US Pat. No. 10,368,266

EFFICIENT UPLINK SCHEDULING MECHANISMS FOR DUAL CONNECTIVITY

Sun Patent Trust, New Yo...

1. A mobile node comprising:circuitry, which, in operation,
connects to a master base station and to a secondary base station via a split bearer that is split between the master base station and the secondary base station in a Packet Data Convergence Protocol (PDCP) layer;
determines whether a total buffer occupancy of the PDCP layer in the mobile node exceeds a threshold;
responsive to the total buffer occupancy exceeding the threshold, splits the total buffer occupancy of the PDCP layer into both a first PDCP buffer occupancy value for the master base station and a second PDCP buffer occupancy value for the secondary base station;
responsive to the total buffer occupancy not exceeding the threshold, splits the total buffer occupancy of the PDCP layer based on a defined split ratio into a first PDCP buffer occupancy value for the master base station and a second PDCP buffer occupancy value for the secondary base station, wherein the defined split ratio is configured such that one of the first and second PDCP buffer occupancy values is equal to the total buffer occupancy, and the other one of the first and second PDCP buffer occupancy values is equal to zero; and
a transmitter, which is coupled to the circuitry and which, in operation, transmits a first buffer status report based on the first PDCP buffer occupancy value to the master base station responsive to the first buffer occupancy value being more than zero, and a second buffer status report based on the second PDCP buffer occupancy value to the secondary base station responsive to the second buffer occupancy value being more than zero.

US Pat. No. 10,368,265

ENHANCED MECHANISM OF BUFFER STATUS REPORTING TO MULTIPLE SCHEDULERS IN A WIRELESS NETWORK

HFI Innovation INC., Hsi...

1. A method comprising:calculating a buffer status value by a user equipment (UE) in a multi-carrier wireless network with inter-base station carrier aggregation (CA), wherein the UE is configured with multiple logical channels (LCs) that belong to one or more logical channel groups (LCGs);
associating a first MAC entity with a first base station;
associating a second MAC entity with a second base station;
detecting a buffer status report (BSR) triggering event;
selecting one or more base stations of the first base station and the second base station for more BSR reports, wherein the UE receives uplink (UL) resource grants for a new transmission from one or more base stations of the first base station and the second base station;
generating one or more BSR reports for the selected one or more base stations; and
transmitting the one or more BSR reports to the selected one or more base stations.

US Pat. No. 10,368,264

METHOD FOR TRIGGERING A BUFFER STATUS REPORTING IN DUAL CONNECTIVITY AND A DEVICE THEREFOR

LG ELECTRONICS INC., Seo...

1. A method for a user equipment (UE) operating in a wireless communication system, the UE including a processor having a packet data convergence protocol (PDCP) entity, a first Medium Access Control (MAC) entity and a second MAC entity, the method comprising:based on a first total amount of uplink data available for transmission being less than a threshold value, the first total amount based on first PDCP data:
indicating, by the PDCP entity to the first MAC entity, a volume of the first PDCP data that is available for transmission by the first MAC entity, thereby triggering transmission of a first buffer status report (BSR) by the first MAC entity; and
indicating, by the PDCP entity to the second MAC entity, that a volume of the first PDCP data that is available for transmission by the second MAC entity is ‘0’ so that no BSR is generated by the second MAC entity;
based on a second total amount of uplink data available for transmission being greater than the threshold value, the second total amount based on second PDCP data:
indicating, by the PDCP entity to the second MAC entity, a volume of the second PDCP data that is available for transmission by the second MAC entity, thereby triggering transmission of a second BSR by the second MAC entity.

US Pat. No. 10,368,263

METHOD FOR FORMING BEARER FOR PUBLIC SAFETY IN WIRELESS COMMUNICATION SYSTEM AND DEVICE THEREFOR

Samsung Electronics Co., ...

1. A bearer establishment method of a mobility management entity (MME), the method comprising:receiving a service request message for a public safety service, the service request message including information on a mission critical push to talk over long-term evolution (MCPTT) type;
determining a type of an MCPTT service based on the information on the MCPTT type; and
establishing a bearer with a priority higher than a priority of a preconfigured bearer based on the type of the MCPTT service.

US Pat. No. 10,368,262

ENHANCING QUALITY OF SERVICE FOR HIGH PRIORITY SERVICES

Apple Inc., Cupertino, C...

1. A method for operating a user equipment device (UE) communicating with a packet switched network, the method comprising:at the UE:
establishing a first bearer having first quality of service (QoS) characteristics associated with a first priority, wherein the first bearer is a dedicated IP multimedia subsystem (IMS) signaling bearer used only for IMS signaling messages, wherein the first bearer is a default IMS signaling bearer, wherein the first QoS characteristics are identified by a QoS class identifier (QCI) value of 5;
establishing a second bearer having second QoS characteristics associated with a second priority lower than the first priority, wherein the second bearer is also a dedicated IMS signaling bearer used only for IMS signaling messages, wherein the second QoS characteristics are identified by a QCI value other than 5;
using the first bearer for communication for a first set of messages having the first priority; and
using the second bearer for communication for a second set of messages having the second priority.

US Pat. No. 10,368,261

SYNCHRONIZATION METHOD AND APPARATUS FOR D2D COMMUNICATION

Samsung Electronics Co., ...

1. A device-to-device (D2D) communication method in a user equipment (UE), the method comprising:receiving, from a network entity, configuration information comprising information of a first threshold;
acquiring information of a second threshold;
if the UE is in a network coverage for D2D communication, measuring a reception power of a first synchronization signal received from a base station, the first synchronization signal comprising a reference signal for D2D communication;
if the reception power of the first synchronization signal received from the base station is less than the first threshold, determining that the UE operates as a new synchronization reference UE to transmit a synchronization signal for D2D communication and D2D resource configuration information indicating a D2D resource region;
if the UE is out of the network coverage for D2D communication, measuring a reception power of a second synchronization signal received from another synchronization reference UE; and
if the reception power of the second synchronization signal received from the other synchronization reference UE is less than the second threshold, determining that the UE operates as the new synchronization reference UE to transmit the synchronization signal for D2D communication and D2D resource configuration information indicating a D2D resource region.

US Pat. No. 10,368,260

METHOD AND UE FOR MEASURING CSI-RS

Samsung Electronics Co., ...

1. A method to measure a channel state indication (CSI)-reference signal (RS) in a user equipment (UE), the method comprising:receiving a signal including configuration information and combination information, the combination information indicating a combination of at least two CSI-RS resources selected from among a plurality of CSI-RS resources;
obtaining a resource location based on the combination information and the configuration information; and
measuring the CSI-RS based on the resource location,
wherein the at least two CSI-RS resources indicated by the combination information are located adjacent to each other on a frequency domain, and
wherein the plurality of CSI-RS resources are represented as symbols 5 to 6 of subcarriers 2 to 4 and 7 to 9, symbols 9 to 10 of all subcarriers, and symbols 12 to 13 of subcarriers 2 to 4 and 7 to 9 , if an antenna port number is larger than 2, and the plurality of CSI-RS resources are represented as symbols 5 to 6 of subcarriers 2 to 5 and 7 to 10, symbols 9 to 10 of all subcarriers, and symbols 12 to 13 of subcarriers 2 to 5 and 7 to 10, if the antenna port number is smaller or equal to 2.

US Pat. No. 10,368,259

METHOD FOR DETERMINING SENSOR NETWORK DELAY TIME

King Fahd University of P...

1. A method of operating a computer system to determine the performance of a wireless sensor network including a plurality of sensors, the method comprising:selecting, a sensor distribution pattern for a geographical region where the sensors are to be deployed; determining a location for a base station in the geographical region;
generating by circuitry, a plurality of sensor clusters, each sensor cluster of the plurality of sensor clusters being formed by one of a first grouping mechanism and a second grouping mechanism, the first grouping mechanism forming the sensor cluster based on a strength of a signal transmitted by each sensor, that is received by the base station, and the second grouping mechanism forming the sensor cluster based on a location of the sensor and an energy level of the sensor;
allocating, for each sensor included in the generated sensor cluster, a time-slot within a time-frame corresponding to the sensor cluster, the time-slot being utilized for transmitting a data packet from the sensor to the base station; and
evaluating by the circuitry, the performance of the first grouping mechanism and the second grouping mechanism for the selected sensor distribution pattern and base station location, by computing at least a ratio of delivered data packets to the base station to a total energy consumption, and a first delay and a second delay incurred by each data packet, wherein the first delay is an average intra-cluster delay of from 0.2 to 1 second and the second delay is an average inter-cluster delay of less than 20 seconds,
wherein the selected sensor distribution pattern is a grid pattern wherein the sensors are disposed in a manner such that a distance between adjacent sensors is a predetermined distance, in a normal distribution pattern a principle number of sensors are disposed in the center of the geographical region, and in a exponential distribution pattern, a principle number of sensors are disposed in the corner of the geographical region.

US Pat. No. 10,368,258

INTERACTIONS AMONG MOBILE DEVICES IN A WIRELESS NETWORK

Empire Technology Develop...

1. A method performed under control of a first communication device to synchronize the first communication device with a second communication device, the method comprising:receiving information of the second communication device, wherein the information indicates an approximate physical distance between the first communication device and the second communication device;
determining, based on the information, a variable round-trip time for data transmission between the first communication device and the second communication device; and
synchronizing the first communication device with the second communication device based on the determined variable round-trip time, wherein synchronizing the first communication device includes inserting a dataset in data to be transmitted from the first communication device.

US Pat. No. 10,368,257

COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, PROGRAM, AND COMMUNICATION CONTROL SYSTEM

SONY CORPORATION, Tokyo ...

1. A communication control device, comprising:processing circuitry configured to
determine a communication status of wireless communication of image information from an image shooting device, the communication status indicating when an obstacle is within a first area associated with a first communication path of a plurality of communication paths, based on an operating room image captured by an operating room camera showing a situation of an operating room, each of the communication paths being a different line of sight communication path,
acquire information on a surgical site image captured by the image shooting device for display control of the surgical site image, and
select a second communication path of the communication paths from the image shooting device based on the determined communication status indicating when the obstacle is within the first area associated with the first communication path.

US Pat. No. 10,368,256

MONITORING OPERATIONAL CAPABILITY OF A MOBILE COMMUNICATION DEVICE IN A NETWORK

Eagle Technology, LLC, M...

1. A method for monitoring an operational capability of a mobile communication device (MCD) in a network, comprising:using a land mobile radio (LMR) transceiver implementing a LMR wireless communication protocol to facilitate at least narrowband voice communications for the MCD through an LMR network when communicating with a remote dispatch center;
using a broadband cellular network (BCN) modem in communication with the MCD for implementing a BCN wireless communication protocol to facilitate at least broadband data communications between the MCD and the remote dispatch center;
determining a BCN access interruption wherein the broadband data communication through the BCN is temporarily not possible for the MCD; and
responsive to the determining, automatically communicating from the MCD to the remote dispatch center a notification of the BCN access interruption, by using the LMR network.

US Pat. No. 10,368,255

METHODS AND APPARATUS FOR CLIENT-BASED DYNAMIC CONTROL OF CONNECTIONS TO CO-EXISTING RADIO ACCESS NETWORKS

Time Warner Cable Enterpr...

1. A method for enhancing wireless connectivity for a mobile client device, the method comprising:receiving data from a first radio frequency (RF) receiver apparatus of the mobile client device;
evaluating, using a computerized process operative to run on the mobile client device, at least a portion of the received data to determine the presence of a first type of wireless signal; and
modifying, based on the determination of the presence of the first type of wireless signal, an energy detection (ED) threshold associated with a wireless interface of the mobile device, the wireless interface utilizing a second type of wireless signal, the modifying based at least in part on the data from the first RF receiver apparatus and configured to cause the mobile client device to preferentially utilize the wireless interface and the second type of wireless signal for data communications over the first type of wireless signal.

US Pat. No. 10,368,254

DATA FORWARDING METHOD AND CONTROLLER

Huawei Technologies Co., ...

1. A controller comprising:a processor; and
a memory storing instructions that when executed by the processor configure the processor for:
obtaining first identification information of a terminal, wherein the first identification information comprises terminal capability information, service type information, and quality of service QoS information of the terminal;
obtaining information about an access standard supported by a network node accessed by the terminal;
determining N functional modules in L network nodes from M network nodes according to the first identification information, wherein the N functional modules are configured to process a data stream that corresponds to a service of the terminal; and
configuring, for the L network nodes, corresponding forwarding entries for forwarding the data stream, wherein the forwarding entries are used to enable the L network nodes to process the data stream by using the N functional modules,
wherein the determining the N functional modules in the L network nodes from the M network nodes according the first identification information comprises:
determining, according to the terminal capability information of the terminal, information about an access standard supported by the terminal;
determining an access standard of the terminal according to the information about an access standard supported by the terminal and the information about an access standard supported by a network node accessed by the terminal; and
selecting the N functional modules in the L network nodes from the M network nodes according to the access standard of the terminal, the service type information, and the QoS information.

