrence of the event associated with the identified computer network accessible resource; and
responsive to determining that the first user is within the physical and the temporal proximity of the event associated with the identified computer network accessible resource, communicating, by one or more processors, via the network, a notification to the first user utilizing a device of the first user that is active, wherein the communicated notification provides an indication of the determined increase in activity of the identified computer network accessible resource by the identified plurality of users.

US Pat. No. 10,171,547

NEIGHBOR DISCOVERY FOR IPV6 SWITCHING SYSTEMS

Cisco Technology, Inc., ...

1. A method comprising:receiving a first IPv6 traffic at a first switch device of a multi device switching system comprising a plurality of switch devices, the plurality of switch devices linked together through a switching fabric and configured to operate as a single routing entity, wherein each of the plurality of switch devices is associated with a local switch device processor, and wherein the multi device switching system is controlled with a central controller comprising a central controller processor;
determining, at the first switch device, that the first IPv6 traffic comprises a neighbor discovery message, wherein determining that the first IPv6 traffic comprises the neighbor discovery message comprises:
comparing a message type associated with the first IPv6 traffic with a predetermined list of reserved internet control message protocol (ICMP) message types, wherein each of the reserved ICMP message types on the predetermined list are classified as comprising neighbor discovery messages, and
determining the first IPv6 traffic comprises the neighbor discovery message when the message type associated with the first IPv6 traffic matches with one of the reserved ICMP message types on the predetermined list, wherein the predetermined list is stored at the first switch device;
punting the first IPv6 traffic to a first local switch device processor associated with the first switch device only when the first IPv6 traffic comprises the neighbor discovery message;
receive a second IPv6 traffic at the first switch device;
determining, at the first switch device, that the second IPv6 traffic does not comprise the neighbor discovery message; and
punting, when the second IPv6 traffic does not comprise the neighbor discovery message, the second IPv6 traffic to the central controller processor.

US Pat. No. 10,171,544

RADIO BASE STATION

NTT DOCOMO, INC., Tokyo ...

1. A radio base station comprising:a processor that controls communication with a mobile station via one or more sessions in a bearer;
wherein the processor detects a change of at least one of an IP address and an SSRC (Synchronization Source) in a compressed header of a packet,
wherein when (i) a current number of established sessions is equal to a maximum number of sessions that can be supported by the radio base station or the mobile station and (ii) the processor attempts to add a new session in which header compression is applied, upon detection of the change of the at least one of the IP address and the SSRC, the processor deletes one of the established sessions to which header compression is applied and adds the new session; and
a transmitter that transmits the packet via the new session.

US Pat. No. 10,171,543

MEDIA STREAMING METHOD AND ELECTRONIC DEVICE THEREOF

Samsung Electronics Co., ...

1. A method of a first electronic device transmitting packets constituting stream data, to a second electronic device for providing a streaming service, the method comprising:receiving, from the second electronic device, stream information comprising a system time of the second electronic device, a first timestamp of a packet received from the first electronic device at the system time, and a second timestamp of a packet being played in the second electronic device at the system time;
determining, by comparing the first timestamp with the system time, whether a first delay occurs;
determining, by comparing the first timestamp with the second timestamp, whether a second delay occurs; and
controlling, based on determining that at least one of the first delay or the second delay occurs, at least one packet of the stream data to be transmitted to the second electronic device.

US Pat. No. 10,171,542

METHOD FOR PROVIDING CLOUD STREAMING SERVICE, DEVICE AND SYSTEM FOR SAME, AND COMPUTER-READABLE RECORDING MEDIUM HAVING, RECORDED THEREON, CLOUD STREAMING SCRIPT CODE FOR SAME

SK TECHX CO., LTD., Seou...

1. A cloud service device comprising:a memory configured to store a predefined script code for cloud streaming; and
a processor configured to:
receive a request for a web page that is not defined for the cloud streaming from a terminal,
find a Java script code region in the web page,
determine whether the predefined script code for cloud streaming is inserted to the Java script code region,
identify an insertion location of the predefined script code,
insert the predefined script code into the insertion location when the predefined script code is determined not to be inserted to the Java script code region,
execute the predefined script code inserted in the web page,
redefine a designated object in the web page,
display a designated message of the web page on a main window,
create a capture image by capturing the web page having the inserted predefined script code,
encode the capture image,
transmit the encoded capture image to the terminal,
receive a message for activating the designated message from the terminal,
display the designated message on the main window based on the redefined designated object when the message is received, and
provide a processing result to the terminal,
wherein, when the predefined script code is determined to be inserted to the Java script code region, the processor is configured to encode the capture image.

US Pat. No. 10,171,541

METHODS, DEVICES, AND COMPUTER PROGRAMS FOR IMPROVING CODING OF MEDIA PRESENTATION DESCRIPTION DATA

Canon Kabushiki Kaisha, ...

1. A proxy for providing a standard manifest for requesting streamed timed media data associated with at least one media item, organized into temporal media segments, the streamed timed media data belonging to partitioned timed media data comprising timed samples, the streamed timed media data being transmitted as media segment files each comprising at least one independently processed component resulting from processing at least one of the timed samples, the proxy comprising at least one microprocessor configured for carrying out the steps of:receiving an enhanced manifest comprising metadata for describing the processed components, the metadata comprising parameters used for describing at least a part of one of the processed components,
wherein at least one of the parameters is a dynamic parameter which value can vary over time, the at least one parameter being associated with an element referring to a metadata resource which is external to the enhanced manifest and which comprises at least one value defining the at least one parameter;
determining which parameters are not resolved from the enhanced manifest as the at least one parameter; and
generating a standard manifest based on metadata of the enhanced manifest and of the at least one value defining the at least one parameter,
wherein the at least one parameter is resolved dynamically using remote information such that at least one parameter from the enhanced manifest may be dynamically re-evaluated without depending upon media presentation description.

US Pat. No. 10,171,540

METHOD AND APPARATUS FOR STREAMING VIDEO SECURITY

HIGH SEC LABS LTD, Yokne...

1. A streaming video security device comprising:an input LAN port for receiving packet-based streaming video input indicative of a video signal;
at least one streaming video decoder for receiving said streaming video input from said input LAN port and converting said streaming video input to raw video display-compatible output, said raw video display-compatible output comprising only non-packet-based image data;
at least one streaming video encoder for receiving said raw video display-compatible output and outputting safe video streaming packets;
at least one unidirectional data flow element having an input connected directly to an output of said at least one streaming video decoder and having an output connected directly to an input of said at least one streaming video encoder, said at least one unidirectional data flow element being configured to enforce transmission of said non-packet-based raw video display-compatible output only in the direction from said at least one streaming video decoder to said at least one streaming video encoder;
an output LAN port for transmitting said safe video streaming packets;
wherein said streaming video input indicative of a video signal undergoes conversion to said raw video display-compatible signal and then converted back to said streaming video output within the streaming video security device to thereby eliminate any malicious data or malicious code from the streaming video output, and
wherein said at least one unidirectional data flow element provides isolation between said at least one streaming video decoder and said at least one streaming video encoder.

US Pat. No. 10,171,539

METHOD AND APPARATUS FOR TIME STRETCHING TO HIDE DATA PACKET PRE-BUFFERING DELAYS

1. A method comprising:while rendering, via a processor, a first data packet in a stream of data packets, generating a fill packet associated with the first data packet; and
after rendering the first data packet, and before rendering a second data packet which is next to and following the first data packet in the stream of data packets, rendering the fill packet at a different speed relative to the rendering of the first data packet.

US Pat. No. 10,171,537

SEGREGATION OF ELECTRONIC PERSONAL HEALTH INFORMATION

1. A system, comprising:a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
receiving a first data stream from a device;
determining that the first data stream comprises protected information based on an indication of a type of application associated with the first data stream, and a function of a location of the device, a time that the first data stream is received, and a user profile active on the device, wherein the protected information is electronic personal healthcare information;
in response to determining that the first data stream comprises the protected information, encrypting the first data stream resulting in an encrypted data stream;
adding metadata to the encrypted data stream indicating that the encrypted data stream comprises the protected information resulting in a modified first data stream;
segregating, based on the metadata of the modified first data stream, the modified first data stream from a second data stream provided by the device, the second data stream not comprising the electronic personal healthcare information; and
transmitting the modified first data stream and the second data stream via a network device of a mobile network.

US Pat. No. 10,171,536

RAPID OPTIMIZATION OF MEDIA STREAM BITRATE

ATLASSIAN PTY LTD, Sydne...

1. A method comprising:using a media server during a first media session between a client device and the media server, determining a stable bitrate value based on an actual rate at which the media server receives packets from the client device, the stable bitrate for use by the client device as an initial rate of transmitting multimedia data from the client device to the media server;
storing, in a database, the stable bitrate value for the client device in association with an identifier;
receiving, from the client device, a request to establish a second media session;
determining the identifier within the request;
in response to the request, based on the identifier in the request, searching the database for the stable bitrate value that is associated with the identifier;
in response to locating the stable bitrate value in the database and before receiving multimedia data from the client device, sending, by the media server, the stable bitrate value to the client device, wherein the client device estimates an initial bitrate for transmitting multimedia data from the client device to the media server in the second media session;
establishing, by the media server, the second media session;
receiving, initially and by the media server, multimedia data from the client device at the initial bitrate based on the stable bitrate.

US Pat. No. 10,171,535

CONTROLLING MP3 PLAYER

International Business Ma...

1. A computer system, comprising a computing device, an audio player device, and one or more computer readable hardware storage devices containing program instructions which upon being executed on both the computing device and the audio player device, implement a method for communicating an audio message file from the computing device to the audio player device, said method comprising:said computing device generating or selecting the audio message file;
said computing device creating a control file comprising a first entry, wherein the first entry comprises the identity of the audio player device, a name of the audio message file to be sent to the audio player device, a time stamp denoting a time at which to send the audio message file to the audio player device, and a queue flag having a value of TRUE if an attempt is to be made to send the audio message file to the audio player device later in response to a determination that the audio player device is not currently active;
said computing device parsing the first entry in the control file;
said computing device identifying from said parsing the first entry: the audio player device, the name of the audio message file, the time stamp, and the queue flag;
said computing device ascertaining whether the audio player device is currently active;
if said ascertaining ascertains that the audio player device is currently active, then said computing device sending an intent-to-send preliminary message to the audio player device, wherein the intent-to-send preliminary message contains the name of the audio message file, a size of the audio message file, and an Internet Protocol (IP) address of the computing device;
if said ascertaining ascertains that the audio player device is not currently active, then said computing device determining whether the queue flag has the value of TRUE, and in response to determining that the queue flag has the value of TRUE, said computing device adding the first entry to the control file as a next entry in the control file to process, parsing the first entry, and determining that the audio player device is currently active, and in response, said computing device sending the intent-to-send preliminary message to the audio player device;
after said sending the intent-to-send preliminary message to the audio player device, said computing device receiving, from the audio player device, an OK-to-send message, and in response, said computing device sending the audio message file from the computing device to the audio player device at the time denoted by the time stamp and said computing device deleting the first entry in the control file;
said audio player device receiving the audio message file sent from the computing device to the audio player device; and
in response to said receiving the audio message file, said audio player device halting play of a song or other audio content that was being played by the audio player device at a time of receipt of the audio message file and playing the audio message file approximately upon said halting play of the song or other audio content.

US Pat. No. 10,171,533

SYSTEM AND METHOD FOR IDENTIFYING DEVICES IN A ROOM ON A NETWORK

Image Stream Medical, Inc...

1. A system for identifying sources used in a medical procedure performed at a medical treatment location, the system comprising:a control computer configured to
couple to a digital switch;
receive information identifying a first source to be used in the medical procedure performed at the medical treatment location; and
present, via a graphical user interface configured to couple to the control computer, source identifying information based on the information identifying the first source; and
a first adapter unit configured to
couple to the digital switch;
couple to a single source corresponding to the first adapter unit, the single source being the first source;
identify the first source;
provide the information identifying the first source to the control computer via the digital switch;
receive video data in a first source-specific format from the first source;
normalize the video data into standard format video data; and
provide the standard format video data in the standard format to the digital switch.

US Pat. No. 10,171,532

METHODS AND SYSTEMS FOR DETECTION AND CLASSIFICATION OF MULTIMEDIA CONTENT IN SECURED TRANSACTIONS

Citrix Systems, Inc., Fo...

31. A method for classifying multimedia content in one or more transactions, the method being performed by one or more processors, comprising:acquiring one or more transactions between a client device and a server device, wherein the one or more transactions include one or more requests from the client device and one or more corresponding responses from the server device;
detecting boundaries of the one or more transactions;
generating a multimedia session object based on the detected boundaries, the multimedia session object providing an indication of a number of transactions for communicating the multimedia content associated with a multimedia session between the client device and the server device; and
classifying the multimedia content based on the number of transactions indicated by the multimedia session object.

US Pat. No. 10,171,530

DEVICES AND METHODS FOR TRANSMITTING ADAPTIVELY ADJUSTED DOCUMENTS

Hisense USA Corp., Suwan...

1. An electronic device, comprising:a memory comprising a set of instructions for transmitting adaptively adjusted visual content in a home network system; and
a processor in communication with the memory, wherein when executing the set of instructions, the processor is directed to, through a home network:
establish a communication connection with a first target terminal device via the home network;
receive from the first target terminal device a first request to display a visual content;
obtain an original version of the visual content in response to the first request;
obtain an original vertical pixel resolution and an original horizontal pixel resolution of the original version of the visual content;
determine a first predetermined display requirement associated with the first target terminal device from a first pre-established device profile for the first target terminal device persistently maintained in the electronic device, wherein the first predetermined display requirement comprises a vertical pixel resolution and horizontal pixel resolution of the first target terminal device;
obtain a first ratio between the vertical pixel resolution and the original vertical pixel resolution;
obtain a second ratio between the horizontal pixel resolution and the original horizontal pixel resolution;
transform the original version of the visual content into a first version of the visual content to conform with the first predetermined display requirement based on at least smaller of the first ratio and the second ratio; and
send the first version of the visual content to the first target terminal device via the home network.

US Pat. No. 10,171,529

VEHICLE AND OCCUPANT APPLICATION INTEGRATION

AUTOCONNECT HOLDINGS LLC,...

1. A method of streaming a device application within a vehicle, comprising:providing a communication system that includes at least one communication transceiver;
receiving a signal by the communication transceivers;
identifying the origin of the signals by the communication system;
starting the device application within the vehicle;
receiving a user request to stream the device application to the vehicle;
determining if the vehicle is configurable to receive the stream;
when the vehicle is not configurable to receive the stream, notifying the user that the device application cannot be streamed;
when the vehicle is configurable to receive the stream, configuring the vehicle to receive the stream, streaming the device application to the vehicle, and displaying the device application on a vehicle display;
providing, in the vehicle, a first operating system and a second operating system executing on a common microprocessor, wherein the first operating system comprises one or more applications performing a critical vehicle task, function, or operation, and the second operating system comprises the device application;
collecting, by a computer control module, one or more metrics regarding an operation of the first operating system or the second operating system in communication with the computer control module, the computer control module including a profile identification module that collects a first metric regarding a persona of a vehicle occupant and seating position of the vehicle occupant, wherein the first metric is an age of the vehicle occupant;
determining, by the computer control module, whether the first metric of the collected one or more metrics is outside of a predetermined range;
when the first metric is outside the predetermined range, restricting, modifying, or shutting down the device application, but not the first operating system;
wherein the critical vehicle task, function or operation is one or more of monitoring, controlling, or operating the ECU, TCU, door settings, window settings, or blind spot monitor, monitoring, controlling, or operating the safety equipment, monitoring or controlling certain critical sensors, controlling the operation of the engine, head light control unit, power steering, display panel, switch state control unit, power control unit, or brake control unit, or issuing alerts to a user or remote monitoring entity of potential problems with a vehicle operation; and
wherein the critical sensors include at least one of a power source controller and energy output sensor, engine temperature sensor, oil pressure sensor, hydraulic pressure sensors, sensors for headlight and other lights, vehicle control system sensors, or steering/torque sensor.

US Pat. No. 10,171,527

GOAL-BASED CONNECTION MANAGEMENT BETWEEN PARTIES

International Business Ma...

1. A computer-implemented method for managing electronic communication connections, the computer-implemented method comprising:receiving, by a monitoring computer system, a message from a first party, wherein the message identifies a goal of the first party;
receiving, by the monitoring computer system, an identity of a second party that has been selected by the first party to assist the first party in achieving the identified goal of the first party;
creating, by the monitoring computer system, an electronic communication connection for electronic communications between the first party and the second party, wherein the electronic communications are related to accomplishing the identified goal of the first party;
monitoring, by the monitoring computer system, the electronic communications between the first party and the second party, wherein said monitoring executes message analytics to determine a status of the identified goal of the first party, wherein the message analytics identifies key words in the electronic communications that are related to the identified goal of the first party;
receiving, by the monitoring computer system, a goal abandonment message from the first party, wherein the goal abandonment message identifies an abandonment of the identified goal by the first party;
in response to receiving the goal abandonment message from the first party, disconnecting, by the monitoring computer system, the electronic communication connection between the first party and the second party;
determining, by the monitoring computer system, that a quantity of key words in the electronic communications between the first party and the second party falls below a predetermined frequency over a predefined period of time; and
in response to determining, by the monitoring computer system, that the quantity of key words in the electronic communications between the first party and the second party falls below the predetermined frequency over the predefined period of time, establishing, by the monitoring computer system, a new electronic communication connection between the first party and a third party that has been predetermined to be able to assist the first party in reaching the identified goal of the first party.

US Pat. No. 10,171,526

ON DEMAND IN-BAND SIGNALING FOR CONFERENCES

ATLASSIAN PTY LTD, Sydne...

1. A computer implemented method comprising:transmitting initial signaling data for a video conference using Web Real Time Communication (WebRTC) from a signaling server over a WebRTC signaling channel to a plurality of client computing devices, wherein the initial signaling data comprises data needed for a client computing device to connect to the video conference and wherein the initial signaling data omits identifiers for media data;
establishing, by a media server, the video conference with the plurality of client computing devices, the plurality of client computing devices having used the initial signaling data to connect to the media server;
sending, by the media server, media data for a subset of the plurality of client computing devices to the plurality of client computing devices;
sending, by the media server, identifiers of the media data to the plurality of client computing devices.

US Pat. No. 10,171,525

AUTONOMIC MEETING EFFECTIVENESS AND CADENCE FORECASTING

INTERNATIONAL BUSINESS MA...

1. A method comprising:configuring an autonomous system to receive meeting participation data from a meeting participation tool that is configured in a meeting environment;
collecting, using the autonomous system via the meeting participation tool of the meeting environment, the meeting participation data of a meeting in-progress, the meeting comprising a group of participants;
analyzing, using the autonomous system, the meeting participation data to identify a topic being discussed in the meeting;
forecasting, using the autonomous system, using a processor and a memory, using a trend of affective states of a participant, a future affective state of the participant relative to the topic;
evaluating, using the autonomous system, the future affective state to conclude that data contributed by the participant at a future time in the meeting is not likely to progress the topic to completion by at least a specified degree;
selecting, using the autonomous system, a cognitive system (cog) trained in the subject-matter; and
adding, using the autonomous system, the cog to the meeting before the future time and while the meeting is in-progress, the adding the cog causing the cog to receive the meeting participation data from the meeting participation tool in the meeting environment, and further causing the cog to insert a cog output in the meeting participation data.

US Pat. No. 10,171,524

METHODS AND SYSTEMS FOR ESTABLISHING, HOSTING AND MANAGING A SCREEN SHARING SESSION INVOLVING A VIRTUAL ENVIRONMENT

Adobe Systems Incorporate...

1. A web conferencing system comprising:one or more processors of a web conferencing server; and
one or more computer storage media storing computer-executable instructions that, when executed by the one or more processors, implement a method comprising:
receiving, from a web conferencing application executing at a host computing device, a request to establish a web conferencing session, the web conferencing session including the host computing device and a participant computing device,
based on the request to establish the web conferencing session, establishing the web conferencing session,
receiving, from the web conferencing application executing at the host computing device, a request to establish a remote desktop connection with a remote computing device, wherein the remote desktop connection enables the host computing device to control the remote computing device and provides for sharing a graphical user interface that is generated by the remote computing device for presentation at a display of the remote computing device, and wherein the request to establish the web conferencing session and the request to establish the remote desktop connection are received in a single communication session between the host computing device and the web conferencing server,
receiving, from the web conferencing application executing at the host computing device, an indication of an identity of the remote computing device, wherein the indication of the identity of the remote computing device is received based on a prompt for information identifying the remote computing device,
based on the request to establish the remote desktop connection with the remote computing device and on the indication of the identity of the remote computing device, establishing the remote desktop connection with the remote computing device, and
based on the remote desktop connection, sharing the graphical user interface that is generated by the remote computing device with the host computing device and the participant computing device.

