US Pat. No. 10,194,024

NUMBER PORTABILITY DETERMINATION IN VARIABLE NUMBERING PLAN

TELEFONAKTIEBOLAGET LM ER...

1. A system configured for determining if a telephony network number is ported, comprising:a first network node configured to receive a number message comprising at least a first part of a dialed number identifying a called party; and
a number portability database, containing routing numbers associated with entries in the database;
the first network node being configured to compare the number message with entries in the database, and the first network node being configured such that:
if the number message or a first part of the number message uniquely matches with the whole of an entry in the database and does not match with part of another entry in the database, the first network node determines that a best match has been found and routes a call to a second network node identified by the routing number associated with said entry,
if the number message matches with at least part of at least one entry in the database, the first network node determines that at least one partial match has been found, retrieves a further part of the dialed number and repeats said comparison based on a new number message comprising said first part of the dialed number and said further part of the dialed number, and
if at least a first part of the number message cannot be matched to the whole of any entry in the database, the first network node determines that no match has been found and routes a call to a second network node identified by the dialed number.

US Pat. No. 10,194,023

VOICE USER INTERFACE FOR WIRED COMMUNICATIONS SYSTEM

Amazon Technologies, Inc....

1. A computer-implemented method comprising:receiving, via a data network and from an adapter connected to a public switched telephone network (PSTN) via at least one port, a first notification indicating an incoming telephone call from the PSTN, the first notification corresponding to a first ringing signal received by the adapter from the PSTN;
generating first text data that indicates the incoming telephone call;
generating, using text-to-speech processing, first audio data using the first text data;
receiving, via the data network and from the adapter, a second notification corresponding to the incoming telephone call, the second notification corresponding to a second ringing signal received by the adapter from the PSTN, the second notification including caller identification associated with the incoming telephone call that is received from the PSTN, the caller identification indicating at least one of a phone number or a name;
determining contact information associated with the caller identification, the contact information associated with at least one of the phone number or the name;
generating second text data corresponding to the contact information;
generating, using text-to-speech processing, second audio data using the second text data;
generating combined audio data by combining the first audio data and the second audio data; and
sending, to a device via the data network, the combined audio data.

US Pat. No. 10,194,022

SYSTEM AND METHOD FOR AUTOMATICALLY DETECTING UNDESIRED CALLS

DIALOGTECH INC., Chicago...

1. An automated method for determining and terminatingundesired inbound calls, the method comprising:
receiving an incoming phone call;
activating a controller in response, the controller holding the incoming call and recording audio from the incoming call;
evaluating the recorded audio with a spam detection engine to determine if the incoming call is spam; and
in response to a determination the call is spam, prompting the incoming call to input a code with an interactive voice recognition (IVR) system,
wherein when the code input by the incoming call does not match the prompted code, the call is terminated,
wherein evaluating the recorded audio comprises:
segmenting the recorded audio into segments,
building partition groups from the processed segments,
comparing the partition groups to stored spam profiles, and
deriving an accuracy number based on the number of segment partitions that match a profile versus the number of segment partitions that do not match the profile.

US Pat. No. 10,194,020

LINE FAULT LOCALISATION

BRITISH TELECOMMUNICATION...

1. A method of identifying a fault on a digital subscriber line in a telecommunications network, comprising:measuring a signal to noise ratio related parameter associated with the digital subscriber line;
identifying variations in the signal to noise ratio related parameter;
measuring a plurality of weather parameters associated with the digital subscriber line, wherein each weather parameter is obtained from a corresponding sensor having an associated location;
comparing the signal to noise ratio related parameter with one or more predetermined conditions, wherein the predetermined conditions are based on signal to noise ratio related parameter characteristics associated with a population of lines operating normally; and if one or more of the predetermined conditions are not met, then
determining the degree of correlation between the variations in the signal to noise ratio related parameter with each of the plurality of weather parameters; and
identifying a location of a fault on the digital subscriber line as the location associated with the weather sensor that corresponds to the greatest determined degree of correlation.

US Pat. No. 10,194,018

STANDARD MOBILE COMMUNICATION DEVICE DISTRACTION PREVENTION AND SAFETY PROTOCOLS

Cell Command, Inc., Mari...

1. A method of activating a protocol behavior in a mobile device within a specified environment comprising:broadcasting, by a protocol activator, a first trigger signal in the specified environment; and
including, by the protocol activator, a discovery information in the first trigger signal, wherein the discovery information associated with the first trigger signal corresponds to a modified universally unique identification (UUID) code of the protocol activator, and wherein at least a portion of the modified UUID code identifies at least one of:
a specified environment in which the protocol activator operates, and
a specified working group information in the specified environment in which the protocol activator operates; and
wherein the discovery information broadcast from the protocol activator in the first trigger signal causes activation of the protocol behavior in the mobile device within the specified environment.

US Pat. No. 10,194,017

SYSTEMS, DEVICES AND METHODS FOR VEHICLES

Mill Mountain Capital, LL...

1. A system configured to detect the presence of at least one mobile device within a vehicle and determine if the detected mobile device is an authorized mobile device and whether non hands free mobile device functions are being used while the vehicle is in motion, the system comprising a processor separate from a vehicle engine control unit, in which the processor is electrically coupled to a first antenna configured to receive a wireless transmission from the mobile device when the mobile device is present in the vehicle and transmitting wirelessly, the processor configured to determine if the detected mobile device is an authorized mobile device, the processor further configured to determine if the non hands free mobile device functions of the authorized mobile device are being used when the vehicle is in motion wherein the processor is configured to detect a unique identifier in the received wireless transmission from the mobile device and compare the received unique identifier of the mobile device with a remote listing of mobile device identifiers of authorized mobile devices to thereby determine if the detected mobile device is an authorized mobile device, wherein the remote listing of mobile device identifiers is present on a system separate from the vehicle, and wherein the unique identifier in the received wireless transmission from the mobile device comprises at least one of a MAC address, a SIM number, a USB number, an alpha numeric number or does not include any numeric information, in which the processor is configured to determine if the vehicle is in motion and is configured to permit use of the detected mobile device if the vehicle is not in motion and generate an alert if use of the non hands free mobile device functions is detected when the vehicle is in motion.

US Pat. No. 10,194,016

ACTIVATION OF SMS SIGNALING FROM DYNAMICALLY ACTIVATED CONTROL INTERFACE

Zipwhip, Inc., Seattle, ...

1. A method comprising:configuring a user interface (UI) generator with a reply number and a contact message to generate a first structured graphical user interface (GUI);
receiving a contact request on the first structured GUI;
parsing the contact request into user agent information, a user message, and a user number with a request analyzer;
operating a format selector with the user agent information to select a response format, the response format comprising:
a native application (app) trigger on the condition that the user agent information indicates a mobile device; and
configuring the UI generator with the response format to generate a second structured GUI on the condition that the user agent information indicates a non-mobile browser; and
pre-populating a response with the user number and the contact message, and transmitting the response to the reply number via a short message service (SMS) server.

US Pat. No. 10,194,015

SYSTEMS AND METHODS FOR FACILITATING CONVERSATIONS

Glu Mobile Inc., San Fra...

1. A method comprising, at a first electronic device with a display and an input device:displaying a graphical input stream comprising a plurality of keys, wherein the plurality of keys comprises:
a first subset of keys that collectively provide a character set source, wherein each respective key in the first subset of keys corresponds to a key in the character set, and
a second subset of keys that collectively provide a message effect source, wherein each respective key in the second subset of keys represents a unique message effect in a plurality of message effects, wherein the first subset of keys and the second subset of keys are displayed concurrently in the graphical input stream;
displaying a first original multi-word message at a first portion of the display, wherein the first original multi-word message is a message previously received by or transmitted from the first electronic device;
displaying a message area at a second portion of the display;
receiving a first user input from the character set source, the first user input forming a second original multi-word message, wherein the receiving further comprises displaying each respective character of the second original multi-word message in the message area as the respective character is inputted;
receiving a second user input from the message effect source, wherein the second user input specifies a message effect in the plurality of message effects;
responsive to receiving the second user input, applying the message effect to only the second multi-word message thereby forming a transformed representation of the second multi-word message;
replacing only the second multi-word message displayed in the message area with the transformed representation of the second multi-word message;
receiving a third user input to transmit the contents of the message area; and
in response to receiving the third user input to transmit the contents of the message area, transmitting the second original multi-word message and an indication of the message effect.

US Pat. No. 10,194,014

SWITCHING BETWEEN WATCHES

Apple Inc., Cupertino, C...

1. A non-transitory machine-readable medium storing executable program instructions which when executed by a data processing system cause the data processing system to perform operations comprising:receiving, at a companion device, data from a first paired device that is paired with the companion device, the first paired device being an active paired device when the data is received;
storing received data in a first store of the companion device, wherein once the data is stored in the first store, the data cannot be accessed when the companion device is locked; and
storing the received data in a second store of the companion device, the received data in the second store for use in synchronizing a second paired device with the companion device when the second paired device becomes the active paired device and the first paired device is no longer the active paired device.

US Pat. No. 10,194,013

INSTRUMENT CLUSTER METADATA TO SUPPORT SECOND SCREEN

Apple Inc., Cupertino, C...

1. A non-transitory computer-readable storage medium comprising instructions stored thereon to cause one or more processors of a portable electronic device to:receive by the portable electronic device, from a vehicle, display capability information for an instrument cluster display of the vehicle;
receive data for display on the instrument cluster display, by the portable electronic device, from a data producer executing on the portable electronic device, wherein the data is in a format not suitable for display on a second display of the vehicle;
determine metadata, by the portable electronic device, based, at least in part, on the display capability information and the data, the metadata comprising of at least navigation information;
format the metadata into one or more defined object fields based on a comparison between the metadata and formatting information extracted from the display capability information;
send the formatted metadata to the vehicle's instrument cluster display; and
send additional display information to the second display of the vehicle.

US Pat. No. 10,194,012

PLATFORM FOR WIRELESS INTERACTION WITH VEHICLE

THUNDER POWER NEW ENERGY ...

1. A system installed in a vehicle, the system comprising:a set of input sensors mounted in a vehicle;
a camera device coupled with the vehicle;
an antenna coupled with a network chip to communicate with a separate entity via a communications network; and
a processor device coupled with the vehicle to:
receive input from the set of input sensors;
detect, responsive to the received input, occurrence of a predetermined event relating to the vehicle;
direct the camera device to capture an image automatically in response to detecting the occurrence of the predetermined event;
receive instructions, from the separate entity via the antenna and the communications network, to deliver the image to the separate entity; and
communicate the image to the separate entity via the antenna and the communications network responsive to the instructions.

US Pat. No. 10,194,011

METHOD AND APPARATUS FOR SECURING VOICE OVER IP TELEPHONE DEVICE

HIGH SEC LABS LTD., Yokn...

1. A Secure Voice over IP (VoIP) Phone device comprising:VoIP phone's non-secure hardware comprising:
a Local Area Network (LAN) interface;
at least one processor;
secure inputs and outputs comprising:
at least one microphone;
at least one indicator; and
an off-on hook switch; and
a security implant comprising:
at least one audio switch; and
at least one tampering switch,
wherein said security implant is not programmable via said VoIP phone's non-secure hardware, and
said security implant is programmed to allow normal VoIP call by:
connecting said at least one microphone to said VoIP phone's non-secure hardware via said at least one audio switch, and
activating said at least one indicator to indicate active audio channel,
only during active VoIP phone call, and only if said at least one tampering switch has not been activated;
wherein said security implant is programmed to detect pre-programmed on-of-hook switch activation patterns by measuring timing of on-off-hook switch activation and deactivation events.

US Pat. No. 10,194,009

INTERFACE DEVICE PROVIDING INTRINSIC SAFETY FOR A COMMUNICATIONS DEVICE

Honeywell International I...

1. An interface device for providing Intrinsic Safety to a Smart Identity Module (SIM) card, comprising:a buffer circuit including a voltage regulator and a voltage level translator including drivers having a baseband processor side pins including at least an input/output (IO) pin for receiving data signals, first SIM reset (RST) pin, core power supply (VCC) pin, a clock (CLK) pin, a battery power supply (VBAT) pin, and SIM side pins including at least a VCC pin, a SIM CLK pin, second SIM RST pin, and a SIM IO pin, and a ground (GND) pin, and
at least one series resistor (R1, R2, R3, R4 and R5) in series with each of said baseband processor side pins,
wherein lower resistance ones of said series resistors are in series with said CLK pin and said IO pin as compared to ones of said series resistors that are in series with said first RST pin and said VCC pin.

US Pat. No. 10,194,008

COMMUNICATION DEVICE, NETWORK MONITORING DEVICE SYSTEM, AND INFORMATION NOTIFICATION METHOD

NEC Corporation, Tokyo (...

1. A communication device connected to a network monitoring device, together with another communication device, wherein the communication device constitutes a redundant configuration together with the another communication device, the communication device comprising:a memory storing information, and
a processor configured to output predetermined information it has measured while performing a predetermined operation as the active device of the redundant configuration, to the network monitoring device, upon occurrence of a predetermined event;
wherein upon occurrence of the predetermined event, the processor increments a predetermined number by a predetermined value and then outputs the incremented predetermined number along with the predetermined information, and stores the predetermined number and the predetermined information in the memory in a manner to correlate them with each other; and wherein
if receiving a request for resending of the predetermined information, the processor outputs the predetermined information stored in the memory in a manner to be correlated with the predetermined number included in the request, to the network monitoring device.

US Pat. No. 10,194,007

CONCURRENT OPTICAL NETWORK TERMINAL SIMULATION

Calix, Inc., Petaluma, C...

1. An optical line terminal (OLT) for optical network terminal (ONT) simulation, the OLT comprising:at least one processor;
a transceiver; and
a memory including instructions that, when executed by the at least one processor, cause the at least one processor to perform operations to:
receive, via the transceiver, a data packet;
identify a passive optical network (PON) port identifier (PID) in the data packet,
wherein the PID is an emulation method port identifier;
determine that the data packet is associated with an ONT simulation host, wherein the ONT simulation host is a server device hosting a simulated ONT client from which the data packet originates;
determine the data packet is destined for the ONTO simulation host using the PID;
modify the data packet based on the determination to alter a characteristic such that the modified data packet indicates an origination from a non-simulated ONT client rather than the simulated ONT client, wherein the modification includes addition of a first word of routing data and a second word of routing data, wherein the second word of routing data includes a designated header, and wherein the designated header includes the emulation method port identifier: and
transmit, via the transceiver, the modified data packet, wherein the modified data packet is transmitted to the ONT simulation host using the first word of routing data and the second word of routing data.

US Pat. No. 10,194,006

PHYSICAL LAYER FRAME FORMAT FOR WLAN

Marvell World Trade Ltd.,...

1. A method for generating a physical layer (PHY) data unit for transmission via a communication channel, the PHY data unit conforming to a first communication protocol, the method comprising:generating, at a first communication device, a PHY preamble for the PHY data unit, including:
generating a signal field,
including the signal field and a duplicate of the signal field in the PHY preamble, wherein presence of the duplicate of the signal field indicates to second communication devices that conform to the first communication protocol that the PHY data unit conforms to the first communication protocol, and
formatting the PHY preamble such that a first portion of the PHY preamble is decodable by a third communication device that conforms to a second communication protocol, but does not conform to the first communication protocol, to determine a duration of the PHY data unit based on the first portion of the PHY preamble; and
generating, at the first communication device, the PHY data unit to include the PHY preamble and a PHY payload.

US Pat. No. 10,194,005

METHOD TO RETRIEVE PERSONAL CUSTOMER DATA OF A CUSTOMER FOR DELIVERING ONLINE SERVICE TO SAID CUSTOMER

Alcatel Lucent, Boulogne...

1. A method to retrieve personal customer data of a customer for delivering online service to said customer:an online service supplier initiates the sending of a network identifier of a mobile node, used to communicate with the online service supplier and bound to the customer by a mobile network operator, to an application programming interface platform (API) with a request to retrieve the customer data,
the API platform identifies the mobile network operator of the mobile node, and forwards the network identifier and request to retrieve the customer data to said mobile network operator of the mobile node,
the mobile network operator uses the network identifier to identify the customer and sends the requested personal customer data contained in a data repository of the mobile network operator to the API platform,
the online service supplier retrieves the personal customer data at the API platform.

US Pat. No. 10,194,004

CLIENT IN DISTRIBUTED COMPUTING SYSTEM THAT MONITORS REQUEST TIME AND OPERATION TIME IN ORDER TO DETECT PERFORMANCE PROBLEMS AND AUTOMATICALLY ISSUE ALERTS

Guest Tek Interactive Ent...

1. A client device that sends a request to a server via a network in a distributed computing system, the client device comprising:a timer for timing a request time duration substantially including a period of time that the client device is waiting for results to be received via the network from the server in response to the request sent by the client device;
the timer further for timing an operation time duration substantially corresponding to a period of time that the client device is performing an operation that causes the client device to make the request;
a network interface coupled to the network for sending the request to the server and receiving the results from the server; and
a processor coupled to the timer and the network interface;
wherein, after receiving the results from the server, the processor is configured by executing software loaded from a memory to dynamically calculate a client processing time threshold at least according to a type of the operation and historic time durations for one or more previous operations performed by the client device, subtract the request time duration from the operation time duration to thereby calculate a client processing time duration, transmit one or more alert messages to a network operation center (NOC) via the network when the client processing time duration is greater than the client processing time threshold, and include at least an operation type identifier corresponding to the type of the operation, and values of the client processing time duration and the client processing time threshold in the one or more alert messages.

US Pat. No. 10,194,003

INFORMATION PROCESSING APPARATUS, SERVER-CLIENT SYSTEM, CONTROL METHOD OF INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM

CANON KABUSHIKI KAISHA, ...

4. A control method for an information processing apparatus including an embedded client and server for managing, by a database, setting information of each of a plurality of clients including the embedded client and a network client, the control method comprising:performing, if an input for changing a value of address information as a network setting of the information processing apparatus is performed on the information processing apparatus, update processing for updating a connection destination address managed by the database for each client with the value corresponding to the changing, wherein the changing is not reflected as the network setting of the information processing apparatus until the value used for the update processing is transmitted to all of the plurality of clients; and
transmitting the value of the connection destination address managed by the database for each client to each client in response to a request from each client,
wherein, in the network client, setting information which is used by the network client to access the server is updated with the transmitted value, and
wherein the changing is reflected as the network setting of the information processing apparatus after the value used for the update processing has been transmitted to all of the plurality of clients.

US Pat. No. 10,194,002

VBN SERVER CLUSTERING SYSTEM, METHOD OF VBN SERVER CLUSTERING, AND VBN SERVER FOR CLUSTERING

SolutionInc Limited, Hal...

1. A visitor based network (VBN) server clustering system comprising:a cluster of VBN servers for processing network traffic from and to one or more user devices connected to a single local area network (LAN),
wherein each of the VBN servers comprises:
a client device data store that is configured to create and maintain device state records of the one or more user devices connected to the LAN for use by the respective VBN server in processing network traffic;
an interface that is configured to perform data communication with the one or more user devices through the LAN; and
a clustering manager that is configured to implement clustering of the VBN servers by filtering the network traffic from and to the one or more user devices based on filtering criteria specified in configuration settings for the VBN server so as to allow the network traffic processing unit to process only a filtered portion of the network traffic,
wherein the filtering of the network traffic by the clustering manager of each of the VBN servers partitions the network traffic so that network traffic of each user device is processed by a specific one of the VBN servers within the cluster at a given time.

US Pat. No. 10,194,000

DISBURSEMENT OF REGISTRATION INFORMATION TO APPLICATION/SERVICE LAYER AT TIME OF REGISTRATION WITH A NETWORK

Verizon Patent and Licens...

1. A method comprising:receiving, by a network device, registration information during a registration with a network, wherein the registration information includes a user identifier of a user registering with another network device of the network and an identifier of the other network device, wherein the network device is one of a Home Subscriber Server (HSS), a Home Location Register (HLR), or a User Profile Server Function (UPSF), and the other network device is a serving-call session control function (S-CSCF);
determining, by the network device, whether registration information pertaining to a previous registration by the user with the network is stored;
determining, by the network device, that the registration information pertaining to the previous registration is not stored;
storing, by the network device, the received registration information based on determining that the registration information pertaining to the previous registration is not stored;
selecting, by the network device, which application server of the network to transmit the received registration information; and
transmitting, by the network device, the received registration information to the application server based on the selecting.

US Pat. No. 10,193,999

DYNAMIC ONLINE GAME IMPLEMENTATION ON A CLIENT DEVICE

Kabam, Inc., San Francis...

1. A system for providing online games on client devices based on capabilities of the client devices, the system comprising one or more physical processors configured by machine-readable instructions to:host an online game, and transmit information to individual client devices for implementation and presentation of the online game on the individual client devices for user interaction, the individual client devices including a first client device;
obtain device capability information regarding capabilities of the individual client devices such that first capability information regarding a first set of capabilities of the first client device is obtained;
determine values of capability parameters for the first set of capabilities of the first client device such that a first value of a first capability parameter is determined;
determine the first value of the first capability parameter has breached a first threshold value for the first capability parameter;
assign a first device profile to the first client device based on the determination that the first value of the first capability parameter has breached the first threshold value for the first capability parameter;
transmit the first device profile to the first client device; and
select one or more of a frame rate for rendering the online game, a level of detail for rendering the online game, an audio quality for providing the online game, a level of graphic effects for implementation of the online game, and/or a level of physics effects for implementation of the online game, wherein the selection is based on the assigned first device profile, wherein
the online game is provided on the first client device in accordance with the first device profile assigned to the first client device, and wherein providing the first game on the first client device in accordance with the first device profile includes one or more of rendering the online game at the selected frame rate, rendering the online game at the selected level of detail, providing the online game with the selected audio quality, implementing the online game with the selected level of graphics effects, and/or implementing the online game with the selected level of physics effects.

US Pat. No. 10,193,997

ENCODED URI REFERENCES IN RESTFUL REQUESTS TO FACILITATE PROXY AGGREGATION

Dell Products L.P., Roun...

1. A method of managing information handling system resources, the method comprising:receiving, by an aggregator resource from a client, a client request indicating a uniform resource identifier (URI) corresponding to a requested service; and
sending a plurality of proxy requests, including a proxy request corresponding to each of a plurality of aggregated resources associated with the aggregator resource, wherein each of the plurality proxy requests includes:
a proxy URI indicative of the requested service on one of the plurality of aggregated resources; and
encoding information indicative of an encoding method; and
receiving, a plurality of encoded responses, including an encoded response from each of the plurality of aggregated resources, wherein each of the plurality of encoded responses includes:
a document URI indicating a value of the requested service for the aggregated resource; and
prefix information including an encoded reference to the aggregated resource, the encoded reference encoded in accordance with the encoding method.

US Pat. No. 10,193,996

LOAD BALANCING METHOD, INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A load balancing method executed by an information processing apparatus, the load balancing method comprising:identifying, in first determination processing for determining circumstances based on an event acquired by a sensor included in the information processing apparatus, a type of an event that another information processing apparatus coupled to the information processing apparatus is able to acquire by using a sensor included in the another information processing apparatus;
determining, based on the identified type, whether a logic tree representing the first determination processing is able to be changed to another logic tree that includes a partial logic tree determined based on an event of the identified type and is equivalent in condition to the logic tree; and
assigning second determination processing represented by the partial logic tree included in the another logic tree to the another information processing apparatus, when determining that the logic tree is able to be changed to the another logic tree,
wherein the assigning includes:
calculating a cost of the another logic tree based on information related to the sensor of the information processing apparatus and information related to the sensor of the another information processing apparatus, and
assigning the second determination processing represented by the partial logic tree included in the another logic tree for which the calculated cost is smallest, to the another information processing apparatus.