US Pat. No. 10,368,253

SYSTEM AND METHOD FOR MANAGING DUAL CONNECTIVITY WITH DYNAMIC ANCHOR CELL SELECTION

1. A system, comprising:a processing system including a processor; and
a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations comprising:
determining a plurality of dual connectivity ratings for a plurality of neighbor cells of a serving cell of a mobile cellular network, wherein the plurality of dual connectivity ratings are determined via a plurality of configuration update messages received from the plurality of neighbor cells;
identifying a dual connectivity capability of a mobile communication device that engages in wireless communications coordinated by the serving cell;
identifying a target cell of the plurality of neighbor cells based on a dual connectivity rating of the plurality of dual connectivity ratings; and
facilitating initiation of a dual connectivity service via the target cell based on the dual connectivity capability of the mobile communication device, wherein the target cell serves as a master cell of the dual connectivity service, and wherein the dual connectivity service comprises exchanging user plane messages between the mobile communication device, the master cell and a secondary cell of the mobile cellular network.

US Pat. No. 10,368,252

ELECTRONIC DEVICE FOR CONTROLLING INTELLIGENT ANTENNA MODULE AND METHOD FOR CARRYING OUT INTELLIGENT FAST ANTENNA STEERING TECHNOLOGY (IFAST)

CUMITEK INC., (TW)

1. A method for carrying out an intelligent fast antenna steering technology (iFAST) in a wireless network transceiving device, being implemented into the wireless network transceiving device by a form of an electronic chip comprising a memory module, a media access controlling (MAC) module, a baseband processor, and at least one transceiver module; moreover, the wireless network transceiving device having an intelligent antenna module comprising a plurality of antenna units, a plurality of signal inputting electrodes and a plurality of control electrodes; wherein the method comprising following steps:(1) providing an intelligent fast antenna steering (iFAST) unit, an application interface (API) unit, and a WiFi driver unit in the memory module, and enabling the iFAST unit;
(2) determining whether a specific timer event is triggered for driving the intelligent antenna module to start a comprehensively-directional antenna scan; if yes, proceeding to step (3); otherwise, proceeding back to the step (2);
(3) determining whether each of wireless station entry records in at least one MAC station entry table contained by the MAC module has been accessed; if yes, proceeding to step (4); otherwise, proceeding back to the step (2);
(4) accessing the wireless station entry records that have never been accessed so as to correspondingly establish a plurality of antenna direction data structures (antDir) after the intelligent antenna module completed the comprehensively-directional antenna scan;
(5) determining whether there are any antenna setting entry records in the antenna direction data structures that have never been accessed; if yes, proceeding to step (6); otherwise, proceeding to step (9);
(6) the baseband processor varying settings of the intelligent antenna module according to a plurality of antenna settings described in the antenna setting entry records, so as to make the iFAST unit subsequently access multi wireless network parameters of wireless signals received by the wireless network transceiving device from corresponding wireless stations;
(7) after a certain period of time passes, the iFAST unit accessing the wireless network parameters of the wireless signals again, and then storing the wireless network parameters into the corresponding antenna direction data structures;
(8) the iFSAT unit calculating a plurality of wireless network weights based on the wireless network parameters, and then updating the corresponding wireless network weights into the relative antenna setting entry records of the antenna direction data structures; subsequently, proceeding back to the step (5); and
(9) selecting a best wireless network weight from the plurality of wireless network weights in the antenna setting entry records of the antenna direction data structure, wherein the antenna direction data structure is corresponding to one specific wireless station entry record for describing one specific wireless station; and then, the iFAST unit updating the wireless network parameters stored in the antenna setting entry record having the best wireless network weight into the wireless station entry record; subsequently, proceeding back to the step (3).

US Pat. No. 10,368,251

SATELLITES AND SATELLITE-BASED SYSTEMS FOR GROUND-TO-SPACE SHORT-BURST DATA COMMUNICATIONS

SPACEWORKS ENTERPRISES, I...

1. A system, comprising:one or more ground transmitters, wherein each of the one or more ground transmitters corresponds to a particular physical asset;
one or more small form factor satellites deployed in low Earth orbit to transmit data to and receive data from the one or more ground transmitters and one or more downlink receivers; and
wherein each of the one or more small form factor satellites comprises:
a generally rectangular cuboid-shaped body, comprising a nadir-pointing nose end hingedly coupled to at least two rectangular-shaped folding wings,
wherein the at least two rectangular-shaped folding wings are proximate the body when not deployed and fold away from the body to a generally orthogonal position when deployed, and
wherein each of the at least two rectangular-shaped folding wings comprise a first panel and a second panel connected together by a panel hinge.

US Pat. No. 10,368,250

APPARATUS AND METHODS FOR COMMUNICATING WITH ULTRA-WIDEBAND ELECTROMAGNETIC WAVES

1. A method, comprising:generating, by a first waveguide system, a first plurality of electromagnetic waves according to a first communication signal, wherein the first plurality of electromagnetic waves conveys the first communication signal; and
guiding, by the first waveguide system, the first plurality of electromagnetic waves along a first span of a transmission medium, wherein the first span is supported by a first supporting device and a second supporting device, wherein the first waveguide system and a second waveguide system are coupled to the first span, wherein the first plurality of electromagnetic waves is directed to the second waveguide system, and wherein the first plurality of electromagnetic waves propagates along the first span of the transmission medium without requiring an electrical return path and without traversing the first supporting device or the second supporting device.

US Pat. No. 10,368,249

MODELING FIBER CABLING ASSOCIATED WITH CELL SITES

ETAK Systems, LLC, Hunte...

1. A method for creating a three-dimensional (3D) model of a cell site and associated fiber connectivity, the method comprising:identifying fiber connectivity at or near the cell site;
obtaining first data capture of the fiber connectivity at or near the cell site;
following one or more paths similar to one or more paths of the fiber connectivity while obtaining second data capture of the fiber connectivity leading away from the cell site;
obtaining third data capture of the cell site including a cell tower, associated cell site components on the cell tower, one or more buildings, and surrounding geography around the cell site;
utilizing the first data capture, the second data capture, and the third data capture to develop the 3D model to include the cell site and the fiber connectivity; and
utilizing the 3D model to perform one or more of a cell site audit, a cell site survey, and a cell site planning and engineering process.

US Pat. No. 10,368,248

DYNAMIC LINK-BUDGET MONITORING AND GRAPHICAL DISPLAY

ELTA SYSTEMS LTD., Ashdo...

1. A computer-implemented method of monitoring dynamic link-budget of at least one on-board antenna fixed on a vehicle; the computer comprising at least one processor, the method comprising operating the at least one processor for:(i) calculating link-budget of the at least one on-board antenna with respect to at least one target antenna; the link-budget comprises a respective link-budget gain value assigned to each pixel in a collection of pixels, where each pixel in the collection of pixels represents a respective radiation vector in a three-dimensional space around the at least one antenna; and wherein the link-budget is calculated based on input data including gain data of the at least one antenna and navigation-data;
determining for each pixel in the collection of pixels, compliance of the respective link-budget gain value with a threshold value, thereby obtaining a respective antenna envelop of the at least one on-board antenna;
displaying on a computer display device graphical representation of a pixel map representing at least the respective antenna envelope; wherein the pixel map indicates with respect to each pixel, compliance with the threshold value, along with an indication of the relative location of the at least one target antenna;
(ii) continuously monitoring dynamics of the input data and repeating the operations in (i) wherein in each repetition:
utilizing updated navigation-data, if such exists, for updating the pixel map, and displaying on the display device an updated graphical representation of the pixel map.

US Pat. No. 10,368,247

CLOUD DFS SUPER MASTER DETECTOR LOCATION SYSTEMS AND METHODS

NETWORK PERFORMANCE RESEA...

11. A method comprising:scanning for a radar signal with a radar detector communicatively coupled to a cloud Dynamic Frequency Selection (“DFS”) super master to generate radar detection results comprising at least information associated with a radio channel that is free of the radar signal;
transmitting the radar detection results of the scan for the radar signal to the cloud DFS super master;
receiving with the cloud DFS super master the radar detection results of the scan for the radar signal from the radar detector;
receiving with the cloud DFS super master geolocation information of a client device communicatively coupled to the radar detector;
integrating with the cloud DFS super master the client device geolocation information with other client device geolocation information pertaining to the client device geolocation information to generate integrated client device geolocation information;
determining with the cloud DFS super master a location for the radar detector based at least on the integrated client device geolocation information; and
determining with the cloud DFS super master the radio channel that is free of the radar signal based at least on the location for the radar detector and the radar detection results of the scan for the radar signal.

US Pat. No. 10,368,246

METHODS AND SYSTEMS FOR SPECTRUM MANAGEMENT

The Research Foundation f...

1. A method for determining whether to grant a request for spectrum access, comprising:electronically receiving the request for spectrum access, wherein the request comprises a desired frequency band; a desired time period, a requested transmit power, and a requested transmitter location;
determining a geographical region based on the requested transmitter location and requested transmit power;
dividing the geographical region into a set of unit-spectrum-spaces, each unit-spectrum-space comprising a unit-region of space having a sample point, a time quanta, and a frequency band;
receiving, from an RF sensor network, current spectrum consumption information for transmitters and receivers in the geographical region;
quantifying utilized-spectrum for the geographical region by:
calculating the power received from each transmitter in the geographical region at each of a plurality of sample points, wherein each sample point of the plurality of sample points corresponds to a unit-region of the geographical region;
calculating a spectrum-occupancy for each sample point by aggregating the power received from each transmitter at the respective sample point and the average ambient noise power at the respective sample point;
calculating a spectrum-occupancy for each unit-spectrum-space within the geographical region; and
aggregating the spectrum-occupancy of each unit-spectrum-space
quantifying available-spectrum for the geographical region; and
granting or denying the request for spectrum access according to the utilized-spectrum and available-spectrum.

US Pat. No. 10,368,245

MOBILE DEVICE LOCKING

INTERNATIONAL BUSINESS MA...

1. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a mobile computer device to cause the mobile computer device to:transmit synchronization information to a remote mobile computer device;
receive synchronization response data from the remote mobile computer device based on transmitting the synchronization information;
transmit a tone to a surface of an object based on receiving the synchronization response data;
receive a compound resonance frequency from the object based on the transmitted tone;
determine the received compound resonance frequency conforms to a stored compound resonance frequency; and
unlock the mobile computer device based on the determining.

US Pat. No. 10,368,244

PROJECTION VIA A DEVICE

MICROSOFT TECHNOLOGY LICE...

1. A system comprising:one or more processors; and
one or more computer-readable media storing processor-executable instructions that, responsive to execution by the one or more processors, cause the system to perform operations including:
determining based on a current device context that a first device is permitted to broadcast its availability to receive projected content from another device;
causing discovery data that indicates that the first device is available to receive projected content to be transmitted wirelessly;
detecting a request from a second device to project a visual representation of an execution environment generated at the second device to the first device;
ascertaining whether the second device has permission to project to the first device; and
allowing or denying the second device to project the visual representation to the first device based on whether the second device is indicated as having permission to project to the first device.

US Pat. No. 10,368,243

SYSTEM AND METHOD FOR AUTHENTICATION AND SHARING OF SUBSCRIBER DATA

Sprint Communications Com...

1. A method of authenticating a wireless communication service subscriber, comprising:receiving, by a subscriber authentication server, a first request to transfer a first confidential subscriber information package associated with a first subscriber from a first wireless communication service provider to a second wireless communication service provider, where the first subscriber previously received wireless communication service from the first wireless communication service provider and has transferred service to receive wireless communication service from the second wireless communication service provider and where the second wireless communication service provider sends the first request to the subscriber authentication server, wherein the first confidential subscriber information package comprises a personal identification number (PIN) of the first subscriber and at least one answer of the first subscriber to a security question;
responsive to the first request, sending, by the subscriber authentication server, a first confidential subscriber information package transfer request to the first wireless communication service provider, wherein the first transfer request identifies the second wireless communication service provider; and
verifying, via one of the first wireless communication service provider and second wireless communication service provider, authorization by the first subscriber to transfer the first confidential subscriber information package, the verifying authorization by the first subscriber to transfer the first confidential subscriber information package comprising:
receiving, via one of the first wireless communication service provider and second wireless communication service provider, a request for authentication of the first subscriber, wherein the request for authentication of the first subscriber comprises a telephone number associated with the first subscriber and a subscriber name of the first subscriber;
verifying, via one of the first wireless communication service provider and second wireless communication service provider, correspondence between the telephone number associated with the first subscriber and the subscriber name of the first subscriber;
responsive to verifying correspondence between the telephone number associated with the first subscriber and the subscriber name of the first subscriber, transmitting, by the subscriber authentication server to a first user equipment associated with the first subscriber, a request for verification of approval to transfer the first confidential subscriber information package from the first wireless communication service provider to the second wireless communication service provider, wherein the verification of approval to transfer the first confidential subscriber information package comprises;
querying the first subscriber for personal identification information;
receiving the personal identification information entered via the first user equipment associated with the first subscriber; and
comparing the entered personal identification information to the PIN of the first subscriber, wherein authorization by the first subscriber to transfer the first confidential information package is verified based at least in part on the received personal identification information matching the PIN of the first subscriber.

US Pat. No. 10,368,242

SYSTEM AND METHOD FOR UNIFIED AUTHENTICATION IN COMMUNICATION NETWORKS

1. A method comprising:sending, by a processing system including a processor of a mobile communication device, a first authentication request to a first communication network, wherein the mobile communication device is authenticated to the first communication network based on a credential accessible to a network element of the first communication network;
sending, by the processing system, information regarding a location of the mobile communication device to the first communication network, wherein the first communication network updates the location of the mobile communication device based on the information and determines a predicted path upon which the mobile communication device is predicted to travel;
receiving, by the processing system, a signal via the first communication network that a second communication network is available in the predicted path of the mobile communication device, wherein the network element transmits the credential to the second communication network based on the predicted path;
accessing, by the processing system, the second communication network, wherein the credential is stored prior to the accessing;
sending, by the processing system, a second authentication request to the second communication network; and
receiving, by the processing system, via the second communication network, an acknowledgement of authentication to the second communication network based on the transmitted credential.