US Pat. No. 10,171,523

MULTI-TIER PUSH SERVICE CONTROL ARCHITECTURE FOR LARGE SCALE CONFERENCE OVER ICN

Futurewei Technologies, I...

1. A multi-tier conference service controller comprising:a network interface connecting the conference service controller to a plurality of conference service proxies and further connecting the conference service controller to a plurality of conference service clients via the conference service proxies to form a multi-tier conference service network;
a memory configured to store a conference digest log, the conference digest log comprising a plurality of conference events performed by the conference service clients, each of the conference events comprising a fingerprint (FP) update, the conference digest log comprising a plurality of entries associated with previous FP updates for the conference events performed by the conference service clients; and
a processor coupled to the network interface and the memory, wherein the processor is configured to:
receive, via the network interface, a first message from a first conference service proxy, the first message comprising a first FP update associated with a recent conference event performed by a first conference service client associated with the first conference service proxy, the first FP update comprising a type of the recent conference event, a signature profile of a conference participant associated with the first conference service client, and a non-location based address of a data object associated with the recent conference event and being related to content that is accessed during the recent conference event;
update the conference digest log according to the first FP update;
push, via the network interface, a second message to a second conference service proxy, the second message comprising a current entry for the first conference service proxy in the conference digest log, a last entry for the first conference service proxy obtained from the entries associated with the previous FP updates, and the first FP update of the first message;
perform a third update to the conference digest log by removing the first conference service client from the conference digest log; and
push, via the network interface, a third message indicating the removal of the first conference service client to the second conference service proxy.

US Pat. No. 10,171,521

SEAMLESSLY CONFERENCING A PREVIOUSLY-CONNECTED TELEPHONE CALL

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of seamlessly conferencing a telephone call, comprising:establishing a telephone call connecting a first party and a second party, comprising creating a first session for the first party and a second session for the second party, the telephone call being a 2-party telephone call that is distinct from a conference call;
storing, for the telephone call, first session information describing the first session and second session information describing the second session, the first session information comprising a first phone number in use by the first party for the telephone call and a session identifier of the first session and the second session information comprising a second phone number in use by the second party for the telephone call and a session identifier of the second session;
receiving, while the telephone call continues to connect the first party and the second party, a request from the first party to create a conference call for adding a third party in communication with the first party and the second party;
determining, responsive to the receiving, that an active call record exists in which the first phone number and the second phone number are both specified, and thus concluding that the first party is already connected to the second party in the existing connected telephone call; and
non-disruptively establishing the requested conference call by moving the existing first session and the existing second session from the connected telephone call to a media server that provides the requested conference call, responsive to the concluding, without terminating the existing connected telephone call and without requiring acceptance of the conference call by the first party or the second party, further comprising:
retrieving the stored first and second session information;
generating a conference session identifier to represent the conference call;
generating a conference record and storing therein the conference session identifier, a link to the stored first session information, and a link to the stored second session information; and
updating the stored first session information and the stored second session information to include therein the conference session identifier.

US Pat. No. 10,171,520

SEAMLESSLY CONFERENCING A PREVIOUSLY-CONNECTED TELEPHONE CALL

INTERNATIONAL BUSINESS MA...

1. A system for seamlessly conferencing a telephone call, comprising:a computer comprising a processor; and
instructions which are executable, using the processor, to implement functions comprising:
establishing a telephone call connecting a first party and a second party, comprising creating a first session for the first party and a second session for the second party, the telephone call being a 2-party telephone call that is distinct from a conference call;
storing, for the telephone call, first session information describing the first session and second session information describing the second session, the first session information comprising a first phone number in use by the first party for the telephone call and a session identifier of the first session and the second session information comprising a second phone number in use by the second party for the telephone call and a session identifier of the second session;
receiving, while the telephone call continues to connect the first party and the second party, a request from the first party to create a conference call for adding a third party in communication with the first party and the second party;
determining, responsive to the receiving, that an active call record exists in which the first phone number and the second phone number are both specified, and thus concluding that the first party is already connected to the second party in the existing connected telephone call; and
non-disruptively establishing the requested conference call by moving the existing first session and the existing second session from the connected telephone call to a media server that provides the requested conference call, responsive to the concluding, without terminating the existing connected telephone call and without requiring acceptance of the conference call by the first party or the second party, further comprising:
retrieving the stored first and second session information;
generating a conference session identifier to represent the conference call;
generating a conference record and storing therein the conference session identifier, a link to the stored first session information, and a link to the stored second session information; and
updating the stored first session information and the stored second session information to include therein the conference session identifier.

US Pat. No. 10,171,518

PERFORMING AN ACTION ON CERTAIN MEDIA STREAMS IN A MULTIMEDIA COMMUNICATIONS NETWORK

Telefonaktiebolaget LM Er...

1. A method for controlling a media session involving a plurality of media streams within a communications network, wherein the communications network comprises a media resource node and a media control node controlling the media resource node, the method comprising the media control node:determining that selected media streams out of the plurality of media streams are associated to each other in the media session;
generating a first instruction to group the determined selected media streams, the first instruction comprising a description packet for each of the determined selected media streams associated to a termination of the media resource node;
transmitting, to the media resource node, the first instruction to group the determined selected media streams; and
transmitting, to the media resource node, a second instruction to prepare for performing an action with respect to the determined selected media streams, wherein the second instruction comprises an indication of a media stream identifier representing the group of the determined selected media streams and an indication of the action to be performed.

US Pat. No. 10,171,517

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer system for handling notification about a malformed SIP response, the computer program product, the computer system comprising:a processor(s) set;
a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication,
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,516

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer program product for handling notification about a malformed SIP response comprising:a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication;
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,511

MEDIA SESSION BETWEEN NETWORK ENDPOINTS

Microsoft Technology Lice...

1. A computer-implemented method of establishing a media session between a first endpoint and a second endpoint via a communication network based on connectivity checks performed by the endpoints, the method comprising performing operations by the first endpoint, comprising:generating at the first endpoint a set of candidate pairs for connectivity checks by exchanging network addresses between the first and second endpoints;
assigning, by the first endpoint, a respective priority to each candidate pair of the candidate pair set to produce a first priority ordering of the candidate pairs;
determining by the first endpoint whether one or more connectivity check modification criteria is met for each candidate pair of the candidate pair set, wherein the connectivity check modification criteria is evaluated for each candidate pair based on characteristics of a potential network path operable between the first endpoint and the second endpoint that uses the candidate pair;
modifying, by the first endpoint and based on the determination of whether the connectivity check modification criteria is met, the respective priority of each candidate pair of the candidate set to produce a second priority ordering of the candidate pairs, such that candidate pairs that meet the connectivity check modification criteria are assigned a higher priority than any candidate pair that does not meet the connectivity check modification criteria;
determining the validity of at least two of the candidate pairs by performing connectivity checks in turn according to the second priority ordering of the candidate pairs; and
establishing the media session using a candidate pair determined to be valid.

US Pat. No. 10,171,510

SYSTEM AND METHOD FOR MONITORING AND GRADING A CYBERSECURITY FRAMEWORK

CyberSaint, Inc., Concor...

1. A cybersecurity system, comprising:processing logic configured to:
receive, over a network and from a client system, control information associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls;
transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information;
receive, over the network and from the client system, one or more responses to the one or more query scripts; and
transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system, and wherein the one or more suggestions include one or more updates to be made to the client system to improve the cybersecurity of the client system.

US Pat. No. 10,171,509

FILTERING AND REDACTING BLOCKCHAIN TRANSACTIONS

International Business Ma...

1. A method, comprising:identifying a blockchain transaction;
processing content of the blockchain transaction to identify prohibited content;
determining whether to approve or disapprove the blockchain transaction based on the content of the blockchain transaction;
determining that the content is disapproved after the blockchain transaction is logged in a blockchain;
determining to redact the blockchain transaction; and
redacting the blockchain transaction logged in the blockchain by creating and storing a transaction redaction contract in a genesis block of the blockchain.

US Pat. No. 10,171,505

PREVENTATIVE ENTERPRISE CHANGE MANAGEMENT

INTERNATIONAL BUSINESS MA...

1. A method for implementing change control management in computing center environments by a processor, comprising:monitoring, by a hardware component configured to be worn by the user, a physical activity of a user performing an action associated with computing component repair or replacement in the computing center environment;
using the hardware component to biometrically identify the user as authorized to perform the action in the computing center environment; and
when the monitored activity is one of determined to be contrary and predicted to be contrary to a preferred, predetermined action for the computing center environment, performing each of:
alerting the user that the action is contrary using the hardware component configured to be worn by the user, and
performing an operation that secures data in the computing center environment from damage potentially caused by the contrary action; wherein the operation comprises putting at least a portion of the computing center environment into a recoverable downstate including initiating a data dump operation.

US Pat. No. 10,171,504

NETWORK ACCESS WITH DYNAMIC AUTHORIZATION

Cisco Technology, Inc., ...

1. A method comprising:receiving at an enforcement node, a request to access a network from an endpoint;
transmitting at the enforcement node, the access request to a policy server;
receiving at the enforcement node from the policy server, a dynamic authorization for a communication session between the endpoint and the network, the dynamic authorization comprising a plurality of ranks and a policy for access to the network by the endpoint during the communication session for each of said ranks;
assigning the endpoint to one of said ranks and applying said policy associated with said rank to traffic received from the endpoint at the enforcement node during the communication session between the endpoint and the network; and
assigning the endpoint to a different one of said ranks and applying said policy associated with said rank to the traffic received from the endpoint during the communication session between the endpoint and the network without reauthentication of the endpoint;
wherein assigning comprises dynamically promoting or demoting the endpoint to a different one of said ranks.

US Pat. No. 10,171,503

METHODS FOR SCALING INFRASTRUCTURE IN A MOBILE APPLICATION ENVIRONMENT AND DEVICES THEREOF

F5 Networks, Inc., Seatt...

1. A method for scaling infrastructure in a mobile application environment, the method implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, and the method comprising:executing a compliance policy with respect to a plurality of mobile devices;
selecting a mobile application to be updated based on the compliance policy;
updating state information based on the selection of the mobile application to be updated;
obtaining a number of updates of the mobile application selected to be updated on the plurality of mobile devices using the updated state information;
determining a number of mobile application updates reaches an update threshold; and
modifying a number of backend enterprise web applications executing on one or more web application servers that service the updated mobile application based on the number of mobile application updates reaching the update threshold.

US Pat. No. 10,171,500

SYSTEMS, APPARATUSES, AND METHODS FOR ENFORCING SECURITY ON A PLATFORM

INTEL CORPORATION, Santa...

1. A system comprising:a manageability engine of a computer platform comprising a processor, the manageability engine to detect if a software agent of the computer platform is removed by using a watchdog service that detects if there is a presence of the software agent by detecting the software agent sending a presence message within a certain time period or frequency of sending the presence message, wherein the manageability engine is isolated from the processor of the computer platform; and
a software agent enclave, wherein the software agent enclave and manageability engine each include a specific session key to be used for communications between the software agent enclave and the manageability engine, and wherein the software agent is run in the software agent enclave; wherein the manageability engine includes a service layer to maintain a table of manageability engine services, software agent enclaves, and their corresponding keys and restarts the software agent or shuts down the system if the watchdog service does not detect the presence of the software agent.

US Pat. No. 10,171,499

ZONE-BASED SECURITY ARCHITECTURE FOR INTRA-VEHICULAR WIRELESS COMMUNICATION

1. A method for vehicular communication, comprising:establishing two or more secure zones on a vehicle system, each secure zone belonging to a secured network segment which is not a public network segment and to which predefined authorized users have access and unauthorized users do not have access and having a respective one or more node devices;
performing an authentication procedure to authenticate and authorize the one or more node devices;
establishing at least one secure wireless communication tunnel between the two or more secure zones; and
establishing a dynamic address learning mechanism for data routing between the two or more secure zones.

US Pat. No. 10,171,498

SECURE CRYPTO MODULE INCLUDING ELECTRICAL SHORTING SECURITY LAYERS

International Business Ma...

1. A cryptographic adapter card comprising:a printed circuit board (PCB) comprising a connector that interconnects with a motherboard;
a secure crypto module comprising a shield surrounding a daughter card electrically connected to the PCB;
the daughter card comprising: a first conductive layer; a security matrix layer comprising first microcapsules comprising a first reactant, second microcapsules comprising a second reactant, third microcapsules comprising a third reactant, and fourth microcapsules comprising a fourth reactant, wherein an electrically conductive material is formed by the first reactant reacting with the second reactant; a second conductive layer; a crypto component; and a monitor device electrically connected to the first conductive layer and to the second conductive layer;
wherein the first microcapsules and second microcapsules are ruptured when a void is formed within the security matrix layer;
wherein a destruct feature of the crypto component is programmed in response to the monitor device detecting an electrical short between the first conductive layer and the second conductive layer; and
wherein a self-healing material is formed by the third reactant reacting with the fourth reactant, the self-healing material filling the void within the security matrix layer.

US Pat. No. 10,171,496

BEACON SPOOFING PREVENTION

Cisco Technology, Inc., ...

1. A method comprising:at a server configured to communicate with a mobile device over a network:
receiving, from the mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including: a unique identifier representing a serial number of the beacon device; non-unique identifiers including a major code indicative of a first location area and a minor code indicative of a second location area that is a subset of the first location area; and a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;
incrementing a local verification value from the initial seed value based on a clock according to the security algorithm;
performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server;
if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and
if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device.

US Pat. No. 10,171,495

DETECTION OF MODIFIED REQUESTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, to a resource provider environment, a request for a connection to a resource;
determining a set of connection parameters for the request, the connection parameters selected from at least two layers of a networking framework;
analyzing the set of connection parameters, prior to establishing the connection to the resource, to determine connection parameter data corresponding to at least one combination of at least a subset of the set of connection parameters;
comparing the connection parameter data to a set of connection parameter signatures, each connection parameter signature corresponding to a previously determined combination and ordering of connection parameters having a determined probability of corresponding to a man-in-the-middle attack on a respective connection;
determining one or more matching signatures, of the set of connection parameter signatures, corresponding to the connection parameter data;
calculating, for the request, a request probability value based at least in part upon the respective probabilities of the one or more matching signatures;
comparing the request probability value to a probability threshold; and
performing at least one determined action in response to the request probability value exceeding the probability threshold.

US Pat. No. 10,171,494

SCARECROW FOR DATA SECURITY

International Business Ma...

1. A computer-implemented method comprising:receiving information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user;
determining, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and
in response to determining that the plurality of computers are acting in concert to perform the hacking transaction:
generating, by machine logic performed by a machine, a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format,
sending the plurality of scarecrow messages, through a network communication channel, to respectively corresponding computers of the plurality of computers, and
sending, by machine logic performed by a machine, a security alert to a security product;
wherein:
the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and
each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of: an internet protocol (IP) address associated with the respectively corresponding computer; a phantom background process; and a log-in chain associated with the respectively corresponding computer.

US Pat. No. 10,171,493

METHOD AND SYSTEM TO DYNAMICALLY OBFUSCATE A WEB SERVICES INTERFACE

Sears Brands, L.L.C., Ho...

1. A method for operating a system that uses a dynamically generated web services interface to protect a processor of service requests from attacks received via a data communication network, the method comprising:receiving, by web server circuitry, a first service request from a client system via the data communication network, wherein the first service request comprises an identifier of the client system, a service identifier, and a service key;
producing, by web service protection circuitry coupled to the web server circuitry, a client date and time by deciphering a portion of the service identifier using the identifier of the client system;
determining, by the web service protection circuitry, whether the first service request is an initial service request received by the web server circuitry from the client system;
if it is determined that the first service request is the initial service request received from the client system, identifying, by the web service protection circuitry, the client system as an authorized client system if the produced client date and time matches a default date and time;
if it is determined that the first service request is not the initial service request received from the client system, identifying, by the web service protection circuitry, the client system as an authorized client system if the produced client date and time matches a stored date and time corresponding to receipt of a previous service request received from the client system; and
if the client is identified as an authorized client system:
sending a second service request, by the web server circuitry to application server circuitry, wherein the second service request comprises a service name portion and the service key; and
forwarding, by the web server circuitry to the client system, a response of the application server circuitry to the second service request.

US Pat. No. 10,171,490

SYSTEM AND METHOD FOR STRATEGIC ANTI-MALWARE MONITORING

Tenable, Inc., Columbia,...

1. A system for detecting and remediating botnet participation in a network, comprising:a memory; and
one or more processors coupled to the memory and configured to:
communicate with a scanning target located in the network to obtain netstat information describing a plurality of current connections on the scanning target;
identify, from the obtained netstat information, a source Internet Protocol (IP) address and a destination IP address associated with each of the plurality of current connections on the scanning target;
detect that the scanning target is a participant in a botnet in response to one or more of the source IP address or the destination IP address associated with at least one of the plurality of current connections appearing in a list that includes one or more known botnet IP addresses;
determine connectivity associated with the botnet based at least in part on the netstat information describing the plurality of current connections on the scanning target, wherein the determined connectivity indicates a topology associated with one or more compromised hosts that have been recruited into participation in the botnet and botnet traffic attributable to each of the one or more compromised hosts; and
disable network connectivity for at least the scanning target and the one or more compromised hosts to isolate the network from the botnet traffic.

US Pat. No. 10,171,488

USER BEHAVIOR PROFILE

Forcepoint, LLC, Austin,...

1. A computer-implementable method for generating a cyber behavior profile, comprising:monitoring electronically-observable user interactions, the electronically-observable user interactions comprising a behavior exhibited by a user that is observed through the use of at least one of an electronic device, a computer system and a software application executing on the computing system;
converting the electronically-observable user interactions into electronic information representing the electronically-observable user interactions, the electronic information representing the electronically-observable user interactions comprising multi-layered electronic information, each layer of the multi-layered electronic information corresponding to a respective layer of user interaction; and
generating a multi-dimensional cyber behavior profile based upon the multi-layered electronic information representing the user interactions;
identifying a known good interaction between the user and the information handling system;
storing a representation of the known good interaction between the user and the information handling system within the multi-dimensional cyber behavior profile as a known good user behavior element;
identifying an anomalous interaction between the user and the information handling system;
storing a representation of the anomalous interaction between the user and the information handling system within the multi-dimensional cyber behavior profile as a suspect user behavior element;
generating a user behavior profile score and a hash based upon the known good interaction and the anomalous interaction; and,
storing the user behavior profile score and the hash within the multi-dimensional cyber behavior profile.

US Pat. No. 10,171,487

GENERATING A VIRTUAL DATABASE TO TEST DATA SECURITY OF A REAL DATABASE

International Business Ma...

1. A computer system for determining a data security risk level of a virtual database, the computer system comprising:a bus system;
a storage device connected to the bus system, wherein the storage device stores program instructions; and
a processor connected to the bus system, wherein the processor executes the program instructions to:
import an object catalog corresponding to a real database into the virtual database;
organize objects in the object catalog by levels within the virtual database;
determine whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions;
return a data security test failure result in response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action in response to determining that one or more test query messages in the traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions; and
determine a data security risk level for the virtual database based on the returned data security test result.

US Pat. No. 10,171,486

SECURITY AND AUTHENTICATION DAISY CHAIN ANALYSIS AND WARNING SYSTEM

International Business Ma...

1. A method, implemented by an information handling system that includes one or more processors and a memory accessible by at least one of the processors, the method comprising:monitoring a plurality of sets of user authentication data pertaining to a first plurality of network sites, wherein each of the sets of user authentication data is used by a user to access one of the first plurality of network sites;
storing a first set of metadata pertaining to the plurality of sets of user authentication data in a database;
gathering a plurality of outputs displayed by a second plurality of network sites, wherein the first plurality of network sites is a subset of the second plurality of network sites;
storing a second set of metadata pertaining to the plurality of outputs in the database;
performing an analytical analysis based on the sets of user authentication data and the gathered outputs; and
alerting the user regarding one or more security vulnerabilities, wherein at least one of the vulnerabilities corresponds to a selected one of the plurality of outputs matching at least a portion of a selected set from the user authentication data, and wherein the alerting further comprises providing a visual representation that depicts one or more links between the first set of metadata and the second set of metadata.