US Pat. No. 10,193,994

SIGNALING CACHED SEGMENTS FOR BROADCAST

Qualcomm Incorporated, S...

1. A method of retrieving media data by a middleware unit at a client device, wherein the middleware unit controls a hypertext transfer protocol (HTTP) proxy unit of the client device, and wherein the client device includes a local server unit, the method comprising, by the middleware unit:receiving a first set of media data of a media session via a broadcast service;
determining that the broadcast service is no longer available after receiving the first set of media data;
receiving a request to retrieve a second set of media data of the media session via a unicast service from a streaming application executed by the client device based on the determination that the broadcast service is no longer available, wherein the request specifies an address external to the client device; and
in response to the request, when the second set of media data was previously received via the broadcast service, causing the HTTP proxy unit to redirect the request to the local server unit instead of the address external to the client device, wherein the second set of media data was previously received via the broadcast service.

US Pat. No. 10,193,992

REACTIVE API GATEWAY

Accenture Global Solution...

9. A computing system including one or more computers having memory and one or more processors, the computing system comprising:a gateway subsystem, including one or more computers, configured to route application programming interface (API) calls submitted by user agents connected to the gateway subsystem to appropriate service subsystems of a plurality of service subsystems that provide respective online services to the user agents based on respective types of the API calls, wherein the gateway subsystem is arranged as a proxy between the user agents that are connected to the gateway subsystem and the plurality of service subsystems; and
an events hub, including one or more computers, configured to receive event messages from at least some of the plurality of service subsystems and to publish the received event messages for consumption by one or more consuming subsystems including the gateway subsystem, such that the one or more consuming subsystems indirectly receive event messages from the at least some of the plurality of service subsystems through the events hub rather than directly from the at least some of the plurality of service subsystems,
wherein at least a first published event message that is consumed by the gateway subsystem identifies a first user,
wherein the at least the first published event message is generated by one of the plurality of service subsystems to describe a result of the service subsystem's performance of an operation responsive to an API call that was routed to the service subsystem from the gateway subsystem; and
wherein the gateway subsystem is further configured, in response to consuming the first published event message that identifies the first user:
(i) to determine every user agent that is associated with the first user and that is currently connected to the gateway subsystem, and
(ii) to transmit information that represents the first published event message to every user agent that is determined to be associated with the first user and currently connected to the gateway subsystem.

US Pat. No. 10,193,991

METHODS AND APPARATUSES FOR PROVIDING INFORMATION OF VIDEO CAPTURE DEVICE

Xiaomi Inc., Beijing (CN...

1. A method for providing an operation status of a video capture device over a network, the method being performed by the video capture device and comprising:receiving, by the video capture device, a communication request from a predetermined terminal;
determining, based on the communication request, one or more terminals connected with the video capture device, wherein the determining one or more terminals connected with the video capture device comprises:
extracting a terminal identifier from the communication request; and
determining, based on the extracted terminal identifier, at least one connection status parameter of the video capture device, the at least one connection status parameter including at least one of: a first value representing a number of terminals currently connected with the video capture device, and a second value representing a number of terminals connected with the video capture device during a preset time interval;
transmitting status information of the video capture device over the network and to the predetermined terminal, the status information including information of the one or more terminals connected with the video capture device,
wherein the information of the one or more terminals connected with the video capture device comprises the connection status parameter of the video capture device, and
wherein the status information of the video capture device is transmitted to the network after the video capture device determines that the at least one connection status parameter exceeds a preset threshold.

US Pat. No. 10,193,990

SYSTEM AND METHOD FOR CREATING USER PROFILES BASED ON MULTIMEDIA CONTENT

Cortica Ltd., Tel Aviv (...

1. A method for creating user profiles based on multimedia content, comprising:identifying a plurality of multimedia content elements associated with a user;
generating at least one signature for each of the plurality of multimedia content elements;
analyzing the at least one signature to identify at least one concept matching the multimedia content elements;
generating, based on the at least one matching concept, at least one contextual insight, wherein each contextual insight indicates a preference of the user; and
generating, based on the at least one contextual insight, a user profile for the user.

US Pat. No. 10,193,989

VISUALIZATION OF USER BEHAVIOR

Amazon Technologies, Inc....

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed, causing the at least one computing device to at least:receive a request to initiate a workflow session between a service representative and a user;
transmit a plurality of network pages to a client computing device of the service representative enabling the service representative to assist the user with an issue related to a service, wherein the plurality of network pages are configured to detect a navigation event triggered by the client computing device;
obtain a plurality of navigation events responsive to interactions performed by the client computing device with respect to a navigation through a predefined sequence of the plurality of network pages by the client computing device;
obtain data associated with progression through the predefined sequence of the plurality of network pages by the client computing device, the data including at least a screen capture of a user interface of the client computing device during the workflow session;
store the plurality of navigation events and the data in a data store; and
after termination of the workflow session, generate a workflow visualization of progression of the client computing device through the plurality of network pages by at least determining a plurality of time durations and transitions in focus of the client computing device as functions of the plurality of the navigation events, the plurality of time durations respectively comprising a consecutive amount of time a user interface focus of the client computing device is directed to an associated one of the plurality of network pages, wherein the workflow visualization comprises:
a plurality of visual elements respectively embodying the consecutive amount of time the user interface focus of the client computing device is directed to a respective one of the plurality of network pages and having a size based at least in part on the consecutive amount of time; and
at least one visual link graphically connecting a respective pair of visual elements from the plurality of visual elements whose corresponding focus durations occur consecutively, the at least one visual link embodying a transition in focus of the client computing device between a respective pair of the plurality of network pages,
wherein a selection of at least one visual element causes the screen capture of the user interface of the client computing device corresponding to the selected visual element to be displayed.

US Pat. No. 10,193,988

SETTING A FIRST-PARTY USER ID COOKIE ON A WEB SERVERS DOMAIN

Criteo SA, Paris (FR)

1. A method performed by a user device, the method comprising:sending, by the user device, to a first web server on a first domain, a first request for a first webpage;
receiving, by the user device, from the first web server, the first webpage comprising first ad system call instructions that include a target URL on a second domain;
determining, by the user device, whether a first browser cookie can be set on the first domain;
executing, by the user device, the first ad system call instructions to send a second request using the target URL on the second domain to an ad system on second domain, the second request comprising an indicator of whether the first browser cookie can be set on the first domain;
receiving, by the user device, from the ad system, first SSP call instructions that include a URL on a third domain, the target URL on the second domain, and the indicator of whether the first cookie can be set on the first domain;
executing, by the user device, the first SSP call instructions to send a third request using the URL on the third domain to an SSP server on the third domain, the third request comprising the target URL on the second domain, the SSP server determining an SSP user ID associated with the user device based upon the third request;
receiving, by the user device, from the SSP server, second ad system call instructions, the second ad system call instructions comprising the SSP user ID and the target URL on the second domain;
executing, by the user device, the second ad system call instructions using the target URL on the second domain to send a fourth request comprising the SSP user ID to the ad system;
receiving, by the user device, from the ad system, first storing instructions comprising the SSP user ID;
executing, by the user device, the first storing instructions to store the SSP user ID in the first browser cookie on the first domain.

US Pat. No. 10,193,987

ACTIVITY CONTINUATION BETWEEN ELECTRONIC DEVICES

APPLE INC., Cupertino, C...

1. A method, comprising:in a companion electronic device, performing operations for:
receiving an activity advertisement message from a source electronic device, the activity advertisement message comprising an encoded representation of information about an activity performed in a first application at the source electronic device, the encoded representation being created by applying a function to the activity information that creates the encoded representation that is smaller in size than the activity information, wherein the activity information comprises an identifier that identifies the first application and an activity descriptor that identifies the activity performed in the first application;
evaluating the encoded representation against a plurality of activity descriptor representations to identify the activity, each of the plurality of activity descriptor representations comprising an identifier that identifies an available application and an activity descriptor that identifies an activity to perform using the available application;
determining, based on the evaluating, that a second application that is associated with the activity is available at the companion electronic device, the second application being identified by at least one of the plurality of activity descriptor representations, wherein the second application is different from the first application, and wherein the evaluating comprises determining that instructions or information on how to perform the corresponding activity will be provided;
requesting extended activity data for the activity from the source electronic device;
using the extended activity data received from the source electronic device to configure the second application at the companion electronic device to perform a corresponding activity; and
commencing performing the corresponding activity in the second application at the companion electronic device.

US Pat. No. 10,193,986

METHOD AND APPARATUS FOR PRESENTING GEOGRAPHICAL LOCATION

TENCENT TECHNOLOGY (SHENZ...

1. A method of sharing location information in a social network application, comprising:at a first user device having one or more processors and memory for storing one or more programs to be executed by the one or more processors:
providing an instant messaging interface of the social network application at the first user device;
detecting, within the instant messaging interface, a trigger input from a first user of the first user device, the trigger input is associated with location information of the first user device;
in response to the trigger input associated with location information, obtaining a map of a location of the first user device based on the trigger input; and
sharing the map of the location of the first user device with a second user device through the social network application, enabling the second user device to display the map of the location of the first user device in a corresponding instant messaging interface of the social network application executed at the second user device.

US Pat. No. 10,193,985

METHOD AND DEVICE FOR PERFORMING SERVICE DISCOVERY IN WIRELESS COMMUNICATION SYSTEM

LG Electronics Inc., Seo...

1. A method of performing service discovery performed by a first NAN (neighbor awareness networking) device in a wireless communication system, the method comprising:exchanging a subscribe message with a second NAN device; and
transmitting a first service discovery frame (SDF) based on the exchanged subscribe message,
wherein the first service discovery frame comprises a NAN connection capability attribute field,
wherein the NAN connection capability attribute field comprises a first type interface information field indicating whether the first NAN device supports a first type interface, and
wherein the NAN connection capability attribute field further comprises a beacon frame field containing information about a beacon frame associated with the first type interface.

US Pat. No. 10,193,984

ARCHITECTURE FOR ENABLING FINE GRANULAR SERVICE CHAINING

TELEFONAKTIEBOLAGET LM ER...

1. A method implemented by a network device, the method for implementing a service chain by instantiating services on demand by a lightning module that provides the services as applications executed by unikernels supported by a hypervisor, the method comprising:receiving authentication, administration and accounting (AAA) service authentication of a user by the lightning module;
instantiating, by the lightning module, a special unikernel monitor to only monitor a session for packets from the user, in response to receiving the AAA service authentication of the user;
determining at least one unikernel configuration file for the user;
checking whether a packet from the user is received in the session by the special unikernel monitor; and
responsive to detecting the packet, instantiating a plurality of service chain unikernels identified in the at least one unikernel configuration file, by the special unikernel monitor, the plurality of service chain unikernels to process packets of the session.

US Pat. No. 10,193,983

INFORMATION DISTRIBUTION DEVICE INFORMATION RECEPTION DEVICE, INFORMATION DISTRIBUTION METHOD, AND RECORDING MEDIUM

NEC Corporation, Tokyo (...

1. An information reception device comprising:a memory storing instructions; and
one or more processors to execute the instructions to:
receive, from an information distribution device, a plurality of pieces of distribution information representing advertisements;
receive, from the information distribution device, a plurality of personalization rules, each of the plurality of personalization rules including a selection condition and selection information, wherein
the selection condition is generated based on information concerning at least one of a plurality of pieces of action information, which are extracted from actions of a user who uses the user's own device, and
the selection information represents one of the plurality of received pieces of distribution information and is generated by using information concerning at least another one of the plurality of extracted pieces of action information;
acquire a piece of action information;
extract, from the plurality of received personalization rules, personalization rules based on a corresponding selection condition that matches the acquired piece of action information and select, from the plurality of received pieces of distribution information, a piece of distribution information indicated by selection information included in the extracted personalization rules; and
output the selected piece of distribution information, wherein the one or more processors execute the instructions to:
associate, for each of a plurality of user identifications and from a plurality of pieces of action information from the plurality of user identifications, first type of action attribute information with second type of action attribute information to form a pair,
count a number of each unique pair of first type of action attribute information together with second type of action attribute information for all of the plurality of user identifications, and
rank the counted numbers of unique pairs to form at least a personalized rule including, as a combination of selection condition and selection information, a pair of first type of action attribute information together with second type of action attribute information.

US Pat. No. 10,193,982

SYSTEMS AND METHODS FOR RECONNECTING CALLS

SECURE CONNECTION LTD., ...

1. A method for restoring bidirectional voice communication between at least two client terminals, comprising:detecting, by a server, a dropping of a bidirectional voice communication on a communication segment between a first client terminal and the server, the communication segment part of the bidirectional voice communication established between the first client terminal and a second client terminal using respective communication segments with the server, the dropping triggered by insufficient resources for maintaining the bidirectional voice communication in a desired quality for the first client terminal,
receiving, at the server, at least one message from the first client terminal, the at least one message including instructions for restoring the bidirectional voice communication, the at least one message received over available resources sufficient for transmission of the at least one message over the affected communication segment;
automatically activating an instant message session between the first client terminal and the second client terminal in response to the detecting; and
restoring, by the server, the bidirectional voice communication according to the received instructions when sufficient resources are available for maintaining the bidirectional voice communication at the desired quality.

US Pat. No. 10,193,981

INTERNET OF THINGS (IOT) SELF-ORGANIZING NETWORK

CenturyLink Intellectual ...

1. A method for implementing Internet of Things (“IoT”) self-organizing network functionality, comprising:receiving, with a computing system, at least one first data from at least one first IoT-capable device of a plurality of IoT-capable devices, the at least one first data comprising data regarding one or more second IoT-capable devices of the plurality of IoT-capable devices of a self-organizing network (“SON”) of IoT-capable devices;
analyzing, with the computing system, the at least one first data to determine a status of at least one second IoT-capable device of the one or more second IoT-capable devices;
based at least in part on the determined status of the at least one second IoT-capable device, generating, with the computing system, one or more control instructions; and
autonomously sending, with the computing system, the one or more control instructions to one or more third IoT-capable devices of the plurality of IoT-capable devices, based at least in part on the determined status of the at least one second IoT-capable device, the one or more control instructions causing each of the one or more third IoT-capable devices to change at least one of its device settings, its device configurations, its network configurations, or its functions within the SON of IoT-capable devices.

US Pat. No. 10,193,980

COMMUNICATION METHOD BETWEEN TERMINALS AND TERMINAL

SAMSUNG ELECTRONICS CO., ...

1. A terminal comprising:a communicator configured to receive media data of a first terminal arbitrating a transmission authority among other terminals, transmit a transmission authority request message to each of the other terminals in response to an expiry of a first timer based on receiving the media data; and
a controller configured to enter a permission state in response to a Nth expiry of a second timer started upon transmitting the transmission authority request message,
wherein in the permission state, the terminal has permission to transmit media data of the terminal.

US Pat. No. 10,193,979

SYSTEM ARCHITECTURE FOR WIRELESS METROLOGICAL DEVICES

General Electric Company,...

1. A computer-based method by a wireless metrological device, the wireless metrological device including a wireless communication interface configured to communicate with at least one mobile computing device, the method comprising:receive a connection request from the at least one mobile computer device;
send a connection confirmation to the at least one mobile computer device;
respond to the at least one mobile computer with Device Information Service (DIS);
acknowledge to the at least one mobile computer a universal generic data service;
send a data descriptor to the at least one mobile device, wherein the data descriptor is affiliated with a measurement; andsend a data packet comprising the measurement using the universal generic data service to the at least one mobile computing device, wherein the wireless metrological device comprises a taper gauge.

US Pat. No. 10,193,978

DISTRIBUTED NETWORK NODE OPERATION SYSTEM BASED ON OPERATION CONTROL UNIT

CHONGQING GKTSINGCHIP IND...

1. A distributed network node operation system based on an operation control unit, the operation system operating on the network node and directly interacting with a data link layer, the operation system comprising: an application interface unit, a network information management unit, a file unit, a task scheduling unit and a device drive management unit, wherein,the application interface unit is a set of application interfaces, and packages services provided by the file unit, the task scheduling unit and the network information management unit into an interface for interacting with a protocol stack management unit;
the network information management unit is configured to interact with the data link layer to perform link scheduling for transmitting information and updating node data;
the file unit is configured to manage and store file information, organize and allocate space of a file storage device, and is responsible for file storage and protecting and searching stored files;
the task scheduling unit is configured to manage hardware resources;
the device drive management unit is configured to manage underlying device application drives, and to invoke different protocol stack library functions through different application drives, thus making a plurality of communication modes and protocols compatible;
data of the network node are stored in a manner of a block chain table, and the block chain table comprises a plurality of information abstracts, including time stamps, a number of acquisition nodes and tags of the acquisition nodes; and
after a neighbor node receives the encapsulated information shared by the acquisition nodes, the network information management unit incorporates the time stamp of this time, the tags of the acquisition nodes and the data in the encapsulated information into the block chain in an order according to the time stamps; meanwhile actively pushes the received encapsulated information to another neighbor node according to the push path.

US Pat. No. 10,193,977

SYSTEM, DEVICE AND PROCESS FOR DYNAMIC TENANT STRUCTURE ADJUSTMENT IN A DISTRIBUTED RESOURCE MANAGEMENT SYSTEM

HUAWEI TECHNOLOGIES CO., ...

1. A process for managing workloads by a distributed resource management system of a distributed computing system, the process comprising:receiving a tenant update for a hierarchical queue, the hierarchical queue comprising tenants and sub-tenants, the tenant update identifying a modification to a tenant or sub-tenant of the hierarchical queue;
retrieving, by a rule-based workload management engine, a rule having a tenant event corresponding to the tenant update, wherein the rule-based workload management engine retrieves the rule from a database storing rules, each rule stored in the database including a tenant event identifying a tenant or sub-tenant of the tenants or sub-tenants the rule is applicable to and an action for one or more workloads of the tenant or sub-tenant;
determining, from the retrieved rule, the action for the one or more workloads of the tenant or sub-tenant identified in the tenant event of the retrieved rule, each of the one or more workloads of the tenant or sub-tenant identified associated with a resource request; and
applying the action for the one or more workloads of the tenant or sub-tenant, without interrupting execution of any workloads of other tenants or sub-tenants of the hierarchical queue.

US Pat. No. 10,193,976

METHOD AND SYSTEM FOR RECONSTRUCTING A SLOT TABLE FOR NFS BASED DISTRIBUTED FILE SYSTEMS

Dell Products L.P., Roun...

6. A system for enabling a seamless failover between distributed system controllers in a Network File System (NFS) based distributed file systems, the system comprising:a distributed cluster of controllers configured to receive a retried request from a client, wherein each controller comprises substitute slot table modules being a process running on it respective controller;
wherein each of the substitute slot table modules is configured to:
determine an expected size of sessions slot table by inspecting a COMPOUND message's SEQUENCE operation ‘highest_slotid’ field at said client request;
in a case that the retried request is of a re-enter idempotent type, process the request again;
in a case that the retried request is file state related, check in already opened file handles if the already opened file handles are open with exactly same properties already exist for the particular client, and if found, returning the file handle information to the client as if it was just opened by it; and
in a case that the retried request is of a non-idempotent type, attempt to perform the operation again, wherein if the source file does not exist, check the existence of the expected outcome, and reply with a success,
wherein the distributed file systems are compliant with NFSv4.1 protocol.

US Pat. No. 10,193,975

MANAGING MULTIPLE CLOUD STORES THROUGH A WEB SERVICE

Microsoft Technology Lice...

1. A computing system, comprising:a processor; and
memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to:
receive, from a client device through a storage system-independent application programming interface, a call that is associated with an application on the client device and indicates a data access request to move an identified file from a first cloud-based storage system to a second cloud-based storage system, wherein
the first cloud-based storage system implements a first storage system-specific interface, and
the second cloud-based storage system implements a second storage system-specific interface that is different than the first storage system-specific interface;
perform an authentication operation to authenticate the application to the first cloud-based storage system;
transform the call into a storage system-specific call that is configured in accordance with the first storage system-specific interface; and
execute the storage system-specific call against the first storage system-specific interface to perform the operation, by moving the identified file from the first cloud-based storage system to the second cloud-based storage system without downloading the identified file to the client device.

US Pat. No. 10,193,974

MANAGING COLLABORATION OF SHARED CONTENT USING COLLABORATOR INDEXING

Box, Inc., Redwood City,...

1. A method comprising:identifying a server in a cloud-based environment that is interfaced with one or more storage devices that store one or more content objects accessible by one or more collaborators;
receiving a content object transaction request from a transaction requestor, the content object transaction request to result in a change of collaboration attributes pertaining to the content object;
maintaining a collaboration index as a database table, the database table comprising:
(i) a first column that identifies an object path associated with the content object,
(ii) a second column that identifies an object parent associated with the content object,
(iii) a third column that identifies user identifiers associated with the one or more collaborators; and
(iv) one or more database rows associated with the user identifiers from the third column, wherein a user is designated as a collaborator for the content object by inserting a database row for the user identified from the third column into the one or more database rows of the database table where the object path in the first column for the database row corresponds to the content object and one or more object parents for the content object associated with the user is included in the second column;
querying the database table to determine a set of potential content object collaborators for a current object by identifying the user identifiers from the third column from among the one or more database rows that are identified as having a current content object path or having a current content object parent path listed in at least one of the first column or the second column;
generating one or more updated database rows in the database table based at least in part on the set of content object collaborators; and
triggering an update to the collaborator index based at least in part on the one or more updated database rows.

US Pat. No. 10,193,973

OPTIMAL ALLOCATION OF DYNAMICALLY INSTANTIATED SERVICES AMONG COMPUTATION RESOURCES

Ubisoft Entertainment, R...

7. One or more non-transitory computer readable media, said media containing computer-executable instructions which, when executed, perform a method for the allocation of tasks among computation resources, said method comprising the steps of:receiving a task specification including an indication of a bundle,
wherein the bundle comprises one or more service execution files and a manifest including metadata for the bundle;
for each computation resource of a plurality of computation resources, each computation resource including a separate launcher, calculating a time metric for the specified task on the computation resource, said time metric incorporating a computation time and a transfer time,
wherein the transfer time includes the time necessary to transfer the task to the computation resource, the time necessary to transfer any input data needed for the task to the computation resource, and the time needed to transfer the resulting output data from the computing resource;
determining a chosen computation resource of the plurality of computation resources based on the time metric calculated for each computation resource of the plurality of computation resources
determining that no suitable computing resource exists;
spawning a new computing resource;
using the new computing resource as the chosen computation resource for instantiating the service;
selecting a bundle based on the service to be instantiated;
transmitting a message to a launcher, said message indicating the selected bundle; and
executing the specified task on the chosen computation resource via the launcher executing as a persistent service on the chosen computation resource.

US Pat. No. 10,193,971

METHOD, SERVER AND SYSTEM FOR APPLICATION SYNCHRONIZATION

TENCENT TECHNOLOGY (SHENZ...

1. An application synchronization method, comprising:establishing, by a server, a communication connection between an originating terminal and a destination terminal, wherein the originating terminal and the destination terminal respectively log in the server with a same login account;
upon establishing the communication connection between the originating terminal and the server and between the destination terminal and the server, displaying a device list including the originating terminal and the destination terminal on the originating terminal and the destination terminal;
receiving, by the server, a synchronization request message sent by the originating terminal, wherein the synchronization request message includes a program identification of a target application and a terminal identification of the destination terminal;
obtaining, by the server, device information and address information of the destination terminal based on the terminal identification of the destination terminal;
querying, by the server, an installation file matching with the program identification of the target application and the device information of the destination terminal; and
sending, by the server, the installation file to the destination terminal based on the address information.