US Pat. No. 10,368,241

SECURITY FOR MOBILE AND STATIONARY ELECTRONIC SYSTEMS

ENORCOM Corporation, Los...

1. A programmable management method for a mobile device, the method comprising:proactively monitoring current and anticipated values of:
user location, activity, proximity to other users or events or locations, planned activities, usage pattern, biological sensory information, environmental sensory information, or combinations thereof, wherein said proactive monitoring is performed while the mobile device is in operation and without request for user input;
initiating security checks based on detecting a discrepancy between said current and anticipated values, and wherein upon failure of said security checks, performing a security procedure wherein the user is not alerted to said security procedure initiation, wherein said procedure includes biological and environmental sensory measurements to identify cases with an authorized user under duress, wherein duress is detected upon collected sensory data mismatching an expected value of said data, and upon said detection, restricting access to said mobile device to a predetermined mode in response to duress.

US Pat. No. 10,368,240

PROFILE DOWNLOAD METHOD AND APPARATUS FOR USE IN WIRELESS COMMUNICATION SYSTEM

Samsung Electronics Co., ...

1. A communication method of a terminal, the method comprising:transmitting, to a profile provision server, an initial authentication message including a first challenge value for authentication of the profile provision server;
receiving, from the profile provision server, an initial authentication response message including a first data and a first signature value, wherein the first data includes the first challenge value and a second challenge value for authentication of the terminal, and the first signature value is computed over the first data;
verifying the first signature value;
generating a second data including the second challenge value and profile mapping information, and computing a second signature value over the second data;
transmitting, to the profile provision server, an authentication client a first message including the second data and the second signature value;
receiving, from the profile provision server, an authentication client response message including unencrypted information related to a profile and information indicating whether a confirmation code is required for the profile;
receiving, via a user interface, a confirmation code based on the unencrypted information related to the profile in case that the information indicates the confirmation code is required;
transmitting, to the profile provision server, a profile download request message including the confirmation code; and
receiving, from the profile provision server, a profile download response message including an encrypted profile data in response to the profile download request message.

US Pat. No. 10,368,239

METHOD AND APPARATUS FOR PROVIDING BROADCAST CHANNEL ENCRYPTION TO ENHANCE CELLULAR NETWORK SECURITY

1. A method for encrypting a broadcast message of a base station, the method comprising:detecting, by a processor of the base station, a communication impairment at the base station, wherein the communication impairment pertains to a communication between the base station and an endpoint device;
selecting, by the processor of the base station, in response to the detecting the communication impairment, an encryption key for the broadcast message;
encrypting, by the processor of the base station, the broadcast message using the encryption key to create an encrypted broadcast message;
transmitting, by the processor of the base station, an identifier of the encryption key;
transmitting, by the processor of the base station, the encrypted broadcast message over a control channel via a first resource block, wherein the broadcast message includes information identifying that the control channel is to be reassigned from the first resource block to a second resource block; and
reassigning, by the processor of the base station, the control channel of the base station from the first resource block to the second resource block.

US Pat. No. 10,368,238

DEVICE AND METHOD OF HANDLING DATA TRANSMISSION/RECEPTION FOR DUAL CONNECTIVITY

HTC Corporation, Taoyuan...

1. A communication device for handling data transmission/reception for dual connectivity, comprising:a storage unit, for storing instructions of:
connecting to a first base station (BS) and a second BS;
communicating first data with the first BS, wherein the first data is encrypted according to a first security key which is generated according to a first parent key;
communicating second data with the second BS, wherein the second data is encrypted according to a second security key which is generated according to a second parent key;
receiving a message from the first BS, wherein the message configures a handover to a third BS and a connection change to a fourth BS;
updating the first parent key to a first updated parent key and updating the second parent key to a second updated parent key based on the first updated parent key, in response to the message;
updating the first security key to a first updated security key based on the first updated parent key and updating the second security key to a second updated security key based on the second updated parent key, in response to the message;
performing a first random access procedure to the third BS, in response to the message;
performing a second random access procedure to the fourth BS, after successfully completing the first random access procedure or while performing the first random access procedure, in response to the message;
communicating third data with the third BS, wherein the third data is encrypted according to the first updated security key; and
communicating fourth data with the fourth BS, wherein the fourth data is encrypted according to the second updated security key; and
a processing circuit, coupled to the storage unit, configured to execute the instructions stored in the storage unit.

US Pat. No. 10,368,237

TERMINAL, PROCESSING APPARATUS, PROCESSING SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM

FUJI XEROX CO., LTD., To...

1. A terminal comprising:a memory, and
a processor configured to execute:
a connection unit configured to connect the terminal to a processing apparatus via a first the for wireless communication, using connection information;
an acquisition unit configured:
to acquire identification information of the processing apparatus, and
to store the connection information for the first communication channel and the identification information in the memory, such that the connection information for the first communication channel is associated with the identification information;
a detector configured to detect, in response to there being no connection via the first communication channel from the processing apparatus for more than a predetermined period of time, that the connection between the terminal and the processing apparatus, via the first communication channel, is cut off; and
a transmitting unit configured to transmit, in response to the detector detecting that the connection via the first communication channel to the processing apparatus is cut off, the connection information from the terminal to the processing apparatus via a second communication channel,
wherein the connection information is associated with the identification information stored in the memory,
wherein the connection unit includes key information indicating a key used to communicate encrypted information via the first communication channel, and a pass phrase used to generate the key,
wherein the detector is further configured to determine whether there is no connection via the first communication channel from the processing apparatus for more than the predetermined period of time by monitoring a request to the processing apparatus for a time-out, and
wherein the processor is further configured to delete the connection information from the memory during a power-down of the processing apparatus.

US Pat. No. 10,368,236

METHOD AND SYSTEM FOR DOWNLOADING AND INSTALLING UICC TERMINAL PROFILE ON A TERMINAL FROM A PROFILE MANAGER

Samsung Electronics Co., ...

1. A method for installing a profile at a terminal in a wireless communication system, the method comprising:detecting a selection of one of at least one mobile network operator (MNO);
obtaining access-related information for the selected MNO from a discovery server, based on information of the selected MNO;
transmitting identification information of a universal integrated circuit card (UICC) to a server of the selected MNO, based on the access-related information; and
downloading a UICC-related profile corresponding to the identification information of the UICC from a profile manager,
wherein the access-related information for the selected MNO includes uniform resource locator (URL) information for the server of the selected MNO, and
wherein the identification information of the UICC includes first identification information of a UICC of the terminal and second identification information of a UICC of a secondary terminal.

US Pat. No. 10,368,235

WIRELESS DEVICE SIM ACTIVATION WHILE ROAMING

Apple Inc., Cupertino, C...

1. A method for activation of a subscriber identity module (SIM) of a universal integrated circuit card (UICC) included in a mobile device, the method comprising:by processing circuitry of the mobile device external to the UICC:
determining the SIM requires activation;
determining a geographic region for a mobile network operator (MNO) associated with the SIM;
determining a current geographic location of the mobile device; and
when i) the geographic region for the MNO associated with the SIM does not correspond to the current geographic location of the mobile device and ii) a data roaming capability of the mobile device is not enabled:
enabling the data roaming capability of the mobile device;
activating the SIM via a secure data connection between the UICC of the mobile device and a network-based server of the MNO associated with the SIM through a local roaming cellular wireless network; and
disabling the data roaming capability after activation of the SIM, wherein the mobile device is configured by default to not allow a roaming data connection to be established.

US Pat. No. 10,368,234

METHOD AND APPARATUS FOR SENDING AND RECEIVING MULTI-CARRIER INFORMATION IN MULTI-CARRIER COMMUNICATION SYSTEM

LG ELECTRONICS INC., Seo...

1. A method for operating a plurality of carriers by a user equipment in a wireless communication system supporting a primary carrier and at least one secondary carrier, the method comprising:transmitting, to a first base station, carrier capability information;
receiving, from the first base station, carrier configuration information, the carrier configuration information including an index of the at least one secondary carrier configured for the user equipment, the carrier configuration information being based upon the carrier capability information of the user equipment, the primary carrier being configured as a carrier for performing an initial network entry procedure;
receiving, from the first base station through the primary carrier, a control channel, the control channel including control information for traffic exchanged via a secondary carrier between the user equipment and the first base station;
receiving, from the first base station, traffic through the secondary carrier based on the control channel received through the primary carrier; and
receiving a message during a procedure of network entry to a second base station, the message including information for a primary carrier change,
wherein the primary carrier is only changed with the procedure of network entry.

US Pat. No. 10,368,233

METHODS AND ARRANGEMENTS FOR TRACKING AND LOCATING LAPTOPS

Lenovo (Singapore) Pte. L...

1. A method comprising:obtaining, when a mobile device is not connected to a communications network and responsive to receiving an incorrect login attempt at the mobile device, data relating to a location of the mobile device using a receiver that receives the data from user devices in a vicinity of the mobile device, wherein the mobile device obtains an identifier broadcast from each of the user devices;
storing the data including the broadcast identifiers of the user devices within the mobile device;
thereafter transmitting, after establishing a communications network connection, the data including the broadcast identifiers of the user devices: and
determining, based on the received broadcast identifiers, a location of the mobile device: wherein the user devices comprise two or more fixed devices and mobile devices and wherein the data comprises two or more of: an access point ID, a cell phone tower ID, and signal strength information.

US Pat. No. 10,368,232

METHODS FOR CONNECTION CAPABILITY EXCHANGE

QUALCOMM Incorporated, S...

1. A method of communicating in a wireless communication network, comprising:transmitting, by a first wireless device, a connection capability request message to a second wireless device requesting connection capability information of the second wireless device;
receiving, by the first wireless device, a connection capability response message from the second wireless device indicating one or more communication protocols available for providing a service to the first wireless device,
wherein the connection capability request message and the connection capability response message comprise a first discovery protocol;
selecting, by the first wireless device, based at least in part on the connection capability response message, a communication protocol of the one or more communication protocols for obtaining the service from the second wireless device; and
performing a second discovery protocol based on the connection capability response message.

US Pat. No. 10,368,231

SIM CARD SELECTION

Lenovo (Singapore) Pte. L...

1. A method, comprising:receiving, at an information handling device, an instruction to perform a task associated with an application;
identifying, using a processor, an association between at least two Subscriber Identification Module (SIM) cards to the application, wherein the at least two SIM cards perform all tasks associated with the application;
automatically selecting, responsive to the identifying and from the at least two SIM cards, a SIM card to perform a portion of the task and another SIM card to perform another portion of the task; and
performing the task using the SIM card and the another SIM card.

US Pat. No. 10,368,230

DATA ENHANCEMENTS FOR ESIM PROFILE OPERATION CALLBACKS

T-Mobile USA, Inc., Bell...

1. One or more non-transitory computer-readable media storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising:sending a command for a machine-to-machine (M2M) device to perform an operation on an embedded subscriber identity module (eSIM) profile stored in an embedded universal integrated circuit card (eUICC) of the M2M device, the operation being request by a backend service of a wireless communication carrier;
receiving a confirmation message from the M2M device indicating that the operation on the eSIM profile is performed; and
sending a callback message to the backend service of the wireless communication carrier indicating that the operation is performed, the callback message including an eUICC identifier (ID) of the eUICC or an Integrated Circuit Card identifier (ICCID) of the eSIM profile, the eUICC ID or the ICCID being used by the backend service to locate a profile state entry of the eSIM profile in an eSIM profile state database for update with a profile state of the eSIM profile after the operation.

US Pat. No. 10,368,229

COMMUNICATION APPARATUS AND COMMUNICATION CONTROL METHOD IN A COMMUNICATION SYSTEM

NEC Corporation, Tokyo (...

1. A communication apparatus deployed between a terminal and an external network, which includes at least one service providing server, wherein the communication apparatus functions as a proxy to provide a service from the at least one service providing server to the terminal through the communication apparatus, the communication apparatus comprising:a virtual machine that manages a state of communication with the terminal and terminates a session for providing the service between the virtual machine and the terminal, wherein the virtual machine includes session information on the session, wherein the session information includes the state of communication; and
a controller configured to perform migration of the virtual machine including the session information, which includes the state of communication, either from another source communication apparatus to the communication apparatus or from the communication apparatus to another target communication apparatus.

US Pat. No. 10,368,228

TERMINAL DISCOVERY METHOD AND DEVICE

Huawei Technologies Co., ...

1. A terminal discovery method, comprising:receiving, by a first proximity service (ProSe) entity, a first message sent by a first terminal, wherein the first message carries a group identifier of a group in which a terminal to be monitored by the first terminal is located;
obtaining, by the first ProSe entity according to the group identifier, a group code word of the group in which the terminal to be monitored by the first terminal is located;
sending, by the first ProSe entity, a second message to the first terminal, wherein the second message carries the group code word;
receiving, by the first ProSe entity, a third message sent by the first terminal, wherein the third message carries at least one first broadcast code word, the first broadcast code word is a broadcast code word that is of broadcast code words detected by the first terminal and that comprises the group code word, and the first broadcast code word further comprises a user code word of a terminal that broadcasts the first broadcast code word; and
obtaining, by the first ProSe entity according to the user code word, a terminal identifier of the terminal that broadcasts the first broadcast code word, and sending a fourth message to the first terminal, wherein the fourth message carries the terminal identifier,
wherein the obtaining, by the first ProSe entity according to the group identifier, a group code word of the group in which the terminal to be monitored by the first terminal is located comprises:
sending, by the first ProSe entity, a fifth message to an application server, wherein the fifth message carries the group identifier, and the fifth message is used to request the application server to allocate a code word to the group in which the terminal to be monitored by the first terminal is located; and
receiving, by the first ProSe entity, a sixth message sent by the application server, wherein the sixth message carries the group code word.