US Pat. No. 10,171,485

SYSTEM CONVERSION IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A method of providing security in a networked computing environment, comprising:detecting, by at least one computer device, a breach of a first system in the networked computing environment;
determining a distance between a second system in the networked computing environment and the first system, the second system being a non-breached system;
determining whether or not the non-breached second system is an at-risk system based on whether or not the determined distance between the non-breached second system and the first system exceeds a threshold; and
in response to determining that the non-breached second system is the at-risk system, re-generating, by the at least one computer device, the non-breached second system as a new virtual machine at a new location in the networked computing environment,
wherein the determining whether or not the non-breached second system is the at-risk system comprises determining a risk factor for the non-breached second system and comparing the risk factor to the threshold.

US Pat. No. 10,171,484

SECURING SERVICES IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

4. A system, comprising:a CPU, a computer readable memory and a computer readable storage medium associated with a computer device of a service provider;
program instructions to receive, by the computer device, a breach notification from a user device, wherein the user device includes a client that corresponds to the service provider, and the breach notification indicates a potential security compromise of the user device;
program instructions to identify, by the computer device, a plurality of user devices that have the client; and
program instructions to transmit, by the computer device, a respective security profile, from among a plurality of security profiles, to each of the identified plurality of user devices, wherein each of the plurality of security profiles defines a security challenge that must be completed by a respective user device, from among the plurality of user devices, to obtain access,
wherein the program instructions are stored on the computer readable storage medium for execution by the CPU via the computer readable memory,
wherein each respective security profile, from among the plurality of security profiles, is specific to a corresponding one of the plurality of user devices, and different from security profiles of others of the plurality of user devices.

US Pat. No. 10,171,482

PRE-PROCESSING BEFORE PRECISE PATTERN MATCHING

International Business Ma...

1. A computer system for identifying a target pattern from a stream of patterns, the target pattern and the stream of patterns comprises consecutive elements and the target pattern comprises one or more of the consecutive elements of the stream of patterns, the method comprising:one or more computer processors, one or more computer-readable storage media, and program instructions stored on the one or more computer-readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising:
program instructions to acquire a first occurrence value for each element in the target pattern, wherein the first occurrence value is equal to the number of times each element occurs in the target pattern;
program instructions to store a predetermined number of consecutive elements from the stream of patterns in a buffer as a section of elements, wherein the section of elements is defined by a buffer starting point indicator and a buffer ending point indicator;
program instructions to determine a second occurrence value for each element in the target pattern, wherein the second occurrence value is equal to the number of times each element in the target pattern occurs in the section of elements stored in the buffer;
program instructions to update the buffer to include one additional element in the section of elements by moving the buffer ending point indicator towards the end of the stream of patterns by one element;
program instructions to repeat determining the second occurrence value and updating the buffer until the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to output the elements in the buffer in response to determining the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to perform a precise pattern matching operation on the outputted elements of the buffer to determine if the target pattern is contained within only the last x elements of the buffer, wherein x is equal to the number of elements in the target pattern; and
in response to determining the target pattern is not contained within the last x elements of the buffer, program instructions to reset the buffer to its initial length by updating the buffer starting point indicator to indicate the (y ?x +1)th character, wherein y is equal to the buffer ending point indicator.

US Pat. No. 10,171,481

SYSTEM AND METHOD FOR ENHANCED DISPLAY-SCREEN SECURITY AND PRIVACY

INTERNATIONAL BUSINESS MA...

1. A security system comprising:a memory;
a hardware processor coupled to the memory;
a sensitivity determining module including instructions on said memory executed by the hardware processor for assigning a sensitivity value for text in a communication, wherein when the communication includes keywords in a sequence designated as being sensitive the sensitivity value is greater than a threshold sensitivity level, and when the communication does not include said keywords designated as being sensitive, the sensitivity values is less than the threshold sensitivity level;
a parsing module including instructions on said memory executed by the hardware processor for parsing the communication into a sequence of text fragments when the value of sensitivity assigned to said text in the communication by the sensitivity determining module exceeds the threshold sensitivity value, and indicates a sensitive message, or not parsing the communication when the value of the sensitivity assigned to said text in the communication by the sensitivity determining module does not exceed the threshold sensitivity value, and indicates a message that is not sensitive, wherein the parsing module for parsing sensitive communications changes the order of letters in each word of the communication except for the first letter and last letter of said each word; and
a transmission module including instructions on said memory executed by the hardware processor for transmitting the communication of the sensitive message as the sequence of text fragments as a rapid serial visualization (RSV) presentation, or transmitting the communication without parsing when the message is not sensitive.

US Pat. No. 10,171,480

CLOUD-BASED SURVEILLANCE WITH INTELLIGENT TAMPER PROTECTION

INTERNATIONAL BUSINESS MA...

1. A computer implemented method for managing a security system, the computer-implemented method comprising:receiving, at a central communication unit from a first surveillance device, a recording of first surveillance data captured by the first surveillance device, wherein the first surveillance data is received by way of at least one of a first transmission channel and a second transmission channel between the first surveillance device and the central communication unit, wherein the second transmission channel is redundant with the first transmission channel;
transmitting the first surveillance data, from the central communication unit to a cloud storage, wherein the first surveillance data is transmitted by way of at least one of a third transmission channel and a fourth transmission channel between the first surveillance device and the central communication unit, wherein the fourth transmission channel is redundant with the third transmission channel; and
performing buffering preparations on the first surveillance data prior to the central communication unit transmitting the first surveillance data to the cloud storage, wherein the buffering preparations performed are dependent on a current state of the security system.

US Pat. No. 10,171,479

FAST MULTICAST MESSAGING ENCRYPTION AND AUTHENTICATION

SONY INTERACTIVE ENTERTAI...

1. A sender device comprising:at least one computer memory that is not a transitory signal and that comprises instructions executable by at least one processor to:
access a first key;
encrypt the first key with a second key to render an encrypted key;
encrypt the encrypted key with a key of at least a first recipient device to render a first device key (FDK);
concatenate the first FDK and the encrypted key to render a concatenation;
sign the concatenation to render a signed concatenation; and
distribute the signed concatenation to at least the first receiver for use in securely exchanging digital information at least in part by using the sender device to transmit the signed concatenation to the first receiver.

US Pat. No. 10,171,478

EFFICIENT AND SECURE METHOD AND APPARATUS FOR FIRMWARE UPDATE

1. A vehicle, comprising:an untrusted electronic control unit (ECU) comprising a receiver, a processor, and a memory, the receiver configured for receiving from a secure server a firmware update package including one or more firmware updates, and the memory of the untrusted ECU configured to store the firmware update package;
a secure ECU operatively coupled to the untrusted ECU, the secure ECU configured for authenticating the firmware update package; and
one or more target ECUs, each operatively coupled to the untrusted ECU and to the secure ECU, each respective target ECU comprising a bootloader configured for computing a checksum for a respective firmware update of the one or more firmware updates and signing the checksum with a unique key associated with the respective target ECU.

US Pat. No. 10,171,477

AUTHENTICATED DATA STREAMING

Amazon Technologies, Inc....

1. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:establish a Hypertext Transport Protocol (“HTTP”) connection to a service;
send a header of an HTTP multipart request to the service via the HTTP connection;
acquire data representing a portion of a content stream;
after sending the header, send the data to the service via the HTTP connection as a first part of the HTTP multipart request;
determine an authentication code for the portion of the content stream; and
send the authentication code to the service via the HTTP connection as a second part of the HTTP multipart request after sending the first part.

US Pat. No. 10,171,476

SYSTEM AND METHOD FOR PROTECTING THE PRIVACY OF IDENTITY AND FINANCIAL INFORMATION OF THE CONSUMER CONDUCTING ONLINE BUSINESS

1. A method of providing verification of an individual to a third party by providing to the third party a representation of an originally issued identity document associated with information provided by the individual during the verification process comprising:providing to a first electronic device first credential information relating to the individual associated with the first electronic device; the first credential information authorizing submission of a first message to a remote server;
transmitting first data from the first electronic device to the remote server, the first data comprising an authorization to submit information derived from the originally issued identity document to a second device associated with the third party;
transmitting second data from the first electronic device to the remote server, the second data comprising second credential information needed to complete independent verification of the first data by the remote server;
the remote server cryptographically combining the first data and the second data to generate a result and using the result to locate a matching verification entry in a database or similar data storage entity;
in response to locating the match of verification entry, delivering third data by the remote server to a second electronic device associated with the third party, the third data consisting of the information derived from the originally issued identity document required by the third party; and
denying delivering the third data when the matching verification entry cannot be located.

US Pat. No. 10,171,473

CONTENT FILTERING FOR PERSONAL PRODUCTIVITY APPLICATIONS

International Business Ma...

1. A method comprising:determining a set of content rules that controls delivery of messages stored on a user device by an e-mail application running on the user device according to a first context profile;
receiving a selection of the first context profile from a set of context profiles;
responsive to the selection of the first context profile, filtering a first set of messages associated with the e-mail application to identify context-specific messages by applying the set of content rules; and
causing the e-mail application to deliver only the context-specific messages for display on the user device;
wherein:
each context profile of the set of context profiles is associated with a corresponding set of content rules; and
the determining a set of content rules includes identifying the corresponding set of content rules associated with a context profile selected from the set of context profiles.

US Pat. No. 10,171,472

ROLE-SPECIFIC SERVICE CUSTOMIZATION

Microsoft Technology Lice...

1. One or more computing devices comprising:one or more processors; and
one or more memory storing computer-executable instructions, which, when executed by the one or more processors, cause the one or more computing devices, in aggregate, to:
provide a computer-network-accessible service that is interacted with by an individual user, the individual user having multiple roles and interacting with the service differently depending on which of the multiple roles the individual user has assumed during the individual user's interaction with the service;
receive a detected action of the individual user;
select, from among the multiple roles, a current role of the individual user based on the detected action of the individual user, the detected action having been previously associated with the current role as a role determinant of the current role; and
select a current role profile, which controls the individual user's interactions with the service, based on the selected current role, the current role profile comprising an explicit enumeration of both: (1) at least one included profile detail and (2) at least one excluded profile detail.

US Pat. No. 10,171,471

EVIDENCE-BASED ROLE BASED ACCESS CONTROL

International Business Ma...

1. A method for assigning roles to multiple users of a computer system, comprising:assigning, to the multiple users, respective sets of original roles for accessing data stored on the computer system;
performing, in response to requests from the multiple users, multiple operations on the data;
generating a transaction log file comprising a plurality of entries, each of the entries storing attributes of a given operation;
identifying, by a processor based on the entries in the log file, a respective set of learned roles for each of the multiple users by defining, for each transaction log entry, a connection comprising one or more of the attributes and indicating a path from one of the multiple users to a given table accessed by the one of the users, identifying a unique set of the connections, defining a set of initial roles in a one-to-one correspondence with the unique set of the connections, each of the initial roles comprising an initial set of the users and a set of initial permissions, and applying, by the processor to the initial roles, a Hierarchical Clustering algorithm to identify the set of learned roles, each of the learned roles comprising a set of clustered permissions and associated with a subsequent set of the users;
assigning, to each given user, the respective sets of the learned roles associated with the given user; and
restricting, to the multiple users based on their respective assigned learned roles, access to the data on the computer system.

US Pat. No. 10,171,469

INFORMATION PROCESSING SYSTEM, ACCESS METHOD, AND TERMINAL DEVICE

Ricoh Company, Limited, ...

1. An information processing system comprising:a terminal device; and
an information processing apparatus including,
a processor configured to register information, the information linking a content to a target image, and
a memory configured to store a medium code and device information such that the medium code is associated with the device information, the device information identifying the terminal device wherein
the terminal device including a processor configured to,
obtain a captured image by capturing a subject, the captured image including the target image and a code image extractable from the captured image, the code image being on the target image, the code image being designable based on the target image,
acquire access destination information from the information processing apparatus based on the captured image, the access destination information indicating a source of the content,
retrieve, via the source, the content corresponding to the captured image based at least on the medium code acquired from the code image such that, if the medium code is registered to a different terminal device, the processor of the terminal device is unable to retrieve the content from the source, and
provide, via a display, the content linked to the target image included in the captured image based on the code image extracted from the captured image.

US Pat. No. 10,171,468

SELECTIVE PROCESSING OF APPLICATION PERMISSIONS

International Business Ma...

1. A method for processing application permission requests, the method comprising:detecting, by a processor of a computing system, that an application has been downloaded to the computing system;
establishing, by the processor, a data exchange between the application and a gateway interface of the computing system to prevent a data exchange between an operating system of the computing device and the application, by at least one of intercepting and overriding APIs of the application, in response to the application being downloaded to the computing system;
receiving, by the processor, one or more permission requests from the application for resources located on the computing system;
determining, by the processor, that at least one of the one or more permission requests is a required permission of the application;
prompting, by the processor, the user to decide the one or more permission requests;
receiving, by the processor, a denial of the required permission from the user, in response to the prompting;
responding, by the processor, to the application by providing spoofed resources to the application to satisfy the required permission of the application;
generating, by the processor, one or more templates of simulated spoofed resources over time based on a learning algorithm that analyzes historical responses of spoofed resources to required permissions; and
storing, by the processor, the one or more templates for automatically simulating spoofed resources to satisfy the required permissions of subsequent applications downloaded to the computing system.

US Pat. No. 10,171,467

DETECTION OF AUTHORIZATION ACROSS SYSTEMS

International Business Ma...

1. A computer-implemented method comprising:receiving, at a first system and from a second system unauthorized by the first system, a request for operating a resource of the first system;
in response to an authorization chain being detected based on a first record, authorizing the operation of the resource of the first system, the authorization chain including at least a third system that authorizes the second system and is authorized by the first system, the first record at least indicating one or more systems that are authorized by the first system to operate resources of the first system wherein a record associated with the authorization chain is updated, based on a user input, creating a dynamic authorization relationship.

US Pat. No. 10,171,466

MAINTAINING A COMMON IDENTIFIER FOR A USER SESSION ON A COMMUNICATION NETWORK

Sprint Communications Com...

1. A method of operating a communication network comprising:an access node receiving an access request from a user device and responsively transferring a first authentication request for the user device to an authentication node;
the authentication node receiving the first authentication request for the user device and authorizing a communication session for the user device;
the authentication node transferring a billing identifier for the communication session for the user device to the access node responsive to the communication session authorization;
the access node receiving the billing identifier for the communication session for the user device and responsively transferring an application registration for the user device to an application node;
the application node receiving the application registration for the user device and responsively transferring a second authentication request for the user device to the authentication node;
the authentication node receiving the second authentication request for the user device, correlating the second authentication request to the authorized communication session for the user device, and transferring the billing identifier for the communication session for the user device to the application node;
the application node receiving the billing identifier for the communication session for the user device;
the access node tracking network usage for the user device over the communication session and transferring network usage records having the billing identifier for the communication session for the user device to a billing node;
the application node tracking mobile internet application usage for the user device over the communication session and transferring mobile internet application usage records having the billing identifier for the communication session for the user device to the billing node; and
the billing node receiving the network usage records and the mobile internet application usage records and responsively reconciling the network usage and the mobile internet application usage for the user device based on the billing code.

US Pat. No. 10,171,465

NETWORK AUTHORIZATION SYSTEM AND METHOD USING RAPIDLY CHANGING NETWORK KEYS

1. A method for authenticating a client device for access to a host device, the client device having a device identifier, the method comprising the steps of:generating a first timestamp in the client device, the first timestamp including at least two time unit values;
retrieving a first group of character strings from a host string table in the client device, each character string within the first group being related within the host string table to a time unit value of the first timestamp;
combining the first group of character strings into a first string set;
creating an initiating string in the client device, the initiating string including the device identifier, the first timestamp, and the first string set;
sending the initiating string to the host device;
retrieving a second group of character strings from a host string table in the host device,
each character string within the second group being related within the host string table to a time unit value of the first timestamp;
combining the second group of character strings into a second string set;
comparing the first string set to the second string set;
generating a second timestamp in the host device, the second timestamp including at least two time unit values;
sending the second timestamp to the client device;
retrieving a third group of character strings from a client string table in the client device,
each character string within the third group being related within the client string table to a time unit value of the second timestamp;
combining the third group of character strings into a third string set;
creating a verification string in the client device, the verification string including the device identifier, the second timestamp, and the third string set;
sending the verification string to the host device;
retrieving a fourth group of character strings from a client string table in the host device, the client string table being associated with the client device, each character string within the fourth group being related within the client string table to a time unit value of the second timestamp;
combining the fourth group of character strings into a fourth string set; and
comparing the fourth string set with the third string set;
granting the client device access to an advanced login stage when the fourth string set is identical to the third string set;
generating a third timestamp in the client device, the third timestamp including at least two time unit values;
sending the third timestamp to the host device;
retrieving a fifth group of character strings from a client string table in the host device, each character string within the fifth group being related within the client string table to a time unit value of the third timestamp;
concatenating the fifth group of character strings into a fifth string set in an order determined by a client sequence table in the host device, the client sequence table relating an order of time units to the value of one of the time units;
sending the third timestamp and third string set to the client device;
retrieving a sixth group of character strings from a client string table in the client device, each character string within the sixth group being related within the client string table to a time unit value of the third timestamp;
concatenating the sixth group of character strings into an order determined by a client sequence table in the client device, the client sequence table relating an order of time units to a time unit value of the third timestamp; and
comparing the sixth string set with the fifth string set; and
blocking the host device from accessing the client device when the fifth string set does not match the sixth string set.

US Pat. No. 10,171,464

DATA PROCESS APPARATUS, DATA SHARING METHOD, AND DATA PROCESS SYSTEM

Ricoh Company, Ltd., Tok...

1. A data process apparatus comprising:a processor that is configured to:
receive a creation request for creating a sharable data storage space from an unauthenticated data terminal that is not authenticated to access the sharable data storage via a first authentication route and transmit a response to the unauthenticated data terminal, the response including access data indicating authorization for accessing the sharable data storage space via a second authentication route that is different from the first authentication route and data indicating the sharable data storage created in association with the access data;
authenticate the access data when the data process apparatus receives an access request including a designation of the access data for accessing the shared data storage space from an unauthenticated data terminal connected to a same network as the data process apparatus;
receive the access request from the unauthenticated data terminal when the authentication of the access data succeeds and perform a predetermined process in accordance with the access request, and
automatically generate the access data including an access code for each sharable data storage space and transmit the response including the access data in response to the creation request from the unauthenticated data terminal the access,
wherein the data process apparatus has a table in which the access data including the access code is managed in association with said each shareable data storage.

US Pat. No. 10,171,463

SECURE TRANSPORT LAYER AUTHENTICATION OF NETWORK TRAFFIC

Amazon Technologies, Inc....

1. A method for authenticating secure transport layer network packets, the method comprising:receiving, at a computing device, a secure transport layer network packet sent from a source computing device and addressed to a destination computing device, the secure transport layer network packet comprising a transport layer network packet and a token packet associated with the transport layer network packet, wherein the secure transport layer network packet comprises one of a User Datagram Protocol (UDP) packet or a Transmission Control Protocol (TCP) packet;
obtaining, by the computing device, a verification key for the secure transport layer network packet;
utilizing, by the computing device, the verification key to verify authenticity of the secure transport layer network packet based on data contained in the token packet;
determining, by the computing device, that the verification is successful; and
in response to determining that the verification is successful, forwarding, by the computing device, the transport layer network packet to the destination computing device.

US Pat. No. 10,171,462

SYSTEM AND METHOD FOR SECURE INTERNET OF THINGS (IOT) DEVICE PROVISIONING

Afero, Inc., Los Altos, ...

1. A method comprising:generating, by an IoT service, an association between a new Internet of Things (IoT) device identification (ID) code and an association ID code, wherein the new IoT device ID code and the association ID code are each an equal length code;
storing, by the IoT service, the association in an IoT device database of the IoT service, wherein the IoT device database includes a first value indicating an IoT device has not been provisioned, and a second value indicating an IoT device has been provisioned;
providing, by the IoT service, a barcode or a Quick Response (QR) code to be printed on a new IoT device, the barcode or QR code encoding the association ID code, wherein the new IoT device stores the new IoT device ID code in a secure communication module, the secure communication module including a programmable subscriber identity module (SIM);
establishing, by an IoT hub, a local communication channel via a Bluetooth Low Energy (BTLE) link with the new IoT device, the new IoT device including the barcode or QR code printed thereon;
optically reading, by the IoT hub, the barcode or QR code to determine the association ID code from the new IoT device;
transmitting, by the IoT hub, the association ID code to the IoT service via a secure communication channel, the IoT service performing a lookup in the IoT device database using the association ID code to determine the new IoT device ID code;
identifying, by the IoT service, an encryption key on the IoT service, wherein the IoT service is to use the new IoT device ID code as the encryption key;
establishing, by the IoT service, an encrypted communication channel with the new IoT device using the encryption key and elliptic curve encryption;
provisioning the new IoT device with the IoT service;
authorizing, by the IoT service, the IoT hub to communicate with the new IoT device after the new IoT device has been provisioned; and
updating, by the IoT service, the IoT device database to indicate the new IoT device has been provisioned.