US Pat. No. 10,193,970

WIRELESS SYNCHRONIZATION OF MEDIA CONTENT AND SUBSCRIPTION CONTENT

Microsoft Technology Lice...

1. A computing device comprising:at least one processor; and
memory storing computer-executable instructions that, when executed by the at least one processor, cause the computing device to:
establish a wireless synchronization connection to a portable computing device;
receive, from the portable computing device over the wireless synchronization connection, wireless configuration setup parameters used by the portable computing device to connect to a particular wireless local area network and subscription data used by the portable device to access a web-based media content delivery service over the Internet;
re-use the wireless configuration setup parameters to connect to the particular wireless local area network; and
re-use the subscription data to access the web-based media content delivery service over the Internet, wherein the subscription data indicates an action to execute, the action comprising an order to retrieve media data from the web-based media content delivery service, the order based on a global state of a user subscription.

US Pat. No. 10,193,969

PARALLEL PROCESSING SYSTEM, METHOD, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A parallel processing system which is a multi-layered fullmesh system in which a plurality of layers of fullmesh systems, having a plurality of Leaf switches fullmesh-coupled to each other, are coupled to each other, the parallel processing system including a plurality of nodes, the parallel processing system being configured to perform a parallel arithmetic operation of applications, at least one of the plurality of nodes being coupled to each of the plurality of Leaf switches, the parallel processing system comprising:circuitry configured to:
obtain communication recording information in which a number of times of communication between the plurality of nodes during execution of an application is recorded;
obtain communication pattern information in which assignment information indicating which connection topology of a fullmesh topology and a fattree topology is to be selected for each a plurality of communication patterns, in the fullmesh topology, the plurality of nodes having an intra-layer connection relationship, and in the fattree topology, the plurality of nodes having inter-layer connection relationship;
select a first communication pattern from the plurality of communication patterns based on the number of times of communication;
identify, based on the communication pattern information, a connection topology from the fullmesh topology and the fattree topology corresponding to the selected first communication pattern; and
assign, based on the identified connection topology, nodes included in the parallel processing system that execute the application.

US Pat. No. 10,193,967

REDIRECTING DEVICES REQUESTING ACCESS TO FILES

Oracle International Corp...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising:receiving, at a first storage node of a plurality of storage nodes, a first file download request for a file;
wherein the first storage node has dual functionality to (a) serve file requests and (b) select other nodes to serve file requests;
serving, by the first storage node, the first file download request for the file;
receiving, at the first storage node, a second file download request for the file from a requesting device;
determining that an access load corresponding to the first storage node exceeds a threshold value;
responsive to determining that the access load corresponding to the first storage node exceeds the threshold value:
identifying, by the first storage node, at least two storage nodes in the plurality of storage nodes that can serve the second file download request for the file;
selecting, by the first storage node, a second storage node from the at least two storage nodes to serve the second file download request for the file;
wherein the second storage node is selected by the first storage node based on the second storage node having a higher priority value, than other nodes in the at least two storage nodes, for serving a geographical region of the requesting device; and
redirecting the requesting device to the second storage node that stores the file.

US Pat. No. 10,193,966

METHOD FOR A USER TO ACCESS AT LEAST ONE COMMUNICATION SERVICE PROVIDED VIA A DATA CENTRE OF A CLOUD COMPUTING SYSTEM

ORANGE, Paris (FR)

1. A method for a user to access at least one communication service provided via a first data center of a cloud computing system, the first data center being located in a first geographic area, the method comprising the following acts, executed in the first data center:a) after a user's terminal has been connected to a web portal for accessing said service, receiving in the first data center a message providing information on the location of the terminal;
b) determining the geographic location of the terminal on the basis of the received terminal location information, and if the geographic location of the terminal corresponds to a second geographic area, different from the first area, then:
d) searching for a second data center of the cloud computing system capable of providing the service in the second area;
e) if this second data center exists, transferring computing functionality adapted to provide the communication service to the user to the second data center, so that the communication service can be used in the user's terminal, based on the second data center
wherein said computing functionality adapted to the provision of the service is implemented in a virtual machine hosted by a server of the first data center, and wherein, in act e), the transfer of said functionality from the first data center to the second data center corresponds to sending, to a server of the second data center, of a copy of some or all of the execution code of said virtual machine and its execution context.

US Pat. No. 10,193,965

MANAGEMENT SERVER AND OPERATION METHOD THEREOF AND SERVER SYSTEM

ThroughTek Technology (Sh...

1. A server system, comprising:a client, generating a request signal, wherein the request signal has a request number; and
a management server, comprising:
a plurality of storage units, respectively storing a datum, the datum stored in each of the storage units is a portion of all data which are stored in a database of the management server;
a sub-server, corresponding to the storage units and configured to obtain the datum from the storage unit in response to the request signal; and
a load balancing unit, operatively connected to the client and coupled to the sub-server, the load balancing unit being configured to receive the request signal from the client and distribute the request signal to the corresponding sub-server in response to the request number;
wherein, the management server outputs the datum obtained by the sub-server from the storage unit according to the request number;
comparing the request number with a predetermined request number;
obtaining the datum by the sub-server from the storage unit according to the request number when the request number is equal to the predetermined request number; and
returning to the step of receiving the request signal when the request number is not equal to the predetermined request number.

US Pat. No. 10,193,964

CLUSTERING REQUESTS AND PRIORITIZING WORKMANAGER THREADS BASED ON RESOURCE PERFORMANCE AND/OR AVAILABILITY

International Business Ma...

1. A computer program product for optimizing a resource manager thread pool in a production environment, the computer program product comprising:one or more non-transitory computer readable storage media and program instructions stored on the one or more non-transitory computer readable storage media, the program instructions comprising:
first program instructions programmed to divide a set of vouchers into a plurality of voucher subsets so that each voucher subset respectively corresponds to a resource manager of a plurality of resource managers, where each resource manager of the plurality of resource managers respectively corresponds to a resource in an application server and where each voucher subset corresponds respectively to a thread subset associated with the resource and clustered based on the resource;
second program instructions programmed to receive a plurality of incoming pending requests with each incoming pending request respectively corresponding to a resource;
third program instructions programmed to temporarily remove a voucher from its voucher subset corresponding to a given resource manager upon each instance that a given pending incoming request is assigned to that given resource manager for responsive processing such that the given pending incoming request thereby becomes an assigned request;
fourth program instructions programmed to determine which request of the plurality of pending incoming requests will be next assigned to a corresponding resource manager based, at least in part, upon which resource manager has the greatest number of vouchers in its respective subset of vouchers;
fifth program instructions programmed to assign the plurality of pending incoming requests to a corresponding resource manager for execution by a thread associated with the thread subset; and
sixth program instructions programmed to return a temporarily removed voucher to its voucher subset corresponding to a given resource manager upon each instance that the given resource manager has completed responsive processing of a given assigned request such that the given assigned request thereby becomes a completed request.

US Pat. No. 10,193,962

OPPORTUNISTIC ROUTING

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a request for at least a first portion of content from a client;
providing the first portion of the content to the client from a first server, the first server configured to transmit data at least at a threshold transmission rate;
determining that processing or characteristics of a connection with the client are below a threshold;
selecting a second server to provide a second portion of the content to the client based at least in part on the processing or characteristics of the connection and a determination that the client has a threshold amount of the content buffered;
buffering the content until the threshold amount of the content is available to the client; and
providing the second portion of the content to the client from the second server at a transmission rate less than the threshold transmission rate, wherein the second server has a lower demand than the first server based at least in part upon the second server being at a second geographic location that is further from the client than a first geographic location of the first server.

US Pat. No. 10,193,961

BUILDING DEPLOYMENT PIPELINES FOR A PRODUCTION COMPUTING SERVICE USING LIVE PIPELINE TEMPLATES

Amazon Technologies, Inc....

1. A computer-readable storage medium storing instructions, which, when executed on a processor, perform an operation for provisioning a deployment pipeline, the operation comprising:receiving a definition of an instance of a live pipeline template (LPT), wherein the instance of the LPT is specified using at least a first base pipeline template and a second pipeline template, wherein the first base pipeline template specifies a set of configuration parameters for a plurality of deployment stages of the deployment pipeline, and wherein the second pipeline template extends the first base pipeline template with one or more instance specific parameters for the deployment pipeline;
generating, from the instance of the LPT, an application definition which provides a fully-specified configuration for a plurality of computing services included in the deployment pipeline;
launching a first instance of the deployment pipeline in at least a first cloud computing region by invoking, for each computing service referenced in the application definition, a respective pipeline synthesis driver to configure one of the plurality of computing services in the first cloud computing region according to the fully-specified configuration provided in the application definition; and
launching at least a second instance of the deployment pipeline in at least a second cloud computing region by invoking, for each computing service referenced in the application definition, the respective pipeline synthesis driver to configure one of the plurality of computing services in the second cloud computing region according to the fully-specified configuration provided in the application definition.

US Pat. No. 10,193,960

MOBILE CORE CLIENT ARCHITECTURE

ProntoForms Inc., Kanata...

1. A system for automatically managing one or more processes created by a plurality of software providers, comprising:a computer processor;
a memory; and
a mobile resource contextualization engine stored in the memory,
the mobile resource contextualization engine having computer readable instructions for execution by the computer processor,
the mobile resource contextualization engine being coupled with a mobile device having a plurality of applications running thereon;
the mobile resource contextualization engine configured to communicate with one or more network services available to the mobile device over a network, the mobile resource contextualization engine comprising:
a secure framework configured to control access to one or more context information exposed to mobile applications running on the mobile device;
a device context engine coupled with said secure framework and configured to exchange information with one or more information capture resource;
a network context engine coupled with said secure framework, the network context engine configured to communicate with one or more network services over a network;
wherein said device context engine and said network context engine communicate with a mobile context registry and said one or more context information exposed to said one or more processes running on the mobile device to allow the mobile device and the applications running thereon to utilize said plurality of context information;
an extensible application programming interface coupled with said secure framework and configured to allow said one or more processes to access said one or more context information and said one or more information capture resource; and
a call notification interface coupled with said secure framework and configured to receive updates for said one or more processes and configured to subscribe to changes in said one or more context information.

US Pat. No. 10,193,957

MULTIMEDIA FILE UPLOAD

1. A computerized method for accelerating a handling of a media file being uploaded from a first computer system to a second computer system over a communication network, comprising:at a first computer system, electronically communicating with a second computer system over a communication network:
receiving, during a continuous uploading event, an incoming stream of packets sent by said second computer system over said communication network, wherein the packets are generated from a media file comprising both at least one image and at least thumbnail image of said at least one image, wherein the at least one image is encoded according to a file format of the media file, and wherein packets generated from the at least one thumbnail image of the at one image and packets generated from the at least one image of the media file are transmitted to the first computer system;
extracting the at least one thumbnail image of the at least one image of the media file, from one or more of the incoming packets, during the continuous uploading event of said at least one image of the media file and completing said extracting before all the packets of the incoming stream are received; and
accelerating a displaying of a representative image of said at least one image, by displaying the at least one thumbnail image of the at least one image during the continuous uploading event of said at least one image of the media file, before all the packets of the incoming stream are received at the first computer system.

US Pat. No. 10,193,956

GROUPING AND TRANSFERRING OMIC SEQUENCE DATA FOR SEQUENCE ANALYSIS

FIVE3 GENOMICS, LLC, San...

1. A method of transferring a plurality of omic sequences, comprising:providing an access to a first computer coupled with a second computer;
receiving, by the first computer, a plurality of omic output files from a plurality of respective sequencers, wherein each of the omic output files comprises sequence data and a machine-specific annotation;
annotating, by the first computer, the plurality of omic output files using an annotation input from a user to thereby form annotated omic output files;
grouping, by the first computer, the annotated omic output files into a transport group, wherein grouping is based on the machine-specific annotation and the annotation input from the user and wherein all of the plurality of omic sequences required for sequence analysis are in the transport group;
delivering, by the first computer, the transport group to the second computer; and
sending, by at least one of the first and second computers, a feedback signal to at least one of the plurality of sequencers to modify an operation of the sequencer.

US Pat. No. 10,193,955

SYSTEM AND METHOD FOR VIDEO COMMUNICATION

Huawei Technologies Co., ...

1. A method for transmitting video, the method comprising:receiving, by a first device, a first video transmission schedule indicating a first frame type of different frame types to be transmitted;
encoding, by the first device, a first video frame of video frames to generate a first encoded video frame based on the first frame type of the first video transmission schedule;
transmitting, by the first device towards a second device, the first encoded video frame;
after the transmitting the first encoded video frame, receiving, by the first device, a second video transmission schedule determined in accordance with characteristics of a channel and use of the channel by other devices, the second video transmission schedule indicating a second frame type of the different frame types to be transmitted, wherein the use of the channel by other devices comprises information for selecting a predicted picture coded frame (P-frame) to avoid collisions of intra-coded frames (I-frames);
encoding, by the first device, a second video frame of the video frames to generate a second encoded video frame based on the second frame type of the second video transmission schedule; and
transmitting, by the first device towards the second device, the second encoded video frame.

US Pat. No. 10,193,954

SYSTEM AND METHOD FOR PROVIDING AN APPLICATION TO A DEVICE

Comcast Cable Communicati...

1. A method comprising:determining, for a computing device, device capability information;
determining, based on the device capability information, a set of applications that is supported by the computing device;
generating, for the set of applications, a set of messages that comprises data indicating a download location for the set of applications; and
based on determining that porting, from a first account to a second account, information associated with the computing device is complete, sending, to the computing device, the set of messages.

US Pat. No. 10,193,953

SELF DESCRIBING CONFIGURATION

Oracle International Corp...

1. A method comprising:providing, by a cloud infrastructure system, an application programming interface (API) to a data model used by a cloud-based application of the cloud infrastructure system;
receiving, by the cloud infrastructure system, a request for configuration data of the data model through the API, wherein the request is generated by a data security provider monitoring communications between a client device and the cloud-based application;
generating, by the cloud infrastructure system, a response that includes the configuration data, wherein the configuration data includes a set of protectable attributes of an entity modeled using the data model;
receiving, by the cloud infrastructure system, an indication of an attribute from the set of protectable attributes that is to be protected; and
marking, by the cloud infrastructure system, the indicated attribute from the set of protectable attributes as protected.

US Pat. No. 10,193,952

SYSTEMS AND METHODS FOR INTEGRATING EXTERNAL RESOURCES FROM THIRD-PARTY SERVICES

UberGrape GmbH, Vienna (...

1. A system for facilitating intelligent communication between users, the system comprising:a processor communicatively coupled to a memory and a network-accessible device, the processor operable to execute instructions stored in the memory; and
the memory, which includes specific instructions for facilitating intelligent communication, wherein the specific instructions cause the processor to:
identify a plurality of databases associated with different sources, wherein each of the plurality of databases hosts electronic resources;
integrate the electronic resources hosted by the plurality of databases by tagging metadata associated with each electronic resource;
index the metadata to make the electronic resources searchable using a single search architecture;
receive a communication entered by a user on the network-accessible device;
identify recognizable elements within the communication using natural language processing techniques; and
detect a reference to a desired electronic resource within the communication.

US Pat. No. 10,193,951

BINDING CRUD-TYPE PROTOCOLS IN DISTRIBUTED AGREEMENT PROTOCOLS

Microsoft Technology Lice...

1. A method implemented in a computing system having a plurality of web servers, comprising:receiving communications from a client device to a first web server of the plurality of web servers via the Internet, the communications being associated with a plurality of operations that are requested by the client device and to be performed by a web service implemented by both the first web server and a second web server of the plurality of web servers;
responsive to the received communications, arriving at a consensus between the first web server and the second web server regarding an agreed-upon order of operations to be performed by the first web server and the second web server in response to the requested operations by the client device;
upon arriving at the consensus, generating a response to the requested operations by performing the requested operations in the agreed-upon order at both the first web server and the second web server, the web service at both the first web server and the second web server having the same state subsequent to performing the requested operations at the first web server and the second web server; and
returning the generated response to the client device via the Internet.

US Pat. No. 10,193,950

NETWORK SYSTEM AND CONTROL METHOD

CANON KABUSHIKI KAISHA, ...

1. A network system comprising:a first information processing terminal on which a first web browser runs;
a second information processing terminal on which a second web browser runs; and
a shared server,
wherein the shared server includes a memory storing instructions and a processor which is capable of executing the instructions causing the shared server to:
manage access data on a first tab of the first web browser in which to access a website and data on session storage valid for a session with the website in association with the first information processing terminal, the data on the session storage being locally managed by the first web browser in association with the first tab, wherein the data on the session storage includes data defined by using a combination of a key and a value that are designated by the website,
receive an instruction for sharing the first tab of the first web browser with the second web browser,
transmit the access data and the data on the session storage related to the first tab to the second web browser according to the instruction,
delete association between the transmitted data on the session storage and the first information processing terminal so that the data on the session storage being locally managed by the first web browser is deleted by the first web browser, and
manage the data on the session storage in association with the second information processing terminal.

US Pat. No. 10,193,949

COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND STORAGE MEDIUM

Canon Kabushiki Kaisha, ...

1. A communication apparatus comprising:a hardware processor; and
a memory storing one or more programs configured to be executed by the hardware processor, the one or more programs including instructions for:
acquiring a media content;
transmitting the media content acquired by the acquiring to another communication apparatus;
determining whether to describe, as an acquisition source URL of the media content acquired by the acquiring, a URL of the communication apparatus or a URL of the another communication apparatus, in accordance with a state of transmission of the media content;
generating, based on the determination made by the determining, a description file in which the acquisition source URL of each predetermined unit of the media content is described; and
providing the description file generated by the generating.

US Pat. No. 10,193,948

SYSTEM AND PROTOCOL FOR REMOTE SUPERVISORY PARENTAL OBSERVATION, INTERACTION, AND MANAGEMENT OF MEDIA CONTENT ON DIGITAL CONTENT-DELIVERY DEVICES

PUBLIC BROADCASTING SERVI...

1. A system for facilitating parental management of media content delivery to children, comprising:a child's media interaction application executing on a child's media delivery device and configured to collect the child's media interaction data comprising the child's user interactions with media content, said media content obtained from a third-party content provider and delivered by a stand-alone media delivery application executing on the child's media delivery device;
a parent's remote media management application executing on a parent's portable electronic device and configured to monitor the child's media interaction data and further configured to let the parent issue at least one of a set of media management instructions to the child's media interaction application via secure communications;
a communications broker executing on a first network server and configured to provide the secure communications between the child's media interaction application and the parent's remote media management application, said parent's remote media management application authorized to engage in said secure communications by the parent entering a connect code provided by the communications broker; and
a media interaction analysis application executing on a second network server and configured (1) to receive the child's media interaction data from the child's media interaction application, (2) to transform the child's media interaction data into summary media interaction data, and (3) to provide the summary media interaction data to the parent's remote media management application;
wherein the child's media interaction application is further configured to transmit the child's media interaction data to the parent's remote media management application via the communications broker using the secure communications,
wherein the parent's remote media management application is further configured to issue the media management instructions to the child's media interaction application via the communications broker using the secure communications,
wherein the media interaction analysis application is further configured to receive the child's media interaction data via the communications broker; and
wherein said connect code is issued by the child's media interaction application in response to the parent initiating a connection request to the child's media interaction application from the parent's remote media management application via the communications broker, and after the communications broker supplies the connect code to the child's media interaction application for subsequent issuance to the parent's remote media management application.

US Pat. No. 10,193,947

DEVICES AND METHODS FOR CONTENT DISTRIBUTION IN A COMMUNICATIONS NETWORK

Nokia of America Corporat...

1. A method for transmitting data files in a combination network, comprising:performing a caching method including determining popularities for the data files according to a demand distribution of destination devices and sending random packets of the data files to the destination devices based on the determined popularities;
receiving one or more requests from one or more the destination devices for packets of one or more the data files, wherein the requests are for missing packets that were not cached as a result of the caching method;
constructing a conflict graph, such that each packet requested by each destination device is represented by a distinct vertex among a plurality of vertices of the conflict graph, based on which of the plurality of vertices represent a same requested packet and which requested packets are stored in caches belonging to the destination devices;
coloring the plurality of vertices of the conflict graph according to a coloring scheme such that any two linked vertices have different colors;
performing a first encoding operation on the requested packets by combining subsets of the requested packets represented by vertices having a same color to generate first encoded data;
performing a second encoding operation on the first encoded data by combining bits of the first encoded data according to a binary encoding method to generate second encoded data, wherein the binary encoding method includes,
determining a number of blocks based on a number of connections incoming to the destination devices from intermediate nodes, wherein the intermediate nodes connect a source of the data files to the destination devices and the destination devices are connected to different subsets of the intermediate nodes,
grouping the bits of the first encoded data into a the determined number of blocks,
padding one or more of the blocks with at least one bit to generate padded blocks,
determining a number of shifting operations for the padded blocks based on (i) the number of connections incoming to the destination devices from the intermediate nodes and (ii) a total number of the intermediate nodes,
performing the determined number of shifting operations on bits of one or more of the padded blocks to generate shifted blocks,
removing at least one bit from the shifted blocks to generate resultant blocks, and
combining the resultant blocks to generate the second encoded data; and
sending respective subsets of the second encoded data towards the one or more destination devices via respective intermediate nodes, wherein
the first encoding operation reduces a total load on the combination network, and
the second encoding operation distributes the total load evenly over the connections incoming to the destination devices from the intermediate nodes.

US Pat. No. 10,193,946

METHOD FOR DOWNLOADING MULTIMEDIA FILE AND ELECTRONIC DEVICE

Acer Incorporated, New T...

1. A method for downloading a multimedia file, adapted to an electronic device, the method for downloading the multimedia file comprising:obtaining first bandwidth information of a first source device;
calculating a first time point from a start time point of the multimedia file according to the first bandwidth information, comprising:
obtaining first preloading time information of the multimedia file and frame rate information of the multimedia file;
calculating first pause time information according to the first preloading time information, the frame rate information, and the first bandwidth information, wherein the first pause time information is a predicted play pause time point of the multimedia file; and
determining the first time point according to the first preloading time information and the first pause time information;
sending a first download request to the first source device to request downloading a first multimedia streaming from the start time point to the first time point in the multimedia file; and
sending a second download request to a second source device to request downloading a second multimedia streaming from the first time point in the multimedia file.

US Pat. No. 10,193,945

SYSTEMS AND METHODS FOR DISTRIBUTING MEDIA TO PERSONAL ELECTRONIC DEVICES

1. A media streaming apparatus comprising:a media streaming board for processing requests for media content;
a storage module for storing the media content;
a battery pack for supplying power to the media streaming apparatus without tapping power from any other source while in use;
an antenna for receiving global positioning information from global positioning satellites; and
an access point, wherein the access point provides a Wi-Fi connection to a plurality of personal computing devices and further provides individually-tailored media streams of the media content to each of the plurality of personal computing devices for viewing and listening thereon,
wherein the access point optimizes each of the media streams via:
using airtime fairness to send and receive data based on time increments;
using dual band transmitting on a 2.4 GHz radio band and a 5 GHz radio band;
using band steering, wherein personal computing devices capable of sending and receiving the media streams over the 5 GHz radio band are automatically routed through the 5 GHz radio band; and
using multiple input/multiple output optimization using a plurality of antennas and spatial multiplexing modulation,
wherein the access point is powered separately from the media streaming board,
wherein the access point is dynamically powered wherein power to the access point dynamically increases as the number of personal computing devices wirelessly connected thereto increases,
wherein there is no connection to the Internet when streaming the media content to the plurality of personal computers;
wherein the media content comprises a map, wherein the map shows the position of the media streaming apparatus based on the global positioning information received from the global positioning satellites.