US Pat. No. 10,368,227

ACCESS POINT MANAGEMENT AND USAGE IN A NETWORK ENVIRONMENT

Time Warner Cable Enterpr...

1. A method of determining where to install wireless access points in a network, the method comprising:receiving, from a subscriber device, a request for an installation of a new wireless access point at a specified geographical location in the network, the request being one of multiple requests indicating to install the new wireless access point at the specified geographical location;
determining whether a number of the multiple requests to install the new wireless access point exceeds a predetermined threshold value;
in response to detecting that the number of multiple requests exceeds the predetermined threshold value, initiating the installation of the new wireless access point at the specified geographical location; and
the method further comprising: initiating the installation of the new wireless access point at the specified geographical location based at least in part in response to detecting presence of the subscriber device at the geographical location.

US Pat. No. 10,368,226

METHOD OF UPDATING A LOCATION INFORMATION REPRESENTING A PHYSICAL LOCATION OF A COMMUNICATION DEVICE, A COMPUTER PROGRAM PRODUCT FOR EXECUTING THE METHOD, AND A COMMUNICATION SYSTEM FOR UPDATING THE LOCATION INFORMATION

1. A method of updating location information, said location information representing a physical location of a communication device, wherein said location information is generated by a location source, and wherein said location information is sent from the location source to an electronic device having hardware comprising a processor, the method comprising:monitoring a second location information received subsequently to a first location information by the electronic device to detect an invalid location information included in the second location information, and,
in response to detection of the invalid location information, sending invalidation information indicating that location information of the first location information is invalid so that the first location information is discarded by non-transitory computer readable medium storing the first location information in response to the invalid location information.

US Pat. No. 10,368,225

LOCATION DETERMINATION FOR A SERVICE REQUEST

Microsoft Technology Lice...

1. A method comprising:receiving, over a network from a communication client implemented at a client device, data corresponding to a service request;
obtaining a registered location of the communication client, an updated location of the client device, and a reliability metric indicating a reliability of the updated location of the client device;
comparing the updated location of the client device to the registered location of the communication client to determine that the updated location is different than the registered location; and
determining whether to route the data of the service request along with the updated location to an answering point based on whether the reliability metric for the updated location is above a reliability threshold, including:
routing the data of the service request along with the updated location to the answering point based on determining that the reliability metric is above the reliability threshold; or
determining that the updated location cannot reliably be determined based on determining that the reliability metric is below the reliability threshold.

US Pat. No. 10,368,224

MULTIMEDIA FOR WIRELESS EMERGENCY ALERTS

1. An apparatus comprising:a processor; and
a memory coupled with the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising:
receiving a wireless emergency alert and an indication of availability of multimedia content associated with the wireless emergency alert;
mapping target cells for the wireless emergency alert;
sending information comprising the wireless emergency alert with the indication of availability of multimedia content and coordinates of a emergency to a broadcast multicast service center for distribution to the target cells and a first mobile device, wherein the first mobile device determines whether to display the wireless emergency alert based on the coordinates of the emergency compared to a location of the first mobile device;
obtaining the multimedia content based on the instructions from the first mobile device, wherein the multimedia content is obtained from a gateway; and
providing instructions to the first mobile device to retrieve the multimedia content from a second mobile device that is in proximity to the first mobile device.

US Pat. No. 10,368,223

LOW ENERGY AUDIO STREAMING

Orion Labs, San Francisc...

1. A method of transmitting audio data, the method comprising:a first communication device receiving over a low energy wireless communication link a plurality of audio data packet fragments from a second communication device, wherein each audio data packet fragment comprises audio data collected from an audio data stream;
the first communication device generating a plurality of audio data packets by assembling the received plurality of audio data packet fragments, wherein each audio data packet comprises a plurality of audio data packet fragments; and
the first communication device transmitting the plurality of audio data packets via a communication network.

US Pat. No. 10,368,222

SELF-DIRECTING NODE

Intel Corporation, Santa...

1. A node which when caused to move in an environment including one or more machines capable of moving the node based at least in part on a persistent output of the node, comprising:a manifest indicating at least sensor constraints associated with the node; at least one sensor to periodically determine sensor readings associated with the node; a node status having a value set based at least in part on a comparison of selected sensor readings with at least the manifest; the persistent output providing at least a first destination indicator for the node determined based at least in part on the node status, and providing at least a second destination indicator for the node based at least in part on a change in the node status; a persistent memory; and
a power source for intermittently powering selected portions of the node.

US Pat. No. 10,368,221

METHOD FOR OPERATING A WIRELESS COMMUNICATION DEVICE

GEMALTO M2M GMBH, Munich...

1. Method for operating a wireless communication device in a cellular network, the wireless communication device comprising a communication unit comprising a radio mode decision unit and a transceiver unit,the radio mode decision unit further maintaining a set of network operation modes, the wireless communication device further comprising a controlling appliance, interconnected with the communication unit by means of a command interface,
the method comprising the steps of, for the communication unit:
ascertaining at least one communication behavior parameterization conforming to a preconfigured communication behavior demand of the cellular network, for the controlling appliance:
submitting a transport template dataset comprising at least one data element relating to an envisaged communication behavior to the communication unit by means of the command interface,
for the radio mode decision unit:
determining for an imminent data exchange session of the wireless communication device with the cellular network by means of the transceiver unit, one of said network operation modes by taking into account said at least one communication behavior parameterization and said transport template dataset.

US Pat. No. 10,368,220

METHOD AND ARRANGEMENTS FOR MTC COMMUNICATION

TELEFONAKTIEBOLAGET LM ER...

1. A server apparatus for communicating with user machine type communication (MTC) devices, the server apparatus being arranged to:determine whether a user MTC device does not have an IP connection with a cellular access network (CAN);
determine whether the user MTC device is a stationary user MTC device; and
trigger the user MTC device to initiate an IP connection with the CAN, wherein
the server apparatus is configured such that the server apparatus triggers the user MTC device to initiate the IP connection with the CAN if and only if the server apparatus determines (a) that the user MTC devices is a stationary device and (b) that the user MTC device does not have the IP connection, wherein
the server apparatus is further configured such that, after triggering the user MTC device to initiate the IP connection with the CAN, the server apparatus monitors the user MTC device to detect whether the user MTC device has acquired the IP connection,
the server apparatus is further configured such that, after the server apparatus detects that the user MTC has acquired the IP connection, the server apparatus causes the user MTC device to initiate an application,
the server apparatus is configured to cause the user MTC device to initiate the application by transmitting to the user MTC device an application triggering message, and
the server apparatus is further configured such that, after triggering the user MTC device to initiate the IP connection with the CAN, the server apparatus waits until it has received confirmation that the user MTC has established the IP connection before the server apparatus transmits the application triggering message.

US Pat. No. 10,368,219

SYSTEM AND METHOD FOR EUICC PERSONALIZATION AND NETWORK PROVISIONING

Verizon Patent and Licens...

1. A method, comprising:receiving, by a primary user device, input to initiate a cellular service activation process for a companion device, wherein the companion device includes a preloaded version of a service provider application for facilitating remote provisioning;
providing, by the primary user device and to the companion device, an updated version of the service provider application that replaces the preloaded version;
receiving, by the primary user device, and from the companion device, an embedded universal integrated circuit card (eUICC) identifier for the companion device;
forwarding, by the primary user device and to a network device in a service provider network, the eUICC identifier and an identifier for the primary user device; and
when the network device verifies that the cellular service activation for the companion device can be provisioned under a subscriber account:
receiving, by the primary user device and from the network device, an activation code for the companion device to use to initiate a request for a new line of service for the eUICC identifier; and
forwarding, by the primary user device and to the companion device, the activation code.

US Pat. No. 10,368,218

SPATIALLY AWARE VIRTUAL WORKOUT ASSISTANT

International Business Ma...

1. A method for a spatially aware virtual workout assistant, the method comprising:receiving from a mobile device, by a server, a view of a surrounding environment of a user, the view being captured by the mobile device;
extracting, by the server, one or more elements from the view;
recognizing, by the server, one or more objects suitable for exercising, based on the one or more elements, by using a model for visual data recognition;
determining, by the server, one or more exercises that can be performed with the one or more objects, by searching datasets in the server;
sending to the mobile device, by the server, data associated with the one or more objects and the one or more exercises;
wherein the mobile device instructs the user to locate the one or more devices and to perform the one or more exercises, based on the data associated with the one or more objects and the one or more exercises and
wherein the datasets include a dataset correlating a user goal and workouts, a dataset correlating the workouts and the one or more exercises, a dataset correlating the one or more exercises and the one or more objects, a dataset correlating the workouts and calories burned, and a dataset correlating the workouts and time spent for the one or more exercises.

US Pat. No. 10,368,217

GENERATING A MODEL FOR POSITIONING

COMBAIN MOBILE AB, Lund ...

1. A method for determining a location of a device, said method comprising:receiving first power-based distance measurements, each measurement representing a distance from the device to a source as a measured power of a signal received by the device;
accessing a model defining source locations and radio frequency propagation properties in an environment, said source locations and radio frequency propagation properties being determined based on a collection of second power-based distance measurements representing a distance from receiving units to source locations and at least one of: time-based distance measurements representing a distance from receiving units to source locations, sequential receiving unit positions, compass data, accelerometer data, gyrator data, sensor data indicating a relative floor in a building, and data correlating measurements at regular intervals, wherein said second power-based distance measurements are acquired prior to acquiring of the first power-based distance measurements and said receiving units are different from the device; and
determining a location of the device based on the first power-based distance measurements and the source locations, which are based on the second power-based distance measurements, and the radio frequency propagation properties defined by the model,
wherein the model represents an indoor environment of a multi-floor building, the method further comprising determining a location of the device in the multi-floor building, the location including at least a floor indication and a position on the floor, based on the received first power-based distance measurements and the model.

US Pat. No. 10,368,216

LOCATION DETERMINATION SYSTEM HAVING MESH INFRASTRUCTURE TO REDUCE POWER CONSUMPTION

Sonitor Technologies AS, ...

1. A real-time location system in an environment, comprising:a location tag having a location ID, wherein the location tag is configured to transmit the location ID and a received acoustic ID from an acoustic transmitting device to a central server via a wireless mesh network;
the wireless mesh network comprising a first mesh network member and a second mesh network member, the first mesh network member and the second mesh network member being battery-powered devices, the first mesh network member having a first clock and the second mesh network member having a second clock, wherein the first mesh network member transmits a first timestamp of the first clock to the second mesh network member, and the second mesh network member generates a message for propagation to the central server, the message including identification of the first mesh network member and the second mesh network member, and the first timestamp and a second timestamp of the second clock; and
a central server configured to select a reference clock within the wireless mesh network, further configured to determine a time offset between the first clock and the reference clock based on the message; and further configured to propagate an acoustic transmission schedule to the first mesh network member,
wherein the first mesh network member and the location tag communicate acoustically based on the acoustic transmission schedule.

US Pat. No. 10,368,215

HYBRID NETWORK BASED METERING SERVER AND TRACKING CLIENT FOR WIRELESS SERVICES

TracFone Wireless, Inc., ...

1. A process of tracking usage of a wireless device in a wireless network with a metering system comprising:implementing the metering system in a network separate from the wireless network;
receiving with the metering system identification information from the wireless device implementing a tracking client;
receiving usage statistics with the metering system from the tracking client implemented in the wireless device;
receiving with the metering system an amount of wireless services used by the wireless device determined by the wireless network; and
comparing with the metering system the amount of wireless services used by the wireless device determined by the wireless network to the amount of wireless services used by the wireless device received from the tracking client of the wireless device; and
controlling with the metering system access to the wireless network for the wireless device based in response to the amount of wireless services used by the wireless device.

US Pat. No. 10,368,214

OVER THE AIR PROVISIONING OF MOBILE DEVICE SETTINGS

1. A method, comprising:providing, by an application download server to a mobile device, an application including executable instructions which, when executed by a processor of the mobile device,
(i) cause the mobile device to transmit an activation request for wireless communication services;
(ii) cause the mobile device to be activated for use with any one of a plurality of mobile network carriers, the one of the plurality of mobile network carriers being selected by a user of the mobile device from a user interface at the mobile device, the user interface presenting a plurality of mobile network carrier options from which the user may select the one of the plurality of mobile network carriers,
(iii) enable access by the mobile device of wireless communication services provided by the one of the plurality of mobile network carriers for which the mobile device has been activated, and
(iv) enable the user of the mobile device to select from the user interface one or more service plans associated with the selected one of the plurality of mobile network carriers, the user interface presenting a plurality of service plan options from which the user may select the one or more service plans,
wherein the application is provided to the mobile device by an entity that is not one of the mobile network carriers;
transmitting application download event information to a transaction manager, the transaction manager including at least one processor; and
determining, by the transaction manager, one or more usage records for the wireless communication services.