US Pat. No. 10,171,461

SYSTEM AND METHOD OF SECURE ENCRYPTION FOR ELECTRONIC DATA TRANSFER

Ceelox Patents, LLC, Ove...

1. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a hardware processor, perform a method of securely transferring data between a sender and a recipient, comprising the steps of:receiving, from the sender, information indicative of biometric authentication information for the recipient, the information indicative of biometric authentication information for the recipient useable to determine a transaction-specific encryption key;
determining, by the sender, the transaction-specific encryption key;
encrypting, by the sender and using the transaction-specific encryption key, a message including the data to obtain an encrypted message;
transmitting, by the sender, the encrypted message;
receiving, by the recipient, the encrypted message;
receiving, from the recipient, biometric authentication information for the recipient, the biometric authentication information for the recipient useable to determine a transaction-specific decryption key;
determining, by the recipient, the transaction-specific decryption key;
decrypting, by the recipient and using the transaction-specific decryption key, the encrypted message to obtain the message including the data.

US Pat. No. 10,171,460

PROXIMITY-BASED SYSTEM FOR AUTOMATIC APPLICATION OR DATA ACCESS AND ITEM TRACKING

PROXENSE, LLC, Bend, OR ...

1. A system comprising:one or more processors; and
a memory including instructions that, when executed by the one or more processors, causes the system to:
determine one or more prerequisites for accessing a computing device that is physically shared by a plurality of users, the one or more prerequisites including an authentication and selection of a user name;
subsequent to authentication of a first user, identify a first user name associated with the first user;
subsequent to authentication of a second user, identify a second user name associated with the second user;
receive the first user name as a selected user name from a group including the first user name and the second user name; and
subsequent to receiving the selected user name, launch one or more applications based on the selected user name, wherein the authentication and selection of the user name satisfy the prerequisites for accessing the computing device that is physically shared.

US Pat. No. 10,171,459

METHOD OF PROCESSING A CIPHERTEXT, APPARATUS, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A method executed by an authentication system that includes a terminal device and an encryption processing device, the method comprising:acquiring, by a sensor included in the terminal device, biometric information;
generating, by a first processor included in the terminal device, a ciphertext from the acquired biometric information;
receiving, by a second processor included in the encryption processing device, a request for an authentication from the first processor, the request including the generated ciphertext;
acquiring a part of a plurality of encrypted elements included in the ciphertext, each of the plurality of encrypted elements being an encrypted element in which values of a plurality of elements in a multidimensional determination target vector are respectively encrypted by homomorphic encryption, in response to the request;
decrypting the acquired part of the plurality of encrypted elements; and
determining that the authentication is failed when at least one of values obtained by the decrypting is a value other than 0 and 1.

US Pat. No. 10,171,458

WIRELESS PAIRING AND COMMUNICATION BETWEEN DEVICES USING BIOMETRIC DATA

Apple Inc., Cupertino, C...

1. A system for wireless pairing and communication between devices using biometrics, the system comprising:a device, comprising:
a processing unit;
a wireless communication component coupled to the processing unit;
a touchscreen display coupled to the processing unit;
a biometric sensor coupled to the processing unit; and
a non-transitory storage medium storing instructions executable by the processing unit to cause the device to:
display a pairing prompt on the touchscreen display when a host and the device are in wireless communication range of each other;
capture biometric data using the biometric sensor when a user initiates pairing using the touchscreen display; and
receive a configuration file from the host based at least on the captured biometric data, wherein:
the configuration file specifies an arrangement of one or more navigation items in a user interface of the host; and
the device reconfigures, based at least in part on the configuration file, an arrangement of one or more navigation items in a user interface of the device according to the arrangement of the one or more navigation items in the user interface of the host, thereby causing a configuration of the device to resemble the configuration of the host.

US Pat. No. 10,171,457

SERVICE PROVIDER INITIATED ADDITIONAL AUTHENTICATION IN A FEDERATED SYSTEM

International Business Ma...

1. A method for accessing, initiated by a service provider, a high value transaction website using an additional authentication, the method comprising:accessing, by a processor, a website hosted by a service provider, wherein;
the access to the website requires an authorization of a user identification associated with the user and a password associated with the user; and
the website utilizes Federated Single Sign-On (FSSO) along with a plurality of websites;
responsive to receiving a validated user identification associated with the user and password associated with the user, requesting, by the processor, a token from an identity provider that maintains the FSSO credentials for the website, wherein;
the token provides access to an application programming interface (API) for the plurality of websites utilizing FSSO;
the token restricts the user to access only a transaction at the website; and
the transaction requires an additional credential, beyond the user identification associated with the user and the password associated with the user, to acquire access;
receiving, by the processor, the token and causing the token to be stored at the service provider;
receiving a second indication, by the processor, that the token has been inserted into a security protocol and is validated by the identity provider, wherein the security protocol is an open standard data format for exchanging authentication and authorization data between a plurality of processors;
receiving, by the processor, a second indication that the user's session of the website has expired;
subsequent to the second indication that the user's session of the website has expired, requesting to access, by the processor, the transaction at the website;
executing, by the processor, the API, using the token, to determine the service provider has access to the token associated with the user and to request a one-time password, from the identity provider, for access to the transaction at the website;
subsequent to the second indication that the user's session of the website has expired, causing, by the processor, the one-time password to be transmitted to the user without the user resubmitting the user identification associated with the user and the password associated with the user; and
responsive to validation of a submission of the one-time password accessing, by the processor, the transaction at the website hosted by the service provider.

US Pat. No. 10,171,455

PROTECTION OF APPLICATION PASSWORDS USING A SECURE PROXY

International Business Ma...

1. A computer system comprising one or more hardware processors, one or more tangible computer readable storage media, a memory, and program instructions stored on at least one of the one or more tangible computer readable storage media, which, when executed by at least one of the one or more hardware processors, cause the at least one of the one or more hardware processors to perform a method comprising:receiving, by a proxy server from a client computer, a request to access a protected resource located on a target server;
sending, by the proxy server to the client computer, an authentication challenge;
receiving, by the proxy server from the client computer, a response to the authentication challenge;
in response to authenticating, by the proxy server, the received response to the authentication challenge, initiating a secure active session between proxy server and client computer;
forwarding, by the proxy server to the target server, the protected resource access request;
receiving, by the proxy server from the target server, an access request response, wherein the access request response is a credential form including credential fields required to access the protected resource;
injecting, by the proxy server, into each required credential field, a corresponding credential field tag;
sending, by the proxy server to the client computer, the tagged credential form;
receiving, by the proxy server from the client computer, the tagged credential form with tagged credentials in the required credential fields with the credential field tags;
retrieving, by the proxy server from a protected datastore, target credentials mapped by the credential field tags;
replacing, by the proxy server, the tagged credentials in the tagged credential form with the corresponding retrieved target credentials;
sending, by the proxy server to the target server, the target credentials;
receiving, by the proxy server from the target server, an indication that the target credentials are invalid;
updating, by the proxy server, the target credentials and storing the updated target credentials in the protected data store without client computer intervention;
sending, by the proxy server to the target server, the updated target credentials; and
allowing, by the proxy server, the client computer to access the protected resource, in response to the target server validating the updated target credentials.

US Pat. No. 10,171,454

METHOD FOR PRODUCING DYNAMIC DATA STRUCTURES FOR AUTHENTICATION AND/OR PASSWORD IDENTIFICATION

1. A method for generating a changing authentication input or password required for a user in an access attempt for accessing a computing device such as a smartphone or server over a network, where said computing device is in operative communication with both a display capable of rendering objects in a Graphic User Interface (GUI) and an alphanumeric input component such as a keyboard, and running software adapted for operation and the steps of:communicating to said user, a GUI for input of a static code for and storing said static code in electronic memory as a stored static code;
communicating a GUI to said user for inputting of recognizable objects to be depicted amongst said objects;
storing said recognizable objects input by said user in electronic memory as uploaded recognizable objects;
having said user employ said input component to communicate alphanumeric characters associated to each respective uploaded recognizable object;
storing said alphanumeric characters communicated from said user in electronic memory as inputted alphanumeric characters which are associated with each said uploaded recognizable object, in a relational database;
upon an access attempt to said computing device, communicating a said GUI displaying at least one said uploaded recognizable object as at least one recognizable object depicted in a group of depicted said objects;
communicating a said GUI directing said user to input alphanumeric characters identifying said at least one recognizable object,
having said user communicate a current input of said static code;
generating an alphanumeric string from a combination of said alphanumeric characters input as identifying said at least one recognizable object in a combination with said current input of said static code input by said user;
generating a comparative authentication string from said inputted alphanumeric characters stored in electronic memory which are associated with said uploaded recognizable object depicted as said at least one recognizable object, in combination with said stored static code; and
authenticating said user if said comparative authentication string is determined to have a match with said alphanumeric string whereby access security for users of computers, websites and servers is enhanced by generation of different alphanumeric strings which must match differently generated comparative authentication strings, with each access attempt.

US Pat. No. 10,171,453

GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS

INTERNATIONAL BUSINESS MA...

1. A system, comprising:a memory; and
a processor programmed to execute a secure messaging component to:
determine, at the secure messaging component as part of providing a generalized certificate use service within a secure messaging environment, that a request to send a message has been generated by a message sender, where the generalized certificate use service provides real-time selective use of different secured digital certificates for different messages sent by the message sender, and the different secured digital certificates are digital certificates other than a digital certificate of the message sender;
identify, within the memory, a message protection policy configured to process the message under the generalized certificate use service within the secure messaging environment, where the message protection policy specifies the different secured digital certificates that are each configured with an associated private key to digitally sign the message on behalf of the message sender;
determine, based upon the message protection policy, to digitally sign the message using the private key of a secured digital certificate selected from the different secured digital certificates specified in the message protection policy; and
sign the message on behalf of the message sender using the private key of the selected secured digital certificate.

US Pat. No. 10,171,452

SERVER AUTHENTICATION USING MULTIPLE AUTHENTICATION CHAINS

International Business Ma...

1. A method to authenticate a server to a client, the server having an associated public key, comprising:associating “n” distinct certificates to the server's public key, each of the “n” distinct certificates being issued by a distinct certificate authority (CA), wherein each of the distinct certificates has a certification chain with a different root certificate authority, wherein the certificate chains for the “n” distinct certificates are valid and non-overlapping with respect to their intermediate and root CAs;
responsive to the client initiating a request for a secure channel to the server during a cryptographic handshake, providing the client the “n” distinct certificates; and
responsive to receipt from the client of an indication that the public key satisfies a client public key acceptance policy, establishing completing the cryptographic handshake to establish the secure channel between the client and the server;
the client public key acceptance policy specifying a required number of valid, non-overlapping certificate chains that must be present to satisfy a client threshold level of trust to thereby improve security of the cryptographic handshake.

US Pat. No. 10,171,451

DISTRIBUTED SINGLE SIGN-ON

International Business Ma...

1. A method for use, at an authentication server being one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the method comprising:storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t1 storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t2=t1 of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data, wherein said username is different for every verifier server, and wherein said secret data comprises data indicative of said username for each verifier server;
on receipt from the user computer of an authentication request sent to each of at least t1 authentication servers on input of a password attempt at the user computer, communicating via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers;
on receipt from the user computer of a token request sent to each of at least a plurality T=t1 of said at least t1 authentication servers on reconstruction of said secret data, communicating with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

US Pat. No. 10,171,450

GLOBAL TIME BASED AUTHENTICATION OF CLIENT DEVICES

Sprint Communications Com...

1. A system for authenticating client devices for communication with one or more wireless communications networks, the system comprising:a time tracking system; and
a security gateway comprising a processor and a non-transitory computer storage medium storing computer-useable instructions that, when used by the processor, cause the processor to:
receive at least one gateway global time from the time tracking system, the gateway global time being synchronized with a client global time;
provide an authentication challenge to the client device, the authentication challenge generated based on the at least one gateway global time and a client device identifier;
generate an expected response to the authentication challenge based on at least the authentication challenge, the client device identifier, and the client global time;
receive a response to the authentication challenge, the response generated by the client device; and
authenticate the client device on a wireless communications network based on comparing the response and the expected response using a matching function.

US Pat. No. 10,171,449

ACCOUNT LOGIN METHOD AND DEVICE

TENCENT TECHNOLOGY (SHENZ...

1. An account login method, comprising:storing, by a server, an association relation between a first account and a second account, and storing information of a login target corresponding to the second account;
receiving, by the server, a login request for using the first account to log in to the login target corresponding to the second account, retrieving login configuration information of the second account based on the association relation between the first account and the second account, and sending the login configuration information of the second account to the login target corresponding to the second account; and
logging in to the login target corresponding to the second account according to the login configuration information of the second account;
wherein the login request is a common login request that comprises an account identity of the first account, an account password of the first account, and the information of the login target corresponding to the second account; and the method further comprises:
authenticating the first account based on the account identity of the first account and the account password of the first account.

US Pat. No. 10,171,445

SECURE VIRTUALIZED SERVERS

International Business Ma...

13. A computer program product for providing secure access to physical resources via a partitionable input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a computer processing circuit to cause the circuit to perform the method comprising:receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resources are assigned to the particular WPAR;
accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;
receiving, from the Kerberos server, a valid ticket,
granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.

US Pat. No. 10,171,444

SECURITIZATION OF TEMPORAL DIGITAL COMMUNICATIONS VIA AUTHENTICATION AND VALIDATION FOR WIRELESS USER AND ACCESS DEVICES

IronClad Encryption Corpo...

1. One or more access devices or one or more user devices or both one or more access devices and one or more user devices comprising: at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory; one or more real or one or more virtual master distributed auto-synchronous array (DASA) databases or both one or more real and one or more virtual master distributed auto-synchronous array (DASA) databases located within or external to said access devices and said user devices, where said master (DASA) databases at least store and retrieve data and also include at least two or more partial distributed auto-synchronous array (DASA) databases, wherein said partial DASA databases function in either an independent manner, a collaborative manner or both an independent manner and a collaborative manner, wherein said master and said partial DASA databases analyze and provide information in a form of data and act to control one or more output devices, wherein said output devices are computing devices, wherein said one or more output devices create user devices, and wherein said master and said partial DASA databases configure bi-directional transmission of data to and from multiple partial user devices, to and from multiple partial access devices or to and from both multiple partial user and multiple partial access devices, wherein said user devices and said access devices are computing devices, and wherein one or more partial user and one or more partial access devices store and provide at least partial copies of portions of said master DASA databases, and wherein said master DASA databases, said partial DASA databases or both said partial DASA databases and said master DASA databases are linked and communicate with each other as well as inclusion of one or more logging and monitoring databases that provide statistical and numerical calculations utilizing data, wherein said one or more access devices authenticate using a first set of computing operations, and validate using a second set of computing operations, and wherein a third set of computing operations controls access for a specified set of users, wherein said computing operations define rules utilized to provide logic with regard to communications between said master and said partial DASA databases and said partial user and said partial access devices.

US Pat. No. 10,171,443

DISPLAYING THE ACCESSIBILITY OF HYPERLINKED FILES

International Business Ma...

1. A method for displaying an accessibility of a hyperlinked file, the method comprising:extracting a hyperlink from a target file, wherein the hyperlink references a resource displayable on a display apparatus, wherein the hyperlink is extracted from the target file in response to determining that a predetermined duration of time has lapsed since a previous determination of the accessibility of the resource, wherein extracting a hyperlink from a target file further comprises:
retrieving a FORM tag from a source code of the resource;
determining the source code of the resource comprises a first INPUT tag having a first attribute comprising a password attribute;
determining the source code of the resource comprises a second INPUT tag having a second attribute comprising a submit attribute;
determining the source code of the resource comprises a third INPUT tag having a third attribute that is not a password attribute and not a submit attribute; and
determining the hyperlink includes an authentication screen;
attempting to acquire the resource by performing a first authentication operation configured to fail and, in response, receiving a first object, wherein the first authentication operation configured to fail comprises the first authentication operation configured to generate an error screen, wherein the first object comprises a first screenshot of the error screen, wherein the first authentication operation includes inputting into an authentication screen a character string that includes characters that are not permitted to be used as the authentication information;
acquiring a second object by performing a second authentication operation using pre-determined authentication information, wherein the second object comprises a second screen shot of a screen resulting from the second authentication operation, wherein the pre-determined authentication information is associated with network position information of the resource, and wherein the second authentication operation is based, at least in part, on the network position information, wherein the pre-determined authentication information comprises a user identifier, a password, a determination date, and a determination time for the network position information, wherein the determination date indicates a date the second authentication operation was previously performed, and wherein the determination time indicates a time that the second authentication operation was performed on the determination date;
comparing the first object and the second object to determine if the first object is the same as the second object, wherein comparing the first object and the second object comprises comparing the first screen shot to the second screen shot; and
presenting, via the display apparatus, information indicating the accessibility of the resource, wherein the information is based, at least in part, on the comparison between the first object and the second object and further based, at least in part, on the target file.

US Pat. No. 10,171,442

PREDICTING A NEED FOR AND CREATING TEMPORARY ACCESS TO A COMPUTER COMPONENT IN INFRASTRUCTURE INFORMATION TECHNOLOGY

International Business Ma...

1. A method of provisioning temporary access to a computer component, the method performed by at least one hardware processor, the method comprising:based on monitoring the computer server, receiving a signal comprising a request that requires executing an action on a computer server;
determining a server configuration associated with the computer server by accessing at least one storage device storing a configuration database;
determining based on the server configuration, a technology associated with executing the action on the computer server;
searching a user profile database stored on the at least one storage device to identify candidate users having a skill set associated with the technology;
determining availability, location and a skill level of the candidate users;
predicting based on historical data a duration the candidate users would take to execute the action on the computer server;
based on at least the duration, the availability, the location and the skill level of the candidate users, determining at least one user from the candidate users to execute the action on the computer server; and
creating a temporary access credential for the at least one user to access the computer server to execute the action, the temporary access credential having expiration duration, the expiration duration covering a duration of time the at least one user takes to perform the action,
wherein the temporary access credential is created by interfacing with an authentication system associated with the computer server, and wherein the action is executed on the computer server.

US Pat. No. 10,171,441

SYSTEM AND METHOD FOR TRANSFORMING CHANNEL ID COMMUNICATIONS IN MAN-IN-THE-MIDDLE CONTEXT

International Business Ma...

1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising:generating, by a Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspector, a secret;
receiving, from a client, the Channel ID communication comprising a public key value;
deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication;
generating, by the SSL/TLS inspector, a new private key based upon the random seed value;
deriving, by the SSL/TLS inspector, a new public key based upon the new private key;
generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and
forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.

US Pat. No. 10,171,440

METHOD AND APPARATUS FOR MANAGING ENCRYPTION KEYS FOR CLOUD SERVICE

SAMSUNG SDS CO., LTD., S...

1. A key management method, comprising:encrypting a service key used by an instance of a first user of a cloud service, by using a master key;
generating, with a key access server, two or more key pieces for reconstructing the master key;
distributing, by the key access server, the two or more key pieces to two or more host servers included in a host group for providing the cloud service via a key sharing protocol, and storing each key piece in a different host server;
receiving a request for the service key from the instance of the first user;
receiving, at the key access server, the two or more key pieces from the two or more host servers and reconstructing, by the key access server, the master key based on the received two or more key pieces; and
decrypting the encrypted service key by using the reconstructed master key, wherein the key sharing protocol is a protocol which permits data communication between the key access server and the two or more host servers and does not permit data communication between the two or more host servers, and
wherein the two or more host servers determine whether the key access server is a malicious server by verifying key pieces opened by the key access server.