US Pat. No. 10,193,944

SYSTEMS AND METHODS FOR MULTI-DEVICE MEDIA BROADCASTING OR RECORDING WITH ACTIVE CONTROL

1. A multi-device media broadcasting system, comprising:a controller comprising a stream controller and a network interface in communication with a plurality of media devices and a server;
wherein the stream controller is configured to:
select a first media stream from a plurality of media streams generated by the corresponding plurality of media devices, and
generate a multi-device stream configuration file identifying the selected first media stream; and
wherein the network interface is configured to transmit the generated multi-device stream configuration file to the server, the server providing at least one additional device with a stream manifest identifying the selected first media stream responsive to receipt of the configuration file,
wherein the controller is further configured to subsequently select a second media stream from the plurality of media streams, and generate an updated multi-device stream configuration file identifying the selected second media stream; and
wherein the network interface is further configured to transmit the updated multi-device stream configuration file to the server, the server replacing a media chunk identified in the first stream manifest generated by a first media device of the plurality of media devices with a media chunk generated by a second media device of the plurality of media devices, responsive to receipt of the updated multi-device stream configuration file, the server providing the at least one additional device with media comprising the stream without adjusting the manifest or the configuration file provided to the additional device.

US Pat. No. 10,193,943

DATA-PLAN-BASED QUALITY SETTING SUGGESTIONS AND USE THEREOF TO MANAGE CONTENT PROVIDER SERVICES

T-Mobile USA, Inc., Bell...

1. A computer-implemented method comprising:receiving, by a telecommunication network, an indication that a device associated with a subscriber to a data plan is consuming video content from a third party content provider;
determining, by the telecommunication network, whether the subscriber is participating in a program offering consumption of the video content free of charge in exchange for the video content being provided to the device at a limited service quality;
in response to determining that the subscriber is participating in the program, reducing, by the telecommunication network, network resources available for transmission of the video content to the device to cause the third party content provider to reduce a service quality of the video content being transmitted to the device to no more than the limited service quality; and
conditionally excluding, by the telecommunication network, the consuming of the video content from a consumption metric of the data plan that tracks a total amount of content consumed in a time period that counts toward a consumption limit based at least in part on whether the subscriber is participating in the program.

US Pat. No. 10,193,942

MOBILE MEDIA ARCHITECTURE FOR SPONSORED DATA SERVICES

Verizon Patent and Licens...

1. A method for accessing a sponsored data service (SDS) from a mobile device, comprising:generating, by an application executing at a mobile device within a wireless network, a play media command that includes a remote media address and an SDS identifier, wherein the SDS identifier is provided to an application programming interface (API) at the mobile device through a call generated by the application, and further wherein the SDS identifier includes sponsor account information and a network address for third party payment associated with requested media;
converting the remote media address into a local media address;
requesting the media from an internal content server via the local media address, wherein the internal content server resides within the mobile device;
determining if the requested media is stored on the internal content server;
obtaining the requested media from the internal content server upon determining that the requested media is stored within the internal content server; and
playing the requested media on a mobile media player.

US Pat. No. 10,193,941

INTERWORKING BETWEEN FIRST PROTOCOL ENTITY OF STREAM RESERVATION PROTOCOL AND SECOND PROTOCOL ENTITY OF ROUTING PROTOCOL

TELEFONAKTIEBOLAGET LM ER...

1. A method for interworking between a first protocol entity adapted to operate in accordance with a stream reservation protocol for reserving resources for a data stream along a stream path of the data stream and a second protocol entity adapted to operate in accordance with a routing protocol for distributing information in a bridge network, wherein the stream reservation protocol and the routing protocol form a protocol stack in a network node, the method comprising:sending, from the first protocol entity to the second protocol entity via an interface between the first and the second protocol entities, a request for stream path information indicating, for a data stream to be sent, a stream path in the bridge network,
determining, by the second protocol entity, which controls the bridge network based on Layer 2 add-ons, the stream path information for the stream path based on the request, wherein the second protocol entity stores network topology information, and the step of determining stream path information is performed by locally processing the network topology information according to Dijkstra's algorithm using the Layer 2 add-ons,
sending, from the second protocol entity to the first protocol entity, the determined stream path information, and
initiating, by the first protocol entity, a resource reservation procedure for reserving resources in response to receiving the stream path information.

US Pat. No. 10,193,940

ADDING RECORDED CONTENT TO AN INTERACTIVE TIMELINE OF A TELECONFERENCE SESSION

Microsoft Technology Lice...

1. A device comprising:one or more processing units; and
a computer-readable medium having encoded thereon computer-executable instructions to cause the one or more processing units to:
display an interactive timeline associated with previously recorded content of a teleconference session;
receive first input to add content to the interactive timeline at a position associated with an interactive timeline cursor;
based at least in part on receiving the first input, determining supplemental recorded content;
receive second input that indicates that the supplemental recorded content is to be added to the interactive timeline by one of (i) injecting the supplemental recorded content into the previously recorded content of the teleconference session thereby splitting the previously recorded content of the teleconference session at the position associated with the interactive timeline cursor, or (ii) appending the supplemental recorded content to the interactive timeline at the position associated with the interactive timeline cursor; and
send data to add the supplemental recorded content to the interactive timeline based at least in part on the second input.

US Pat. No. 10,193,939

SPI HANDLING BETWEEN UE AND P-CSCF IN AN IMS NETWORK

T-Mobile U.S.A., Inc., B...

1. At least one non-transitory computer-readable memory, storing instructions, which when executed by at least one data processing device, manages security parameters that enable a device to receive Internet Protocol Multimedia Subsystem (IMS) services via a telecommunications network, the instructions comprising:receiving a registration request for the device to receive one or more IMS services via the telecommunications network;
negotiating a first pair of security associations,
wherein the first pair of security associations include a first expiration time;
permitting access to an IMS service based at least in part on the first pair of security associations;
receiving a re-registration request for the device to receive one or more IMS services via the telecommunications network;
negotiating a second pair of security associations,
wherein the second pair of security associations include a second expiration time;
deleting the first pair of security associations; and
permitting access to the IMS service or another IMS service based at least in part on the second pair of security associations.

US Pat. No. 10,193,938

OPERATING A NETWORK NODE

Metaswitch Networks Ltd.,...

1. A method of operating a network node, the method comprising, at the network node, during setup of a communication session between a calling party and at least a called party:receiving a communication session setup request message from a calling party device associated with the calling party;
forwarding the received communication session setup request message to a forking proxy responsible for providing communication session forking services in relation to at least the called party;
receiving a first provisional response message from a first device, the first provisional response message comprising first session description protocol (SDP) data, wherein the first provisional response message is received from the first device in response to the forwarding of the received communication session setup request message to the forking proxy;
forwarding the first provisional response message on to the calling party device, the forwarded first provisional response message comprising at least a part of the first SDP data;
receiving a first provisional acknowledgement message from the calling party device and receiving a second provisional acknowledgement message from the first device, thereby enabling media data sent during setup of the communication session before the communication session is established to flow between the first device and the calling party device;
receiving a second provisional response message from a second device, the second provisional response message comprising second SDP data, wherein the second provisional response message is received from the second device in response to the forwarding of the received communication session setup request message to the forking proxy;
receiving an answer message which accepts the communication session setup request received in the communication session setup request message from the calling party device; and
forwarding the answer message to the calling party device, wherein the method further comprises:
in response to receipt of the second provisional response message, transmitting, during setup of the communication session, a first message to the calling party device, which offers to update the SDP data to at least a part of the second SDP data, before the answer message is transmitted to the calling party device;
receiving a second message from the calling party device which accepts the offer to update the SDP data to the at least part of the second SDP data;
responsive to receipt of the second message, removing the second SDP data from the second provisional response message, and
transmitting the second provisional response message from which the second SDP data has been removed to the calling party device; and
receiving a third provisional acknowledgement message from the calling party device and receiving a fourth provisional acknowledgement message from the second device, thereby enabling media data sent during setup of the communication session before the communication session is established to flow between the second device and the calling party device.

US Pat. No. 10,193,937

INTERNET PROTOCOL MULTIMEDIA SUBSYSTEM (IMS) RESTORATION SUPPORT FOR TEMPORARY GLOBALLY ROUTABLE USER AGENT UNIFORM RESOURCE IDENTIFIER (GRUU)

NOKIA SOLUTIONS AND NETWO...

1. A method, comprising:creating, at a registrar, a registration identified by a registration identifier;
storing, by the registrar, the registration identifier, a call identifier, and an initial command sequence related to the registration identified by the registration identifier in a persistent database during the creation of the registration;
generating, at the registrar, a temporary user identifier related to the registration identified by the registration identifier; and
storing, by the registrar, information related to an algorithm for generating the temporary user identifier in the persistent database.

US Pat. No. 10,193,936

DATA COMMUNICATIONS

BRITISH TELECOMMUNICATION...

1. A method of establishing a connection between a WebRTC-capable software application and a server in a communications network;in which the connection is associated with a CLI or a URI;
in which the method is performed by a WebRTC gateway and comprises:
associating credentials with the WebRTC-capable software application;
receiving from the server over a non-WebRTC communications channel, a connection request comprising the CLI or a URI;
identifying from the CLI or the URI comprised in the connection request, a signalling channel for WebRTC for signalling to the WebRTC-capable software application;
using the signalling channel, setting up a WebRTC media channel extending to the WebRTC-capable software application as part of the connection between the server and the WebRTC-capable software application; in which the connection comprises the WebRTC media channel extending to the WebRTC-capable software application and a non-WebRTC channel extending to the server; in which the WebRTC media channel and the non-WebRTC channel are interconnected for communication at an intermediate point of the connection; and
disassociating the credentials from the WebRTC-capable software application at a time at which it is determined that the credentials are no longer required;
in which the credentials are disassociated from the WebRTC-capable software application in response to the user navigating away from a web page.

US Pat. No. 10,193,935

METHOD AND SYSTEM FOR ENABLING A COMMUNICATION DEVICE TO REMOTELY EXECUTE AN APPLICATION

Hammond Development Inter...

1. A communication system enabling at least one communication device to remotely execute one or more applications, comprising:one or more application servers coupled to a first communication link, the first communication link comprising a data connection, at least one of the one or more application servers adapted to execute an application to establish a communication session with at least one communication device coupled to the data connection in response to a request from the at least one communication device to establish the communication session, the one or more application servers residing at a location remote from the at least one communication device;
wherein the one or more application servers is operable to receive over a second communication link the application from at least one repository having access to one or more applications maintained in a database coupled to the at least one repository, wherein the one or more application servers is further operable to execute the application remote from the at least one communication device and to establish the communication session with the at least one communication device, wherein the one or more application servers is operable to communicate a request for processing service to the at least one communication device, and wherein the request for processing service is communicated to the at least one communication device over the data connection.

US Pat. No. 10,193,934

DATA COMPRESSION FOR COMMUNICATIONS SIGNALLING

Microsoft Technology Lice...

1. A method of establishing a communication event between an initiating device and a responding device, the establishing of the communication event being under the control of a remote communications controller, the method comprising implementing by the initiating device the following steps:in a pre-session establishment phase: receiving at the initiating device, from a dictionary server, a compression dictionary or a dictionary link that identifies an addressable memory location, at which a compression dictionary is held;
storing the received compression dictionary or the received dictionary link in electronic storage of the initiating device;
generating an initial session establishment request message for transmission to the remote communications controller;
applying compression to the initial session establishment request message to compress the initial session establishment request message in size based on the compression dictionary, by accessing the stored compression dictionary or by using the stored dictionary link to access the compression dictionary; and
in response to a communication event establishment instruction received at the initiating device after the dictionary or the dictionary link has been received and stored at the initiating device, establishing a session between the initiating device and the remote communications controller by the initiating device transmitting the compressed initial session establishment request message to the remote communications controller;
wherein the communication event is established between the initiating device and the responding device based on the established session between the initiating device and the remote communications controller.

US Pat. No. 10,193,933

SYSTEM AND METHOD FOR POST-DISCOVERY COMMUNICATION WITHIN A NEIGHBORHOOD-AWARE NETWORK

Qualcomm Incorporated, S...

1. A method comprising:determining, at a first mobile device, a post-discovery communication protocol for communicating within a mobile device cluster after a discovery interval;
during the discovery interval, sending, through a first communication channel, a discovery message indicating which particular post-discovery communication protocol of a plurality of post-discovery communication protocols is the determined post-discovery communication protocol, the discovery message indicating a time interval when the first mobile device is to receive association requests, wherein the discovery message indicates a second communication channel for sending post-discovery communications to a second mobile device, wherein the second communication channel is different than the first communication channel;
in response to sending the discovery message, receiving, from the second mobile device, during the indicated time interval, an association request that includes a security information request and a paging request; and
sending one or more post-discovery communications to the second mobile device based on the security information request.

US Pat. No. 10,193,932

REAL-TIME ENERGY DATA PUBLISHING SYSTEMS AND METHODS

SolarCity Corporation, S...

1. A method comprising:subscribing to real-time data enable requests for a device on an energy generation (EG) network;
intercepting, from a first requester, a first request for real-time data for the device on an EG system within the EG network;
intercepting, from a second requester, a second request for real-time data for the device within a predetermined period after intercepting the first request; and
publishing a single request to the device to post a single measurement corresponding to the real-time data request; wherein:
publishing the single request comprises publishing at less than or equal to a predetermined frequency for a predetermined duration, and
the predetermined period is a reciprocal of the predetermined frequency.

US Pat. No. 10,193,931

SESSION INITIATION PROTOCOL CALL PRESERVATION BASED ON A NETWORK FAILURE

Avaya Inc., Santa Clara,...

1. A system comprising:a microprocessor; and
a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that cause the microprocessor to execute:
a communication application that:
receives a first Session Initiation Protocol (SIP) INVITE with replaces header message from a first communication endpoint, wherein the first SIP INVITE with replaces header message comprises a first Session Description Protocol (SDP) offer that is based on a first changed network address of the first communication endpoint;
receives a second SIP INVITE with replaces header message from a second communication endpoint, wherein the second SIP INVITE with replaces header message comprises a second SDP offer that is based on a second changed network address of the second communication endpoint and wherein the first communication endpoint and the second communication endpoint had an established media stream; and
sends a first SIP 200 OK message with a first fabricated SDP answer to the first communication endpoint in response to receiving the second SIP INVITE with replaces header message.

US Pat. No. 10,193,927

METHOD OF INSTRUCTION LOCATION RANDOMIZATION (ILR) AND RELATED SYSTEM

University of Virginia Pa...

1. A system for computer security that defines a specification for relocating arbitrarily sized blocks of computer instructions included in a computer code to arbitrary locations, said system comprising:an input module configured to receive blocks of instructions, said blocks of instructions being of an arbitrarily-selectable size;
a microprocessor configured to define in a specification how to relocate said blocks of instructions to arbitrary locations; and
an output module configured to transmit the specification,
wherein the specification is configured to determine the arbitrary locations to which the blocks of instructions will be moved based at least in part on a randomization function,
wherein said microprocessor is further configured to determine the size of said blocks based at least in part on another randomization function, and to identify indirect branch targets among said blocks of instructions,
wherein the specification includes rules for relocating all of the identified indirect branch targets to randomized locations, and rules for modifying a call instruction for an original address of at least one of the indirect branch targets so that the call instruction is directed to the randomized location for the at least one of the indirect branch targets, and
wherein the relocation may occur according to the specification that defines how to perform the relocation, the relocated blocks of instructions may be re-relocated at any time, and the re-relocation may include only a portion of the blocks of instructions.

US Pat. No. 10,193,926

APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM

1. A method comprising:receiving a Payload-specific request to access one or more corporate resources;
receiving, using at least one processor, user authentication credentials from a non-trusted entity;
analyzing, using the at least one processor, one or more formats of the received user authentication credentials;
determining a validity of the one or more foil cats of the received user authentication credentials; and
if the one or more formats of the received user authentication credentials are valid:
conducting an authentication process based on the received user authentication credentials,
establishing a first secure connection with a corporate server controlling the one or more corporate resources,
providing the received request and the received user authentication credentials to the corporate server via the first secure connection,
establishing a second secure connection between the non-trusted entity and a Transfer Plane entity,
receiving a plurality of control policies and a plurality of user data from the corporate server via the first secure connection, and
providing the control policies and the user data to the non-trusted entity via the second secure connection,
wherein the Transfer Plane entity is configured to forward the control policies and the user data to the non-trusted entity via the second secure connection.

US Pat. No. 10,193,924

NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK

ACALVIO TECHNOLOGIES, INC...

1. A method for diverting a client device from a production device in a network, the method comprising:receiving, at a deception network device, an indication that a connection is suspicious, wherein the connection is a protocol-based network connection between the client device and the production device, and wherein the production device has an Internet Protocol (IP) address;
stalling the connection to divert communications over the connection to a decoy host on a host emulator, wherein the connection is stalled in response to receiving the indication, wherein stalling causes the client device to terminate the connection;
receiving a reconnection request for the client device to reconnect to the production device, wherein the reconnection request is received after the connection is stalled;
determining a configuration of the production device;
configuring the host emulator using the configuration, wherein configuring the host emulator includes assigning the IP address of the production device to the decoy host, and wherein, when configured, the decoy host has a similar hardware and software configuration as the production device; and
requesting redirection of the reconnection request to the host emulator, wherein requesting redirection facilitates a second connection between the client device and the host emulator, and wherein the host emulator enables an appearance of a successful intrusion into the production device by the second connection.

US Pat. No. 10,193,923

METHODS FOR PREVENTING CYBER INTRUSIONS AND PHISHING ACTIVITY

Duo Security, Inc., Ann ...

1. A system for mitigating attacks on a computer network, the system comprising:a web interface configured to receive target domain name input;
a remote computing server that is configured to generate phishing domain names and that comprises one or more computer processors and a memory storing computer-executable instructions that when executed by the one or more computer processors perform the steps of:
receiving the target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to generate a plurality of phishing attack domain names;
using the target domain name input to create a plurality of phishing attack domain names, wherein creating the plurality of phishing attack domain names includes:
identifying a plurality of domain name transformation operations that operate to transform the domain name associated with the target entity to one or more attack domain names;
selecting one or more of the identified domain name transformation operations based on features of the domain name; and
applying the selected domain name transformation operations to the domain name;
generating a phishing value for each of the plurality of phishing attack domain names, wherein generating the phishing value includes calculating a likelihood a user would succumb to a phishing attack using a respective phishing attack domain name of the plurality of phishing attack domain names;
setting a phishing value threshold indicating a minimum likelihood of implementing the phishing attack with a created phishing attack domain name;
dynamically changing the phishing value threshold based on a number of phishing attack domain names created;
calculating a visual similarity score for each of the plurality of phishing attack domain names, wherein the visual similarity score indicates a level of resemblance between the target domain name and a phishing attack domain name of the plurality of phishing attack domain names;
selecting a subset of the plurality of phishing attack domain names based on the phishing value threshold and the visual similarity;
implementing one or more computer security protocols that mitigate the likelihood or the probability that the plurality of phishing attack domain names are used in the phishing campaign against the computer network, wherein implementing the one or more computer security protocols includes:
generating one or more e-mail validation policies that restrict e-mail activity from the subset of the plurality of phishing attack domain names to one or more networked devices of the computer network;
updating a security certificate for each of the phishing attack domain names in the subset; and
managing access to each of the phishing attack domain names based on the security certificate.

US Pat. No. 10,193,922

ISP BLACKLIST FEED

Level 3 Communications, L...

1. A method of providing a notification containing an ISP from which DDoS attacks originate, the method comprising performing by a computing system:receiving an indication that one or more network resources are being targeted as part of one or more DDoS attacks;
obtaining one or more malicious IP addresses corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;
sending a request to a database system to determine an Internet Service Provider (ISP) associated with each of the one or more malicious IP addresses;
computing a metric associated with a first ISP involved in the one or more DDoS attacks, wherein the metric includes at least one of: a quantity of malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks and a quantity of malicious requests from the malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;
comparing the metric to a threshold; and
sending, to a list of subscribers, an alert message indicating that the first ISP is involved in the one or more DDoS attacks when the metric exceeds the threshold.

US Pat. No. 10,193,921

MALWARE DETECTION AND PREVENTION SYSTEM

Level 3 Communications, L...

1. A method for managing access to a public network, the method comprising:utilizing a control system to control a computing device to access a first node in the public network;
applying a personality profile to the computing device to access a second node in the public network, the personality profile comprising a plurality of inputs provided to the computing device, the plurality of inputs applied to a browser program displayed on a display of the computing device to mimic characteristics of a user associated with the computing device;
analyzing transmission of information between the computing device and the public network, in response to the browser program, during accessing of the second node of the public network;
detecting an indication of a malware program stored in the public network accessible through the second node based on the analyzed transmission of information; and
storing information of the malware program in a database according to the detected indication of the malware program.

US Pat. No. 10,193,920

MANAGING SECURITY ACTIONS IN A COMPUTING ENVIRONMENT BASED ON COMMUNICATION ACTIVITY OF A SECURITY THREAT

Splunk Inc., San Francis...

1. A method of improving security actions in a computing environment, wherein the computing environment comprises a plurality of computing assets, the method comprising:identifying a security threat within the computing environment;
obtaining state information for the security threat within the computing environment from computing assets of the plurality of computing assets in the computing environment, wherein the state information comprises at least communication activity related to the security threat, wherein the communication activity comprises at least a quantity of connections associated with the security threat and a quantity of exchanged data associated with the security threat;
determining a current state for the security threat within the computing environment based on the state information;
obtaining enrichment information for the security threat; and
determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

US Pat. No. 10,193,919

RISK-CHAIN GENERATION OF CYBER-THREATS

Empow Cyber Security, Ltd...

1. A method for cyber threat risk-chain generation, comprising:obtaining a plurality of events;
mapping each event of the plurality of obtained events to a global threat type, wherein each global threat type is associated with a risk-chain group;
correlating among the mapped plurality of events to determine at least a transition between one global threat type to another; and
updating a data structure maintaining data of at least one risk-chain, when the transition is determined, wherein the at least one risk-chain is a lifecycle of a cyber-attack.

US Pat. No. 10,193,918

BEHAVIOR-BASED RANSOMWARE DETECTION USING DECOY FILES

Malwarebytes Inc., Santa...

1. A method for detecting and remediating ransomware, the method comprising:monitoring a plurality of processes executing on a client device;
identifying, from the plurality of processes, an untrusted process that is absent from a whitelist of trusted processes;
monitoring the untrusted process executing on the client device;
detecting a request by the untrusted process to enumerate a directory containing one or more user files;
causing a decoy file to be returned to the untrusted process in response to the request;
monitoring actions of the untrusted process performed on the decoy file;
determining sub-scores associated with each of the monitored actions performed on the decoy file;
generating a cumulative score for the untrusted process based on a combination of the sub-scores associated with the monitored actions;
determining that the cumulative score for the untrusted process exceeds a predefined threshold score;
responsive to determining that the cumulative score exceeds the predefined threshold score, determining that behavior of untrusted process exhibited malicious behavior with respect to the decoy file;
identifying, by a processor, the untrusted process as corresponding to the ransomware based at least in part on determining that the untrusted process exhibited the malicious behavior with respect to the decoy file; and
remediating the untrusted process responsive to identifying the process as corresponding to the ransomware.

US Pat. No. 10,193,917

RULE-BASED NETWORK-THREAT DETECTION

Centripetal Networks, Inc...