US Pat. No. 10,368,213

LOCATION-BASED OPEN SOCIAL NETWORKS

1. An apparatus having stored executable instructions, comprising:1) at least one computing system being operable to implement a social networking system, the social networking system implementing a plurality of social networks;
2) the plurality of social networks each accessible without registration requirements;
3) the social networking system arranged to select a given number of first social networks among the plurality of social networks after receiving a request from a user, the first social networks each having virtual reality or augmented reality content that has more viewers than virtual reality or augmented reality content provided at each of rest of the plurality of social networks; and
4) the social networking system arranged to send the user information about the first social networks.

US Pat. No. 10,368,212

METHOD AND APPARATUS FOR PROVIDING AUGMENTED REALITY SERVICES

Samsung Electronics Co., ...

1. A method for an electronic device to provide an augmented reality (AR) service, the method comprising:receiving content information associated with an object selected for the AR service, wherein the content information is information describing multiple contents related to the object;
determining at least one content to request among the multiple contents related to the object based on the received content information;
transmitting a request for the determined at least one content;
receiving the at least one content in response to the request; and
outputting the received at least one content,
wherein the at least one content is determined by filtering the multiple contents based on at least one of capability information of the electronic device, channel state information, user mobility information, and content priority information.

US Pat. No. 10,368,211

CONVERSATION ASSISTANT

1. A computer-implemented method comprising:engaging, by a first application, in an interactive chat communication session with a user of a telephonic device;
identifying, by the first application, data indicative of prior interactions with one or more applications accessed via the telephonic device;
identifying, based on the identified data and based on the interactive chat communication session with the user, a service or a product that is likely to be of interest to the user of the telephonic device;
identifying a second application associated with the identified service or the identified product for recommendation to the user;
providing, by the first application, the recommendation for the identified second application;
determining whether the user has accepted the recommendation;
in response to determining that the user has accepted the recommendation, transmitting a signal to download the second application onto the telephonic device; and
executing the second application, by the first application, for enabling the user to receive the identified service or the identified product,
wherein the identified second application comprises a software application that includes instructions executable by the first application to perform a call flow, and
wherein the call flow comprises a sequence of at least two prompt instructions and at least two grammar instructions executable to result in a simulated multi-step spoken conversation between the first application and the user, each of the at least two prompt instructions being executable to ask for information from the user and each of the at least two grammar instructions being executable to interpret information spoken to the telephonic device by the user.

US Pat. No. 10,368,185

MOBILE DEVICE LOCATION PROOFING

International Business Ma...

1. A computer-implemented method of verifying a location of a mobile device, the method comprising:receiving, on the computer, a first location report from a first mobile device, the first location report including a location identification for the first mobile device and pairing information identifying mobile devices with which the first mobile device is paired;
identifying at least one reference mobile device in the vicinity of the identified location of the first mobile device;
requesting from the at least one reference mobile device a reference location report including further pairing information identifying mobile devices with which the reference mobile device is paired;
receiving the reference location report from the at least one reference mobile device; and
evaluating the received reference location report to check whether the received reference location report verifies or does not verify the location identification in the first location report received from the first mobile device, including
verifying the location identification in the first location report received from the first mobile device by identifying the first mobile device in the further pairing information in the received at least one reference location report; and wherein:
the further pairing information identifies each of the mobile devices with which the reference mobile device is paired by a further device identifier; and
verifying the location identification in the first location report received from the first mobile device by identifying the first mobile device in the further pairing information in the received at least one reference location report comprises:
comparing a device identifier of the first mobile device with the one or more further device identifiers in the further pairing information.

US Pat. No. 10,368,184

ADVERTISING AND PROFILING USER LOCATION TO UNIFIED COMMUNICATION SUITE IN ENTERPRISE WIRELESS NETWORKS

Hewlett Packard Enterpris...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors of a network device, cause the network device to perform multiple operations comprising:determining that a first user is logged on a wireless local area network (WLAN) and assigned a first user role during a first time, the first user role corresponding to a first set of network privileges, wherein the first user role is assigned and provided by the WLAN;
inferring a first status for the first user based at least on the first user role and a first user presence at a particular location for an amount of time during a predetermined period of time of day, wherein the first user presence is based on a first user role information provided by the WLAN;
displaying the first status for the first user during the first time;
subsequently assigning a second user role to the first user during a second time, the second user role corresponding to a second set of network privileges, wherein the second user role is assigned and provided by a policy engine in the WLAN, the policy engine configured to collect multiple user attributes for the first user from multiple identity stores and from a third party network to which the first user is subscribed;
determining a first client device corresponding to the first user is located at the particular location during the first time and the second time based at least on the second user role and the first user presence at the particular location for the amount of time during the predetermined period of time of day;
displaying a second status for the first user during the second time;
determining that the first client device is logged on to the WLAN via a virtual private network (VPN) connection for a third time period;
assigning a third user role based on the VPN connection, wherein the third user role corresponds to a third set of network privileges; and
displaying a third status for the first user during the third time.

US Pat. No. 10,368,155

SYSTEM WITH WIRELESS EARPHONES

Koss Corporation, Milwau...

1. A wireless headphone assembly comprising:first and second earphones, wherein each of the first and second earphones comprises an acoustic transducer;
an antenna for receiving wireless signals;
a wireless communication circuit connected to the antenna, wherein the wireless communication circuit is for receiving and transmitting wireless signals to and from the wireless headphone assembly;
a processor in communication with the wireless communication circuit; and
a rechargeable battery for powering the wireless headphone assembly,
wherein the headphone assembly is configured, with the processor, to transition automatically from playing digital audio content received wirelessly by the headphone assembly via a first wireless network to playing digital audio content received wirelessly by the headphone assembly via a second wireless network.

US Pat. No. 10,368,151

EXTERIOR COVER WITH SPEAKER

Samsung Electronics Co., ...

1. An exterior cover for protecting a display of an electronic device, the exterior cover comprising:a cover portion configured to foldably connect to the electronic device in a first end of the cover portion, the cover portion comprising:
segments comprising:
a first segment located at a first end of the cover portion,
a second segment located at a second end of the cover portion opposite the first end, and
a third segment located between the first segment and the second segment; and
a folding axis allowing the segments to fold with respect to each other such that the folded segments support the electronic device in a cradle position when the electronic device is inclined at a first angle,
wherein the first segment comprises a first speaker, the second segment comprises a second speaker, and the third segment comprises a third speaker,
wherein the first speaker comprises a vibration plate and the first segment is in contact with a ground when the electronic device is in the cradle position, and
wherein the vibration plate reproduces sound at a low frequency band, and the second speaker and the third speaker reproduce sound at higher frequency bands.

US Pat. No. 10,368,148

CONFIGURABLE COMPUTING RESOURCE PHYSICAL LOCATION DETERMINATION

Intel Corporation, Santa...

1. A system comprising:a rack comprising a plurality of sled spaces, each of the plurality of sled spaces arranged to receive a sled having a beacon sensor coupled to the sled;
a plurality of sleds, each of the plurality of sleds disposed within a respective one of the sled spaces and having a beacon sensor, each of the plurality of sleds comprising at least one physical resource;
a sled controller, the sled controller communicatively coupled to the beacon sensors of the plurality of sleds, the sled controller to:
receive information elements from the beacon sensors of the plurality of sleds, the information elements from the beacon sensors of the plurality of sleds to include indication of signals exchanged between the beacon and the beacon sensors; and
determine a location of a one of the sleds within the sled spaces of the rack; and
one or more beacons coupled to the rack, the one or more beacons to emit a signal to be received by one of the beacon sensors of the plurality of sleds to be used to determine a location of the corresponding sled within the rack, wherein the one or more beacons are further to send, to a remote management entity, an information element including an indication of the location of the sled within the rack and an indication of an operating condition of the at least one physical resource.

US Pat. No. 10,368,137

SYSTEM FOR PRESENTING VIDEO INFORMATION AND METHOD THEREFOR

VUDU, INC., Sunnyvale, C...

1. A system comprising:one or more processors; and
one or more non-transitory computer readable media storing computing instructions configured to run on the one or more processors and perform acts of:
initiating a playback of an active media file on a screen of an electronic device;
during the playback of the active media file on the screen of the electronic device, receiving an instruction to enter an expanded view mode comprising an upward swiping motion on an expander displayed on a touch-sensitive display when the expander is closed;
responsive to receiving the instruction to enter the expanded view mode, and during the playback of the active media file on the screen of the electronic device, opening the expander displayed on the screen during the playback of the active media file, wherein:
the expander is configured, when open, to display an information mode and a poster mode on the screen at different times during the playback of the active media file;
the information mode is displayed, in response to the expander being open, as a default mode; and
the poster mode is displayed, in response to the expander being open, when a user selects an option in a preferences menu to set the poster mode as the default mode;
displaying the information mode on the screen at the expander during the playback of the active media file;
displaying the poster mode on the screen at the expander during the playback of the active media file;
receiving an instruction to end the expanded view mode; and
responsive to receiving the instruction to end the expanded view mode, and during the playback of the active media file on the screen of the electronic device, closing the expander on the screen, wherein:
the poster mode comprises a display of one or more graphical images representing one or more media files; and
displaying the information mode on the screen during the playback of the active media file comprises displaying at least one of synopsis information of the active media file, cast information of the active media file, rating information of the active media file, genre information of the active media file, length information of the active media file, or a year of release of the active media file.

US Pat. No. 10,368,132

RECOMMENDATION SYSTEM TO ENHANCE VIDEO CONTENT RECOMMENDATION

Facebook, Inc., Menlo Pa...

1. An online system for generating content recommendations for a target user of the system, comprising:a processor; and
a non-transitory computer readable medium configured to store instructions that, when executed by the processor, cause the processor to perform steps comprising:
maintaining, by the online system, a collection of publicly available videos;
generating a plurality of sets of video candidates selected from the collection of publicly available videos by:
accessing a plurality of recommendation functions that each apply different types of selection criteria to uniquely select and rank the video candidates for the set that corresponds to that recommendation function, the video candidates each having a ranking score for ranking relative to other video candidates in the set; and
receiving, from each recommendation function, the set of video candidates selected and ranked by the recommendation function, each set of video candidates representing video content that is likely to be of interest to the target user, the sets of video candidates selected from the collection of publicly available videos to supplement a display for the target user of other video content posted by the target user's connections in the online system;
filtering the video candidates from the sets from each of the recommendation functions to remove one or more video candidates that violate a video content policy of the online system;
performing a second ranking of the filtered video candidates as a combined group from the sets by:
extracting features from the filtered video candidates;
assigning weights to the features associated with the filtered video candidates, a weight of a feature generated by a ranking model trained on the features of the video candidates, and indicating a relative importance of the feature to the target user;
generating ranking scores for the filtered video candidates based on the weights of the features associated with the filtered video candidates; and
selecting a plurality of videos from the filtered video candidates as recommendations to the target user based on the ranking scores associated with the video candidates; and
providing for display to the target user the selected videos along with other video content posted by the target user's connections in the online system.

US Pat. No. 10,368,124

REAL-TIME AUDIENCE MEASUREMENT SYSTEM

TiVo Solutions Inc., San...

1. A method comprising:receiving, at a first server, an instant message from a client system comprising television viewer data, wherein the television viewer data includes:
a user client operational command input
and an identity of media content and
the television viewer data specifies the first server as recipient of the instant message, wherein the instant message is sent over an SSL connection that is maintained between the first server and the client system, and wherein the SSL connection is automatically reconnected if the connection is dropped;
analyzing data from the television viewer data;
generating output information using the analyzed data; and
transmitting the output information using the analyzed data to a second server.

US Pat. No. 10,368,111

DIGITAL TELEVISION CHANNEL TRENDING

1. A method, comprising:maintaining a first portion of a multimedia program in a multimedia cache of a network edge device;
receiving a multicast join request associated with:
a set-top box; and
the multimedia program;
sending a first portion of the multimedia program to the set-top box from the multimedia cache of the network edge device, wherein sending the first portion comprises sending the first portion to the set-top box at an accelerated rate, wherein the accelerated rate is greater than a normal playback rate for the multimedia program;
directing the set-top box to a multicast replicator for a second portion of the multimedia program;
receiving an indication of the set-top box receiving the second portion;
causing a viewership statistic server to increment a particular counter indicative of a number of set-top boxes tuned to the multimedia program, wherein causing the viewership statistic server to increment the particular counter includes:
detecting a handoff, wherein the handoff comprises a transition of a source of the multimedia program from the network edge device to the multicast replicator;
responsive to detecting the handoff from the network edge device to the multicast replicator, causing a viewership statistic server to increment a particular counter indicative of a number of set-top boxes tuned to the multimedia program;
recording time-stamped information indicative of the set-top box receiving the second portion; and
sending the time-stamped information to a viewership statistic data.

US Pat. No. 10,368,102

METHOD AND APPARATUS FOR IMAGE ENCODING/DECODING

1. A method of decoding an image, comprising:generating a prediction block for a current block;
receiving information of a block size, wherein the information of the block size is determined by an encoder, and wherein whether a skip of a transform process is applicable is determined based on a comparison of the information of the block size with a current block size;
decoding information indicating whether the skip of the transform process is applied, in response to the comparison of the information of the block size with the current block size representing that the skip of the transform process is applicable;
determining whether to perform an inverse transform on the current block based on the decoded information indicating whether the skip of the transform process is applied;
performing the inverse transform on the current block to generate a residual block for the current block; and
reconstructing the current block based on the prediction block and the residual block,
wherein the prediction block is generated by performing intra prediction.