US Pat. No. 10,171,439

OWNER BASED DEVICE AUTHENTICATION AND AUTHORIZATION FOR NETWORK ACCESS

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method comprising:granting access to a network to any one of multiple devices of a same-owner,
each of said multiple devices having been previously associated with said same-owner at an authentication server, with the result that a plurality of device keys for authenticating said multiple devices are stored on said authentication server; and
said same-owner has previously been authorized to gain access to said network, such that a same-owner identification (ID) is stored on said authentication server;
listing of a device selected from any one of said multiple devices of said same-owner on said authentication server controlled by a network operator;
adding said same-owner ID to a same-owner-based access list of said same-owner associated with an operator ID of said network operator;
for each said device of said multiple devices, a private key is stored on said device, whereas a public key, associated with said same-owner, is stored on said authentication server on the public internet in the cloud;
associating each of said plurality of said device keys with a respective one of a plurality of device identification (IDs) or at least one of said multiple devices in said same-owner-based access list;
updating said same-owner-based access list to associate at least one of said plurality of device keys, or at least one of said plurality of device IDs with said same-owner ID;
receiving by said network operator, a network access request from and for said device to connect to said network, said device being one of said multiple devices of said same owner, wherein said network access request includes a device ID of said device requiring said network access request to be identified by said authentication server, but said network access request does not include said same owner ID;
receiving, by said authentication server from said network operator the network access request for said device;
authenticating, by said authentication server, said device using said device ID included in said network access request and a device key selected from said plurality of device keys, that is associated with said device ID on said same-owner-based access list and stored on said authentication server;
performing additional authentication in a challenge-response process between said authentication server and said device, based on the device key;
confirming, responsive to the additional authentication being successful, that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list; and
sending a notification causing said network operator to grant said device selected from any one of said multiple devices of said same-owner, access to said network, upon authenticating said device and confirming that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list;
wherein said network access request is confirmed by said authentication server, if said device, selected from any one of said multiple devices of said same-owner, is successfully authenticated, or if said same-owner of said device is confirmed to be associated to said device on said authenticated server, such that, in either case, said same-owner is authorized to access said network with the result that the access is same-owner-based and not device-based.

US Pat. No. 10,171,438

GENERATING A PASSWORD

INTERNATIONAL BUSINESS MA...

1. A method for generating a password, the method comprising:receiving, by a computer system, user input from a user for identifying a particular account from among a plurality of accounts;
selecting, by the computer system, a set of questions specific for the particular account from among a plurality of questions;
receiving, by the computer system, further user input comprising one or more received responses to each question of the set of questions;
determining, by the computer system, at least one hash by applying a hash function to the one or more received responses of each question of the set of questions;
generating, by the computer system, a password for the account based on the one or more received responses by selecting at least one hashed character from the at least one hash as one or more characters of a plurality of characters of the password; and
associating, by the computer system, an ordered index of the set of questions from among the plurality of questions and a particular character position of each at least one hashed character within the at least one hash, for use in recreating the password.

US Pat. No. 10,171,437

TECHNIQUES FOR SECURITY ARTIFACTS MANAGEMENT

Oracle International Corp...

1. A method comprising:receiving a request to manage security of an application;
identifying, by a computer system of a security management system, a plurality of security artifacts related to security for accessing the application, wherein the computer system is in a secure zone protected by one or more security measures;
determining, by the computer system, security access for accessing the application;
generating, by the computer system, a security artifact archive for the application, the security artifact archive including security data and security artifact data, wherein the security data is based on the security access, wherein the security data includes an access policy that indicates the security access and the security data includes attribute data indicating one or more attributes of the application, and wherein the security artifact data identifies one or more of the plurality of security artifacts;
storing the security artifact archive in association with an application identifier that identifies the application and a version identifier corresponding to the application, wherein the version identifier indicates a version of the security artifact archive, and wherein different versions of the security artifact archive correspond to changes in security access based on a different version of the application; and
responsive to the request, transmitting, by the computer system, the security artifact archive to the application, wherein the application operates to manage security for accessing the application based on the security artifact data and the security access in the security data of the security artifact archive, and wherein the application is outside the secure zone.

US Pat. No. 10,171,435

DEVICES THAT UTILIZE RANDOM TOKENS WHICH DIRECT DYNAMIC RANDOM ACCESS

IronClad Encryption Corpo...

1. One or more devices that encrypt data transmitted to or decrypt data received from or both transmit said data to and decrypt said data received from said devices that utilize one or more master keys comprising:at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory;
at least one encrypter or decrypter or both an encrypter and a decrypter that encrypt or decrypt or both encrypt and decrypt said data or associated data files or both said data and said associated data files that utilize one or more master keys and one or more key selectors, where one or more key selectors provide selection and provision of one or more encryption keys for each segment of bit by bit data or byte by byte data or both bit by bit data and byte by byte data, wherein said master keys and said key selectors produce a specific set of one or more executable encryption keys that encrypt or decrypt or both encrypt and decrypt said data or said associated data files or both said data and said associated data files where one or more said key selectors coincide with at least one value that directly corresponds with created cipher data or created cipher data files or both said created cipher data and said created cipher data files,
and wherein said key selectors are also encrypted and decrypted,
and wherein said key selectors and said created cipher data and said created cipher data files produce result data and result data files where said created cipher data and said created cipher data files together with said result data and said result data files are sealed to produce encrypted data and encrypted data files that are only encrypted and decrypted with one or more said master keys and one or more said key selectors.

US Pat. No. 10,171,432

SYSTEMS TO IMPLEMENT SECURITY IN COMPUTER SYSTEMS

Ari Birger, Palo Alto, C...

1. A computing system, comprising:a server including multiple cores dedicated to compute functions, wherein each core is dedicated to a single compute function;
a key management server configured to generate and issue a unique secret key to each core to encrypt the data of each compute function to isolate the data from another compute function; and
a shared memory accessed by one or more of the multiple cores configured to store the data of each function, wherein the security of the encrypted data of each compute function is isolated by a secret key obtained from the key management server, wherein the multiple cores include a hypervisor dedicated core, a cloud or data center management agent core, an orchestration core, a self service agent core, and a network function virtualization (NFV) core.

US Pat. No. 10,171,431

SECURE MESSAGE HANDLING OF AN APPLICATION ACROSS DEPLOYMENT LOCATIONS

International Business Ma...

1. A method for secure message handling of an application across deployment locations, said method comprising:dividing, by one or more processors of a computer system, the application into multiple processing nodes which process messages and which can be deployed in multiple different locations, wherein the application processes a message comprising a plurality of data aspects, wherein each data aspect in the message includes aspect data having a data aspect value in one or more fields in the message, and wherein one or more data aspects of the plurality of data aspects include respective deployment constraints on locations in which the aspect data in the one or more data aspects is deployed;
said one or more processors analyzing the application to identify one or more processing nodes of the multiple processing nodes that reference the one or more data aspects;
said one or more processors ascertaining whether the one or more data aspects are accessed by an identified processing node of the multiple processing nodes, wherein access to each data aspect of the one or more data aspects requires a data aspect value of said each data aspect of the one or more data aspects to be known;
if said ascertaining ascertains that the one or more data aspects are accessed by the identified processing node, then said one or more processors determining a restriction for the identified processing node based on the respective deployment constraints included in the accessed one or more data aspects and deploying the identified processing node according to the determined restriction for the identified processing node;
if said ascertaining ascertains that none of the one or more data aspects are accessed by the identified processing node, then said one or more processors marking the identified processing node or a preceding processing node that precedes the identified processing node to indicate a required tokenization of the one or more data aspects, said tokenization removing the deployment constraints for the identified processing node.

US Pat. No. 10,171,430

MAKING A SECURE CONNECTION OVER INSECURE LINES MORE SECURE

1. A communication system comprising:encryption circuitry;
formatter circuitry electrically coupled with the encryption circuitry; and
transmitter circuitry electrically coupled with the formatter circuitry, wherein:
the encryption circuitry is configured for:
receiving user datagrams;
determining a first packet-to-packet boundary, a second packet-to-packet boundary, and a third packet-to-packet boundary of the user datagrams;
encrypting the user datagrams to provide encrypted datagrams;
calculating a first checksum for encrypted data between the first packet-to-packet boundary and the second packet-to-packet boundary, wherein the first checksum is a first quantity of bits;
inserting the first checksum to the encrypted datagrams at the second packet-to-packet boundary;
calculating a second checksum for encrypted data between the second packet-to-packet boundary and the third packet-to-packet boundary, wherein the second checksum is a second quantity of bits and the second quantity of bits is greater than the first quantity of bits; and
inserting the second checksum to the encrypted data at the third packet-to-packet boundary, and
providing the encrypted datagrams, the first checksum, and the second checksum to the formatter circuitry,
wherein the encryption circuitry is further configured to provide an overhead communications channel having a variable bitrate,
wherein the variable bitrate is determined at least in part by a datagram bitrate and a fixed payload availability of the formatted bit stream;
the formatter circuitry is configured for:
inserting the encrypted datagrams, the first checksum, and the second checksum as payload data to a formatted bit stream having a total bitrate of approximately 10 gigabits per second; and
providing the formatted bit stream to the transmitter circuitry, wherein the formatted bit stream is compliant to a public switched network; and
the transmitter circuitry is configured for optically transmitting the formatted bit stream over the public switched network.

US Pat. No. 10,171,429

PROVIDING SECURITY TO VIDEO FRAMES

ARRIS Enterprises LLC, S...

1. A method of processing a compressed and encrypted video media program, comprising:processing at least a portion of the video media program in a video player that includes a computer processor for processing at least a portion of the video media program, the video player operable for:
receiving the media stream, wherein the video media stream is comprised of one or more chunks;
subdividing the chunks into one or more packets, wherein one or more of the packets include video data;
obfuscating or de-obfuscating at least some of the video data, wherein the step of obfuscating or de-obfuscating comprises obfuscating or de-obfuscating the video data using a caption handling with skip and select approach where only the video data in a first set of packets is de-obfuscated so that caption data is extracted; and
concatenating the video data into one or more frames for playback by the video player.

US Pat. No. 10,171,428

CONFIDENTIAL DATA MANAGEMENT METHOD AND DEVICE, AND SECURITY AUTHENTICATION METHOD AND SYSTEM

Rowem Inc., Seoul (KR)

1. A secure authentication method for performing secure authentication of a user by an authentication system, the secure authentication method comprising:receiving, by a service server, a service request from a first communication terminal;
transmitting, by a security server, a notification message including a stored decryption key to a second communication terminal in response to a notification message transmission request received from the service server;
decrypting, by the second communication terminal, a stored encrypted code table using the decryption key received from the security server;
outputting, by the second communication terminal, a security keypad to a screen, and when at least one input value is received through the security keypad, identifying each code mapped to the received at least one input value in the decrypted code table;
generating, by the second communication terminal, authentication information consisting of a combination of each identified code, and transmitting the authentication information to the service server; and
authenticating, by the service server, the first communication terminal based on the authentication information received from the second communication terminal.

US Pat. No. 10,171,426

HOME NETWORK CONTROLLING APPARATUS AND METHOD TO OBTAIN ENCRYPTED CONTROL INFORMATION

SAMSUNG ELECTRONICS CO., ...

1. A method of controlling, by a control device, at least one device by using control information, the method comprising:receiving, from a server, information used to configure a user interface or process an event related to controlling the at least one device by the control device, which has not been encrypted;
receiving, from the server, control information used to control at least one device, which has been encrypted using an encryption process;
transmitting a control command for controlling the at least one device according to the control information.

US Pat. No. 10,171,425

ACTIVE FIREWALL CONTROL FOR NETWORK TRAFFIC SESSIONS WITHIN VIRTUAL PROCESSING PLATFORMS

Keysight Technologies Sin...

1. A method for network traffic session control within virtual processing environments, comprising:hosting a plurality of virtual machine (VM) platforms within one or more servers;
running a plurality of application instances within the plurality of VM platforms, each of the application instances being configured to provide a network service;
operating a plurality of virtual firewalls associated with the plurality of application instances;
monitoring the plurality of application instances using a plurality of agent instances also running within the plurality of VM platforms, each agent instance being associated with one of the plurality of application instances and one of the plurality of firewalls;
at each of the plurality of agent instances:
receiving firewall rules from an agent controller;
locally storing the firewall rules; and
applying the firewall rules to the firewall associated with the agent instance;
at the agent controller, maintaining a central firewall rules database and transmitting firewall rules to the plurality of agent instances from the central firewall rules database;
with the plurality of agent instances, collecting metadata associated with the plurality of application instances and reporting the metadata to the agent controller, one or more rules stored within the central firewall rules database being based upon the reported metadata; and
at each of the plurality of virtual firewalls:
receiving access requests to the application instance associated with the firewall from one or more network sources; and
controlling access to the application instance based upon the firewall rules applied by the agent instance associated with the firewall.

US Pat. No. 10,171,424

PRIVACY ENHANCING NETWORKS

MINDTOP, INC., Melrose, ...

1. A method for obscuring data flow paths through a network of gateways, the method comprising:providing a controller in communication with each gateway in the network of gateways;
receiving, at the controller, a request for a flow path through the network of gateways from an originating gateway to a destination gateway;
computing, by the controller in response to the request, a unique flow path comprising a random sequence of intervening gateways between the originating gateway and the destination gateway; and
sending, from the controller to each intervening gateway in the computed flow path, flow transformation information to enable each intervening gateway to forward received data traffic to the next intervening gateway in the random sequence.

US Pat. No. 10,171,421

INTRUSION PREVENTION AND DETECTION IN A WIRELESS NETWORK

TRAFFIC OBSERVATION VIA M...

1. A non-transitory computer-readable storage medium storing executable instructions which, when executed on one or more processors of a device of a wireless network, causes the one or more processors to:provide a security element comprising an intrusion detection and prevention (IDS) computer program, the security element located in between a physical layer of a receiver of the device and a media access control (MAC) layer of the device, the security element configured to interface with a driver of a wireless network interface of the receiver and control traffic flow between the physical layer of the receiver of the device and the MAC layer of the device;
receive wireless traffic, at the physical layer of the receiver of the device, the wireless traffic comprising first traffic and second traffic;
pass the first traffic and the second traffic to the security element located in between the physical layer of the receiver and the MAC layer of the device;
the security element is further configured to:
detect that the first traffic is allowed to pass to the MAC layer of the device by applying one or more rules from a group of rules comprising: denial of service (DoS), man-in-the-middle (MiTM), traffic inspection, Transport Control Protocol (TCP), and Internet Protocol (IP) rules to:
identify a first MAC management frame in the first traffic, instead of a MAC control frame or a MAC data frame;
detect whether a predefined information element is present in an authentication field of the first MAC management frame; and
determine that the first traffic is allowed and not malicious, responsive to detecting that the predefined information element is present in the authentication field of the first MAC management frame; and
detect that the second traffic is not allowed to pass to the MAC layer of the device by applying the one or more rules from the group of rules to:
identify a second MAC management frame in the second traffic, instead of a MAC control frame or a MAC data frame;
detect whether the predefined information element is present in an authentication field of the second MAC management frame; and
determine that the second traffic is malicious and not allowed, responsive to a failure to detect the predefined information element in the authentication field of the second MAC management frame.

US Pat. No. 10,171,420

SPATIAL REUSE FOR UPLINK MULTIUSER TRANSMISSIONS

Intel IP Corporation, Sa...

1. An apparatus of a station, the apparatus comprising: a memory; andprocessing circuitry coupled to the memory, wherein the processing circuitry is configured to:
decode a first portion of a physical layer convergence procedure (PLCP) protocol data unit (PPDU); and
if the PPDU is an overlapping basic service set (OBSS) PPDU, and a receive power of the PPDU is below an overlapping power detect level, configure the station to transmit a frame.

US Pat. No. 10,171,419

IP ROUTE CACHING WITH TWO SEARCH STAGES ON PREFIX LENGTH

Mellanox Technologies TLC...

1. A method, comprising the steps of:maintaining a routing table of destination addresses in a main memory, the destination addresses comprising binary numbers having respective prefixes of most significant bits;
receiving via a data network a packet having a packet destination address;
providing a cache memory having exactly one table of cache entries stored therein, the cache entries comprising respective cached destination addresses and respective delta values (L),
assigning a global mask size (M), wherein the global mask size specifies a number of most significant bits needed for first comparisons between the packet destination address and the cached destination addresses, and the delta value specifies a number of additional most significant bits needed for second comparisons between the packet destination address and the cached destination address;
deriving the delta values by determining a maximum prefix length of the prefixes of the destination addresses in the routing table that are compatible with the respective cached destination addresses;
in a first search of the table of cache entries making a determination that in one of the first comparisons M most significant bits of the cached destination address of a first cache entry and the packet destination address are identical;
computing a sum of the global mask size and the delta value of the first cache entry to yield a new number (M+L);
performing the second comparisons in a second search of the table of cache entries; and
when in one of the second comparisons the new number (M+L) of most significant bits of the cached destination address of a second cache entry and the packet destination address are identical, performing the steps of:
retrieving routing information from the cache memory; and
processing the packet according to the routing information.

US Pat. No. 10,171,418

METHOD AND APPARATUS FOR ACCESSING DEMILITARIZED ZONE HOST ON LOCAL AREA NETWORK

1. A method for accessing a demilitarized zone host in a local area network (LAN), comprising:configuring a mapping relationship between public internet protocol (IP) addresses obtained from a wide area network (WAN) side and private IP addresses of demilitarized zone hosts at a LAN side;
after receiving an access request sent by a client at the WAN side, modifying a destination IP address in the access request to a private IP address of a corresponding demilitarized zone host at the LAN side according to the configured mapping relationship, and sending the modified access request to the demilitarized zone host;
receiving a reply message returned by the demilitarized zone host, modifying a source IP address contained in the reply message to a public IP address of the client at the WAN side, and sending the modified reply message to the WAN side,
wherein before performing said configuring a mapping relationship between public IP addresses obtained from the WAN side and private IP addresses of demilitarized zone hosts at the LAN side, the method further comprises:
configuring slot information used for storing the public IP addresses obtained from the WAN side, wherein the slot information corresponds to the public IP addresses one-to-one,
wherein after performing said configuring the mapping relationship between the public IP addresses obtained from the WAN side and the private IP addresses of the demilitarized zone hosts at the LAN side, the method further comprises:
when dialing through the WAN side, sending an extension tag used to indicate an identity of the client at the WAN side to a server at the WAN side; and
receiving a plurality of IP addresses sent by the server at the WAN side through the extension tag, and filling public IP addresses therein into corresponding slot information.

US Pat. No. 10,171,417

DISTRIBUTED IP ALLOCATION AND DE-ALLOCATION MECHANISM IN A COMMUNICATIONS NETWORK HAVING A DISTRIBUTED S/PGW ARCHITECTURE

Telefonaktiebolaget LM Er...

1. A non-transitory computer readable medium having stored therein instructions to be executed by a packet processing unit (PPU) in a communications network to allow a plurality of PPUs in the communications network to independently allocate IP addresses from a shared pool of IP addresses, the instructions when executed by the PPU cause the PPU to perform a set of operations comprising:receiving, by the PPU, a request to allocate an IP address to a user entity (UE), wherein the plurality of PPUs in the communications network collectively maintain a distributed hash table (DHT), the DHT stores a distributed block allocation table (DBAT) and a plurality of distributed address allocation tables (DAATs), wherein the DBAT includes an entry for each of a plurality of blocks of IP addresses to indicate which of the plurality of blocks of IP addresses are allocated to which of the plurality of PPUs, and wherein each of the plurality of DAATs corresponds to one of the blocks identified in the DBAT and includes an entry for each of the IP addresses in that one block to indicate which of the IP addresses in that one block are allocated to which UEs;
choosing, from a first block of IP addresses currently allocated to the PPU, one of the IP addresses in the first block that a locally cached version of the DAAT corresponding to the first block indicates as being available;
looking up, using a DHT algorithm, which of the plurality of PPUs is responsible for storing the DAAT entry in the DHT for the chosen IP address;
causing the PPU responsible for storing the DAAT entry in the DHT for the chosen IP address to update that DAAT entry to indicate that the chosen IP address is allocated to the UE;
updating the locally cached version of the DAAT corresponding to the first block to indicate that the chosen IP address is allocated to the UE;
allocating the chosen IP address to the UE;
determining, by the PPU, that the PPU needs another of the blocks of IP addresses to be allocated to it;
choosing one of the blocks of IP addresses that a locally cached version of the DBAT indicates as being available;
looking up, using the DHT algorithm, which of the plurality of PPUs is responsible for storing the DBAT entry in the DHT for the chosen block;
causing the PPU responsible for storing the DBAT entry in the DHT for the chosen block to update that DBAT entry to indicate that the chosen block is allocated to the PPU;
updating the locally cached version of the DBAT to indicate that the chosen block is allocated to the PPU;
causing the others of the plurality of the PPUs to update their respective locally cached version of the DBAT to indicate that the chosen block is allocated to the PPU; and
creating a locally cached version of the DAAT corresponding to the chosen block.

US Pat. No. 10,171,416

METHOD FOR ESTABLISHING DATA CONNECTION ON MOBILE NETWORK, MOBILE NETWORK, AND POLICY CONTROL ENTITY

HUAWEI TECHNOLOGIES CO., ...