1. A method comprising:receiving, by a packet-filtering device, a plurality of packets;
responsive to a determination by the packet-filtering device that a first packet of the plurality of packets corresponds to one or more packet-filtering rules:
applying, by the packet-filtering device and to the first packet, an operator specified by a corresponding packet-filtering rule and configured to cause the packet-filtering device to either prevent the first packet from continuing toward a destination of the first packet or allow the first packet to continue toward the destination of the first packet; and
generating, by the packet-filtering device, a packet log entry comprising at least one threat identifier corresponding to the first packet and data indicating whether the packet-filtering device prevented the first packet from continuing toward the destination of the first packet or allowed the packet to continue toward the destination of the first packet;
updating, by the packet-filtering device and based on the packet log entry, a packet flow entry, corresponding to the generated packet log entry, of packet flow analysis data for a plurality of logged packets, wherein the packet flow analysis data comprises data corresponding to a plurality of packet flow entries, and wherein each packet flow entry consolidates a plurality of packet log entries corresponding to a common threat identifier;
communicating, by the packet-filtering device and to a computing device, the packet flow analysis data; and
causing, based on the communicated packet flow analysis data, display of at least a portion of the packet flow analysis data,
wherein the packet flow analysis data comprises at least one threat identifier corresponding to each of the plurality of logged packets, packet time data for packets corresponding to the packet flow entry, and data indicating whether the packet-filtering device prevented packets from continuing toward a respective destination or allowed packets to continue toward the respective destination.

US Pat. No. 10,193,916

CONFIGURING THE GENERATION OF EVENT DATA BASED ON A TRIGGERING SEARCH QUERY

Splunk Inc., San Francis...

1. A computer-implemented method, comprising:receiving input specifying a search query for time-series event data;
causing execution of the search query based on a recurring schedule to search time-series event data stored by a data storage server, the time-series event data generated, by a remote capture agent located in a computer network, based on network traffic monitored by the remote capture agent and involving at least one resource running in the computer network;
identifying, based on the execution of the search query, one or more events of the time-series event data stored by the data storage server satisfying the search query; and
in response to identifying the one or more events, sending configuration information to the remote capture agent, the configuration information causing the remote capture agent to generate additional time-series event data.

US Pat. No. 10,193,915

COMPUTERIZED SYSTEM AND METHOD FOR AUTOMATICALLY DETERMINING MALICIOUS IP CLUSTERS USING NETWORK ACTIVITY DATA

OATH INC., New York, NY ...

1. A method comprising:identifying, via a computing device on a network, an access log for network activity on said network and an Internet Protocol (IP) blacklist, said access log comprising a first set of IP addresses and a type of network activity performed by each IP address in said first set, said IP blacklist comprising a second set of IP addresses associated with known malicious activity on said network;
automatically analyzing, via the computing device, said first set of IP addresses in said access log, and determining, based on said analysis, which IP addresses in said first set are performing a common network activity based on the type of network activity of each IP address in said first set;
constructing, via the computing device, based on said analysis, an IP graph such that each IP address in the first set has an associated node represented on the IP graph, and nodes associated with the IP addresses performing said common activity are connected by an edge;
further automatically analyzing, via the computing device upon construction of said IP graph, relationships between each pair of IP addresses in said IP graph associated with an edge, said further analyzing comprising comparing a value of each edge against an edge threshold and removing the IP addresses associated with the edge values that are below said edge threshold from said constructed IP graph;
determining, via the computing device, a cluster of IP addresses based on the connected IP addresses remaining in said IP graph after said removal, said determination comprising identifying each pair of IP addresses connected by an edge that remains after said removal, and generating a file that includes information associated with said remaining IP addresses;
determining, via the computing device, a standardized residual value for said IP cluster by comparing the IP addresses in said generated file against the second set of IP addresses in said IP blacklist, and determining a co-occurrence of an IP address in said file appearing in said IP blacklist; and
determining, via the computing device, whether said IP addresses in said IP cluster are associated with performing malicious activity based on said standardized residual value determination, said malicious activity determination comprising comparing said standardized residual value for said IP cluster against a predetermined threshold value, and determining that said IP cluster is malicious when said standardized residual value is above said threshold value.

US Pat. No. 10,193,913

JOINT ANOMALY DETECTION ACROSS IOT DEVICES

Cisco Technology, Inc., ...

1. A method, comprising:monitoring, at a gateway device, network communications between a plurality of computing devices connected to a network associated with the gateway device;
creating, at the gateway device, a graph, wherein each vertex of the graph represents one of the computing devices connected to the network and each edge of the graph represents network communication that has occurred between the computing devices connected by that edge during a time window;
receiving, from each of the computing devices, a collection of one or more performance metrics observed by that computing device during the time window;
determining, based on the graph and the collections of one or more performance metrics, a respective measure of risk for each of the computing devices for the time window;
determining, from the graph, a clique of computing devices that are linked by edges in the graph;
adjusting the respective measure of risk for the time window for one of the computing devices in the clique based on the measures of risk for the remaining computing devices in the clique; and
in response to determining that a given computing device in the clique is infected with malware based on the respective measure of risk exceeding a threshold, setting an alert flag at the gateway device indicating that the given computing device is infected.

US Pat. No. 10,193,912

WARM-START WITH KNOWLEDGE AND DATA BASED GRACE PERIOD FOR LIVE ANOMALY DETECTION SYSTEMS

Cisco Technology, Inc., ...

1. A method, comprising:loading, by a device in a network, an anomaly detection model for warm-start;
filtering, by the device, input data for the model during a warm-start grace period after warm-start of the anomaly detection model, wherein the model is not updated during the warm-start grace period based on the filtering;
determining, by the device, an end to the warm-start grace period;
updating, by the device, the anomaly detection model using unfiltered input data for the anomaly detection model after the determined end to the warm-start grace period; and
sending, by the device, a notification of the warm-start of the anomaly detection model to a supervisory device in the network.

US Pat. No. 10,193,911

TECHNIQUES FOR AUTOMATICALLY MITIGATING DENIAL OF SERVICE ATTACKS VIA ATTACK PATTERN MATCHING

VERISIGN, INC., Reston, ...

1. A method for mitigating a denial of service attack, the method comprising:determining that a number of requests transmitted by a first client to a server during a first time period is greater than a first threshold;
in response, classifying the first client as a top talker;
generating one or more first attack patterns based on the requests transmitted by the first client to the server;
determining, at least partially in parallel with generating the one or more first attack patterns, that a number of requests transmitted by a second client to a server during a second time period is greater than the first threshold;
identifying additional requests being transmitted by at least one of the first client and the second client to the server;
determining that a number of the additional requests transmitted by the at least one of the first client and the second client to the server matches the one or more first attack patterns; and
in response, performing one or more operations to address the additional requests being transmitted to the server.

US Pat. No. 10,193,910

NETWORK ATTACK DETECTION METHOD

The Hong Kong Polytechnic...

1. A method, comprising:at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors,
conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis;
probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and
determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric,
wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node,
wherein the probing pattern is Round Trip Probing (RTP),
wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises:
sending at least two RTP probing packets from the probing node to the target node;
receiving RTP response packets in responsive to the RTP probing packets from the target node of the first probing path, each RTP response packet having a sequence number and an ACK number; and
according to the sequence numbers and the ACK numbers of the RTP response packets, determining one or more of the following performance metric of the first probing path: a RTP packet loss rate on the forward path, a RTP loss pair rate on the forward path, a RTP packet reordering rate on the forward path, a RTP packet loss rate on the reverse path, a RTP packet reordering rate on the reverse path, and a RTP loss pair rate on the reverse path,
wherein a packet pair on the forward path is placed between load packets and measurement packets and consists of an ?th RTP probing packet and an ?+1th RTP probing packet, a packet pair on the reverse path consists of an ?th RTP response packet and an ?+1th RTP response packet, the ?th RTP probing packet corresponds to the ?th RTP response packet, a time gap between the ?th RTP response packet and the ?+1th RTP response packet being used to estimate an interval between head and tail load packets.

US Pat. No. 10,193,909

USING INSTRUMENTATION CODE TO DETECT BOTS OR MALWARE

1. A method comprising:obtaining data corresponding to requests from a plurality of client devices for a web resource comprising web code, wherein the web resource is hosted by a first web server system;
for a first client device of the plurality of client devices, serving instrumentation code that is configured to execute on the first client device to monitor execution of the web code of the web resource at the first client device;
receiving, from the first client device, one or more responses generated by the instrumentation code at the first client device based one or more interactions with the web code at the first client device;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,193,908

DATA TRANSFER FOR NETWORK INTERACTION FRAUDULENCE DETECTION

comScore, Inc., Reston, ...

1. A method for analyzing network interaction data for detection of network interaction fraudulence, the method comprising:receiving network interaction data from a network over time, wherein the network interaction data is indicative of computer network interaction between a first computer system and a second computer system;
receiving a predetermined model comprising predetermined values associated with network interaction parameters;
processing the received network interaction data to determine the network interaction parameters and information regarding the network interaction data, wherein the information regarding the network interaction data is indicative of an attribute of the computer network interaction;
calculating a score for the network interaction data based on the predetermined model and the determined network interaction parameters;
comparing the score to a threshold; and
forwarding, based on the comparison of the score to the threshold, the information regarding the network interaction data, wherein the information regarding the network interaction data is further indicative of network interaction fraudulence.

US Pat. No. 10,193,907

INTRUSION DETECTION TO PREVENT IMPERSONATION ATTACKS IN COMPUTER NETWORKS

Cisco Technology, Inc., ...

1. A data processing method comprising:storing, by a central computer, authentication records in a hosts database, wherein each authentication record comprises a certificate and a host identifier of a sender computer;
receiving, by the central computer, a suspect record that was sent by a first intrusion sensor, from one or more intrusion sensors, and that comprises a first particular certificate and a first particular host identifier of a suspect sender computer, wherein the suspect record is generated based on network telemetry data exchanged in compliance with an Internet Protocol Flow Information Export (IPFIX) or a NetFlow protocol;
determining, by the central computer, whether the hosts database contains a matching record having a same certificate as the first particular certificate of the suspect record and a same host identifier as the first particular host identifier of the suspect record, the first particular certificate comprising a first particular thumbprint of a first particular public key certificate, the first particular host identifier comprising an Internet Protocol (IP) address of the suspect sender computer;
in response to determining, by the central computer, that the hosts database does not contain the matching record, generating, by the central computer, an intrusion alert;
propagating, by the central computer, the intrusion alert to the one or more intrusion sensors to ban network traffic from the suspect sender computer; and
instructing the one or more intrusion sensors to periodically request a second particular certificate from the suspect sender computer.

US Pat. No. 10,193,906

METHOD AND SYSTEM FOR DETECTING AND REMEDIATING POLYMORPHIC ATTACKS ACROSS AN ENTERPRISE

CHECKPOINT SOFTWARE TECHN...

1. A method for detecting potential malware comprising:a) 1) obtaining an attack tree representative of an attack on a network, the attack tree formed of objects;
2) analyzing the objects to determine whether each of the objects is classified as known or unknown, in accordance with predetermined criteria; and,
3) representing the unknown objects in the attack tree as generalized objects, resulting in the creation of a generalized attack tree from the obtained attack tree;
b) breaking the first generalized attack tree into subtrees including generalized objects;
c) obtaining at least one subtree including generalized objects associated with a subsequent generalized attack tree including generalized objects;
d) comparing the subtrees from the first generalized attack tree to the at least one subtree associated with the subsequent generalized attack tree, based on the generalized objects;
e) creating an updated generalized attack tree from the subtrees from the first generalized attack tree and the at least one subtree associated with the subsequent generalized attack tree;
f) obtaining the subtrees associated with updated generalized attack tree;
g) comparing the subtrees associated with the updated generalized attack tree with the at least one subtree associated with the subsequent generalized attack tree, based on the generalized objects; and,
h) creating an updated generalized attack tree from the subtrees from the previously updated generalized attack tree and the at least one subtree associated with the subsequent generalized attack tree, to detect potential malware.

US Pat. No. 10,193,905

METHOD AND APPARATUS FOR ADAPTIVE CACHE MANAGEMENT

Samsung Electronics Co., ...

1. A method for processing data by a terminal implemented using at least one hardware processor, the method comprising:identifying, by the terminal, a plurality of inspection types for a packet;
determining, by the terminal, an inspection type from the plurality of inspection types for the packet based on a network type for transmitting or receiving the packet and an Internet Protocol (IP) version; and
processing, by the terminal, the determined inspection type for the packet,
wherein the network type includes at least one of a Wi-Fi network and a cellular network, and
wherein determining the inspection type comprises determining, by the terminal, if at least one packet is transmitted or received through an application being executed in the terminal, a size of the at least one packet is over a predetermined size that can be transmitted through an application, to process a security inspection for the packet.

US Pat. No. 10,193,904

DATA-DRIVEN SEMI-GLOBAL ALIGNMENT TECHNIQUE FOR MASQUERADE DETECTION IN STAND-ALONE AND CLOUD COMPUTING SYSTEMS

QATAR UNIVERSITY, Doha (...

1. A method for identifying masquerade attacks in a network computing environment, the method comprising:receiving data from at least one user with an active session on a system;
receiving historical data for each of the at least one user;
applying an algorithm to the received data to build at least one profile for each of the at least one user, wherein the at least one profile comprises one or more sample signatures;
applying an algorithm to the received historical data to build at least one model for each of the at least one user, wherein said at least one model comprises one or more reference signatures;
identifying a dynamic threshold;
determining an alignment score between the sample signatures to the reference signatures by comparing first alignment parameters from the sample signatures with second alignment parameters from the reference signatures;
determining an intrusion masquerade event based on the alignment score being greater than the identified dynamic threshold; and
updating patterns for each of the at least one active user,
wherein the first alignment parameters are selected from at least three of: optimal gap penalties, mismatch score, average optimal threshold, and maximum factor of test gaps, and
wherein the second alignment parameters are selected from at least three of: optimal gap penalties, mismatch score, average optimal threshold, and maximum factor of test gaps.

US Pat. No. 10,193,902

METHODS AND SYSTEMS FOR MALWARE DETECTION

DEEP INSTINCT LTD., Tel ...

1. A method of building vectors for feeding to a deep learning algorithm of a malware detector, the method comprising:building a first size dictionary, by extracting features from a plurality of malware files and non-malware files,
reducing the size of the first size dictionary, in order to obtain a subset of the features of the first size dictionary, and a second size dictionary being formed from at least the subset of the features of the first size dictionary, the second size dictionary being of lower size than the first size dictionary,
the method further comprising, for a plurality of files to be fed to the malware detector:
extracting features from each file based on features present in the second size dictionary, wherein at least a first subset of the files is operable on an operating system which is different from an operating system on which a second subset of the files is operable, wherein the features are independent of operating systems so that a vector is built for each file based on the second size dictionary irrespective of the file operating system,
building a vector representing said each file based on the extracted features, the vector being suitable for being processed by the deep learning algorithm, for determining prospects of whether the file constitutes malware or not based on a model of said deep learning algorithm, wherein each vector is suitable to be processed by the same model of the deep learning algorithm.

US Pat. No. 10,193,901

INTERFACE PROVIDING AN INTERACTIVE TIMELINE FOR EVALUATING INSTANCES OF POTENTIAL NETWORK COMPROMISE

Splunk Inc., San Francis...

1. A method comprising:receiving event data generated by network activities of entities that interact with a computer network, wherein the event data comprises machine data, and the entities include at least one of computer users and devices in communication with the computer network;
identifying instances of potential network compromise from the event data comprising threats based on one or more anomalies automatically triggered by detecting deviations from expected or permitted network activities, wherein each of the instances of potential network compromise is classified by type and associated with a time period of occurrence and an entity or entities that participated in the network activity that triggered the corresponding automated determination;
causing display, in a graphical user interface, of an interactive graphic of data values indicating identified instances of potential network compromise occurring at time periods along a timeline, including graphical representations indicating a level of risk and the number of instances of network compromise occurring during a same time period;
upon receiving a selection by a user, via the graphical user interface, of a time period from the timeline, causing display of a listing of each identified instance of potential network compromise occurring at the selected time period, the listing including the type of instance and each associated entity; and
upon receiving a selection of a threat from the listing of instances of potential network compromise, causing display of a graphical representation of a relationship between the entities participating in the network activities that triggered the threat, wherein the display includes one or more lines that connect the entities whose participation together in a network activity triggered an anomaly, and upon receiving a selection of a line in the display, causing the type of the anomaly to be displayed.

US Pat. No. 10,193,900

METHODS AND APPARATUS TO IDENTIFY AN INTERNET PROTOCOL ADDRESS BLACKLIST BOUNDARY

1. A method to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address, the method comprising:collecting, by executing an instruction with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address;
generating, by executing an instruction with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address;
generating, by executing an instruction with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address;
for respective Internet protocol addresses in the first and second windows, calculating, by executing an instruction with the processor, occurrence counts associated with behavior features identified in the netflow data;
identifying, by executing an instruction with the processor, candidate boundaries within the netblock based on breakpoint scores calculated from divergence values associated with the behavior features, the divergence values based on a first multinomial distribution of the occurrence counts associated with the first window and a second multinomial distribution of the occurrence counts associated with the second window; and
identifying, by executing an instruction with the processor, a first one of the candidate boundaries as an Internet protocol address boundary associated with the malicious Internet protocol address by comparing the breakpoint scores of the candidate boundaries to a threshold.

US Pat. No. 10,193,898

REPUTATION-BASED METHOD AND SYSTEM FOR DETERMINING A LIKELIHOOD THAT A MESSAGE IS UNDESIRED

WatchGuard Technologies, ...

1. A system, comprising:a computing device having a processor and memory, the computing device including a security appliance configured to:
receive, from a reputation engine, a first reputation metric corresponding to a first tuple of a plurality of tuples, the first tuple comprising a user identifier and an Internet Protocol (IP) address for an origin of a message and associated with a first level of granularity for identification of the origin of the message;
receive, from the reputation engine, a second reputation metric corresponding to a second tuple of the plurality of tuples, the second tuple comprising a domain and the IP address for the origin of the message and associated with a second level of granularity for identification of the origin of the message; and
calculate a value indicative of a likelihood that the message is undesired by use of the first reputation metric corresponding to the first tuple associated with the first level of granularity and the second reputation metric corresponding to the second tuple associated with the second level of granularity; and
handling the message in accordance with the value indicative of the likelihood that the message is undesired;
wherein the reputation engine is configured to determine the first reputation metric and the second reputation metric in response to receiving the plurality of tuples associated with the message; and
wherein a reputation metric associated with a tuple assigned a finer granularity contributes to the value more than a reputation metric associated with a tuple assigned a lower granularity.

US Pat. No. 10,193,896

VEHICLE COMMUNICATION APPARATUS, IN-VEHICLE NETWORK SYSTEM, AND VEHICLE COMMUNICATION METHOD

PANASONIC INTELLECTUAL PR...

1. An electronic control unit connected to an in-vehicle network bus in an in-vehicle network system, the in-vehicle network system including a plurality of apparatuses that perform communication of frames via the in-vehicle network bus, the electronic control unit comprising:a first control circuit; and
a second control circuit,
wherein the first control circuit is connected to the in-vehicle network bus via the second control circuit over at least one of wired communication or wireless communication,
wherein the second control circuit receives a frame from the in-vehicle network bus, to which the second control circuit is connected, performs a first determination process on the received frame to determine a conformity of the received frame with a first rule related to at least a reception time of the received frame by the second control circuit, upon determining that the received frame conforms to the first rule, executes a predetermined process based on content of the received frame, and transmits the received frame to the first control circuit, and
wherein the first control circuit receives the received frame from the second control circuit and performs a second determination process on the received frame to determine a conformity of the received frame with a second rule that is different from the first rule.

US Pat. No. 10,193,895

SYSTEM AND METHOD FOR REMOTE AUTHENTICATION WITH DYNAMIC USERNAMES

1. A first device for authenticating a user for access to a service provider over a network comprising:circuitry configured to:
receive a request for a ticket;
generate the ticket, wherein the ticket includes a one-time username;
send the ticket to at least one additional device;
generate a first partial signature of the ticket;
receive at least one additional partial signature of the ticket from each of the at least one additional device;
generate a complete signature of the ticket based on the first partial signature and the at least one additional partial signature of the ticket;
encrypt the ticket and the complete signature of the ticket;
send the encrypted ticket and encrypted complete signature of the ticket to the service provider;
receive an encrypted verification code from the service provider;
decrypt the encrypted verification code; and
display the decrypted verification code.

US Pat. No. 10,193,894

ENABLING ACCESS TO RESTRICTED DATA USING GEOFENCES

1. A system comprising:a processor; and
a memory that stores computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising
identifying a device associated with restricted data, wherein the restricted data comprises network data that law prohibits network operators from using for commercial purposes without authorization from a user associated with the device,
determining use parameters associated with the device, wherein each of the use parameters comprises
a device identifier associated with the device,
a geofence that defines a location at which the use of the restricted data is authorized by the user, wherein boundaries of the geofence are defined in response to receiving, by the device, the user input via a touchscreen, the input corresponding to drawing the boundaries,
time limits associated with the geofence, and
a commercial purpose for which the use of the restricted data by the network operator is authorized by the user,
determining if the device is at a geographic location that satisfies the location that is defined by the geofence,
determining if the time limits associated with the geofence are satisfied,
determining a purpose for which the restricted data will be used, and
if a determination is made that the location that is defined by the geofence is satisfied, that the time limits are satisfied, and that the purpose matches the commercial purpose of one of the use parameters, using the restricted data for the purpose.

US Pat. No. 10,193,893

SYSTEM AND METHOD FOR ACCESS CONTROL USING NETWORK VERIFICATION

Open Text SA ULC, Halifa...

1. A system for data access control, comprising:a computing device having a processor and at least one non-transitory memory containing instructions executable by the processor to:
determine a first unique device identifier identifying a first access point being used by the computing device to access a network;
determine first access control data associated with the first unique device identifier and a first application executing on the computing device, the first access control data specifying an access control level selected from at least three different levels of access; and
control access of the first application to data associated with a target server to which the computing device is connected through the first access point and over the network based on the first access control data, wherein the first access control data specifies a first level of access to the data associated with the target server applicable when the computing device connects to the target server through the first access point.

US Pat. No. 10,193,892

RESOURCE RESTRICTION

HEWLETT PACKARD ENTERPRIS...

1. A data sharing system comprising:a processor; and
a non-transitory computer readable medium storing instructions executable by the processor, the instructions comprising:
instructions to identify an environment that satisfies a first level of trust of a first entity and a second level of trust of a second entity, wherein the first entity and the second entity are different devices;
instructions to request access to a set of data associated with the first entity in response to a procedure received from the second entity;
instructions engine to execute the procedure in the environment, the procedure to request access to the set of data;
instructions to receive a restriction from the first entity, wherein the restriction associated with a resource of the environment is to limit information that can be accessed in the set of data by the procedure of the second entity based on resource utilization information associated with the resource;
instructions to maintain the resource utilization information of the environment associated with the resource; and
instructions to limit execution of the procedure based on the restriction and the resource utilization information.

US Pat. No. 10,193,891

DEVICE-TO-DEVICE NETWORK LOCATION UPDATES

Neone, Inc., Austin, TX ...