US Pat. No. 10,368,100

VIDEO DATA DECODING METHOD AND VIDEO DATA DECODING APPARATUS

Electronics and Telecommu...

1. A method for decoding video data comprising:receiving coded video data comprising video data and depth data corresponding to the video data;
acquiring motion data for inter-view prediction of a coding unit of the video data from the depth data;
performing inter-view prediction based on the motion data; and
reconstructing video data according to the video data comprising the coding unit and the depth data based on the inter-view prediction, the coding unit comprising at least one prediction block,
wherein the acquiring motion data for inter-view prediction of the coding unit comprises deriving the motion data for inter-view prediction of the coding unit based on a location and a size of the coding unit,
wherein the motion data for inter-view prediction of a prediction block of the video data is calculated using information derived from a depth map picture to which the coding unit refers, the information including the disparity of the maximum value of the depth values of a corresponding unit of the depth map picture to which the coding unit refers, and
wherein, in response to the coding unit comprising prediction blocks for which the inter-view predication is applied, the maximum value is shared in the prediction blocks for the motion data calculation of inter-view prediction.

US Pat. No. 10,368,098

METHOD AND DEVICE FOR TRANSMITTING PREDICTION MODE OF DEPTH IMAGE FOR INTERLAYER VIDEO ENCODING AND DECODING

SAMSUNG ELECTRONICS CO., ...

1. An interlayer video decoding method comprising:obtaining prediction-mode information of a current block of a depth image from a bitstream;
generating a prediction block of the current block based on the prediction-mode information; and
decoding the depth image by using the prediction block,
wherein the obtaining of the prediction-mode information of the current block from the bitstream comprises:
receiving a first flag, a second flag, and a third flag, wherein the first flag indicates whether prediction of the current block by dividing the current block into two or more partitions according to a pattern is permitted, the second flag indicates whether the depth image permits blocks of the depth image to be predicted by dividing the blocks into two or more partitions by using a wedgelet, and the third flag indicates whether the depth image permits the blocks of the depth image to be predicted by dividing the blocks into two or more partitions by using a contour; and
receiving a fourth flag from the bitstream when predetermined conditions determined based on the first to third flags are satisfied, wherein the fourth flag represents information regarding a type of a method of dividing the current block into two or more partitions according to the pattern.

US Pat. No. 10,368,096

ADAPTIVE STREAMING SYSTEMS AND METHODS FOR PERFORMING TRICK PLAY

DIVX, LLC, San Diego, CA...

1. A playback device, comprising:a set of one or more processors; and
a non-volatile storage containing an application for causing the set of one or more processors to perform the steps of:
obtaining top level index information identifying a plurality of alternative streams of video, an audio stream, and at least one trick play stream that are each stored in a separate container file, where:
each video container file containing a given stream from the plurality of alternative streams of video comprises:
portions of the given video stream within the video container file, where the portions of the given video stream comprise an encoded group of pictures that commences with a picture encoded without reference to another picture in the given video stream; and
a video container index, where entries in the video container index indicate sizes of portions of the given video stream within the video container file;
each trick play container file containing a given trick play stream from the at least one trick play stream comprises:
frames of the given trick play stream, where each frame of the given trick play stream is a picture encoded without reference to another picture in the trick play stream; and
a trick play container index, where entries in the trick play container index comprise a timecode and a location of a frame in the given track play stream;
requesting a video container index from a video container file containing a video stream from the plurality of alternative streams of video;
requesting at least one portion of the video stream from the plurality of alternative streams of video using at least one entry from the video container index;
decoding the at least one portion of the video stream from the plurality of alternative streams of video;
receiving at least one user instruction to perform a visual search of the media;
requesting a trick play container index from a trick play container file containing a trick play stream from the at least one trick play stream;
requesting at least one frame of video from the at least one trick play stream using at least one entry from the trick play container index; and
decoding and displaying the at least one frame of video from the at least one trick play stream.

US Pat. No. 10,368,043

PROJECTOR AND ILLUMINATION SYSTEM THEREOF

Coretronic Corporation, ...

1. A projector, comprising:an illumination system, comprising:
an excitation light source group, comprising at least one first light emitting element, wherein the first light emitting element is configured to provide a first beam;
a wavelength conversion element, having a reflective area and a wavelength conversion area, wherein the reflective area and the wavelength conversion area are configured to cut into a transmission path of the first beam by turns; and
a light combining element, disposed between the excitation light source group and the wavelength conversion element and having at least one first dichroic portion, at least one first reflective portion, and a first light combining surface facing the first light emitting element, wherein the first dichroic portion corresponds to a first quadrant of the first light combining surface and the first reflective portion corresponds to a third quadrant of the first light combining surface,
wherein the first beam is configured to penetrate through the first dichroic portion and to be transmitted to the wavelength conversion element,
wherein the reflective area is configured to reflect the first beam to the first reflective portion,
wherein the wavelength conversion area is configured to convert the first beam into an excited beam and reflect the excited beam to the light combining element,
wherein the first dichroic portion and the first reflective portion of the light combining element are configured to reflect the excited beam, and the first reflective portion of the light combining element is configured to reflect the first beam from the reflective area, so that the first beam and the excited beam constitute an illumination beam;
a light engine module, comprising a light valve, wherein the light valve is located on a transmission path of the illumination beam and is configured to convert the illumination beam into an image beam; and
a projection lens, located on a transmission path of the image beam, wherein the image beam becomes a projection beam after passing through the projection lens.

US Pat. No. 10,368,030

OPTIMIZED HISTOGRAM COMPUTATION FOR ADAPTIVE BACK LIGHT ALGORITHM DURING CAMERA PREVIEW AND VIDEO PLAYBACK

QUALCOMM Incorporated, S...

1. A method for image processing at a device, comprising:capturing, at a sensor of the device, an image frame including frame composition data;
generating histogram metadata for the image frame;
encoding the histogram metadata as supplemental enhancement information (SEI) for the image frame;
receiving, at a display post-processing module of the device, the image frame and the histogram metadata;
computing, by the display post-processing module of the device, a target display setting for the image frame based at least in part on the histogram metadata; and
outputting the image frame to a display based at least in part on the computed display setting.

US Pat. No. 10,368,023

IMAGE SENSOR SUPPORTING VARIOUS OPERATING MODES AND OPERATING METHOD THEREOF

Samsung Electronics Co., ...

1. An image sensor, comprising:an active pixel sensor array comprising first to fourth pixel units sequentially arranged in a column, wherein each of the first to fourth pixel units includes a plurality of pixels which share a same floating diffusion region with each other, a first pixel group including the first and second pixel units is connected to a first column line, and a second pixel group including the third and fourth pixel units is connected to a second column line; and
a correlated double sampling circuit including first and second correlated double samplers configured to convert a first sense voltage sensed from a selected pixel of the first pixel group and a second sense voltage sensed from a selected pixel of the second pixel group into first and second correlated double sampling signals, respectively,
wherein the first sense voltage is converted into the first correlated double sampling signal by one of the first and second correlated double samplers, and
the second sense voltage is converted into the second correlated double sampling signal by the other of the first and second correlated double samplers.

US Pat. No. 10,368,017

IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM

OLYMPUS CORPORATION, Tok...

1. An image processing apparatus for correcting blinking defect noise contained in image data generated by an image sensor, the image sensor comprising: a plurality of pixels arranged two-dimensionally and configured to receive light from outside to generate a signal according to an amount of the received light; and a plurality of reading circuits configured to read the signal as a pixel value, the image processing apparatus comprising:an image processor that comprises hardware, the image processor being configured to:
acquire the image data and noise information including one of positional information on a reading circuit in which blinking defect noise caused by the reading circuit occurs and positional information on each of the pixels;
set the image data acquired by the acquisition interface as correction target image data;
calculate a movement amount of a subject based on the correction target image data and reference image data, the reference image data being based on image data acquired at a time different from the acquisition of the correction target image data;
estimate a random noise amount around a pixel of interest of the correction target image data, wherein the estimation comprises:
acquire a reference pixel of the reference image data corresponding to one of the pixel of interest and a neighboring pixel of the pixel of interest, based on the movement amount;
calculate, based on the random noise amount, a representative value that indicates an expected pixel value in which blinking defect noise does not occur; and
correct the pixel value of the pixel of interest based on the representative value.

US Pat. No. 10,367,976

SINGLE IMAGE HAZE REMOVAL

The United States of Amer...

1. A method for single image haze removal, comprising the steps of:receiving, at a memory device, an input image having pixels, wherein the input image is a color image having three color channels;
converting, by a processor, each pixel in each channel of the input image to a floating-point value in a range of zero to one;
performing, by the processor, a brightness correction on the converted input image;
estimating, by the processor, an airlight value for the brightness-corrected input image, wherein the estimating step includes the step of computing a weighted average of the estimated airlight for each color channel for frames of a video according to equation:
A=((A+19·Aprev))/20
wherein A is the estimated airlight for a current frame, and Aprev is a weighted airlight value that is updated each frame to value A, and wherein the input image is a frame of the video,
wherein the estimating step includes the step of reducing each of said pixels to a minimum value of the one or more color channels, thus resulting in a two-dimensional image, and
wherein the estimating step further includes the steps of moving a window of a predetermined number of pixels across the 2D image pixel-by-pixel; and replacing each pixel with the minimum value found in said window of a predetermined number of pixels;
calculating, by the processor, a transmission map for one or more color channels of the brightness-corrected input image;
refining the transmission map for each said one or more color channels; and
providing, by the processor, a haze-reduced image to the memory device.

US Pat. No. 10,367,937

PROVIDING DATA MESSAGING SUPPORT BY INTERCEPTING AND REDIRECTING RECEIVED SHORT MESSAGE SERVICE (SMS) MESSAGES

West Corporation, Omah, ...

1. A method, comprising:identifying, at a message processing server, at least one of a sender of a message intended for a particular recipient;
wherein the identifying the context of the message comprises:
identifying at least one word from the message as being part of an exclusion list of terms that are not permitted to be forwarded to a recipient's personal computing device;
generating an automated response with first instructions to not attempt contacting the recipient;
transmitting the automated response to the sender; and
transmitting additional automated responses that provide additional instructions to not attempt contacting the recipient.

US Pat. No. 10,367,918

SYSTEM TO DYNAMICALLY ADJUST REQUEST VALUES AT A BACK-END APPLICATION SERVER

HARTFORD FIRE INSURANCE C...

1. A system to improve an accuracy of information generated by a back-end application computer server, comprising:(a) a communication port to facilitate receipt of a plurality of data streams of electronic messages, each data stream being received from one of a plurality of remote third-party administrator computer servers via a distributed communication network;
(b) a data stream computer store to store information received in the data streams of electronic messages;
(c) a rules computer store to store different sets of pre-determined rules for different third-party administrator computer servers;
(d) the back-end application computer server, coupled to the communication port, the data stream computer store, and the rules computer store, programmed to:
(i) receive from the data stream computer store information associated with a set of requests from a first third-party administrator computer server, each request being associated with a request value,
(ii) retrieve from the rules computer store a first set of pre-determined rules for the first third-party administrator computer server,
(iii) automatically apply the first set of pre-determined rules to the set of requests from the first third-party administrator computer server, said application resulting in at least one adjusted request value for the set of requests and an overall value based at least in part on the request values and the adjusted request value associated with the set of requests,
(iv) automatically transmit a settlement instruction, including the overall value, to an electronic transaction system, and
(v) as a result of application of the first set of pre-determined rules, automatically transmit a flag to an electronic messaging communication server;
(e) the electronic transaction system to receive the settlement instruction and to execute a settlement transaction in accordance with the overall value; and
(f) the electronic messaging communication server to receive said flag, and as a result of receiving said flag, trigger an electronic notification from the electronic messaging communication server to the remote computer device associated with the first third-party administrator computer server.

US Pat. No. 10,367,914

ATTACHING SERVICE LEVEL AGREEMENTS TO APPLICATION CONTAINERS AND ENABLING SERVICE ASSURANCE

CISCO TECHNOLOGY, INC., ...

1. A computer implemented method comprising: providing a template for orchestration of a cloud provided service in a datacenter, the template including selectable:virtual processing services, virtual networking services, storage services, and service level requirements for the cloud provided service, the datacenter including a plurality of segmented sections of the datacenter;
determining a provisioning queue placement for the cloud provided service based on at least the service level requirements; and
automatically provisioning the cloud provided service in at least one of the plurality of segmented sections based on the template, the provisioning including insertion of a request in a queue based on the provisioning queue placement, wherein if the insertion of the request causes displacement of another request, then the another request is shifted backwards in the queue to a next placement following the request, and
wherein the selectable service level requirements at least one of: include a time to provision the cloud provided service, and the provisioning queue placement is based on available computing resources to provision the cloud provided service, an existing queue of tasks requiring computing resources, and a priority level associated with the tasks in the existing queue or
include an uptime requirement and a tolerance for unavailability of the cloud provided service, andthe provisioning of the cloud provided service includes two or more data centers and is based on the uptime requirement and the tolerance for unavailability.

US Pat. No. 10,367,885

METHODS FOR USING EXTRACTED FEATURES TO PERFORM AN ACTION ASSOCIATED WITH SELECTED IDENTIFIED IMAGE

Network-1 Technologies, I...