1. A method for establishing data connections on a mobile network performed by a Packet Data Network Gateway (PDN GW), the PDN GW comprising one or more processor in communication with a computer readable storage medium having instructions stored therein, wherein when the instructions are executed, the one or more processors implement the method comprising:establishing a data channel with a User Equipment (UE);
establishing a policy control session with a policy control entity according to a data channel ID provided by the PDN GW, wherein the policy control session is used to implement policy control on the data channel, and the data channel ID is used to identify the data channel established between the UE and the PDN GW;
receiving an address allocation request from the UE;
allocating an Internet Protocol (IP) address to the UE according to the address allocation request sent by the UE; and
sending a policy control session update request carrying the IP address to the policy control entity for updating the policy control session.

US Pat. No. 10,171,412

EMAIL QUOTA MANAGEMENT SYSTEM

International Business Ma...

1. A computer system comprising:one or more computer processors, one or more computer-readable storage media, and program instructions stored on one or more of the computer-readable storage media for execution by at least one of the one or more processors, the program instructions comprising:
program instructions to receive an out of office status a user has indicated on an email application, the email application using a communications network;
program instructions to determine a quota status of a quota for the user based on a previous quota usage pattern and a current quota usage pattern, wherein the quota includes an amount of storage spaced allotted to the user;
program instructions to receive a new email to be delivered to the user;
program instructions to assign a quota status to the new email;
program instructions to assign priority status to the new email, wherein the priority status is based on at least one of the user email history, the user current email trends, the subject matter of the new email, and/or an identification of the sender of the new email;
in response to the assigned quota status and the assigned priority, program instructions to determine, that the new email should not be delivered to the email application of the user and marking the new email as an outstanding email;
program instructions to receive a removal of the out of office status that the user previously indicated on an email application, the email application using a communications network; and
program instructions in response to receiving the available status of the user, delivering the outstanding email to the email application based on the outstanding email assigned quota status and assigned priority.

US Pat. No. 10,171,411

COMMUNICATION MESSAGE CONSOLIDATION WITH CONTENT DIFFERENCE FORMATTING

INTERNATIONAL BUSINESS MA...

1. A method, comprising:detecting, by a processor, a set of similar messages addressed to a user;
identifying redundantly similar portions of the set of similar messages that provide contextual details related to a progressive set of differences between the set of similar messages;
consolidating the set of similar messages into a single consolidated message comprising the redundantly similar portions preserved in association with sequential entries of the progressive set of differences in a sequence as context usable for interpretation of the progressive set of differences, and with the progressive set of differences formatted differently from formatting applied to the redundantly similar portions within the single consolidated message;
configuring a presentation level of difference details that specifies an amount of content of each of the sequential entries of the progressive set of differences viewable within the single consolidated message by the user depending upon how much time is available to the user to process messages;
filtering and removing from view, within the single consolidated message, additional content of the sequential entries of the progressive set of differences other than the specified amount of content of each of the sequential entries in accordance with the configured presentation level of difference details; and
promoting, in response to detecting a level of detail adjustment entered by the user, at least a portion of the additional content of the sequential entries of the progressive set of differences to be viewable within the single consolidated message.

US Pat. No. 10,171,410

CROSS-MODE COMMUNIATION

Microsoft Technology Lice...

1. A method comprising:receiving, from a first cross-channel account associated with a first channel, a command to initiate a cross-channel communication session, wherein the first cross-channel account receives the command via the first channel and from a first user account associated with the first channel;
generating a session identifier based on the command;
receiving, from a second, different cross-channel account associated with a second channel, a request to join the cross-channel communication session, the second channel being different than the first channel, wherein the second account receives the request via the second channel and from a second user account associated with the second channel, and wherein the request comprises the session identifier;
storing an association between the first channel and the first user account, the second channel and the second user account, and the session identifier; and
based at least in part on receiving the command and the request, relaying communication from the first cross-channel account originating from the first user account via the first channel to the second cross-channel account destined for the second user account via the second channel based on the stored association.

US Pat. No. 10,171,409

SYSTEMS AND METHODS FOR PATH OPTIMIZATION IN A MESSAGE CAMPAIGN

Selligent, Inc., Redwood...

1. A method for path optimization for a message campaign, the method being performed by one or more processors, the method comprising:displaying a graphical user interface representation of the message campaign, wherein the message campaign is electronically connected to one or more sources of destination target information, the one or more sources of destination target information collectively defining a plurality of recipients;
receiving a plurality of sets of input instructions, each respective set of input instructions in the plurality of sets of input instructions corresponding to a path in a plurality of paths in the message campaign, wherein, each path defines non-content characteristics of the message campaign according to which associated messages are sent, including: type, quantity, means for sending, recipient, and at least one of interval, order and frequency;
the plurality of paths in the message campaign including:
a first path specifying that a first subset comprising one or more electronic messages is to be sent following a delay of a first predefined wait period to a first subset of recipients, wherein the first subset of recipients includes two or more recipients; and
a second path specifying that a second subset comprising one or more electronic messages is to be sent following a delay of a second predefined wait period, different from the first predefined wait period, to a second subset of recipients, different from the first subset of recipients, wherein the second subset of recipients includes two or more recipients;
for each respective set of input instructions in the plurality of sets of input instructions, sending a respective subset of electronic messages in a first plurality of electronic messages according to a corresponding path in the plurality of paths to a respective subset of recipients in the plurality of recipients, including sending the first subset comprising one or more electronic messages to the first subset of recipients following the delay of the first predefined wait period and sending the second subset of electronic messages to the second subset of recipients following the delay of the second predefined wait period;
monitoring responses to the first subset comprising one or more electronic messages;
determining a winning path from among the plurality of paths based on a path discriminator, the path discriminator using:
i) a correlation of a criterion with a goal for the message campaign for each respective set of input instructions in the plurality of sets of input instructions, and
ii) the responses to the first subset comprising one or more electronic messages;
upweighting, responsive to the determining, the winning path from among the plurality of paths; and
using the message campaign with the upweighted winning path by causing a second plurality of electronic messages to be sent through the winning path to recipients in the plurality of recipients.

US Pat. No. 10,171,408

FOLLOWING/SUBSCRIBING FOR PRODUCTIVITY APPLICATIONS

International Business Ma...

1. A method for following asynchronous and synchronous productivity application communications comprising:providing, by an update processor, a targeted medium with a notification for changes associated with a productivity application communication based on a promotion of the productivity application communication to the targeted medium; and
receiving, by the update processor, subscriptions for receiving update notifications through the targeted medium for the changes associated with the productivity application communication,
wherein behaviors and interests are expressed via a set of rules that execute in a context of a workflow system, and subsequent changes to both a particular participating productivity application and social artifact enforce the set of rules.

US Pat. No. 10,171,407

COGNITIVE ADJUSTMENT OF SOCIAL INTERACTIONS TO EDITED CONTENT

INTERNATIONAL BUSINESS MA...

1. A method comprising:computing, a shift in sentiment using a natural language processing engine of a data processing system, the shift comprising a difference between an original sentiment value of an original content of a post on social media and an edited sentiment value of an edited content of the post, wherein the post has an associated reaction value;
computing, by applying a function to the shift, an action value, the action value corresponding to a type of action that can be used to manipulate the reaction value;
selecting an action corresponding to the type of action, wherein the type of action is a change type, wherein the action corresponding to the change type is at least one of a reset action and a reverse action, wherein the reset action resets the reaction value to a null value, and wherein the reverse action changes the reaction value to an opposite value; and
sending, to a social media server, an instruction to perform the action relative to the reaction value associated with the post, wherein the instruction causes the reaction value to be manipulated responsive to the shift in sentiment.

US Pat. No. 10,171,406

MANAGING ENCOURAGING MESSAGES FROM SOCIAL MEDIA CONTACTS TO ENHANCE PERFORMANCE

International Business Ma...

1. A method of managing messages for an individual, the method comprising the steps of:a computer receiving social media contacts of the individual via one or more social media services;
the computer deriving a sentiment from an A/B analysis of historical data indicating that a type of an encouraging message was effective in improving a performance of the individual in one or more running races prior to a current running race in which the individual is participating;
the computer determining (1) terrain features of a course of the current running race and (2) encouragement topics that reference the terrain features of the course of the current running race, the terrain features presenting a challenge to the individual in response to the individual encountering the terrain features in the current running race;
using the one or more social media services, the computer soliciting encouraging messages from the social media contacts so that the encouraging messages have the sentiment derived from the A/B analysis of the historical data that the type of the encouraging message was effective in improving the performance of the individual and include content described by the encouragement topics that references the terrain features of the course of the current running race;
in response to the step of soliciting, the computer receiving the encouraging messages from the social media contacts, the encouraging messages having the sentiment and including the content described by the encouragement topics;
during the current running race, the computer determining that a terrain feature included in the terrain features of the course of the current running race is likely to be encountered by the individual within a first specified amount of time based on a geographic position of the individual; and
during the current running race and based on the terrain feature being likely to be encountered within the first specified amount of time, the computer selecting an encouraging message from the encouraging messages so that the selected encouraging message references the terrain feature, has the sentiment derived from the A/B analysis, and includes the content that references the terrain feature, and the computer presenting the selected encouraging message to the individual, which enhances a pace of the individual in the current running race.

US Pat. No. 10,171,405

METHOD AND A SYSTEM FOR EMAIL ADDRESS VALIDATION

International Business Ma...

1. A computer system for an email address validation, the computer system comprising:one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising:
identifying an email address of a recipient listed in an email;
determining whether the email address is erroneous, wherein determining whether the email address is erroneous comprises determining a position of the recipient has changed, determining an email address is erroneous, and determining a confidentiality mismatch;
wherein determining the position of the recipient has changed comprises:
determining a current position of the recipient;
determining a previous position of the recipient, wherein the previous position comprises one or more of: a position of the recipient at a date of a previous email transmission, and a position of the recipient at a predetermined date;
determining whether the current position is the same as the previous position;
based on determining that the current position is not the same as the previous position, determining a new email address of a new recipient based on the previous position;
determining that the email includes one or more predefined specific words, wherein the predefined specific words are associated with a new position that is not a current position of the recipient;
determining a new email address based on the new position;
wherein determining the confidentiality mismatch comprises:
determining that the email includes one or more predefined specific words, wherein the predefined specific words are associated with confidentiality;
based on determining that the email address has not been previously sent by a user, displaying a recommendation to a user;
wherein determining the email address is erroneous comprises:
determining the email address is not in a database;
determining a similar email address in the database comprising one or more of:
determining the similar email address by string matching the email address to the database;
determining the similar email address by pattern matching the email address to the database;
determining the similar email address by approximate string matching the email address to the database; and
based on determining that the email address is erroneous, displaying a recommended email address to a user, wherein the recommended email address is one or more of: the new email address of the new recipient, the similar email address, the email address of the recipient.

US Pat. No. 10,171,404

REPLY TO MOST RECENT MESSAGE

International Business Ma...

1. A method comprising: presenting, to a local user among a group of simultaneously displayed command icons within a first email messaging user interface window, a reply command icon labeled “Reply”; detecting that the local user has clicked on the reply command icon; presenting a pull down menu in the first user interface window in response to detecting that the local user clicked on the reply command icon, wherein presenting the pull down menu includes displaying a reply-to-most-recent command menu item among a group of simultaneously displayed pull-down menu command menu items, wherein the reply-to-most-recent command menu item is labeled “Reply to Most Recent”; detecting that the local user has clicked on the reply-to-most-recent command menu item in the pull down menu; presenting a reply-to-most-recent pop-up window labeled “Reply to Most Recent” in response to detecting that the local user has clicked on the reply-to-most-recent command menu item in the pull down menu, wherein the reply-to-most-recent window initially presents a name entry field for receiving a typed entry from the local user and does not present any list of emails; receiving, through the name entry field in the reply-to-most-recent pop-up window labeled “Reply to Most Recent”, a named typed by the local user; locating, within an inbox of the local user, and in response to receipt of the name typed by the local user into the name entry field of the pop-up window labeled “Reply to Most Recent”, a most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”; in direct response to receiving the name typed by the local user into the name entry field of the pop-up window labeled “Reply to Most Recent”, and without additional input from the local user, presenting a reply user interface display object for composing a reply message to the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, wherein the reply user interface display object includes a send button user interface object, and wherein presenting the reply user interface display object for composing the reply message to the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent” includes pre-loading, in direct response to receiving the name typed by the local user into the name entry field of the pop-up window labeled “Reply to Most Recent” and without intervention of the local user i) in a message composition portion in the reply user interface display object, an embedded message contents of the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, ii) in a plurality of address fields in the reply user interface display object, email addresses extracted from the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, and iii) in a subject field in the reply user interface display object, a subject of the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”; receiving text typed by the local user into the message composition portion in the reply user interface display object; detecting that the user has clicked on the send button user interface object in the reply user interface display object; and in response to detecting that the user has clicked on the send button user interface object in the reply user interface display object, and without further input from the local user, transmitting a reply email message with a contents equal to a complete contents of the message composition portion of the reply user interface display object, wherein the complete contents of the message composition portion of the reply user interface display object includes the text typed by the local user into the message composition portion in the reply user interface display object and the contents of the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent” that was preloaded into the message composition portion in the reply user interface display object, and with a subject equal to the subject preloaded into the subject field in the reply user interface display object from the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, to the email addresses pre-loaded into the plurality of address fields in the reply user interface from the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”.

US Pat. No. 10,171,403

DETERMINING INTENDED ELECTRONIC MESSAGE RECIPIENTS VIA LINGUISTIC PROFILES

INTERNATIONAL BUSINESS MA...

1. A method for checking against transmitting a message to an unintended recipient, said method comprising:developing a linguistic profile of a message to be transmitted to an intended recipient, using a processor on a computer and as the message is being composed by a user, the linguistic profile comprising feature vectors including one or more of word-level features, dictionary features, and topic features;
comparing said linguistic profile with a linguistic profile, previously prepared, of messages previously transmitted to the intended recipient, by calculating a similarity between feature vectors of the linguistic profile of the message being composed with feature vectors of the linguistic profile of messages previously transmitted to the intended recipient;
calculating, using a learning model classifier, a confidence level as to whom the message to be transmitted is actually intended to be transmitted, based on the comparing of linguistic profiles;
upon detecting that the confidence level of the message being composed is below a specified amount, performing a phonetic match of a name of the intended recipient, and, if no intended recipient is identified in the message to be transmitted such that no confidence level calculation is possible, identifying at least one intended recipient as based on a similarity to linguistic profiles of messages previously sent by the user composing the message; and
displaying one or more possible alternate intended recipients,
wherein the message being composed is being composed by a user U to intended recipient R and the linguistic profile of messages previously transmitted to the intended recipient is linguistic profile P_{U,R}, the method further comprising:
constructing the linguistic profile P_{U,R} for messages previously sent to said intended recipient R by user U composing said message by iterating over a set of messages that user U sent to intended recipient R, the linguistic profile P_{U,R} being constructed by computing feature vectors in the set of messages until summed proportional changes across all features falls below a predetermined threshold; and
using the linguistic profile P_{U,R} by the learning model classifier to calculate the confidence level that the message to be transmitted is actually intended to be transmitted to the intended recipient R by user U.

US Pat. No. 10,171,402

APPARATUS AND METHOD FOR OUTPUTTING MESSAGE ALERTS

Samsung Electronics Co., ...

1. An apparatus for outputting a message alert, comprising:a memory storing an alert sound, a contact and a keyword;
an audio processor for processing audio information; and
a processor configured to:
in response to receiving a message including an attached alert sound, determine whether to output the stored alert sound or an attached alert sound as an alert for the received message, by:
comparing a sender of the message to the stored contact to determine whether the sender and the stored contact match,
in response to determining that the sender matches the stored contact, parsing the message including the attached alert sound using a speech-to-text recognition to extract text from at least the attched alert sound, and detecting whether the extracted text includes the stored keyword, and
in response to determining that the extracted text does not include the stored keyword, outputting the attached alert sound as the alert for the received message using the audio processor.

US Pat. No. 10,171,401

PERSONALIZED ELECTRONIC MESSAGE

MICROSOFT TECHNOLOGY LICE...

1. A computer-implemented method for personalizing an electronic message, comprising:receiving an electronic message intended for a recipient user at a mailbox delivery agent associated with the recipient user;
identifying and extracting, by the mailbox delivery agent, context data from the electronic message including identities of a set of other recipients of the electronic message beside the recipient user;
querying, by the mailbox delivery agent, an information source for information related to the context data;
receiving, at the mailbox delivery agent, from the information source, a query response comprising information related to the context data, wherein the query response identifies information related to a subset of recipients, from the set of other recipients, with whom the recipient user does not share a close social relationship;
appending, by the mailbox delivery agent, one or more visual information elements representing the information related to the context data to the electronic message, the one or more visual information elements comprising selectable content cards including:
profiles associated with the subset of recipients with whom the recipient user does not share a close social relationship, wherein selection of a profile provides access via a link to a network store for displaying profile information regarding another recipient with whom the recipient user does not share a close social relationship, and documents related to a subject of the electronic message, wherein selection of a document provides access via a link to a network store for viewing the document; and
delivering, by the mailbox delivery agent, the electronic message comprising the appended information to a mailbox database of the recipient user, wherein the appended information is being provided within the electronic message to improve an electronic application to automatically provide personalized and related information to the recipient of the electronic message.

US Pat. No. 10,171,400

USING ORGANIZATIONAL RANK TO FACILITATE ELECTRONIC COMMUNICATION

International Business Ma...

1. A computer implemented method for electronic communications, the method comprising:receiving, from a sender, a request to communicate with a recipient via a chat application;
determining, a relative rank of the sender and a relative rank of the recipient based on organization hierarchy data stored on an enterprise server, the relative rank of the sender is determined based on a difference in a number of reporting levels between a rank of the sender and a rank of a manager common to both the sender and the recipient, and the relative rank of the recipient is determined based on a difference in a number of reporting levels between a rank of the recipient and the rank of the manager common to both the sender and the recipient, wherein determining a relative rank of the sender and a relative rank of the recipient is based on a difference in a number of social media network connections of the sender and a number of social media network connections of the recipient, a difference in organizational titles of the recipient and sender; a difference in a level of education attained by the recipient and a level of education attained by the sender; a difference in rankings assigned by an entity to the recipient and the sender, a difference in an age of the recipient and an age of the sender, and a familial relationship between the sender and the recipient, wherein the number of social media network connections of the sender, wherein a number of social media network connections is determined by an amount of “friend” connections in the social media network;
in response to determining that the recipient has a higher relative ranking than the sender, displaying to the sender, via the chat application, a first attention message notifying the sender of the higher relative rank of the recipient;
receiving a first message entered by the sender into the chat application;
in response to determining that the first message comprises a predefined word or phrase, displaying a second attention message to the sender, via the chat application, notifying the sender of a possible violation of a company policy and allowing the sender to revise the first message;
in response to determining the first message comprises an action item, sending a fourth attention message to a third party specifying that the first message comprises an action item, wherein the third party is a manager of the sender;
in response to determining the first message comprises a numerical value, sending a fifth attention message to the third party specifying that the first message comprises a numerical value; and
in response to receiving an indication from the sender to send the first message, sending the first message from the sender to the recipient.

US Pat. No. 10,171,399

MANAGING MESSAGE THREADS THROUGH USE OF A CONSOLIDATED MESSAGE

International Business Ma...

1. A method of managing message threads, the method comprising:detecting, by a message server, a message thread addressed to a client device, wherein the message thread comprises an exchange of multiple message replies to messages related to a first topic;
determining, by the message server, whether a quantity of messages in the message thread exceeds a predetermined limit during a specified amount of time;
in response to determining that the quantity of messages in the message thread exceeds the predetermined limit during the specified amount of time, generating, by the message server, a consolidated single message that describes content of the multiple message replies in the message thread; and
transmitting, from the message server to the client device, the consolidated single message.

US Pat. No. 10,171,398

METHOD AND APPARATUS FOR PROVIDING INFORMATION BY USING MESSENGER

Samsung Electronics Co., ...