1. An electronic device, comprising:an interface circuit configured to communicate with a group of one or more other instances of the electronic device via dynamic connections that are based on pre-established and maintained associations in a device-to-device network of a user of the electronic device, wherein each instance of the electronic device in the device-to-device network stores locally the pre-established and maintained associations comprising encryption keys and locations for each of the instances of the electronic device in the group that are maintained for a longer time than the dynamic connections,
wherein a given dynamic connection between the electronic device and a given instance of the electronic device in the group is setup by the electronic device without storing the pre-established and maintained associations in a computer in another network; and
wherein the interface circuit is configured to communicate with the given instance of the electronic device via at least a non-wireless communication technique and the other network; and
a control circuit, coupled to the interface circuit, configured to:
detect, via the interface circuit, a change to a location of the electronic device in the other network, wherein detecting the change to the location involves poking a hole through a firewall to determine the location of the electronic device and tracing a route back to the electronic device;
communicate, via the interface circuit, a message with an update to the location based on the detected change that is encrypted with the encryption key of the user, to a second user of a second instance of the electronic device in the group in the device-to-device network at a second location specified by one of the pre-established and maintained associations and use the updated location to update a pre-established and maintained association stored locally on the second instance of the electronic device; and
when a communication with a third instance of the electronic device fails for a time interval, poll one or more other instances of the electronic device in the group to determine an update to a third location from the pre-established and maintained associations, wherein the one or more other instances does not include the given instance, second instance or third instance of the electronic device.

US Pat. No. 10,193,888

DYNAMIC AUTHENTICATION IN ALTERNATE OPERATING ENVIRONMENT

WELLS FARGO BANK, N.A., ...

1. A method, comprising:authenticating, by a hardware processor, a device to a network via a first authentication technique during an initial access request;
after successful authentication with the first authentication technique, storing, by the hardware processor, information related to the first authentication technique;
creating, by the hardware processor, a record of the device related to a second authentication technique, wherein the record includes at least the information related to the first authentication technique;
after the device changes state due to an activity that results in a re-authentication with the network, authenticating, by the hardware processor, the device to the network via the second authentication technique during a subsequent access request without re-authenticating with the first authentication technique, the second authentication technique does not rely on manual entry at the device; and
wherein the information related to the first and to the second authentication techniques are annotated and kept in the record of the device until a non-expiration-timing event prompts, by the hardware processor, removal, by the hardware processor, the information related to the first authentication technique and the record of the device related to the second authentication technique.

US Pat. No. 10,193,887

NETWORK APPLIANCE

OATH INC., New York, NY ...

1. A device having at least one processor, storage, and a communication platform for providing services, the device comprising:a security assessor unit implemented on the at least one processor and configured to identify rights of a first entity on an intranet; and
a service provider unit implemented on the at least one processor and connected to the security assessor unit, the service provider unit configured to respond to a first request to provide content to the first entity, the service provider unit comprising:
a discovery unit configured to identify a first piece of information associated with the content that is privileged within the intranet; and
a social network engine configured to determine that the first entity lacks a right to access the content and the first piece of information as defined within the intranet, wherein the content and the first piece of information residing in the intranet are not accessible from outside of the intranet without privileged authentication, wherein:
the service provider unit provides the content to the first entity on the intranet as an intranet private link directed to a corresponding resource that is privileged within the intranet such that access from an external public Internet requires privileged authentication and sends a second request to a second entity to authorize access to the content, wherein the second entity is configured for granting the first entity access to the content responsive to the second request by forwarding a response to the second request to the social network engine to indicate that the first entity has been authenticated to access the content and the first piece of information.

US Pat. No. 10,193,884

COMPLIANCE AND AUDIT USING BIOMETRIC TOKENIZATION

WELLS FARGO BANK, N.A., ...

1. A method of auditing a biometric enrollment event journal entry, the method comprising:retrieving, by an authentication computing system, a biometric enrollment event journal entry, the biometric enrollment event journal entry comprising:
at least one tokenized biometric reference sample, the at least one tokenized biometric reference sample generated by tokenizing with a first tokenization schema at least one biometric reference sample captured from a user having a unique user identifier, wherein the at least one biometric reference sample is processed to generate biometric data, the biometric data tokenized with a second tokenization schema to generate tokenized biometric data,
a biometric reference template identifier, the biometric reference template identifier uniquely identifying a biometric reference template, the biometric reference template being generated using the at least one biometric reference sample, and
an enrollment match value indicative of whether the at least one biometric reference sample matched with the biometric reference template;
retrieving, by the computing system, the at least one tokenized biometric reference sample in the biometric enrollment event journal entry;
retrieving, by the computing system, the biometric reference template associated with the biometric reference template identifier in the biometric enrollment event journal entry;
detokenizing, by the computing system, the at least one tokenized biometric reference sample to retrieve the at least one biometric reference sample;
determining, by the computing system, whether the at least one biometric reference sample matches with the biometric reference template;
generating, by the computing system, a temporary enrollment match value indicative of whether the at least one biometric reference sample matched with the biometric reference template of the user;
determining, by the computing system, whether the temporary enrollment match value matches with the enrollment match value;
generating, by the computing system, an audit enrollment match value indicative of whether the temporary enrollment match value matches with the enrollment match value;
generating, by the computing system, a first compliance event journal entry, the first compliance event journal entry comprising:
a first identifier signifying the biometric enrollment event journal entry, and
the audit enrollment match value, wherein the first compliance event journal entry provides an audit of the biometric enrollment event journal entry and an indication of the validity of the biometric enrollment event journal entry;
digitally signing, by the computing system, the first compliance event journal entry using SignedData cryptographic message syntax to generate a SignedData message;
binding, by the computing system, the first identifier to the SignedData message via an attribute of the SignedData message;
binding, by the computing system, a second identifier to the SignedData message via an attribute of the SignedData message, the second identifier identifying the first tokenization schema, wherein the attribute includes a first uniform resource identifier query string, the first uniform resource identifier query string including a first uniform resource locator identifying a first tokenization service provider capable of recovering the biometric reference sample from the tokenized biometric reference sample; and
binding, by the computing system, a third identifier to the SignedData message via an attribute of the SignedData message, the third identifier identifying the second tokenization schema, wherein the attribute includes a second uniform resource identifier query string, the second uniform resource identifier query string including a second uniform resource locator identifying a second tokenization service provider capable of recovering the biometric data from the tokenized biometric data.

US Pat. No. 10,193,883

SYSTEMS AND METHODS FOR PRODUCT AUTHENTICATION

Aintu Inc., Sunnyvale, C...

1. A method for authenticating an article of manufacture, said method comprising:generating a set of unique identifiers to be associated with a plurality of articles of manufacture;
associating on a one-to-one basis a single identifier from said set with a single instance of the article of manufacture from said plurality of articles of manufacture;
maintaining an authentication server to perform at least one authentication operation in response to receiving an authentication request from a client device;
enabling each of a plurality of client devices to generate an authentication request to set authentication server, wherein said authentication request is to authenticate a particular instance of an article of manufacture from said plurality of articles of manufacture,
responsive to receiving said authentication request from said client device, performing by said authentication server said at least one authentication operation comprising transmitting a request to an authentication database provisioned with manufacturer-derived authentication information to enable authentication of the particular instance of the article of manufacture; and;
transmitting a response to said application request from said client device to said client device.

US Pat. No. 10,193,882

PROVISION OF CROSS-DEVICE IDENTIFICATION

Criteo SA, Paris (FR)

1. A method comprising:a. assigning, by a computing entity matching system on a first domain, a cross-device ID to a browser executing on a first computing device and to one or more computing entities based on one or more of activity data for the browser and the one or more computing entities collected by the computing entity matching system and activity data for the browser and the one or more computing entities collected by a plurality of third-parties;
b. sending, by the browser, to a server on a second domain, a first request for a first webpage;
c. receiving, by the browser, the first webpage, the first webpage comprising first cross-device ID retrieval instructions;
d. executing, by the browser, the first cross-device ID retrieval instructions to send a second request to the computing entity matching system comprising a matching system ID;
e. determining, by the computing entity matching system, the cross-device ID based on the matching system ID;
f. sending, by the computing entity matching system, to the browser, first cross-device ID storage instructions comprising a distributed cross-device ID, the distributed cross-device ID based on the cross-device ID;
g. executing, by the browser, the first cross-device ID storage instructions to set a cookie on the second domain comprising the distributed cross-device ID; and
h. sending, by the browser, to the server, a third request for a second webpage, the third request comprising the distributed cross-device ID.

US Pat. No. 10,193,881

METHOD FOR CONTROLLING INFORMATION TERMINAL IN COOPERATION WITH WEARABLE TERMINAL

PANASONIC INTELLECTUAL PR...

1. A control method for an information terminal that is configured to communicate with an electronic mail server and a wearable terminal used while being worn on a portion of a user's body, the information terminal having a first display, and the wearable terminal having a second display, the method causing a computer of the information terminal to:receive electronic mail from the electronic mail server by using a mail application for executing transmission and reception of the electronic mail, the mail application being stored in a memory of the information terminal;
transfer the received electronic mail to the wearable terminal;
receive viewing information from the wearable terminal, the viewing information indicating that the electronic mail was displayed on the second display at a first time;
determine whether or not the electronic mail is being displayed on the second display at a second time, which is a predetermined period of time after the first time, based on the viewing information; and
automatically display, on the first display, a reply-mail creation screen for creating a reply mail to the electronic mail that was displayed on the second display at the first time, when it is determined that the electronic mail is being displayed on the second display, and the computer of the information terminal launches the mail application, and
automatically stop displaying, on the first display, the reply-mail creation screen at the second time when it is determined that the electronic mail is not being displayed on the second display.

US Pat. No. 10,193,879

METHOD AND SYSTEM FOR SOFTWARE APPLICATION DEPLOYMENT

Cisco Technology, Inc., ...

1. A method for deploying applications, the method comprising:deploying an application from an application image in an application virtual machine of a computing device, wherein the application is accessible using a first uniform resource locator (URL);
sending an application creation message to an authoritative domain name system (DNS) server to create a record mapping the first URL to a second URL, wherein the first URL is in a first domain and the second URL is in a second domain;
providing, to a service virtual machine (SVM) of the computing device, a digital certificate associated with the application virtual machine, wherein the service virtual machine is configured to store the digital certificate isolated from and inaccessible by the application virtual machine, and wherein the service virtual machine is separate from a certificate authority that issues the digital certificate;
generating, by the service virtual machine and in response to one or more applications requesting communication based on the digital certificate, certificate data using the digital certificate; and
sending, to a remote application server comprising a client software module, the second URL and the certificate data,
wherein the client software module is configured to establish a connection to the application on the computing device using the second URL and the certificate data.

US Pat. No. 10,193,878

USING APPLICATION LEVEL AUTHENTICATION FOR NETWORK LOGIN

Hewlett Packard Enterpris...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors of a controller, cause the one or more hardware processors of the controller to:intercept an authentication request addressed to an identity authentication server that would have received the authentication request in an absence of the interception in response to a network authentication provider determining that a first client device is not associated with a currently active session;
retrieve a token associated with the first client device that is stored in a cache at the controller in response to the interception, wherein the token is generated in response to receiving a first client authentication information including an indication that the first client device was successfully authenticated by a network authentication server based on credentials provided by the first client device;
redirect the intercepted authentication request with the token to the identity authentication server using an address that will not be intercepted by the controller;
receive, from the identity authentication server, an indication that the first client device was successfully authenticated; and
based on the indication received from the identity authentication server, grant network access to the first client device.

US Pat. No. 10,193,877

ON-PREMISES AGENT FOR MOBILE CLOUD SERVICE

Oracle International Corp...

1. A method comprising:receiving, by an application executing on a computer system connected to a network behind a firewall, from a first server computer executing outside the firewall over a connection according to a WebSocket protocol, a first request for data stored on a second server computer behind the firewall on the network, the first request comprising a request uniform resource locator (URL), a request header, and a request body, wherein the first request has a first format compliant for the connection according to the WebSocket protocol;
translating, by the application, the first request received from the first server computer into a second request having a second format according to a hypertext transport protocol (HTTP) for communication with the second server computer on the network, wherein:
translating comprises converting the first format of the first request to the second format of the second request for communication with the second server computer,
converting the first format comprises converting the request URL into a converted request URL, and
the second request comprises the request header, the request body, and the converted request URL;
receiving, by the application, from the second server computer, a first response to the second request sent by the application to the second server computer, wherein the first response has the first format;
based on converting the first response from the second format to the first format, creating, by the application, a second response having the first format; and
sending, by the application, the second response over the connection to the first server computer.

US Pat. No. 10,193,876

SYSTEM AND METHOD FOR VERIFYING USER SUPPLIED ITEMS ASSERTED ABOUT THE USER FOR SEARCHING

Zoosk, Inc., San Francis...

1. A method of verifying registration information, comprising:receiving information about a user of a web site, including purported characteristics of the user of the web site for display to other users of the web site, and/or at least one photograph purported to represent the user of the web site for display to the other users of the web site;
providing at least one instruction to the user of the web site requesting the user to pose in a certain manner while causing at least one image to be recorded of the user posing in the certain manner;
receiving the at least one image recorded, either simultaneously with their recording or thereafter;
providing the at least one image to a moderator and at least one of the purported characteristics and/or at least one of the at least one photograph from the information about the user of the web site;
receiving an indication from the moderator whether the at least one image of the user at least correspond to the at least one of the purported characteristics and/or the at least one of the at least one photograph provided to the moderator;
receiving a first request to display information about a plurality of users of the web site who meet a criteria specified as part of the request; and
displaying, responsive to the indication, the information about the user as part of a response to the request.

US Pat. No. 10,193,875

METHOD AND APPARATUS FOR CONTROLLING ACCESS TO SURVEILLANCE VIDEO

XIAOMI INC., Haidian Dis...

1. A method for controlling access to a surveillance video, comprising:acquiring from a user account a view request for viewing a surveillance video file, the view request comprising authorization information of the user account;
performing an identity authentication on the user account according to the authorization information;
allowing a user with the user account to view the surveillance video file when the identity authentication is passed; and
performing a privacy protection operation on the surveillance video file uploaded from a camera device;
wherein said performing a privacy protection operation on the surveillance video file uploaded from a camera device comprises at least one of the following operations:
setting an attribute of the surveillance video file to be hidden; and
encrypting the surveillance video file;
wherein said encrypting the surveillance video file comprises:
acquiring a file key used for encrypting the surveillance video file;
encrypting the surveillance video file based on the file key;
wherein when the surveillance video file is encrypted, the method further comprises:
acquiring a user private key of a preset user account;
generating a user public key of the preset user account according to the file key and the user private key of the preset user account; and
sending the user public key to a corresponding preset user account, such that the preset user account generates a file key of the surveillance video file according to the user public key and the user private key.

US Pat. No. 10,193,874

COMMUNICATION SYSTEM

NATIONAL INSTITUTE OF INF...

1. A communication system in which a terminal communicates with a server via a portable communication network used for communication between portable communication devices, wherein:the portable communication device includes a first pre-shared key and an encryption key,
the terminal includes a second pre-shared key,
the server has an encryption key which is the same as the encryption key included in the portable communication device,
authentication between the terminal and the portable communication device is performed by using the first pre-shared key and the second pre-shared key,
the terminal communicates with the server via the portable communication device by performing key synchronization of the encryption key while setting a hash value of the encryption key as an ID,
the hash value is generated by using a strongly universal hash function by a Toeplitz matrix, and
the portable communication device and the server respectively include a same plurality of different encryption keys and perform communication by using a one time pad, and the encryption keys of the portable communication device and the server are respectively supplied to the portable communication device and the server by using quantum key distribution from a quantum key generation device.

US Pat. No. 10,193,873

KEY DERIVATION FOR SECURE COMMUNICATIONS

Comcast Cable Communicati...

1. A method comprising:performing, by a computing device, a first encryption using a device security key stored in a first memory storage area of the computing device as cleartext;
deriving, using a first seed value comprising a combination of an address of the computing device and a first random number, a first derived key;
storing the first derived key in a second memory storage area of the computing device;
performing, after a compromise of the first derived key, a second encryption using the device security key as cleartext;
deriving, using a second seed value comprising a combination of the address of the computing device and a second random number, a second derived key; and
storing the second derived key in the second memory storage area of the computing device.

US Pat. No. 10,193,872

SYSTEM AND METHODS FOR DYNAMICALLY AND RANDOMLY ENCRYPTING AND DECRYPTING DATA

Cyphyx, LLC, Bonita Spri...

1. One or more non-transitory computer readable media bearing one or more instructions that when executed by a processor cause the processor to execute steps for the dynamic management of the encryption and decryption of a target data element including at least one target data sub-element provided by a local sender for transmission to a remote user, the steps comprising:a. providing an encryption configuration application for installation on a local computer processor, receiving the target data element from the local sender and transmitting an encrypted target data element over a communication channel to a remote computer processor within the computer network;
b. installing a decryption configuration application on the remote computer processor;
c. configuring the encryption configuration application on the local computer processor to prepare and transmit the target data element by:
i. providing a synchronization point value;
ii. using the synchronization point value to provide a multidimensional table having a plurality of arrays of random data;
iii. providing an encryption algorithm sub-table of a plurality of encryption algorithms associated with the multidimensional table;
iv. using the synchronization point value to provide a semaphore command sub-table of a plurality of semaphore codes expressing a plurality of semaphore commands, wherein the semaphore command sub-table is associated with the multidimensional table and the encryption algorithm sub-table;
v. using the synchronization point value to provide an execution step table having step data corresponding to the order of semaphore execution;
vi. providing an encryption configuration manager and a data encryption manager, wherein the encryption configuration manager executes computer programming steps for:
1. using a pseudo-random number generation algorithm to select an encryption algorithm type from the plurality of encryption algorithm types and to select any algorithm parameters according to any requirements of the encryption algorithm type;
2. selecting values for the algorithm parameters from the multidimensional table and applicable semaphore codes corresponding to the semaphore commands specifying those values;
3. communicating the multidimensional table, the selected encryption algorithm type, and the semaphore codes to the data encryption manager;
vii. receiving within the data encryption manager the target data element, the multidimensional table, the selected encryption algorithm type, and the semaphore codes, wherein the data encryption manager executes computer programming steps for:
1. accessing an encryption algorithm corresponding to the selected encryption algorithm type;
2. encrypting the target data element with the selected encryption algorithm in accordance with semaphore commands to form an encrypted target data element;
3. inserting the semaphore codes randomly into the encrypted target data element;
4. transmitting the encrypted target data element with the semaphore codes;
d. configuring the remote computer processor to receive and decrypt an encrypted target data element by:
i. determining the synchronization point value;
ii. receiving the encrypted target data element and semaphore codes;
iii. extracting the semaphore codes;
iv. providing a decryption configuration manager and a data decryption manager, wherein the decryption configuration manager executes computer programming steps for:
1. using the semaphore codes to determine the selected encryption algorithm type, the values for the algorithm parameters, any other semaphore commands, and to apply any predetermined restrictions to the random data of the multidimensional table; and
2. communicating the selected encryption algorithm type, the values for the algorithm parameters, the predetermined restrictions, and any other semaphore commands to the data decryption manager;
v. receiving within the data encryption manager the selected encryption algorithm type, the values for the algorithm parameters, the predetermined restrictions, and any other semaphore commands, wherein the data decryption manager executes computer programming steps for:
1. accessing the encryption algorithm corresponding to the selected encryption algorithm type;
2. decrypting the encrypted target data element with the selected encryption algorithm in accordance with semaphore commands and predetermined restrictions to form a decrypted target data element.

US Pat. No. 10,193,871

INFORMATION PROCESSING APPARATUS, CONTROL METHOD, AND PROGRAM

CANON KABUSHIKI KAISHA, ...

1. A camera comprising:a hardware processor; and
a memory for storing instructions to be executed by the hardware processor,
wherein, when the instructions stored in the memory are executed by the hardware processor, the camera functions as:
a first processing unit configured to perform a setting for performing encrypted communication on the camera in response to a command based on a Device Management service defined in the Open Network Video Interface Forum (ONVIF) standard;
a second processing unit configured to perform a setting for performing encrypted communication on the camera in response to a command based on an Advanced security service defined in the ONVIF standard; and
a transmitting unit configured to transmit information indicating that the setting for performing the encrypted communication is made in response to the command based on the Device Management service defined in the ONVIF standard to a client apparatus if the command based on the Advanced security service defined in the ONVIF standard is received from the client apparatus after the first processing unit performs the setting for performing the encrypted communication on the camera in response to the command based on the Device Management service defined in the ONVIF standard.

US Pat. No. 10,193,870

METHODS AND SYSTEMS FOR NON-INTRUSIVE ANALYSIS OF SECURE COMMUNICATIONS

Borland Software Corporat...

1. A method, comprising:capturing a plurality of secure communications between a first application and a second application;
grouping the plurality of communications into one or more streams, each stream representing a different network connection between the first application and the second application; and
processing the one or more streams in parallel to create a plurality of transactions with each transaction representing a pair of information comprising a request and a response to that request, and wherein processing further includes hierarchically reconstructing a session representing the transactions and creating a script for recreating the session for analysis by looking for references to a particular transaction of a particular stream within another transaction of another stream, wherein the session representing a set of all transactions between the first application and the second application.

US Pat. No. 10,193,868

SAFE SECURITY PROXY

BAE Systems Information a...

1. A method of protecting at least one networked enclave, comprising,providing a proxy node per networked enclave, wherein the proxy node of the networked enclave comprises a timer and is configured to communicate with other networked enclaves via a respective proxy node;
the networked enclaves comprising electronic control units of a vehicle;
providing one or more regular nodes per networked enclave, wherein the proxy node establishes a connection between the one or more regular nodes within a networked enclave and establishes the connection between the one or more regular nodes of the other networked enclaves via their respective proxy node;
monitoring a state of the proxy nodes or regular nodes, wherein the proxy nodes and regular nodes have reputations and states, where said states include at least healthy, compromised, and off-line;
detecting an attack on the proxy nodes or regular nodes;
isolating the one or more attacked nodes;
cleansing the one or more attacked nodes by sending a reboot message via the proxy node of the networked enclave to the one or more attacked nodes within the networked enclave or to a respective proxy node of another networked enclave;
reducing the reputation of the one or more attacked nodes; and
rebooting the one or more attacked nodes to restore the state of the one or more attacked nodes to healthy.

US Pat. No. 10,193,867

METHODS AND SYSTEMS FOR API PROXY BASED ADAPTIVE SECURITY

Ping Identity Corporation...

1. A method for securing one or more API servers, the method comprising:receiving at a first security server within a cluster of security servers, a first set of information comprising proxy access log information from at least a first proxy within a proxy cluster;
analysing the first set of information for identifying a first set of indicators of compromise;
receiving at a second security server within the cluster of security servers, a second set of information comprising proxy access log information from at least a second proxy within the proxy cluster;
analysing the second set of information for identifying a second set of indicators of compromise;
responsive to receiving an indicator of compromise at a proxy within the proxy cluster, discarding a received client message corresponding to a client or connection id associated with the received indicator of compromise, without onward transmission to an API server identified in the received client message;wherein the proxy cluster comprises a networked plurality of proxies, wherein each of the plurality of proxies is configured to extract information identifying a target API from data packets corresponding to a received client message, and to transmit the received client message to an API server implementing the target API; andwherein at least one of the first set of information and the second set of information is acquired by:
capturing at each protocol specific data plane or TCP port specific data plane within the first proxy or second proxy, real time API traffic data routed through said data plane; and
for each data plane, generating a log uniquely corresponding to said data plane, wherein said log comprises captured real time API traffic data routed through said data plane; and persisting each generated log file along with a unique id associated with the generated log.

US Pat. No. 10,193,866

PRIVATE NETWORK PEERING IN VIRTUAL NETWORK ENVIRONMENTS

Amazon Technologies, Inc....