1. A method comprising:(a) receiving, at a computer system from a user electronic device, a query related to an image obtained from the user electronic device;
(b) receiving, at the computer system, one or more extracted features of the image, wherein the one or more extracted features include a compact representation of at least a portion of the image related to one or more blocks of pixels of the image;
(c) identifying, using the computer system, one or more annotations associated with the image;
(d) identifying, at the computer system, one or more other images related to the image by comparing the one or more extracted features from the image with reference features from a first plurality of reference works using a sub-linear search of reference features that identifies one or more matches to the image but does not guarantee to identify an exact match to the image, wherein the first plurality of reference works are organized using a clustering technique based on annotations including the one or more annotations to eliminate a second plurality of reference works from being searched;
(e) providing, by the computer system to the user electronic device, the identified one or more other images along with action information associated with the identified one or more other images, wherein the action information is related to an action to be performed at the user electronic device;
(f) receiving, at the computer system from the user electronic device, a selection of one of the identified one or more other images; and
(g) providing, to the electronic device, machine readable instructions for performance of the action associated with the selected one of the identified one or more other images.

US Pat. No. 10,367,884

CONTENTS SHARING METHOD BETWEEN MOBILE TERMINAL AND LOCAL SERVER

SAMSUNG ELECTRONICS CO., ...

1. A method of communicating metadata of contents at an electronic device, the method comprising:receiving the metadata of the contents from a first device;
receiving a contents share service request if the electronic device is determined to be located within a predetermined area;
transmitting a response to the contents share service request for an approval of contents share service; and
establishing a communication channel with a second device, wherein the communication channel is a traffic channel available to the second device;
receiving metadata from the second device; and
transmitting the metadata information of the contents to the second device based on a result of matching the metadata of the contents from the first device and the metadata from the second device.

US Pat. No. 10,367,859

ORGANIZING A SYNCHRONOUS COMMUNICATION SESSION ACCORDING TO CONTEXT

INTERNATIONAL BUSINESS MA...

1. A computer hardware system, comprising: a hardware processor configured to initiate the following executable operations: detecting, based upon an input received from a user, a trigger event; identifying, based upon the trigger event, a foreground application executing within the computer hardware system when the input was received; retrieving, from the identified foreground application, a digital asset displayed in the foreground application when the input was received, the digital asset including content and metadata; analyzing the content of the digital asset to identify a list of candidate participants; displaying, within a user interface separate from the foreground application, the list; and sending, to at least one of the candidate participants selected from within the user interface, an invite for a synchronous communication session, wherein the detecting, the identifying, the retrieving, the analyzing, and the displaying are performed by a context agent executing within the computer hardware system and separate from the foreground application.

US Pat. No. 10,367,858

CONTEMPORANEOUS FEEDBACK DURING WEB-CONFERENCES

International Business Ma...

1. A computer-implemented method, comprising:initiating, by one or more processors, a web conferencing session between a host and a client, wherein the web conferencing session comprises:
receiving a presentation and transmitting the presentation to a semantic engine, wherein the semantic engine performs an automatic machine learning session to generate a presentation concepts list comprising concepts relevant to the presentation; and
progressively displaying the presentation in a thin client application on the client, wherein progression of the presentation is controlled by the host;
monitoring, by the one or more processors, on the client, during the web conferencing session, activities executed on the client;
extracting, by the one or more processors, web concepts related to the activities executed on the client;
determining, by the one or more processors, an interest level of a user of the client in the presentation, based on determining a presence or absence of a relationship of each web concept to one or more of the concepts relevant to the presentation on the presentation concepts list; and
displaying, by the one or more processors, the interest level of a user in a graphical user interface on the host.

US Pat. No. 10,367,857

MANAGING CONFERENCE-CALLS

INTERNATIONAL BUSINESS MA...

1. A computer-implemented conference call management method, the method comprising:inferring an Internet Protocol (IP) address of a new user requesting to join a call including at least one other user;
inferring a codec to stream an emulated network pattern for the call in a case where the new user were to join the call, at a network level;
measuring a call quality perceived by the at least one other user in the call, at a user end, while the emulated codec is run on the call;
measuring an impact on the call quality in a case that the new user joins the call based on the perceived call quality and the emulated network pattern; and
displaying the impact via a Graphical User Interface (GUI) for a moderator to decide whether to accept the new user to the call based on the measured impact on the call quality indicating that the call quality is sustained after accepting the new user to the call,
wherein the codec includes a dummy packet streamed on the call such that the call quality does not chance while the codec is streamed on the call, and
wherein the call quality is sustained after the new user joins the call when the perceived call quality and the emulated network pattern are unchanged.

US Pat. No. 10,367,856

FAILOVER MANAGEMENT OF SIP BASED MULTIMEDIA COMMUNICATION SESSIONS

STERLITE TECHNOLOGIES LIM...

1. A method comprising:storing, in a data store, active session information received from a first session initiation protocol (SIP) server for an active session between a first user agent and a second user agent, wherein the active session is associated with the first SIP server;
providing, by a processing device, in response to a determination that the first SIP server is unavailable, the active session information to a second SIP server to maintain continuity of the active session between the first user agent and the second user agent; and
causing the second SIP server to generate a first Re-INVITE message to provide to the first user agent and a second Re-INVITE message to provide to the second user agent, wherein the first Re-INVITE message comprises at least a portion of the active session information to continue the active session.

US Pat. No. 10,367,855

SWITCH CONTROLLER FOR SEPARATING MULTIPLE PORTIONS OF CALL

TEVNOS LLC, San Francisc...

1. A method comprising:receiving a call from an origination endpoint requesting to be connected to a remote endpoint;
receiving acceptance of the call from the remote endpoint;
separating audio of the call based on the origination endpoint and the remote endpoint where corresponding portions of the audio are generated, using a switch controller, into;
a first isolated audio portion of the audio from the origination endpoint; and
an additional isolated audio portion of the audio from the remote endpoint;
sending the first isolated audio portion to an external database;
establishing the audio of the call by merging the first isolated audio portion and the additional isolated audio portion; and
providing, to a third party, access to listen to the call and an ability to inject audio into one or more of the first isolated audio portion and the additional isolated audio portion.

US Pat. No. 10,367,854

METHOD AND APPARATUS FOR CONTROLLING SERVICES IN AN INTERNET PROTOCOL MULTIMEDIA SUBSYSTEM

Telefonaktiebolaget LM Er...

1. A method for controlling services in an Internet Protocol Multimedia Subsystem (IMS), the IMS comprising a Home Subscriber Server (HSS) and a Serving Call Session Control Function server (S-CSCF), the method comprising:configuring, in the HSS, a service profile (SP) in relationship with a subscription to the IMS of a user, the SP comprising a set of SP data usable by the S-CSCF for processing of services of the user;
transmitting the set of SP data from the HSS to the S-CSCF, and controlling, by the S-CSCF, processing of services of the user according to the set of SP data received from the HSS;
wherein the configuring the SP comprises configuring new SP data used to identify, in the S-CSCF, a controlling rule, the controlling rule comprising values for one or more timers for controlling, by the S-CSCF, the value of a time associated with the processing of services of the user;
configuring, in the S-CSCF, a controlling rule, the controlling rule comprising: a rule value that maps to a value of the new SP data, and, in relationship with the rule value, values for one or more timers for controlling, by the S-CSCF, a time associated with the processing of services of the user;
wherein the transmitting the set of SP data comprises transmitting the new SP data.

US Pat. No. 10,367,853

METHOD AND ENTITY IN A LI SYSTEM FOR POSITIONING OF A TARGET CONNECTED TO A WI-FI NETWORK

Telefonaktiebolaget LM Er...

1. A method performed by a mediation function entity for enabling a Law Enforcement Agency (LEA) to determine targets' positions, said targets are connected to a WiFi network via Access Points, the method comprises steps of:the mediation function entity receiving a first Remote Authentication Dial-In User Service (RADIUS) account message for a first subscriber having been accepted access to the WiFi network via a first Access Point, wherein the mediation function entity is in a Lawful Intercept (LI) system;
the mediation function entity receiving a second RADIUS account message for a second subscriber having been accepted access to the WiFi network via a second Access Point;
the mediation function entity determining whether at least one of the first subscriber and the second subscriber is a target;
as a result of determining that the first subscriber is a target, the mediation function entity retrieving from the received first RADIUS account message RADIUS parameters corresponding to an Access Point Identifier and a Service Set Identifier (SSID);
the mediation function entity sending, to the LEA, a target identification for the first subscriber and the retrieved RADIUS parameters corresponding to the Access Point Identifier and the SSID; and
as a result of determining that the second subscriber is not a target, the mediation function entity discarding the second RADIUS account message.

US Pat. No. 10,367,852

MULTIPLEXED DEMAND SIGNALED DISTRIBUTED MESSAGING

Swim.IT Inc., San Jose, ...

1. A method programmed in a non-transitory memory of a device comprising:a. establishing one or more network connections for peer-to-peer real-time message distribution; and
b. routing one or more messages to an appropriate destination using the one or more network connections utilizing load balancing and routing functions, wherein when the one or more messages go to multiple subscribers on a single host, the one or more messages from a publisher are only sent once over the one or more network connections, and the one or more messages are broadcast locally without explicit involvement of a publisher and a subscriber to each subscriber of the multiple subscribers on the single host, wherein routing utilizes one or more links and one or more lanes, wherein at least one of the links is a synced link which enables the subscriber to receive the one or more messages from the publisher that existed prior to generation of the link.

US Pat. No. 10,367,851

SYSTEM AND METHOD FOR AUTOMATIC DATA PROTECTION IN A COMPUTER NETWORK

Microsoft Israel Research...

1. A method for operating an architecture that controls access to confidential data by executing one or more data management policies when an attempt to transform the confidential data is detected, the method being performed by a computer system that operates with the architecture, the method comprising:the computer system assigning one or more information profiles to a data item, wherein the one or more information profiles indicate a sensitivity level for the data item;
the computer system associating a defined set of one or more policies with the data item, wherein the defined set of one or more policies, when executed for the data item by the computer system, control how the data item is accessed, the control being based at least partially on the data item's indicated sensitivity level;
the computer system storing a hash value for the data item, the hash value being usable to identify the data item within the computer system in connection with one or more subsequent access events for that data item;
the computer system identifying an access event for the data item,
the computer system identifying the defined set of one or more policies that apply to the data item corresponding to the access event, based at least in part on the data item's hash value;
in response to identifying the defined set of one or more policies that apply to the data item corresponding to the access event, the computer system executing the defined set of policies for the data item to control or limit access to the data item in response to the identified access event; and
the computer system tracking execution of the defined set of policies for the data item by logging protection implementation information to a system log, wherein tracking the execution in the system log includes logging how protections were actually implemented on the data item during the execution of the defined set of policies for the data item.

US Pat. No. 10,367,850

MANAGING COMMUNICATIONS BETWEEN COMPUTING NODES

Amazon Technologies, Inc....

1. A computer-implemented method comprising:obtaining, by one or more configured computing devices of an application execution service, information indicating an access policy for use with a first computing node;
initiating, by the one or more configured computing devices, execution of the first computing node as a virtual machine hosted by a physical computing system of the application execution service; and
configuring by the one or more configured computing devices, a software component executing on the physical computing system to manage communications for virtual machines hosted by the physical computing system, wherein the configuring includes storing information on the physical computing system about the access policy for use by the software component in managing communications for the first computing node, and wherein the software component is configured to:
intercept a first communication addressed to the first computing node;
determine whether the first communication is in accordance with the access policy;
if the first communication is in accordance with the access policy, forward the first communication to the first computing node;
receive another communication indicating the first computing node as a source of the other communication;
determine whether the other communication is in accordance with the access policy; and
if the other communication is in accordance with the access policy, forward the other communication to a destination of the other communication.

US Pat. No. 10,367,849

METHOD AND SYSTEM FOR DETECTING PHISHING PAGE

Baidu Online Network Tech...

1. A method for detecting a phishing page, comprising:intercepting user data attempted to be submitted by a current page to a server;
constructing detection data having a structure identical to a structure of the user data, content of the detection data being different from content of the user data;
submitting the detection data to the server; and
determining whether the current page is a phishing page based on a response from the server;
providing a user with a risk warning in response to determining the current page being a phishing page;
receiving a feedback on the risk warning from the user;
generating a phishing website database based on the feedback; and
determining whether the current page is a phishing website by using the phishing website database, before the intercepting user data attempted by the current page to submit to the server.

US Pat. No. 10,367,848

TRANSMITTING RELAY DEVICE IDENTIFICATION INFORMATION IN RESPONSE TO BROADCAST REQUEST IF DEVICE MAKING REQUEST IS AUTHORIZED

NEC CORPORATION, Tokyo (...

1. A communication control device comprising:hardware, including a processor and memory;
a first transmission unit implemented at least by the hardware and configured to receive a broadcast request for identification information of a relay device for relaying communication from a first information processing device and transmit fake identification information of the communication control device to the first information processing device in response to a request from the first information processing device; and
a second transmission unit implemented at least by the hardware and configured to receive software information of the first information processing device and transmit identification information of the relay device to the first information processing device when the received software information is authorized.

US Pat. No. 10,367,847

ADDRESSING LOGIN PLATFORM SECURITY RISKS

International Business Ma...