1. A method for providing information through a messenger in a user device, the method comprising:displaying, by a display of the user device, a speech window including a conversation exchanged through the messenger and a background image of the messenger, the background image being displayed on a background layer of the messenger, wherein the speech window is displayed on a speech layer of the messenger;
detecting, based on a scheme, by a processor of the user device, text related to a particular content in the conversation;
displaying, by the display of the user device, a content image matched to the particular content, as a background screen in an intermediate layer which is generated between the background layer on which the background image is displayed and the speech layer on which the speech window is displayed, in response to the detecting of the text relating to the particular content; and
providing, by the processor of the user device, information related to the particular content in response to selection of the content image,
wherein the content image is selectable by a touch input,
wherein all of the speech window is displayed and at least part of the content image and at least part of the background image is covered by the speech window during the displaying of the content image, and
wherein the providing of the information related to the particular content comprises:
determining a type of the particular content when the content image has been selected,
executing an internal function or an external function operating in cooperation with the user device according to the type of the particular content, and
displaying the information related to the particular content according to the executed internal or external function.

US Pat. No. 10,171,397

SHARING OF INFORMATION EXTRACTED FROM MESSAGES IN COLLABORATIVE SYSTEMS

International Business Ma...

1. A method for sharing information in a computing infrastructure, the method comprising:intercepting a message sent from a computing machine of a first user to at least one second user;
verifying a sharing permission for sharing a content of the message, the sharing permission comprising one or more user-defined sharing rules defining policies for sharing the content of the message;
based on the sharing permission being verified, prompting, by displaying a pop-up window, the first user to authorize the sharing of the content of the message;
based on the sharing of the content of the message being authorized by the first user, adding a sharing indicator to the message, the sharing indicator comprising a custom sharing tag added to a header of the message;
based on the message comprising the sharing indicator, analyzing the content of the message to identify each matching context of one or more known contexts matching the content of the message, wherein each known context is defined by one or more keywords;
using an analytics engine based on a language processor to calculate a matching index for each known context according to a corresponding keyword comprised in a body of the message;
identifying each known context comprising a matching index higher than a threshold value as a matching context of the message;
organizing each known context comprising the matching index higher than the threshold value in a decreasing order of matching index;
extracting information from the body of the message starting with a known context having the highest matching index, the information comprising one or more questions and associated answers corresponding to the matching context, the information being extracted by implementing a text parser;
generating at least one shared entry for each matching context according to the extracted information corresponding to the matching context;
selecting at least one collaborative system for each shared entry from a plurality of known collaborative systems according to a comparison between one or more characteristics of the shared entry and one or more characteristics of each known collaborative system, wherein the one or more characteristics of the shared entry comprise a language of the shared entry, the matching context and a complexity of the shared entry, and the one or more characteristics of each known collaborative system comprise a language of each known collaborative system, a topic, and a type of participants of the known collaborative system;
formatting each generated shared entry for the at least one collaborative system by enclosing its contents into a block providing an indication of the topic and details of a member; and
submitting each formatted shared entry for publication to the at least one collaborative system corresponding to the matching context of the shared entry.

US Pat. No. 10,171,396

INTELLIGENT PREVENTION OF SPAM EMAILS AT SHARE SITES

Shutterfly, Inc., Redwoo...

1. A computer-implemented method for preventing spam emails from a share site, comprising:receiving registrations from users to set up share sites by a network-based computer system, wherein the users become owners of the share sites;
enabling the users to send emails to invite people to become members of their respective share sites;
receiving uploads at least one image or video clip from the users by the network-based computer system;
storing one or more spam detection rules in the network-based computer system;
detecting potential spam emails among the emails sent by the users based on the one or more spam detection rules by the network-based computer system;
storing one or more false alarm reduction rules in the network-based computer system;
automatically detecting, by the network-based computer system, behaviors of one or more senders of the potential spam emails at the share-site;
identifying false positive emails in the potential spam emails based on the one or more false alarm reduction rules and the behaviors of the one or more senders of the potential spam emails at the share-site, which comprises at least:
determining if the one or more senders of the potential spam emails have stored personal data, relationship data, or device data at the network-based computer system;
removing false positive emails from the potential spam emails to produce a list of verified spam emails;
identifying a first sender of the list of verified spam emails as a spammer; and
prohibiting the spammer from sending emails from one or more share sites owned by the spammer at the network-based computer system.

US Pat. No. 10,171,393

METHOD AND SYSTEM FOR PROVIDING A COLLABORATIVE EVENT-SHARE SERVICE

1. An apparatus for supporting media sharing via a communication network, the apparatus comprising:a hardware processor; and
a computer-readable storage medium storing a plurality of instructions which, when executed by the hardware processor, cause the hardware processor to perform operations, the operations comprising:
providing an event tag to endpoint devices of a plurality of members of an event-share group, wherein the event-share group is related to an event, where the event tag uniquely identifies the event-share group, wherein the hardware processor is operated by a service provider of an event-share service feature;
receiving a captured media, with the event tag associated with the captured media, from one of the endpoint devices of one of the plurality of members; and
providing the captured media to the endpoint devices of the plurality of members, wherein the endpoint devices of the plurality of members present the event tag in different user selected formats along with the captured media.

US Pat. No. 10,171,391

AUTOMATIC AND DYNAMIC MANAGEMENT OF INSTANT MESSENGER DO NOT DISTURB STATE VIA ENTERPRISE APPLICATION

International Business Ma...

1. A method for peer to peer communication, the method comprising:receiving a message from a first communication program user intended for a second communication program user;
determining whether the second communication program user is in a do not disturb state;
based on the second communication program user being in a do not disturb state, determine whether to override the do not disturb state of the second communication program user, wherein determining whether to override the do not disturb state comprises:
receiving static message information and communication program user characteristics, wherein the static message information comprises metadata describing a message and content of the message, wherein the communication program user characteristics describe user employment characteristics and user communication program preferences of a user included on a communication;
determining a critical situation exists based on the received static message information;
based on the existence of the critical situation, determining a message critsit value for the user based on the received communication program user characteristics;
based on determining that the calculated message critsit value exceeds a minimum threshold value, adding the first communication program user and the second communication program user to a critsit users list;
based on determining that the first communication program user and the second communication program user are on the same critsit users list, override the do not disturb state of the second communication program user; and
based on determining that the do not disturb state of the second communication program user should be overridden, transmit messages from the first communication program user to the second communication program user.

US Pat. No. 10,171,390

SYSTEM AND METHOD FOR ALERTING A LIST OF MULTIPLE RECIPIENTS OF A USER'S REQUEST FOR ASSISTANCE

1. A method comprising:broadcasting a request to each of a plurality of recipient devices in response to a request for assistance from a first user device;
receiving an assistance response from a particular recipient device of the plurality of recipient devices;
broadcasting a message to each recipient device of the plurality of recipient devices, other than the particular recipient device, indicating that the particular recipient device provided the assistance response;
locking out communication with each recipient device of the plurality of recipient devices, other than the particular recipient device, to prevent additional assistance responses;
transmitting an assistance confirmation query to the particular recipient device;
receiving an indication that a particular recipient associated with the particular recipient device has not completed assisting the user;
unlocking communication with each recipient device of the plurality of recipient devices other than the particular recipient device; and
receiving a second assistance response to the request sent by a second recipient device of the plurality of recipient devices,
wherein the indication that the particular recipient associated with the particular recipient device has not completed assisting the user is in response to the assistance confirmation query.

US Pat. No. 10,171,389

GENERATING POLL INFORMATION FROM A CHAT SESSION

International Business Ma...

1. A method, in a data processing system comprising a processor and a memory, the memory comprising, instructions executed by the processor to specifically configure processor to implement a poll generation system for generating poll information from a chat session, the method comprising:monitoring, by the poll generation system, chat content in the multiple user chat session;
analyzing, by a question analysis component executing within the poll generation system, syntax and semantic structure of a given text message from a questioning user in the multiple user chat session to determine that the given text message contains a question;
determining, by the question analysis component, that the question is a poll question based on a question type of the question;
identifying, by an answer analysis component executing within the poll generation system, a plurality of answers to the poll question in subsequent text messages from a plurality of answering users within the chat content;
generating, by a poll generation component executing within the poll generation system, a poll user interface presenting the poll question and the plurality of answers as selectable options; and
presenting, by the poll generation system, the poll user interface to the multiple users of the chat session.

US Pat. No. 10,171,388

MESSAGE RETRIEVAL IN A DISTRIBUTED COMPUTING NETWORK

International Business Ma...

1. A method for providing a message to a recipient, the method comprising:determining that the message is received by a first message store for a recipient device wherein the first message store is a component of an active messaging engine within a multi-zone cloud computing environment;
locating a second message store where the recipient device can retrieve the message wherein the second message store is a component of a passive messaging engine within the multi-zone cloud computing environment;
determining if the message is located in a message repository;
responsive to determining the message is located in the message repository, locking the located message for the recipient device at the first message store and retrieving: message identification data for the located message, a unique token, and the location of the recorded second message store corresponding to the recipient device;
authorizing a single-purpose communication between the recipient device and the second message store, the single-purpose communication having a single purpose of retrieving the message;
wherein:
the message is duplicated in the second message store; and
the first message store and second message store are operating within a message delivery model that guarantees delivery of the message to the recipient device, allows the message to be delivered to the recipient device only once, and requires that the recipient device communicates with the first message store when retrieving the message.

US Pat. No. 10,171,387

MESSAGE RETRIEVAL IN A DISTRIBUTED COMPUTING NETWORK

International Business Ma...

1. A computer program product for providing a message to a recipient, the computer program product comprising a computer readable storage medium having stored thereon:first program instructions programmed to determine that the message is received by a first message store for a recipient device, wherein the first message store is a component of an active messaging engine within a multi-zone cloud computing environment;
second program instructions programmed to locate a second message store where the recipient device can retrieve the message, wherein the second message store is a component of a passive messaging engine within the multi-zone cloud computing environment;
third program instructions to determine if the message is located in a message repository;
responsive to determining the message is located in the message repository, forth program instructions to lock the located message for the recipient device at the first message store and retrieving: message identification data for the located message, a unique token, and the location of the recorded second message store corresponding to the recipient device;
fifth program instructions comprising:
program instructions to authorize a single-purpose communication between the recipient device and the second message store, the single-purpose communication having a single purpose of retrieving the message;
wherein:
the message is duplicated in the second message store; and
the first message store and second message store are operating within a message delivery model that guarantees delivery of the message to the recipient device, allows the message to be delivered to the recipient device only once, and requires that the recipient device communicate with the first message store when retrieving the message.

US Pat. No. 10,171,386

METHODS AND SYSTEMS FOR STORING INSTANT MESSAGING MESSAGES

ORACLE INTERNATIONAL CORP...

1. A method, comprising operations of:displaying a window in a graphical user interface (GUI), wherein the window includes a first view listing a plurality of participants in an instant messaging conference, a second view allowing for entry and editing of an instant message, a first control for sending an instant message to all of the of participants, and a second control for sending a private instant message to less than all of the participants;
receiving an entry of an instant message in the second view;
receiving a selection of one or more but less than all participants through the second view;
receiving an input activating the second control;
sending the instant message to the selected participants as a private message, wherein each operation of the method is executed on or more processors;
storing instant message conference data in a single unified record on an instant messenger server, wherein the instant message conference data is a complete record of the instant messaging conference discussion in chronological order, wherein each of a plurality of private instant messages exchanged for the instant messaging conference are integrated with the conference instant messages, and a given private instant message of the plurality of private instant messages is exchanged between a given subset of the participants and another private message of the plurality of private instant messages is exchanged between another subset of the participants;
filtering the instant message conference data, in response to a request for a search of the instant message conference data generated for a given user, wherein the request comprises a keyword, wherein the filtering comprises:
classifying a given subset of the plurality of private messages for the search, wherein the given user is a participant in each private message of the given subset of the plurality of private messages, and the given private message is a member of the given subset of the plurality of private messages; and
excluding another subset of the plurality of private messages for the search, wherein the given user is not a participant in each private message of the other subset of the plurality of private messages, and the other private message is a member of the other subset of the plurality of private messages;
searching the given subset of plurality of private instant messages and the conference instance messages in the instant message conference data for the keyword;
determining that the given private message includes the keyword; and
sending the given private message to the given user.

US Pat. No. 10,171,385

DYNAMICALLY PROVIDING SYSTEM COMMUNICATIONS IN A VIRTUAL SPACE TAILORED TO INDIVIDUAL USERS RESPONSIVE TO SPECIFIC USER ACTIONS AND INDIVIDUAL CURRENT STATES

Kabam, Inc., San Francis...

1. A system configured to dynamically provide system communications tailored to individual users responsive to occurrences of trigger events in a virtual space, the system comprising:one or more processors configured by machine-readable instructions to:
execute an instance of the virtual space, wherein the instance is configured to facilitate interaction between the individual users and with the virtual space, wherein the individual users are associated with individual client computing platforms through which command inputs are provided by the individual users that exercise control by the individual users within the virtual space;
provide an admin interface for presentation to an administrative user of the virtual space for managing system communications of the virtual space, the admin interface being configured to receive information from the administrative user, the information including one or more of new system communications, existing system communications, trigger event definitions, and/or information associated with one or more bases for determining whether an individual current state corresponds to one or more system communications;
monitor actions performed by a user within the virtual space for trigger events including a first trigger event, the first trigger event being a specific user action performed by a first user that has been defined as a trigger event, wherein the specific user action is one or more of registering as a user in the virtual space, establishing a relationship with another user and/or user character in the virtual space, customizing a user character, and/or engaging in gameplay within the virtual space;
obtain current states responsive to trigger events occurring within the virtual space, the current states being separate and discrete from the trigger events, a given current state for the first user including information indicating one or more of:
(a) a frequency of engagement by the first user in the virtual space,
(b) an amount of real-world money the first user has spent toward the virtual space, and/or
(c) total time spent by the first user while engaged in gameplay in the virtual space, wherein a first current state is obtained responsive to the first trigger event;
further responsive to trigger events occurring within the virtual space,
(i) determine whether individual current states correspond to one or more of a plurality of system communications, a given system communication being a communication configured to be provided by the system for presentation to users via one or more communication channels,
(ii) determine whether a first system communication corresponds to the first current state, and
(iii) select the first system communication responsive to the first system communication being determined to correspond to the first current state, such selection being further responsive to occurrence of the first trigger event; and
provide system communications for presentation to users via the one or more communication channels, the first system communication being presented to the first user,
wherein the admin interface includes user responsiveness information indicating user responsiveness to the system communications presented via the one or more communication channels.

US Pat. No. 10,171,384

METHOD TO CONFIGURE NETWORK BONDS AS A PORT ON AN INTEGRATION BRIDGE FOR A VIRTUALIZED MULTILAYER SWITCH

International Business Ma...

1. A computer program product, comprising:a computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code configured to perform an operation comprising:
receiving a selection of one or more network interfaces,
aggregating the selected network interfaces into a bonded network interface having a first port,
associating the first port with a network bridge having a second port by i) recording a) a media access control address (MAC) of the bonded network interface and b) the first port into a MAC caching table of the network bridge; and
ii) cross-referencing the MAC caching table to establish a communication link with the bonded interface, and
connecting the network bridge with an integration bridge of a virtual multilayer switch via the second port, wherein the aggregation is performed by a UNIX-based bonding process, wherein a version of the UNIX-based bonding process is incompatible with a version of the integration bridge, wherein a version of the network bridge is compatible with the version of the integration bridge, and wherein the bonded network interface communicates indirectly with the virtual multilayer switch via the network bridge connection with the integration bridge of the virtual multilayer switch.

US Pat. No. 10,171,383

METHODS AND SYSTEMS FOR PORTABLY DEPLOYING APPLICATIONS ON ONE OR MORE CLOUD SYSTEMS

Sony Interactive Entertai...

1. A method, comprising:receiving attributes of one or more resources and services required on a cloud system for executing an application;
generating a descriptor record for the application using the received attributes, the descriptor record defining an environment profile that is specific for the cloud system, wherein the descriptor record is generated by translating the one or more resources and services required into one or more actions to be taken for provisioning the required resources and services in the cloud system for successful execution of the application, wherein the generated descriptor record identifies a predefined sequence for the one or more actions to be taken based on the received attributes; and
storing the descriptor record in a descriptor file maintained in a deployment system database;
detecting a request for the execution of the application, the detection of the request resulting in a retrieval of the descriptor record for the application from the descriptor file, the retrieval causing automatic triggering of the predefined sequence for the one or more actions identified in the descriptor record resulting in the provisioning of the required services and resources on the cloud system to enable successful execution of the application,
wherein method operations are performed by a processor.

US Pat. No. 10,171,382

MECHANISM OF IDENTIFYING AVAILABLE MEMORY RESOURCES IN A NETWORK OF MULTI-LEVEL MEMORY MODULES

Advanced Micro Devices, I...

1. A method, comprising:identifying memory resources for each of a plurality of nodes connected in a network;
storing memory resource information describing the memory resources;
retrieving, from the network, topology information for data transmission links in the network; and
based on the stored memory resource information and based on the retrieved topology information, allocating a portion of the memory resources for execution of instructions in a workload, wherein at least a first node of the plurality of nodes is configured to execute the workload using the allocated portion of the memory resources.

US Pat. No. 10,171,381

PROVIDING A GUEST WITH ACCESS TO CONTENT OF A SOCIAL NETWORK

INTERNATIONAL BUSINESS MA...

1. A method for providing a guest with access to content of a social network, the method comprising:identifying a guest associated with content posted by a user on a social network, where the guest is not a member with access to the social network;
sending, via electronic mail (email), a notification to the guest's email address to notify the guest of the content on the social network;
receiving, via an identity provider, an identity assertion associated with the guest's email address; and
providing, based on the identity assertion, access to the content posted by the user on the social network to allow the guest to view the content;
hiding a tag for the guest associated with the content on the social network until the guest is provided access to the content posted by the user on the social network.

US Pat. No. 10,171,380

DYNAMIC SERVICE LEVEL AGREEMENT (SLA) ADJUSTMENT BASED UPON APPLICATION CAPABILITIES

International Business Ma...

1. A method for dynamic adjustment of a service level agreement (SLA) for a hosted computing environment based upon application capabilities, the method comprising:specifying in a user interface to a hosted computing environment executing in memory by one or more processors of a computing device, a virtual application pattern comprising one or more application components of an applications to be hosted within the hosted computing environment, a behavioral policy, at least one database, at least one queue, at least one connection to an existing resource, a business process model, a batch job and a mediation, the policy specifying high availability, security, multi-tenancy, isolation and an SLA;
loading the SLA into memory and accessing a table specifying capabilities of the different components of the pattern including both whether or not one or more of the components support placement of corresponding instances of the components in one or more of multiple different nodes and also whether or not one or more of the components support the utilization of multiple different processors within the hosted computing environment;
determining in the table a scaling capability for at least one of the components and in particular both whether or not one or more of the application components support placement of corresponding instances of the application components in one or more of multiple different nodes in the hosted computing environment, and also whether or not one or more of the application components support utilization of multiple different processors within the hosted computing environment;
filtering a set of resource utilization options for the SLA of the pattern for the application based upon the common scaling capability of all of the components, selecting one of the filtered set of resource utilization options for the SLA and modifying the SLA for the application utilizing the selected resource utilization options so as to scale up resources utilized by the components of the application; and,
executing the application in the hosted computing environment and managing resource utilization of resources accessible to the application based upon the established SLA during the execution of the application in the hosted computing environment.

US Pat. No. 10,171,379

DYNAMIC SERVICE LEVEL AGREEMENT (SLA) ADJUSTMENT BASED UPON APPLICATION CAPABILITIES

International Business Ma...

8. A computer program product for dynamic adjustment of a service level agreement (SLA) for a hosted computing environment based upon application capabilities, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a device to cause the device to perform a method comprising:specifying in a user interface to a hosted computing environment executing in memory by one or more processors of a computing device, a virtual application pattern comprising one or more application components of an applications to be hosted within the hosted computing environment, a behavioral policy, at least one database, at least one queue, at least one connection to an existing resource, a business process model, a batch job and a mediation, the policy specifying high availability, security, multi-tenancy, isolation and an SLA;
loading the SLA into memory and accessing a table specifying capabilities of the different components of the pattern including both whether or not one or more of the components support placement of corresponding instances of the components in one or more of multiple different nodes and also whether or not one or more of the components support the utilization of multiple different processors within the hosted computing environment;
determining in the table a scaling capability for at least one of the components and in particular both whether or not one or more of the application components support placement of corresponding instances of the application components in one or more of multiple different nodes in the hosted computing environment, and also whether or not one or more of the application components support utilization of multiple different processors within the hosted computing environment;
filtering a set of resource utilization options for the SLA of the pattern for the application based upon the common scaling capability of all of the components, selecting one of the filtered set of resource utilization options for the SLA and modifying the SLA for the application utilizing the selected resource utilization options so as to scale up resources utilized by the components of the application; and,
executing the application in the hosted computing environment and managing resource utilization of resources accessible to the application based upon the established SLA during the execution of the application in the hosted computing environment.