1. A provider network, comprising;a network substrate;
a plurality of host devices implementing a plurality of resource instances for clients of the provider network, wherein subsets of the resource instances are provisioned in virtual networks for the clients on the provider network;
one or more computing devices implementing a peering service, wherein the one or more computing devices implementing the peering service are configured to:
determine routing information for routing network packets between one or more resource instances of a first virtual network and one or more resource instances of another virtual network via a peering on the provider network; and
enable the first virtual network and the other virtual network to exchange network packets via the peering on the provider network, wherein the packets are addressed to respective private IP addresses of the first virtual network or the other virtual network when being transmitted from a resource instance of the first virtual network or the other virtual network.

US Pat. No. 10,193,864

CLOUD INTERFACE FOR USE OF CLOUD SERVICES

Comcast Cable Communicati...

1. A system comprising:a user device; and
a cloud carrier device communicatively coupled to a first cloud provider, of a plurality of cloud providers, and to a second cloud provider, of the plurality of cloud providers and different from the first cloud provider;
wherein the cloud carrier device is communicatively coupled to the user device via a cloud service user interface associated with a physical layer comprising data over cable service interface specification (DOCSIS) attributes; and
wherein the cloud carrier device comprises:
one or more processors;
memory storing instructions that, when executed by the one or more processors, cause the cloud carrier device to:
coordinate access of cloud services of the first cloud provider and cloud services of the second cloud provider by the user device; and
relay communications between the cloud carrier device and at least one of the plurality of cloud providers; and
an interface associated with an Internet Protocol version 6 (IPv6) virtual private network (VPN) attribute and an Internet Protocol version 4 (IPv4) VPN attribute.

US Pat. No. 10,193,863

ENFORCING NETWORK SECURITY POLICY USING PRE-CLASSIFICATION

Microsoft Technology Lice...

1. A system comprising:at least one computer processor; and
at least one memory comprising computer program code configured to cause the at least one computer processor to:
create a pre-classifier layer for a network traffic property according to a network security policy, the pre-classifier layer having a pre-classifier filter for each element of a set of elements associated with the network traffic property;
classify, in the pre-classifier layer, inbound or outbound network traffic based on the network traffic property;
set a bit in a pre-classifier bit array for each pre-classifier filter based on classifying the network traffic in the pre-classifier layer, wherein the bit represents a classification of the network traffic; and
allow or deny, in a network security layer, the network traffic based on the bit in the pre-classifier bit array.

US Pat. No. 10,193,861

METHOD AND APPARATUS FOR BEST EFFORT PROPAGATION OF SECURITY GROUP INFORMATION

CISCO TECHNOLOGY, INC., ...

13. A network device comprising:one or more processors;
one or more network interfaces coupled to the one or more processors, wherein
the one or more network interfaces are configured to couple the network device to a sub-network and a core network;
a non-transitory computer-readable storage medium coupled to the one or more processors; and
a plurality of instructions, encoded in the non-transitory computer-readable storage medium and configured to cause the one or more processors to
receive a packet from the sub-network via one of the one or more network interfaces, wherein
the packet comprises a source group identifier and a destination address,
determine whether the destination address is associated with any security group identifier, and
in response to a determination that the destination address is associated with a security group identifier,
determine whether the security group identifier is a reserved group identifier,
if the security group identifier is the reserved group identifier, forward the packet to another network device in the core network, and
if the security group identifier is not the reserved group identifier, perform access control processing on the packet using the source group identifier, wherein
the plurality of instructions configured to cause the one or more processors to perform the access control processing is further configured to cause the one or more processors to
 identify a permissions matrix entry in a permissions matrix, using the source group identifier and a destination group identifier,
 identify a role-based access control list using information in the permissions matrix entry, and
 determine handling of the packet using information in the role-based access control list.

US Pat. No. 10,193,860

SECURE APPLICATION DELIVERY SYSTEM WITH DIAL OUT AND ASSOCIATED METHOD

Akamai Technologies, Inc....

1. A system to deliver an application, hosted by a private application provider system, over a network, comprising:an application delivery system that includes at least one hardware processor and a storage device configured to provide:
a first network interface that includes a computing entity instance of a first type;
a second network interface that includes one or more computing entity instances of a second type;
a network security interface that includes one or more computing entity instances of a third type comprising a decryption service, an authentication service, an encryption service, and a connection stitching service; and
an application agent disposed within the private application provider system;
wherein the application agent is configured to create a pool of third connections between the application agent and one or more computing entity instances of the second type within the second network interface;
wherein in response to creation of the pool of third connections each computing entity instance of the second type within the second network interface provides a fourth connection to a computing instance of the third type within the network security interface, wherein each fourth connection corresponds to a separate third connection in the pool of third connections;
wherein a computing entity instance of the first type within the first network interface provides a second connection to a computing instance of the third type and uses that second connection to send to the computing instance of the third type a request for access to the application, the request for access having been received over a first connection established to the computing entity of the first type; and
wherein the decryption service receives the request for access over the second connection and decrypts it to generate a result;
wherein, upon a successful authentication of the result by the authentication service, the encryption service re-encrypts the request for access and the stitching service creates a connection pair between the second connection and one of the fourth connections; and
wherein the request for access as re-encrypted is then provided to a computing entity instance of the second type over the connection pair.

US Pat. No. 10,193,859

SECURITY APPARATUS, ATTACK DETECTION METHOD, AND STORAGE MEDIUM

PANASONIC INTELLECTUAL PR...

1. A security apparatus connected to a bus, comprising:a receiver that receives a first frame from the bus;
a memory that stores an examination parameter defining a content of an examination on the first frame; and
processing circuitry that, in operation, performs operations including
first determining whether a predetermined condition is satisfied for the first frame,
in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory, and
second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory,
wherein the first frame is a data frame including an ID field storing an ID, Data Length Code (DLC), and a data field,
the examination parameter stored in the memory includes a threshold value indicating an upper limit of an allowable range of a frequency of transmission of one or more frames whose ID values are identical within a predetermined unit time,
the first determining determines that the predetermined condition is satisfied for the first frame received by the receiver, in a case where a transmission interval is out of a predetermined allowable range, the transmission interval being defined by a reception interval between the first frame and a second frame whose ID value is identical to the ID value of the first frame,
the updating updates the threshold value, in a case where the first determining determined that the predetermined condition is satisfied, and
the second determining determines that the first frame received by the receiver is an attack frame, in a case where the frequency of transmission of the first frame received by the receiver is higher than the updated threshold value.

US Pat. No. 10,193,857

SECURE UNRESTRICTED NETWORK FOR INNOVATION

The United States of Amer...

1. A dual network computing system comprising:a workstation comprising:
a first computing system communicably coupled with a first data storage system within a first network, the first computing system is configured to access or transmit first network data;
a second computing system communicably coupled with a second data storage system within a second network, wherein the second network does not communicate outbound data to the first network;
a keyboard;
a video display;
a graphical user interface pointing device; and
a keyboard video, and graphical user interface pointing device (KVGUIPD) switch that is coupled to the first and second computing systems, the KVGUIPD switch selectively couples the keyboard, the video display, and the graphical user interface pointing device with either said first or said second computing systems, said KVGUIPD switch comprises a mechanical switch that enables coupling of the keyboard, the video display, and the graphical user interface pointing device with either the first or second computing systems while electrically isolating the first and second computing systems from each other;
a data transport server communicably coupled to the first data storage system and the second data storage system, the data transport server including a first network interface configured to receive first network data from the first data storage data system, wherein the first storage system further include a data or file synchronization system or program that automatically replicates the first network data selected for storage on the first data storage system to the data transport server when the first network data is selected for said storage to the first data storage system using the first computing system, wherein the data transport server further includes, and a second network interface configured to transmit data unidirectionally from the data transport server to the second data storage system, wherein the data transport server further includes a purging module, the purging module configured to scan for one or more predefined data elements from the first network data received from the first data storage system, the purging module is further configured to purge said one or more matching data elements from the first network data if detected, wherein the purging module outputs in remaining first network data elements, wherein the data transport server further comprises a second network interface configured to transmit the purging module outputs of remaining first network data elements unidirectionally from the data transport server; and
a first data link providing unidirectional data communication from the data transport server's second network interface to the second data storage system, wherein the second network interface and the first data link is implemented using a physical and logical one-way interface/data transport link with the second storage system;
the data transport server includes logic that overrides a purging function of the purging module when the data transport server verifies at least one authentication factor associated with one or more of the first plurality of data to determine whether the one or more of the first plurality of data originated from a trusted source; and
wherein the one or more of the first plurality of data include a binary data file and the at least one authentication factor includes a digital signature associated with at least one of the binary data file;
a second data blocking device communicably coupled to an encryption device, wherein the second data blocking device is configured to block first network data not selected for storage in the first data storage system via the first computing system from entering the second network comprising a closed network portion of the dual network computing system, and the second data routing device is communicably coupled to the encryption device, wherein the encryption device encrypts data transmitted by the second data routing device;
wherein the encryption device and the second data blocking device are configured to enable encrypted isolation between first network data not selected for storage in the first data storage system via the first computing system that is external to the second network's closed network portion and data internal to the closed network portion.

US Pat. No. 10,193,856

METHOD, TERMINAL, AND SERVER FOR PROVIDING COMMUNICATION SERVICE

Samsung Electronics, Co.,...

1. A communication service method of a terminal, the method comprising:generating a transmission control protocol (TCP) connection request;
determining a communication network type for transmitting the TCP connection request to a server;
mapping a first internet protocol (IP) address associated with a first communication network to a virtual address, when the communication network type is determined to the first communication network;
transmitting a first mapping request message including first information on the first IP address and the virtual address to the server through the first communication network;
mapping a second IP address associated with a second communication network to the virtual address, when a handover from the first communication network to the second communication network is detected; and
transmitting a second mapping request including second information on the second IP address and the virtual address to the server through the second communication network.

US Pat. No. 10,193,854

APPARATUS AND METHOD FOR DETECTING DUPLICATE TEMPORARY ID

DENSO International Ameri...

1. An apparatus mounted on a host vehicle to detect a duplicate temporary ID in basic safety messages (BSMs), the apparatus comprising:a receiver configured to receive the BSMs from surrounding vehicles through packet transmission; and
a duplication identifier configured to identify the duplicate temporary ID based on the BSMs having an identical temporary ID value commonly used by at least two surrounding vehicles, wherein
the apparatus further comprises a packet error rate (PER) calculator configured to calculate a PER during a specified time for the BSMs having the identical temporary ID value, wherein
the duplication identifier configured to identify the duplicate temporary ID when the PER calculated by the PER calculator is greater than a PER threshold.

US Pat. No. 10,193,853

WEB BROWSER OR WEB SERVICE BASED DETECTION OF INTERNET FACING DNS SERVER

Workday, Inc., Pleasanto...

1. A system for determining an IP address of an Internet facing DNS server, comprising:an input interface configured to:
receive a request for a web page from a client system, wherein the client system comprises the Internet facing DNS server in communication with a user of the client system, wherein the request includes a detection URL; and
a hardware processor configured to:
determine an ID code from the detection URL;
determine the IP address of the Internet facing DNS server based at least in part on the ID code;
determine a distance between an internet facing DNS server geolocation and a user geolocation; and
provide, using the web page, one or more of the following: the internet facing DNS server geolocation or the distance between the internet facing DNS server geolocation and the user geolocation.

US Pat. No. 10,193,851

TECHNIQUES FOR MAPPING MACHINE TO MACHINE COMMUNICATION TO DIFFERENT UNDERLYING NETWORKS

ZTE Corporation, Shenzhe...

1. A method for facilitating Machine-to-Machine (M2M) communication, the method comprising:providing a first machine identification to an M2M node, the first machine identification being specific to an underlying communication network via which the M2M node is communicatively accessible;
acquiring a second machine identification given to the M2M node, the second machine identification being specific to an M2M application layer by which other M2M application layer entities can communicate with the M2M node, wherein
the second machine identification is added as an additional attribute to an application resource structure of the M2M node,
the application resource structure is included at a Common Services Entity of an Infrastructure Node, and the application resource structure represents information about the M2M application layer known to the Common Service Entity of the Infrastructure Node;
storing a mapping between the first machine identification and the second machine identification; and
triggering the M2M node using the mapping.

US Pat. No. 10,193,850

DISCOVERING QUESTIONS, DIRECTIVES, AND REQUESTS FROM, AND PRIORITIZING REPLIES TO, A PREFERRED MESSAGE SENDER METHOD AND APPARATUS

Notion AI, Inc., Ann Arb...

1. An online method operating in an electronic mail environment that re-prioritizes electronic messages according to identifiable requests and automates responses to the electronic messages, the online method comprising:collecting, at an electronic message server, one or more electronic messages directed to a user of the email environment;
implementing a parsing circuit to detect one or more actionable message content within a content of the electronic message, wherein the one or more actionable message content includes one or more of a query and a directive from a sender of the electronic message to a recipient;
in response to detecting the one or more actionable message content:
(i) implementing an electronic message analyzer circuit that analyzes the content of the electronic message and a historical message database, wherein the electronic message analyzer circuit calculates (a) an urgency score and (b) an importance score for the electronic message based on a result of the analysis of the content of the electronic message and an estimated sender-recipient relationship score derived from historical electronic messages exchanged between the sender and the recipient of the electronic message;
(ii) automatically generating, by a timer circuit, a timer value based on an input of the urgency score and the importance score;
(iii) automatically setting, by the timer circuit, a timer for automatically generating a disposition for the electronic message, wherein the timer comprises the timer value;
upon an expiry of the timer, automatically disposing the electronic message according to one or more predetermined dispositions if a reply to the electronic message is not generated by the recipient of the electronic message.

US Pat. No. 10,193,849

DETERMINING STORIES OF INTEREST BASED ON QUALITY OF UNCONNECTED CONTENT

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:storing user profiles for users of the social networking system, each user profile comprising connections between one of the users and pages of social networking system, the connections representing interactions performed by the users on the pages of the social networking system;
receiving a plurality of content items posted on an additional page of the social networking system;
determining, by a processor, from the plurality of content items, a subset of content items determined to be high quality content items, the determination of the high quality content items comprising: computing a quality score representing a lexical quality for the content item;
extracting topics from the content items of the subset by analyzing terms and phrases of the content items of the subset;
selecting one of the content items of the subset having an extracted first topic;
mapping the extracted first topic to one or more related pages of the social networking system, the mapping comprising:
determining a first rate of interactions performed by additional users of the social networking system on the content item and additional rates of interactions performed by the additional users on the one or more related pages by accessing connections stored in the user profiles of the additional users of the social networking system; and
comparing the first rate of interactions to each of the additional rates of interactions;
for one of the one or more related pages:
identifying a user of the social networking system that previously interacted with the related page and previously did not interact with the additional page by accessing the connections in a stored user profile for the user of the social networking system; and
providing the content item in a newsfeed for display to the user.

US Pat. No. 10,193,848

SYSTEM AND RELATED METHOD FOR MANAGEMENT OF DEVICES OF A NETWORK SYSTEM VIA SOCIAL MEDIA INTERFACES

Extreme Networks, Inc., ...

1. A non-transitory social media agent implemented at one or more hardware computer devices for exchanging network management messages with a network infrastructure device of a network system via one or more social media interfaces, the social media agent comprising:a social media interface configured to receive an incoming message having a first message configuration via a social media network;
a session agent configured to translate the received incoming message into a command executable by the network infrastructure device of the network system, wherein the executable command has a second message configuration different from the first message configuration;
a network management interface configured to receive a log message acknowledging receipt of the executable command from the network infrastructure device, wherein the log message has the second message configuration;
the session agent being configured to translate the log message into an outgoing message having the first message configuration and select the social media network or another social media network for transmitting the outgoing message based on content of the outgoing message and a messaging format requirement defined by the social media network; and
the social media interface being configured to transmit the outgoing message having the first message configuration via the social media network.

US Pat. No. 10,193,847

CONTEXTUAL FEED

Microsoft Technology Lice...

1. A computer-implemented method comprising:maintaining member profiles representing members in an on-line social network system, the on-line social network system comprising a news feed web page generator to generate news feed web pages for presentation to members represented by respective member profiles;
detecting events originated with the member profiles from web pages that are distinct from news feed pages generated for the respective member profiles by the news feed web page generator;
using at least one processor, generating contextual engagement features, based on the detected events, the contextual engagement features reflecting respective areas of a web site provided by the on-line social network system where respective events occurred;
including the contextual engagement features as training data for training a second pass ranker;
for a focus profile representing a focus member in the on-line social network system, detecting a request to generate news feed web page, generating focus contextual engagement features based on recent events data representing events originated with the focus member from web pages that are distinct from news feed pages previously generated for the focus member, the recent events data represents respective events detected within a predetermined period of time from the request to generate news feed web page for the focus member, and providing the focus contextual engagement features as input to the second pass ranker; and
generating, using the second pass ranker that was trained using the contextual engagement features, respective ranks for items in an inventory of updates identified as potentially of interest to a the focus member and selecting a subset of items from the inventory based on the generated respective ranks, the second pass ranker to generate the respective ranks using as input the focus contextual engagement features.

US Pat. No. 10,193,846

METHOD AND SYSTEM FOR REPORTING MESSAGE DISPOSITION IN A COMMUNICATION NETWORK

Telefonaktiebolaget LM Er...

1. A method of operating a messaging application server in a communication network, the method comprising:receiving a message originating from a sender mobile station, the message being addressed to a recipient mobile station, the message being received via a first protocol;
determining that the recipient mobile station is not operative to receive the message via the first protocol;
responsive to determining that the recipient mobile station is not operative to receive the message via the first protocol, converting the message into a format compliant with a second protocol different from the first protocol, wherein the recipient mobile station is operative to receive the converted message via the second protocol;
transmitting the converted message toward the recipient mobile station via the second protocol;
receiving a notification message comprising an indication that the converted message was delivered to the recipient mobile station;
generating a disposition notification message comprising an indication that the message was delivered to the recipient mobile station via a protocol different from the first protocol, wherein the indication that the message was delivered to the recipient mobile station via a protocol different from the first protocol comprises a status element in the disposition notification message populated with a predetermined value indicative of a type of protocol used to deliver the message to the recipient mobile station; and
transmitting the disposition notification message toward the sender mobile station via the first protocol.

US Pat. No. 10,193,845

PREDICTIVE ELECTRONIC MESSAGE MANAGEMENT SYSTEMS AND CONTROLLERS

The Travelers Indemnity C...

1. An electronic message processing apparatus, comprising:a transceiver device;
a processor in communication with the transceiver device; and
a computer-readable memory device in communication with the processor, the computer-readable memory device storing instructions that when executed by the processor direct the processor to:
receive data indicative of at least one rule for recognizing an interaction pattern in a plurality of interaction events;
receive data indicative of a plurality of interaction events associated with a specific user, the plurality of interaction events comprising at least one electronic message from the specific user;
determine a respective interaction type associated with each at least one electronic message from the specific user;
determine, based on (i) the data indicative of the plurality of interaction events associated with the specific user and (ii) the respective interaction type associated with each at least one electronic message from the specific user, at least one interaction outgoing message to transmit to the specific user; and
output, via the transceiver device, the at least one interaction outgoing message to a user message device associated with the specific user.

US Pat. No. 10,193,844

SECURE CLOUD-BASED MESSAGING AND STORAGE

Amazon Technologies, Inc....

1. A method comprising:identifying a first electronic message intended for delivery to at least a first recipient by a gateway module operating in association with a first server;
determining, by the gateway module, at least a first permission level of the first recipient;
determining, by the gateway module, that the first recipient is authorized to receive the first electronic message based at least in part on the first permission level and at least a portion of the first electronic message;
comparing, by the gateway module, at least the portion of the first electronic message to at least one storage criterion;
determining, by the gateway module, that at least the portion of the first electronic message satisfies the at least one storage criterion;
in response to determining that at least the portion of the first electronic message satisfies the at least one storage criterion, identifying a first secure folder associated with the portion of the first electronic message by the gateway module, wherein the first secure folder is provided in association with the first server;
storing, by the gateway module, at least the portion of the first electronic message in the first secure folder;
generating, by the gateway module, a second electronic message intended for delivery to the first recipient, wherein the second electronic message comprises a hyperlink to at least a portion of the first secure folder;
causing, by the gateway module, the second electronic message to be transmitted over a network to the first recipient;
receiving, by the gateway module, information regarding a first selection of the hyperlink over the network, wherein the first selection of the hyperlink is received at a first computer device;
in response to the first selection of the hyperlink, determining that the first computer device is associated with the first recipient by the gateway module; and
causing, by the gateway module, a first file comprising at least the portion of the first electronic message to be transmitted to the first computer device over the network via a first contact path associated with the first recipient.

US Pat. No. 10,193,843

COMPUTING SYSTEM WITH CONVERSATION MODELING MECHANISM AND METHOD OF OPERATION THEREOF

Samsung Electronics Co., ...

1. A computing system comprising:a control circuit configured to:
access a subject interaction representing communication between a customer and a service provider, wherein the communication comprises a textual or linguistic communication via an electronic medium,
parse the communication to identify a communication segment and a sourcing party associated with the communication segment from the subject interaction,
generate a message label for the communication segment based on one of a categorization or classification of the communication segment, and
generate a dialog-flow framework based on the message label for representing the subject interaction, wherein the dialog-flow framework comprises a set of patterns representing one or more communications between the customer and the service provider; and
a storage circuit, coupled to the control circuit, configured to store the dialog-flow framework.

US Pat. No. 10,193,842

WORKFLOW MANAGEMENT AND CORRESPONDING INTEGRATED NOTIFICATION PROCESSING PLATFORM

West Corporation, Omaha,...

1. A method, comprising:receiving, via a receiver of a device, a request message from a customer device;
identifying, via a processor of the device, the request message as being a particular message type;
pre-processing, via the processor of the device, the request message based on the identified message type to identify message content and keywords included therein, wherein the keywords comprise an auto-identified purpose related to the request message; and
displaying, via a display of the device, the identified message content and the identified keywords, wherein the identified keywords are distinguished from other message content thereby distinguishing the auto-identified purpose related to the request message from the other message content.

US Pat. No. 10,193,841

PRODUCT ONBOARDING VIA MESSAGES

Microsoft Technology Lice...

1. A computer-implemented method comprising:accessing, via one or more data sources, email content data describing an email type of an email to be transmitted to a particular member of an online social network service;
accessing, via the one or more data sources, candidate information identifying a set of candidate onboarding content items associated with the email type, each of the onboarding content items in the set being configured to promote a product feature associated with the online social network service;
removing, from the set, a first subset of the candidate onboarding content items, responsive to determining that the particular member has already been onboarded to products associated with the candidate onboarding content items in the first subset;
removing, from the set, a second subset of the candidate onboarding content items, responsive to determining that the particular member has previously viewed and not further interacted with the candidate onboarding content items in the second subset after being exposed to the candidate onboarding content in accordance with an impression capping rule that is tuned to the particular member; and
dynamically selecting, using one or more processors, a specific onboarding content item from the set of candidate onboarding content items for inclusion in a portion of the email along with content displayed in an additional portion of the email.

US Pat. No. 10,193,840

MESSAGE BLOCKING AND NETWORK QUEUING, FOR EXAMPLE WHILE RECIPIENT IS DRIVING

T-Mobile U.S.A., Inc., B...

15. A system, in a mobile telecommunications network, adapted to block delivery of messages to a destination mobile device located inside of a moving vehicle, the system comprising:a memory;
a processor coupled to the memory, wherein the system is further configured to:
receive, at the system, from a message originator, an incoming message to be delivered to the destination mobile device;
retrieve a driving status indicator from a Home Location Register (HLR) or a Home Subscriber Server (HSS) located within the mobile telecommunications network, wherein the driving status indicator provides an indication of whether the destination mobile device is in motion;
analyze the driving status indicator to determine whether the destination mobile device is in motion;
in response to determining when the destination mobile device is in motion, add the incoming message to a message queue, wherein the incoming message remains in the message queue without delivery to the destination mobile device as long as the destination mobile device remains in motion; and
in response to determining when the destination mobile device is not in motion, deliver the incoming message to the destination mobile device.