US Pat. No. 10,171,378

SYSTEM AND METHOD FOR ALLOCATING AND RESERVING SUPERVISORS IN A REAL-TIME DISTRIBUTED PROCESSING PLATFORM

IMPETUS TECHNOLOGIES, INC...

1. A system for allocating and reserving one or more supervisors, to be used by a data processing pipeline associated with a tenant, of a real-time distributed processing platform, the system comprising:a memory; and
a processor coupled to the memory, wherein the processor is configured to execute program instructions stored in the memory for:
identifying a set of supervisors corresponding to a set of computing machines of a real-time distributed processing platform;
assigning a subset of supervisors from the set of supervisors to a tenant based on inputs provided by a primary user, wherein the primary user is an administrator of the real-time distributed processing platform;
enabling a secondary user, corresponding to the tenant, to design a set of data processing pipelines in a workspace, wherein each data processing pipeline comprises one or more data processing components from a set of data processing components, and wherein each data processing pipeline is configured to process a real time data stream; and
assigning one or more supervisors from the subset of supervisors to each data processing pipeline from the set of data processing pipelines based on the inputs received from the secondary user, wherein each supervisor is configured to operate a set of workers, wherein each supervisor is configured to allocate one or more workers, from the set of workers, to execute each computing task corresponding to at least one data processing pipeline, wherein the one or more workers, identified by the supervisor, are workers available in real-time, from the set of workers, wherein the one or more workers, from the set of workers, are allocated to each computing task based on requirements associated with execution of each computing task, and wherein each worker, from the set of workers, corresponds to a portion of Central Processing Unit (CPU) and a portion of Random Access Memory available at a computing machine from the set of computing machines.

US Pat. No. 10,171,377

ORCHESTRATING COMPUTING RESOURCES BETWEEN DIFFERENT COMPUTING ENVIRONMENTS

International Business Ma...

1. A method of orchestrating computing resources between different computing environments, the method comprising the steps of:a computer monitoring data from a first computing environment and a second computing environment, the data specifying a utilization of infrastructure of the first and second computing environments, middleware running on the first and second computing environments, software testing tools running on the first and second computing environments, integrated development environments (IDEs) running on the first and second computing environments, relationships among nodes of the first and second computing environments and utilization of the nodes, and user behavior in the first and second computing environments;
based on the utilization of the infrastructure, the middleware, the software testing tools, the IDEs, the relationships among the nodes, the utilization of the nodes, and the user behavior, the computer updating a pattern decision tree;
based on the updated pattern decision tree and a user request that specifies requirements of the computing resources, the computer generating an orchestration topology that specifies a placement of the computing resources in the first and second computing environments; and
based on the orchestration topology, the computer automatically deploying one or more computing resources included in the computing resources in the first computing environment and automatically deploying one or more other computing resources included in the computing resources in the second computing environment.

US Pat. No. 10,171,376

ALLOCATION OF CLIENT DEVICE MEMORY FOR CONTENT FROM CONTENT SOURCES

1. A method, carried out by a client device, comprising:allocating portions of a memory of the client device to a plurality of content sources, each of the plurality of content sources being initially allocated with a respective portion of the memory;
receiving, via a network, content from each of the plurality of content sources in the respective portion of the memory initially allocated to each of the plurality of content sources;
determining a usability of the received content from each of the plurality of content sources, wherein the usability of the received content from each of the plurality of content sources is based on prior interactions between a user of the client device and additional content from each of the plurality of content sources;
determining a quality score for each of the plurality of content sources based at least in part on the usability of the received content from each of the plurality of content sources, wherein the quality score is determined at least by:
identifying one or more attributes of the received content from each of the plurality of content sources;
determining the prior interactions between the user of the client device and the additional content having one or more attributes matching the identified one or more attributes of the received content from each of the plurality of content sources; and
determining the quality score for each of the plurality of content sources based at least in part on the determined prior interactions between the user of the client device and the additional content having the one or more attributes matching the identified one or more attributes of the received content from each of the plurality of content sources; and
modifying a size of the respective portion of the memory initially allocated to each of the plurality of content sources based at least in part on the quality score for each of the plurality of content sources.

US Pat. No. 10,171,375

CONSTRUCTING COMPUTING SYSTEMS WITH FLEXIBLE CAPACITY OF RESOURCES USING DISAGGREGATED SYSTEMS

INTERNATIONAL BUSINESS MA...

1. A method for allocating resources in a disaggregated cloud computing environment, by a processor device, comprising:assigning respective members of a pool of hardware resources to each one of a plurality of tenants based upon a classification of the respective members of the pool of hardware resources; wherein the respective members of the pool of hardware resources are assigned to each one of the plurality of tenants independently of a hardware enclosure in which the respective members of the pool of hardware resources are physically located; and
performing a workload received from a respective one of the tenants by the respective members of the pool of hardware resources according to the classification.

US Pat. No. 10,171,374

SOFTWARE DEFINED INFRASTRUCTURES THAT ENCAPSULATE PHYSICAL SERVER RESOURCES INTO LOGICAL RESOURCE POOLS

International Business Ma...

1. An apparatus comprising:at least one processor;
a memory coupled to the at least one processor;
a software defined infrastructure mechanism (SDIM) residing in the memory and executed by the at least one processor to operate in a cloud computing environment; and
a plurality of software defined infrastructures (SDIs) created and managed by the SDIM on a single physical server that provides a logical resource pool to a workload in the cloud environment, wherein the logical resource pool comprises a plurality of virtual input/output servers (VIOSs) on the single physical server and wherein the VIOSs are divided into the plurality of SDIs.

US Pat. No. 10,171,372

METHOD AND APPARATUS FOR ADMISSION CONTROL OF VIRTUAL NETWORKS IN A BACKHAUL-LIMITED COMMUNICATION NETWORK

HUAWEI TECHNOLOGIES CO., ...

1. A method for admitting a virtual network, the method comprising:receiving a request to establish the virtual network, the request including a geographic traffic profile associated with the virtual network and expressed as a set of geographic bins corresponding to locations of all potential devices and associated traffic to be served by the virtual network;
determining that accommodating the request is feasible based on both an indication of network resources available for use by the virtual network and at least one of: data rate, packet delay, outage probability, and a key performance indicator for the virtual network, the network resources including communication capacities available on backhaul links usable by the virtual network; and
transmitting instructions to one or more network nodes to admit the virtual network.

US Pat. No. 10,171,371

SCALABLE METERING FOR CLOUD SERVICE MANAGEMENT BASED ON COST-AWARENESS

International Business Ma...

1. A method for managing a computing platform, comprising:provisioning a plurality of virtual machines across a plurality of computing nodes of a computing platform;
executing service workloads using the provisioned virtual machines to provide one or more services to clients;
dynamically configuring one or more of the provisioned virtual machines on a given computing node of the plurality of computing nodes to serve as a centralized agent that is configured to collect management data from each of the plurality of computing nodes of the computing platform to support a telemetry service of the computing platform;
wherein the management data collected by the centralized agent comprises resource usage data of resources utilized by the provisioned virtual machines executing the service workloads across the plurality of computing nodes;
providing, by the centralized agent, the collected management data to a service management system of the computing platform; and
utilizing, by the service management system, the management data provided by the centralized agent to perform service management operations for managing the computing platform;
wherein the provisioning, dynamically configuring, providing, and utilizing steps are implemented at least in part by one or more processors executing program code.

US Pat. No. 10,171,370

DISTRIBUTION OPERATING SYSTEM

Amazon Technologies, Inc....

1. A computer implemented method, comprising:executing a hardware distribution operating system as an operating system application on a host operating system on a single local computing device;
using computing resources from the single local computing device to execute a kernel of the hardware distribution operating system on the single local computing device;
loading an application using the hardware distribution operating system; and
using networked computing resources in a service provider environment to execute the application as instructed by the kernel of the hardware distribution operating system, the networked computing resources being remote and separate from the kernel and computing resources used to execute the kernel.

US Pat. No. 10,171,369

SYSTEMS AND METHODS FOR BUFFER MANAGEMENT

HUAWEI TECHNOLOGIES CO., ...

1. A method of buffering packet data units, the method comprising a buffer node:receiving a complex queue configuration from a configuration entity, the complex queue configuration associated with a queue graph configuration for buffering packet data units, the queue graph configuration including:
at least one packet classifier configured to determine a classification type for an incoming packet;
at least two queues configured to store incoming packets; and
a dequeuer configured to select a queue from the at least two queues to be dequeued and to apply a dequeueing function on that selected queue;
receiving a plurality of packet data units from at least one the packet source node; and
sending each incoming packet to one of the at least two queues based on the queue graph configuration.

US Pat. No. 10,171,367

APPARATUS AND METHOD TO IMPROVE COMPRESSION AND STORAGE OF DATA

1. A method comprising:receiving, by a processor, a data stream, wherein the data stream comprises multiplexed data from a plurality of different source devices, wherein the plurality of different source devices comprises different types of devices, wherein the data stream comprises blocks of data;
analyzing, by the processor, the data stream to identify a source device of the plurality of different source devices for each of the blocks of data of the data stream;
demultiplexing, by the processor, the data stream based on the source device of the each of the blocks of data of the data stream;
identifying, by the processor, a common dimension between the blocks of data of the data stream from a common source device;
estimating, by the processor, a density of the blocks of data of the data stream from the common source device that have the common dimension;
combining, by the processor, the blocks of data of the data stream from the common source device that have the common dimension when the density is greater than a predefined threshold;
applying, by the processor, a compression to the blocks of data of the data stream that are combined.

US Pat. No. 10,171,366

COMMUNICATION DEVICE AND CONTROL METHOD OF COMMUNICATION DEVICE

NEC CORPORATION, Tokyo (...

1. A communication system comprising a communication device and a receiver device,the communication device comprising:
a transmission data generator configured to output, as transmission data, communication data for which an increase in transmission delay is to be reduced;
a retransmission confirmation data generator configured to output, after the transmission data is output, retransmission confirmation data, whose size is smaller than the transmission data, a first number of times at a first transmission interval; and
a communication interface circuit configured to assign order information indicating a transmission order, to each of the transmission data and the retransmission confirmation data, and transmit, after the transmission data is transmitted, the retransmission confirmation data, and
the receiver device comprising:
a lower-layer communication protocol circuit configured
to judge that there is an error in the order information of received data, which are the transmission data received and the retransmission confirmation data received, upon receiving a certain number of the retransmission confirmation data in a state where a sequence number of the received data is missing and
to request the communication device to retransmit the transmission data corresponding to the sequence number being missed.

US Pat. No. 10,171,365

TURBOLINK: METHOD AND APPARATUS FOR CONTROLLING INPUT/OUTPUT SIGNALING SPEED

International Business Ma...

1. A method comprising:receiving at least one feed-forward signal from a local or upstream data transmitter;
receiving at least one feedback signal from at least a next or downstream first node of a network;
determining whether data is to be transmitted in a burst transmission by at least comparing the at least one feed-forward signal with at least one threshold or condition;
in response to determining that the data is to be transmitted in the burst transmission, comparing the at least one feedback signal with at least one further threshold or condition, wherein the at least one feedback signal comprises a near feedback signal and a remote feedback signal, wherein the near feedback signal is from one or more first network nodes and the remote feedback signal is from one or more second network nodes, wherein each second network node is at a network location that is a greater number of hops away from the data transmitter than each first network node;
receiving an indication of a temperature of the data transmitter;
comparing the temperature of the data transmitter to a threshold temperature;
generating a signal to indicate that the burst transmission is to be started or stopped based at least on the comparison of the at least one feedback signal with the at least one further threshold or condition and on whether the temperature of the data transmitter exceeds the threshold temperature; and
causing the burst transmission to be transmitted based at least on the generated signal.

US Pat. No. 10,171,364

METHOD AND APPARATUS FOR OPTIMIZING TRANSMISSIONS IN WIRELESS NETWORKS

Nokia Technologies Oy, E...

1. A base station, comprising:at least one processor; and
at least one memory including computer program code,
the at least one memory and the computer program code configured, with the at least one processor, to cause the base station at least to:
receive a data transmission to be forwarded to at least one first wireless device;
determine whether any of the data transmission is delay tolerant data or not;
based on determining that a first part of the data transmission is delay tolerant data:
define a role of at least one second wireless device to forward the first part of the data transmission with the delay tolerant data, and transmit the first part of the data transmission with the delay tolerant data to the at least one second wireless device to be forwarded to the at least one first wireless device; and
transmit a remainder of the delay tolerant data of the data transmission to the at least one first wireless device directly, wherein the transmitting directly comprises transmitting the remainder of the delay tolerant data of the data transmission using a direct connection from the base station to the at least one first wireless device instead of using the defined role of the at least second wireless device to forward the remainder of the delay tolerant data to the at least one first wireless device,
else, based on determining that none of the data is delay tolerant data:
transmit all of the data transmission to the at least one first wireless device directly.

US Pat. No. 10,171,363

TRAFFIC CONTROL METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A traffic control method performed by a back-end network element, comprising:receiving a service message from a front-end network element;
placing the received service message into a service message buffer queue according to a type of the received service message;
determining, according to the type of the received service message, a priority of the received service message and a resource that needs to be consumed for processing the received service message;
setting a weight for each service message buffer queue according to a priority of a service message in each service message buffer queue;
scheduling, for the each service message buffer queue, the service message in the each service message buffer queue according to the weight of the each service message buffer queue when usage of a resource for the service message in the each service message buffer queue is less than a preset threshold;
obtaining, according to a preset target delay and an average delay in scheduling the service message in the each service message buffer queue in a previous period, a quantity or an adjustment quantity of service messages of a corresponding type to be received by the each service message buffer queue in the current period, the average delay being obtained by calculation according to the usage of the resource; and
sending the quantity or the adjustment quantity of the service messages of the different type to be received in the current period to a front-end network element to permit the front-end network element to perform traffic control on the service messages of the different type according to the quantity or the adjustment quantity of the service messages of the different type to be received in the current period.

US Pat. No. 10,171,362

SYSTEM AND METHOD FOR MINIMIZING DISRUPTION FROM FAILED SERVICE NODES

CISCO TECHNOLOGY, INC., ...

1. A hardware switch configured to provide native load balancing, comprising:one or more logic elements comprising a load balancing engine operable to perform operations including:
load balancing network traffic among a plurality of service nodes comprising associating traffic buckets with the plurality of service nodes via a load balancing algorithm;
providing an ordinal list of service nodes, the ordinal list including a first service node;
determining that the first service node is unavailable; and
reassigning, in response to the determining, the traffic buckets associated with the first service node to a next available service node, comprising:
first selecting a provisioned working standby node as the next available service node; and
second selecting, in response to a lack of a provisioned working standby node, node from the ordinal list that immediately follows the first service node on the list;
wherein the load balancing engine is provided on the hardware switch.

US Pat. No. 10,171,361

SERVICE-SPECIFIC PROBES IN A NATIVE LOAD BALANCER

Cisco Technology, Inc., ...

1. A network apparatus for providing native load balancing, comprising:a first network interface to communicatively couple to a first network;
a plurality of second network interfaces to communicatively couple to a second network; and
a switching engine to provide network routing between the first network and the second network, the switching engine comprising a load balancing engine configured to:
probe a service node with a first probe for a first service;
probe the service node with a second probe for a second service, the second probe different in kind from the first probe;
load balance a network traffic among a plurality of servers based on responses to the first probe and the second probe, the plurality of servers being located in the second network and configured to provide the first service and the second service wherein a plurality of traffic is classified into buckets, wherein each bucket is assigned to at least one server of the plurality of servers, wherein each of the plurality of servers is assigned a Virtual IP (VIP) tag, wherein the buckets and a corresponding VIP tag of corresponding at least one server assigned to each of the buckets are stored in a content addressable memory accessible to the network apparatus;
determine a bucket corresponding to the network traffic;
determine the corresponding VIP tag of the corresponding at least one server assigned to the bucket; and
forward the network traffic to the at least one server.

US Pat. No. 10,171,360

SYSTEM DETECTION AND FLOW CONTROL

International Business Ma...

1. A system detection method, the method comprising:acquiring a throughput and a response time of a system, wherein the throughput reflects the number of requests from outside of the system that has been processed by the system, and the response time reflects time required by the system to process requests from outside of the system;
obtaining a system performance characteristic parameter based on the throughput and the response time, the system performance characteristic parameter being used to describe congestion condition of the system, wherein the step of obtaining system performance characteristic parameter based on the throughput and the response time comprises:
obtaining system performance characteristic parameter based on the throughput and the response time; and
conducting noise filtering on the system performance characteristic parameter; and
determining whether there is a bottleneck in the system based on the system performance characteristic parameter, wherein determining whether there is a bottleneck in the system based on the system performance characteristic parameter comprises determining whether there is bottleneck in the system based on the noise filtered system performance characteristic parameter.

US Pat. No. 10,171,358

PORT CONGESTION RESILIENCY IN A MULTI-CARD AND MULTI-SWITCH LINK AGGREGATION GROUP

Ciena Corporation, Hanov...

1. A method for port congestion resiliency in a Link Aggregation Group (LAG) comprising one or more of a multi-card LAG and a multi-switch LAG, the method comprising:receiving a packet for egress over the LAG;
responsive to determining no congestion over internal ports not part of the LAG, hashing with all member ports on a plurality of cards in the LAG in a distribution state, wherein the plurality of cards are part of the one or more of a multi-card LAG and a multi-switch LAG, wherein cards in the multi-card LAG communicate via backplane ports which are not part of the LAG, and wherein cards in the multi-switch LAG communicate via inter-switch connectivity ports which are not part of the LAG; and
responsive to determining congestion over the internal ports, hashing with only member ports on a same local card in which the packet was received, wherein the hashing determines which member port the packet egresses from in the LAG and, by hashing with only member ports on the same local card, the packet egresses on the same local card when there is congestion.

US Pat. No. 10,171,357

TECHNIQUES FOR MANAGING SOFTWARE DEFINED NETWORKING CONTROLLER IN-BAND COMMUNICATIONS IN A DATA CENTER NETWORK

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:establishing, by a network controller device, a translation table for resolving network addresses for in-band traffic in a data center network based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address;
receiving, by the network controller device, a packet originating from an application associated with a first unique loopback address and intended for an endpoint in a first network segment associated with a first VNID, the endpoint associated with a second unique loopback address;
translating, by the network controller device using the translation table, the first unique loopback address into a first routable tenant address and the first VNID based on the first unique loopback address;
translating, by the network controller device using the translation table, the second loopback address into a second routable tenant address and the first VNID based on the second unique loopback address;
encapsulating the packet as an encapsulated packet having a header field including the first VNID, an outer address field including an address for a proxy device, an inner source address field including the first routable tenant address, and an inner destination field including the second routable tenant address;
forwarding, by the network controller device, the encapsulated packet to the proxy device to route the encapsulated packet in the data center network to the endpoint in the first network segment associated with the first VNID; and
updating a routing table based on migration of the endpoint from a first host to a second host.

US Pat. No. 10,171,356

PACKET EDIT PROCESSING METHOD AND RELATED DEVICE

Huawei Technologies Co., ...

1. A packet edit processing method, the method comprising:generating an input packet template based on N to-be-edited protocol header fields of an input packet, and a preset protocol field mapping relationship, wherein the input packet template comprises N protocol descriptors that are corresponding, in a one-to-one manner, to the N protocol header fields, and the protocol field mapping relationship is a mapping relationship between a protocol field comprised in a protocol descriptor and a protocol field comprised in a protocol header field that has a correspondence with the protocol descriptor;
performing edit processing on the input packet template to obtain an output packet template; and
converting, based on the preset protocol field mapping relationship, M protocol descriptors comprised in the obtained output packet template into M protocol header fields of an output packet, and replacing the N protocol header fields in the input packet with the M protocol header fields to obtain the output packet, wherein N and M are positive integers.

US Pat. No. 10,171,355

DATA PACKET SENDING METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A method for sending data packet in a network that comprises at least two controllers and multiple switches, wherein the method comprises:sending, by a first switch to the controllers, a policy request message that carries header information of a data packet when a forwarding table of the first switch does not have a forwarding entry that matches the header information of the data packet;
receiving, by the first switch, policy response messages sent by the controllers that include respective controller-determined forwarding paths determined by the controllers;
selecting, by the first switch, a forwarding path from the received controller-determined forwarding paths;
informing a second switch of the selected forwarding path, wherein the second switch is a switch besides the first switch on the selected forwarding path; and
forwarding, by the first switch, the data packet according to the selected forwarding path.