US Pat. No. 10,193,839

MANAGING SECURITY IN MESSAGING PROTOCOL COMMUNICATIONS

Amazon Technologies, Inc,...

1. A computer-implemented method for managing the execution of commands on a computing device utilizing a messaging protocol comprising:receiving, at a message processing service, from an administrative client device, information related to configuration of message processing functionality to publish messages to a subset of registered devices to receive messages published in accordance with a topic, wherein the messages are formed in accordance with the MQ Telemetry Transport protocol;
receiving, by the message processing service, a received message from a device, wherein the received message includes a topic portion that includes one or more levels associated with subject matter descriptors;
identifying, by the message processing service, a set of recipient devices registered to receive messages based on the topic portion of the messages;
processing, by the message processing service, the received message to identify a security identifier and additional information to select a subset of the recipient devices based on evaluation of at least one of a set of business rules or routing tables; and
publishing, by the message processing service, the processed received message based, at least in part, on the processing of the received message.

US Pat. No. 10,193,838

CONDITIONAL INSTANT DELIVERY OF EMAIL MESSAGES

Microsoft Technology Lice...

1. A method for delivery of a message, the method comprises:receiving the message from a client, wherein the message indicates a sender associated with a sender mailbox and a recipient associated with a recipient mailbox;
analyzing the message to determine that the recipient mailbox and the sender mailbox are in a domain managed by a single entity;
in response to determining that the recipient mailbox and the sender mailbox are not in the domain managed by the single entity, sending the message using a processing hub having a set of operations that include a queuing process for delivering the message to the recipient mailbox, wherein the set of operations further comprises at least one of malware scanning, compliance checking, SPAM filtering, creating copies of the message for redundancy for high availability purposes or a resolving process; and
in response to determining that the recipient mailbox and the sender mailbox are in the domain managed by the single entity, adding a direct delivery tag to the message, and sending the message using a direct delivery system having a subset of the set of operations that eliminates the queuing process for purposes of expediting delivery of the message to the recipient mailbox.

US Pat. No. 10,193,835

MESSAGE MANAGEMENT AND MESSAGE MODIFICATION APPLICATION

Open Invention Network LL...

1. A method, comprising:receiving a message from a user device at a network controller;
processing, by the network controller, the message to identify message content;
determining, by the network controller, whether the message should be modified based on the message content;
automatically filtering, by the networking controller, the message content if it includes information considered to be uninteresting;
automatically modifying the data based on user preferences if the network controller determines the message should be modified based on the message content;
determining, by the network controller, whether the message should be transmitted to its intended destination based on the message content;
determining, by the network controller, whether the message content relates to a particular issue;
forwarding, by the network controller, a first message that relates to the particular issue to a first predetermined storage location;
forwarding, by the network controller, subsequent messages that relate to the particular issue to a second predetermined storage location;
accumulating, by the network controller, a quantity of the stored subsequent messages that relate to the particular issue;
generating, by the network controller, a solution to the particular issue when the quantity of stored subsequent messages exceeds a threshold quantity; and
providing the solution to one or more user devices associated with the particular issue.

US Pat. No. 10,193,834

METHOD AND APPARATUS FOR DOWNLOADING AND DISPLAYING PICTURES

TENCENT TECHNOLOGY (SHENZ...

1. A computer-implemented method of downloading and displaying pictures associated with instant messages on a screen of a computing device, the method comprising:at the computing device having one or more processors and memory for storing program modules to be executed by the processors:
displaying a list of instant messages on the screen, at least one of the instant messages having an associated picture and including address information of the picture;
while the picture is being downloaded:
detecting a user instruction to slide the list of instant messages on the screen;
in response to the user instruction:
pausing the download of the picture;
determining, among the list of instant messages, a second instant message having an associated second picture and including address information of the second picture based on the user instruction; and
downloading the second picture associated with the second instant message according to the address information without receiving a download instruction from the user of the computing device.

US Pat. No. 10,193,833

ELECTRONIC MESSAGE COMPOSITION SUPPORT METHOD AND APPARATUS

OATH INC., New York, NY ...

1. A method comprising:receiving, by a server computing device from a client computing device, content of an electronic message being composed by a user at the client computing device prior to the electronic message being sent by the user to at least one recipient;
forwarding, by the server computing device, at least a portion of the received electronic message content to a number of linters, each linter using the at least a portion of the received electronic message content to determine whether a condition exists that merits feedback to the user, the number of linters comprising at least one linter to identify a grammatical condition, at least one linter to identify a stylistic condition and at least one linter to identify a functional condition, the at least one linter to identify a stylistic condition comprising a formality linter to identify a mismatch between a determined level of formality of the content of the electronic message and a desired level of formality;
receiving, by the server computing device, the electronic message content annotated to include feedback identifying at least one condition identified by the number of linters; and
forwarding, by the server computing device, the annotated electronic message content for display at the user computing device, the annotated electronic message content being forwarded as a prompt for the user to replace at least a portion of the electronic message's content displayed at the user computing device prior to the electronic message being sent to the at least one recipient, the annotated electronic message content comprising the content of the electronic message being composed by the user and annotation message content indicating the identified mismatch between a current level of formality of the content of the electronic message and the suggested level of formality.

US Pat. No. 10,193,832

NOTIFICATION DELIVERY MECHANISM FOR PRESENT VIEWING USERS

Google LLC, Mountain Vie...

1. A method comprising:identifying a notification to be sent to a user having a plurality of user devices;
determining presence of the user on a first user device of the plurality of user devices;
determining whether a media player on the first user device is playing media content; and
upon determining that the media player on the first user device is playing the media content, transmitting the notification to the first user device without transmitting the notification to other user devices of the plurality of user devices.

US Pat. No. 10,193,831

DEVICE AND METHOD FOR PACKET PROCESSING WITH MEMORIES HAVING DIFFERENT LATENCIES

Marvell Israel (M.I.S.L) ...

1. A packet processing system, comprising:a processor for processing units of data traffic received from a network;
a first memory composed of a first type of memory cells and disposed in proximity to the processor;
a second memory composed of a second type of memory cells that is different from the first type and being disposed further away from the processor than the first memory, wherein a head portion of a queue for queuing data units utilized by the processor is disposed in the first memory, and a tail portion of the queue is disposed in the second memory, wherein the second memory has a greater memory space than the first memory and the second memory is configured to receive bursts of high activity data traffic without dropping units of data traffic, the high activity data traffic being periodically received from the network at a data rate that is higher than a sustained data rate of the data traffic, the sustained data rate being indicative of an average rate at which data units are received over time; and
a queue manager configured to:
(i) manage the queue using a linked list, the linked list comprising linking indications between data units of the queue that are maintained across the first and second memories,
(ii) selectively push new data units to the tail portion of the queue at a burst data rate, at least some of the new data units from data traffic bursts of high-traffic activity, such that newer data units of the queue that are received during high-traffic activity are stored in the second memory at a rate that is higher than the sustained data rate, and generate a linking indication linking a new data unit to an earlier-received data unit that is physically located either in the head or tail portion of the queue, and
(iii) transfer, according to an order, a queued data unit from the tail portion of the queue disposed in the second memory to the head portion of the queue disposed in the first memory, without overloading the first memory, prior to popping the queued data unit from the head portion of the queue, such that older data units of the queue are stored in the first memory, and to update the linking indication for the queued data unit that is transferred from the tail portion to the head portion.

US Pat. No. 10,193,829

INDEFINITELY EXPANDABLE HIGH-CAPACITY DATA SWITCH

OMEGA SWITCHING SYSTEMS, ...

1. A packet-data switching system, the system comprising:a plurality of interconnecting switching nodes, each node having an embedded processor and a plurality of physical ports; and
a switch management processor for managing the plurality of switching nodes;
wherein each switching node is configured to receive a data packet at one of the plurality of ports and to process the data packet;
wherein processing the data packet includes at least one of:
routing the data packet to another of the plurality of ports of the switching node for egress from the switching system;
routing the data packet to another of the plurality of switching nodes;
routing the data packet to the embedded processor; and
routing the data packet to the switch management processor;
wherein processing the data packet includes identifying, as switching system ingress data packets, data packets that are entering the switching system and wherein processing a switching system ingress data packet includes:
identifying, as an ingress node, the switching node via which the data packet entered the switching system;
determining a destination of the data packet;
using the destination to identify, as the egress node, a switching node via which the data packet will exit the switching system;
determining a path from the ingress node to the egress node, the path including at least one switching node;
determining, for each of the at least one switching node in the path, a physical address of an egress port for transmitting the data packet to the next step in the path;
representing the path as a list of the addresses of at least one egress port, in the order of the switching nodes that the data packet will encounter on its way to the egress port of the egress node, wherein the egress port of the egress node is at the back of the list;
modifying a data packet header to include the list of addresses of egress ports; and
routing the data packet through the switching system using the list of addresses of egress ports, wherein at the egress node, the data packet header is restored to its original condition before the data packet egresses the switching system.

US Pat. No. 10,193,828

EDGE DATAPATH USING INTER-PROCESS TRANSPORTS FOR CONTROL PLANE PROCESSES

NICIRA, INC., Palo Alto,...

1. A method for implementing a gateway datapath for a logical network, the gateway datapath comprising a plurality of pipeline stages corresponding to entities of the logical network, the method comprising:receiving a packet from a network external to the logical network at the gateway datapath, the gateway datapath executing in a user space of the computing device;
executing a first set of pipeline stages in the plurality of pipeline stages to process the received packet, the plurality of pipeline stages corresponding to logical entities along the data path, wherein one of the pipeline stages of the first set identifies the packet as a control plane packet; and
based on the identification of the packet as a control plane packet, transporting the packet to a kernel network stack via a user-kernel transport, wherein the network stack provides the packet to a control plane process, wherein transporting the packet to the kernel network stack bypasses a second set of pipeline stages in the plurality of pipeline stages subsequent to the particular pipeline stage.

US Pat. No. 10,193,827

HOT CARRIER INJECTION TOLERANT NETWORK ON CHIP ROUTER ARCHITECTURE

1. An apparatus comprising:a plurality of input buffers that receives a plurality of input buffer data bits;
a plurality of multiplexers that shuffles the plurality of input buffer data bits to output multiplexer outputs, wherein the multiplexer outputs are buffered by a plurality of buffers to output a plurality of shuffled input buffer data bits;
a coupling module comprising semiconductor gates that switches first input buffer data bits of the plurality of input buffer data bits at the plurality of input buffers from first shuffled input buffer data bits to second shuffled input buffer data bits using the plurality of multiplexers in response to reaching an end of a time interval to reduce hot carrier injection for the apparatus;
a selector comprising semiconductor gates that receives the plurality of shuffled input buffer data bits at a plurality of decoders and selects, using the plurality of decoders, a virtual channel path to a virtual channel of the plurality of virtual channels for the shuffled input buffer data bits;
a connection module comprising semiconductor gates that switches the second shuffled input buffer data bits from a first virtual channel to a second virtual channel of the plurality of virtual channels using the plurality of decoders in response to reaching the end of the time interval to reduce the hot carrier injection for the apparatus.

US Pat. No. 10,193,826

SHARED MESH

INTEL CORPORATION, Santa...

1. A shared mesh comprising:an interconnect fabric on a die;
a plurality of tiles on the die coupled to the interconnect fabric, at least some of the plurality of tiles comprising
a mesh station comprising
a logic unit;
a first port coupled to the logic unit;
a second port coupled to the logic unit; and
a third port coupled to the logic unit;
a first core component coupled to the first port at a first side of the mesh station; and
a second core component that is flipped relative to the first core component to connect to the second port at a second side of the mesh station that is opposite to the first side to reduce an area of the shared mesh,
wherein the logic unit is configured to communicate data between the first core component and the interconnect fabric through the first port and the third port and wherein the logic unit is configured to communicate data between the second core component and the interconnect fabric through the second port and the third port; and
a memory coupled to the mesh station that is shared by the first core component and the second core component, wherein the logic unit is to identify each of the first core component and the second core component, to map a first identifier associated with the first core component to a first broadcast vector and a second identifier associated with the second core component to a second broadcast vector and to determine credits for the first core component and the second core component.

US Pat. No. 10,193,825

CAPACITY-BASED SERVER SELECTION

Avi Networks, Santa Clar...

1. A method, comprising:receiving a network request;
identifying a plurality of servers eligible to handle the network request and a determined traversal order of the plurality of servers eligible to handle the network request;
traversing at least a portion of the plurality of eligible servers in the determined traversal order to identify that a selected server of the plurality of servers eligible to handle the network request has a non-zero higher load as opposed to another server of the plurality of servers that has a lower load;
at least in part in response to the identification that the selected one of the plurality of servers has the non-zero higher load as opposed to the another server of the plurality of servers that has the lower load, determining to assign the network request to the selected server with the non-zero higher load, wherein the selected server has a load threshold that is dynamically exceedable based at least in part on a load level of a next server in the determined traversal order of the plurality of servers; and
enabling the selected server to handle the network request.

US Pat. No. 10,193,824

SYSTEMS AND METHODS FOR INTELLIGENT APPLICATION GROUPING

RISC Networks, LLC, Ashe...

1. A method comprising,collecting communication data travelling among a plurality of computing nodes in a networked environment;
using the communication data to create a plurality of connectivity records, wherein each connectivity record comprises a communication between a source computing node and a destination computing node of the plurality of computing nodes, wherein the communication comprises a source IP address of the source computing node, wherein the communication comprises a destination IP address of the destination computing node;
associating the communication with an application context;
associating the communication with a protocol;
defining a plurality of service oriented architecture groups, wherein a service oriented architecture group comprises one or more computing nodes of the plurality of computing nodes that run a service oriented architecture application;
processing the plurality of connectivity records to eliminate connectivity records that meet at least one criteria, wherein the plurality of connectivity records includes associated application contexts and protocols, the processing including examining each connectivity record of the plurality of connectivity records to determine whether the at least one criteria is met wherein the at least one criterion includes a source IP address of a connectivity record of the plurality of connectivity records matching a computing node belonging to a service oriented architecture group, wherein a first portion of the plurality of connectivity records comprises the eliminated connectivity records, wherein a second portion of the plurality of connectivity records comprises the remainder of the connectivity records;
building a graph using the second portion of the connectivity records.

US Pat. No. 10,193,823

RICH RESOURCE MANAGEMENT INCORPORATING USAGE STATISTICS FOR FAIRNESS

Microsoft Technology Lice...

1. A system comprising:a processor and memory; and
an application executed by the processor and memory, the application configured to:
receive feedback from a target regarding ability of a plurality of resources of the target to service requests from one or more clients, the feedback including a metric indicative of a load of each of the resources;
calculate weights for the resources based on the feedback, wherein a weight for a resource is based on a product of a first term that determines a maximum difference in probabilities of selection between two resources and a second term including an exponent that is a difference between a current load of the resource and a current minimum load across the resources determined based on the feedback; and
select, for servicing a request from one of the clients, one of the resources in round robin manner based on the weights of the resources to evenly utilize the plurality of resources.

US Pat. No. 10,193,822

PREDICTIVE AUTO-SCALING AND REACTIVE AUTO-SCALING FOR NETWORK ACCESSIBLE MESSAGING SERVICES

Amazon Technologies, Inc....

1. A service provider network comprising:a network-accessible message processing service comprising asynchronous messaging protocol (AMP) infrastructure and configured to process messages;
a message prediction service configured to analyze control metrics for the network-accessible message processing service;
a resource management service configured to (i) predict, based upon the analyzing, a predicted level of resources needed by the network-accessible message processing service for processing of messages, and (ii) allocate, based at least in part upon the predicted level of resources, a first level of resources for the network-accessible message processing service for processing of messages;
a network-accessible queuing service configured to receive a stream of messages for processing by the network-accessible message processing service; and
a health check service configured to monitor an enqueue rate of messages at the network-accessible queuing service,
wherein based upon the monitoring, the resource management service is further configured to adjust the first level of resources for the network-accessible message processing service to a second level of resources.

US Pat. No. 10,193,821

ANALYZING RESOURCE PLACEMENT FRAGMENTATION FOR CAPACITY PLANNING

Amazon Technologies, Inc....

1. A distributed system, comprising:a plurality of resource hosts implementing a plurality of resources for the distributed system;
a capacity manager implemented via one or more hardware processors and memory and configured to:
access resource utilization data collected for the plurality of resource hosts;
analyze the resource utilization data to determine one or more capacity fragmentation measures that are associated with unutilized capacity of the distributed system unusable for placement of additional resources according to one or more placement constraints for placing resources in the distributed system, wherein the one or more placement constraints comprise an infrastructure diversity constraint to place a resource with respect to another one or more resources, and wherein to analyze the resource utilization data comprises to determine a number of possible resource placements amongst the resource hosts that satisfy the infrastructure diversity constraint;
update a capacity model for the distributed system to indicate an available capacity for placing additional resources at the distributed system based, at least in part, on the one or more capacity fragmentation measures;
compare the available capacity to a capacity threshold; and
responsive to a determination that the available capacity crosses the capacity threshold, perform at least one of:
generating a notification of a deficient state of the available capacity,
triggering a modification in total capacity of the distributed system, or
triggering a diversion of additional resource placement requests with respect to the distributed system.

US Pat. No. 10,193,820

SYSTEM AND METHOD FOR OPTIMIZING RESOURCE UTILIZATION IN A CLUSTERED OR CLOUD ENVIRONMENT

MessageOne, Inc., Austin...

1. A method comprising:on a computer cluster comprising a plurality of computers:
calculating first resource apportionments from a current set of consumable resources for each of a plurality of reservations;
wherein each reservation corresponds to one of a plurality of customers;
wherein each customer's aggregate resource apportionment comprises a sum of the calculated first resource apportionments for the customer's reservations;
running an apportionment process relative to the plurality of reservations, the running comprising attempting to apportion to each reservation its first resource apportionment;
wherein the running yields an actual first resource apportionment for each reservation;
wherein each customer's actual first resource apportionment comprises a sum of the actual first resource apportionments for the customer's reservations;
creating a set of unfulfilled reservations, the set comprising reservations that have not yet attained at least one of the first resource apportionments and grossed-up first resource apportionments;
responsive to an indication of unapportioned resources following the running, performing a first optimization to increase resource utilization by at least one needy customer;
wherein each needy customer represents one of the customers with an unfulfilled reservation, and an unfulfilled reservation represents a reservation whose actual first resource apportionment is less than its calculated first resource apportionment;
identifying one or more provisions of the current set of consumable resources that has remaining available resources;
wherein each provision comprises resources of the current set of consumable resources that provide a same set of resource profiles;
wherein each resource profile represents properties that define, at least in part, which resources a customer reservation can consume and/or serve;
for each provision of the one or more provisions:
generating a set of available resource profiles for the provision;
acquiring at least one set of a plurality of profile entries;
filtering the at least one set of profile entries by the available resource profiles to yield at least one filtered set of the plurality of the profile entries;
placing each unfulfilled reservation of the set of reservations into a profile set based on the reservation's resource profile; and
computing a smallest total resource need for each profile set;
for each profile entry of the at least one filtered set:
fetching the profile entry;
fetching a profile set corresponding to the fetched profile entry;
computing a resource quantity to apply to each unfulfilled reservation of the profile set; and
apportioning the resource quantity to each unfulfilled reservation of the profile set.

US Pat. No. 10,193,819

ADAPTIVE THROTTLING FOR SHARED RESOURCES

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:providing a requestor with a determined number of work units, the determined number of work units enabling the requestor to obtain an amount of work from a resource in a multi-tenant environment;
receiving a request from the requestor to perform an input/output (I/O) operation with respect to the resource, the I/O operation requiring at least one work unit in excess of the determined number of work units;
determining a multi-tenant environment performance criterion;
providing the requestor a sufficient number of borrowed work units to complete the I/O operation based at least in part upon an analysis of the multi-tenant environment performance criterion; and
associating a negative work unit value with the requestor based at least in part on the sufficient number of borrowed work units, the negative work unit value representing a time period to restore a normal operating state, wherein a maximum number of work units available for work requesting parties is required to be reattained by the requestor before the requestor is allowed to request additional work units.

US Pat. No. 10,193,818

METHOD AND APPARATUS FOR ALLOCATING BANDWIDTHS, AND COMPUTER STORAGE MEDIUM

1. A method for allocating bandwidths, comprising:establishing a database storing use records of application services used by a user, compiling statistics on attributes and use frequencies of the application services according to the use records, by a network access device;
extracting features from the application services so as to generate, for each of the application services, a feature vector that uniquely identifies the each of the application services;
classifying the application services according to the attributes, the use frequencies and the features of the application services, and allocating bandwidths to each of the application services based on the classified classes,
wherein compiling statistics on attributes and use frequencies of the application services comprises:
determining a period;
compiling statistics on attributes and use frequencies of the application services used by the user within the period;
sorting each of the application services in accordance with the use frequencies, and
outputting a use frequency-based sorted table;
wherein the use frequency is

 wherein T2 represents a time when one of the application services is terminated to be used, T1 represents a time when the application service is started to be used, C represents times that the application service has been used within the period, and T represents a total time of the period.

US Pat. No. 10,193,817

METHOD, AND NETWORK SYSTEM

FUJITSU LIMITED, Kawasak...

1. A method executed in a network system including a plurality of relay devices and an analyzer device, each of the plurality of relay devices including a first memory, the analyzer device including a second memory configured to store one or more of connection information, the method comprising:receiving, by any of the plurality of relay devices, a packet for establishing a connection, the received packet including the connection information related to the connection;
storing, by the any of the plurality of relay devices, the connection information included in the received packet into the first memory of the any of the plurality of relay devices;
generating, by the any of the plurality of relay devices, a copied packet by copying the received packet;
transmitting, by the any of the plurality of relay devices, the generated copied packet to the analyzer device;
receiving, by the analyzer device, a plurality of copied packets including the generated copied packet from the any of the plurality of relay devices, the plurality of received copied packets respectively including the connection information;
determining, by the analyzer device, for each of the plurality of copied packets, whether the connection information included in the received copied packet matches with any of the one or more of connection information stored in the second memory of the analyzer device;
when it is determined that the connection information included in the received copied packet does not match with any of the one or more of connection information stored in the second memory, considering a source relay device from which the received copied packet is received as a first relay device, and storing the connection information of the received copied packet in association with identifier of the first relay device into the second memory of the analyzer device;
when it is determined that the connection information included in the received copied packet matches with any of the one or more of connection information stored in the second memory, considering the source relay device as a second relay device, and transmitting, from the analyzer device to the second relay device, instruction information for instructing not to transmit the copied packet associated with the connection information included in the received copied packet; and
in response to reception of the instruction information, deleting, by the second relay device, the connection information indicated by the instruction information from the first memory of the second relay device.

US Pat. No. 10,193,816

METHOD FOR OPERATING AN INFORMATION-CENTRIC NETWORK AND NETWORK

NEC CORPORATION, Tokyo (...

1. A method for operating an information-centric network (ICN) in which at least a first named data object (NDO) is addressable, the method comprising:implementing, in the ICN, software-defined networking (SDN) with an SDN controller; and
performing, by the SDN controller, network-wide request aggregation in the ICN by:
detecting an initial request for the first NDO received at a first ingress node of the ICN,
detecting one or more additional requests for the first NDO received at one or more additional ingress nodes of the ICN, and
aggregating the initial request for the first NDO received at the first ingress node and the one or more additional requests for the first NDO received at the one or more additional ingress nodes.