1. A computer-implemented method comprising:identifying suspected fraudulent attempts being associated with a primary login platform by determining whether one or more matching sensitive information artefacts match a primary sensitive information artefact of a matching login platform;
responsive to the one or more matching sensitive information artefacts matching the primary sensitive information artefact, determining a security divergence factor between the primary login platform and each of the matching login platforms based on at least one of one or more security levels associated with each of the primary login factor and each of the matching login platforms and one or more security categories associated with each of the primary login factor and each of the matching login platform;
determining whether the security divergence factor exceeds a predefined security divergence threshold; and
responsive to identifying the one or more security developments, automatically updating the security credentials of the user to decrease the access level, increasing the security category for the primary login platform, and modifying one or more sensitive information artefacts associated with the primary login platform for the user.

US Pat. No. 10,367,846

SELECTIVELY CHOOSING BETWEEN ACTUAL-ATTACK AND SIMULATION/EVALUATION FOR VALIDATING A VULNERABILITY OF A NETWORK NODE DURING EXECUTION OF A PENETRATION TESTING CAMPAIGN

XM Cyber Ltd., Hertzliya...

1. A method for penetration testing of a networked system by a penetration testing system using both active and passive validation methods wherein the penetration testing system is controlled by a user interface of a computing device, the method for penetration testing comprising:a. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs;
b. determining a first target network node of the networked system to be the next network node to attempt to compromise;
c. determining a first vulnerability of network nodes to be used for compromising the first target network node;
d. determining a first damage to the first target network node that can be caused by validating the first vulnerability for the first target network node by using active validation;
e. selecting a first validation method for validating the first vulnerability for the first target network node, a type of the first validation method being:
A. selected from the type group consisting of active validation and passive validation; and
B. associated with the first damage;
f. validating the first vulnerability for the first target network node using the first validation method;
g. determining a second target network node of the networked system to be the next network node to attempt to compromise;
h. determining a second vulnerability of network nodes to be used for compromising the second target network node;
i. determining a second damage to the second target network node that can be caused by validating the second vulnerability for the second target network node by using active validation;
j. selecting a second validation method for validating the second vulnerability for the second target network node, a type of the second validation method being:
A. selected from the type group consisting of active validation and passive validation;
B. associated with the second damage; and
C. different from the type of the first validation method;
k. validating the second vulnerability for the second target network node using the second validation method; and
l. reporting at least one security vulnerability of the networked system determined to exist based on results of performing steps b-k, wherein the reporting comprises performing at least one operation selected from the group consisting of: (A) causing a display device to display a report containing information about the at least one security vulnerability of the networked system, (B) storing the report containing information about the at least one security vulnerability of the networked system in a file and (C) electronically transmitting the report containing information about the at least one security vulnerability of the networked system,wherein all of steps b-l are performed by the penetration testing system, and wherein the one or more manually-entered inputs received via the user interface explicitly define at least one item selected from the group consisting of (i) a type of a validation method associated with the first damage, and (ii) a type of a validation method associated with the second damage.

US Pat. No. 10,367,845

SYSTEMS AND METHODS FOR EVALUATING INFECTION RISKS BASED ON PROFILED USER BEHAVIORS

Symantec Corporation, Mo...

1. A computer-implemented method for evaluating infection risks based on profiled user behaviors, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:collecting, by the computing device comprising the at least one hardware processor, a plurality of user-behavior profiles that comprises:
a plurality of labeled profiles that comprises:
a plurality of infected profiles, wherein each of the plurality of infected profiles comprises a profile of user behaviors that occurred at an associated infected computing system that is known to have encountered malware; and
a plurality of clean profiles, wherein each of the plurality of clean profiles comprises a profile of user behaviors that occurred at an associated clean computing system that is known to be free of malware; and
a plurality of unlabeled profiles, wherein each of the plurality of unlabeled profiles comprises a profile of user behaviors that occurred at an associated computing system that is not known to have encountered malware and not known to be free of malware;
assigning, before training a classification model to distinguish infected profiles from clean profiles, a pseudo label to each of the plurality of unlabeled profiles by:
labeling a first group of the plurality of unlabeled profiles as infected profiles based at least in part on one or more of:
a similarity between unlabeled profiles in the first group and at least one labeled profile in the plurality of infected profiles; or
a mapping of the unlabeled profiles in the first group to a first region of a feature space defined by a lowest-density region of the feature space; and
labeling a second group of the plurality of unlabeled profiles as clean profiles based at least in part on one or more of:
a similarity between unlabeled profiles in the second group and at least one labeled profile in the plurality of clean profiles; or
a mapping of the unlabeled profiles in the second group to a second region of the feature space defined by the lowest-density region of the feature space; and
training the classification model to distinguish infected profiles from clean profiles using features and labels of the plurality of user-behavior profiles;
using the classification model to predict at least one of:
a likelihood that a computing system of a user will become infected based at least in part on a profile of user behaviors of the user; or
a likelihood that a user behavior in the plurality of user-behavior profiles will result in a computing-system infection.

US Pat. No. 10,367,844

SYSTEMS AND METHODS OF NETWORK SECURITY AND THREAT MANAGEMENT

MASERGY COMMUNICATIONS, I...

12. A network security and threat management system, comprising:a computer configured to:
receive traffic information generated based, at least in part, upon an analysis of packets directed to a plurality of enterprise assets, wherein the traffic information includes a resource violation message reporting an unknown client's attempt to use an unknown protocol;
receive vulnerability information generated based, at least in part, upon an analysis of one or more of the plurality of enterprise assets;
receive vendor alert information provided by one or more third-party vendors;
continuously correlate:
the received traffic information, vulnerability information, and vendor alert information;
assign threat points to each of the plurality of security threats based, at least in part, upon the continuous correlation, wherein to assign the threat points the computer is further configured to:
upgrade the threat points associated with the given security threat in response to the traffic information being correlated with the vulnerability information;
upgrade the threat points associated with the given security threat in response to the traffic information being correlated with the vendor alert information; and
upgrade the threat points associated with the given security threat in response to the vulnerability information being correlated with the vendor alert information; and
dynamically adjust a priority of a given one of the plurality of security threats by escalating a security threat with a highest potential to be successful and modifying a risk associated with other security threats based, at least in part, upon the continuous correlation and upon an age of the given one of the plurality of security threats,
wherein escalating the security threat with the highest potential to be successful comprises identifying, based on an age of the vulnerability information, an enterprise asset of the plurality of enterprise assets being vulnerable to the security threat and the age of the vulnerability information with respect to the security threat.

US Pat. No. 10,367,843

SECURING A NETWORK

PacketSled, Inc., Santa ...

1. An apparatus comprising a non-volatile machine-readable medium storing a program having instructions which when executed by a processor will cause the processor to enhance security of a data network, the instructions of the program for:decomposing a stream of flow objects from a plurality of sensors coupled to the data network into components that are at least one of (a) oscillating, (b) exponentially growing, (c) exponentially decaying, (d) mean, and (e) stochastic;
sorting the components into categories including at least normal, anomalous known and anomalous unknown, wherein the normal category is indicative of normal behavior in the corresponding flow objects, the anomalous known category is indicative of anomalous behavior in the corresponding flow objects having a known cause, and the anomalous unknown category is indicative of anomalous behavior in the corresponding flow objects having an unknown cause; and
allowing network activity associated with normal behavior, and interdicting network activity associated with anomalous known behavior or anomalous unknown behavior;
wherein the flow objects each comprises a single alphanumeric value or a set of alphanumeric values mathematically processed from raw data collected from the plurality of sensors over time;
wherein the stream of flow objects consists of a finite dimensional nonlinear system;
wherein decomposing the stream of flow objects comprises transforming the finite dimensional nonlinear system to an infinite linear set.

US Pat. No. 10,367,842

PEER-BASED ABNORMAL HOST DETECTION FOR ENTERPRISE SECURITY SYSTEMS

NEC Corporation, (JP)

1. A method for determining a risk level of a host in a network, comprising:modeling a target host's behavior based on historical events, which include network events and process events, recorded at the target host;
determining one or more original peer hosts having behavior similar to the target host's behavior, including an iterative clustering process that assigns a set of initial cluster centroids and updates the centroids after assigning hosts to a closet cluster to identify peer hosts in a lateral space;
determining an anomaly score for the target host using a processor based on how the target host's behavior changes relative to behavior of the one or more original peer hosts over time; and
performing a security management action based on the anomaly score.

US Pat. No. 10,367,841

METHOD AND SYSTEM FOR LEARNING REPRESENTATIONS FOR LOG DATA IN CYBERSECURITY

1. A cybersecurity method comprising:forming a time based series of behavioral features comprising human engineered features by extracting at least one behavioral feature from a first set of log data retrieved over a first time segment, and extracting at least one behavioral feature from a second set of log data retrieved over a second time segment;
analyzing the time based series of behavioral features,
wherein said analyzing the time based series of behavioral features comprises using a neural network based system, a dimensionality reduction system, random forest system, or combinations thereof,
deriving machine learned features from said time based series of behavioral features through said analyzing the time based series of behavioral features; and
detecting an attack or threat to an enterprise or e-commerce system through said analyzing the time based series of behavioral features,
wherein said detecting an attack or threat comprises determining behavioral patterns indicative of said attack or threat based on the combination of said human engineered features and said machine learned features,
wherein the time based series of behavioral features is formatted into a time-based matrix, wherein each behavioral feature is associated with an entity and a time segment.

US Pat. No. 10,367,840

TECHNOLOGIES FOR SECURE PERSONALIZATION OF A SECURITY MONITORING VIRTUAL NETWORK FUNCTION

Intel Corporation, Santa...

1. A network functions virtualization (NFV) security services controller of an NFV network system for secure personalization of a security monitoring virtual network function (VNF), the NFV security services controller comprising:one or more processors; and
one or more memory devices having stored therein a plurality of instructions that, when executed by the one or more processors, cause the NFV security services controller to:
receive, from an NFV orchestrator of the NFV network system, an indication that the NFV orchestrator has provisioned a new element, wherein the indication includes identifying information usable to identify the new element;
provision a security monitoring policy as a function of the identifying information;
associate a security monitoring VNF of the NFV network system with the new element as a function of the provisioned security monitoring policy;
transmit another indication to a VNF manager responsible for managing the security monitoring VNF, wherein the other indication is usable to identify the provisioned security monitoring policy;
receive, from the security monitoring VNF and subsequent to having transmitted the other indication to the VNF manager, a message from the security monitoring VNF indicating the security monitoring policy has been successfully updated at the security monitoring VNF; and
activate the security monitoring policy for network traffic through the NFV network system.

US Pat. No. 10,367,839

GRAPHICAL USER INTERFACE PROGRAMMED TO DISPLAY COMPLEX INDICATORS BASED ON STRUCTURED THREAT EXPRESSIONS

CISCO TECHNOLOGY, INC., ...

1. A computer system for visualizing cybersecurity threat information provided by a computer network with a plurality of computing devices, the computer system comprising:a display;
one or more processors coupled to the display;
one or more non-transitory computer-readable storage media coupled to the one or more processors and storing data that represents one or more expressions and one or more sequences of instructions which when executed by the one or more processors causes the one or more processors to:
retrieve, from the storage media, the data that represents an expression comprising a plurality of observables;
parse the data that represents the expression to identify the plurality of observables, one or more Boolean operators, and one or more interdependencies between observables of the plurality of observables; wherein an interdependency, of the one or more interdependencies, determines a logical relationship between two observables, of the plurality of observables, that are concatenated using a Boolean operator of the one or more Boolean operators;
generate a plurality of observation objects that corresponds to the plurality of observables; wherein an observation object of the plurality of observation objects corresponds to a respective observable of the plurality of observables, and stores information included in the respective observable;
generate one or more Boolean graphical objects that correspond to the one or more Boolean operators; wherein two observation objects, of the plurality of observation objects, are to be concatenated using a Boolean graphical object, of the one or more Boolean graphical objects, that corresponds to a Boolean operator that concatenates respective two observables of the plurality of observables;
cause to present, in an expression visualizer portion of the display, the plurality of observation objects, contents included in the plurality of observations objects, and the one or more Boolean graphical objects connecting observation objects of the plurality of observation objects to represent the interdependencies determined for the plurality of observables.

US Pat. No. 10,367,838

REAL-TIME DETECTION OF ABNORMAL NETWORK CONNECTIONS IN STREAMING DATA

NEC CORPORATION, (JP)

1. A method for detecting anomalous network activity, comprising:determining that a network event does not exist within an existing topology graph, which records normal states of network connections among hosts in the network, and port graph, which records a relationship between a connection-initiating process and a destination port;
determining a connection probability for the network event using a processor;
determining that the connection probability is below a threshold to identify the network event as abnormal; and
responding to abnormal network events in real-time.

US Pat. No. 10,367,837

OPTIMIZING SECURITY ANALYSES IN SAAS ENVIRONMENTS

International Business Ma...

1. A method comprising:receiving, by one or more hardware processors, a set of observables from an interfacing entity, and one or more of: a set of structured threat data and a set of unstructured threat data;
analyzing, by the one or more hardware processors, at least one of the set of observables, the set of structured threat data, and the set of unstructured threat data, wherein at least one of an observable of the set of observables, the set of structured threat data, and the set of unstructured threat data is analyzed using cognitive computing;
creating, by the one or more hardware processors, a subgraph, based, at least in part, on the analyzed at least one of the set of observables, the set of structured threat data, and the set of unstructured threat data, wherein the subgraph represents the set of observables, the set of structured threat data and the set of unstructured threat data,
wherein the subgraph is continuously updated upon receiving updates from multiple interfacing entities,
wherein the subgraph provides a solution for at least one of: malicious software and a malicious connection to a Uniform Resource Locator (URL), an internet protocol (IP) address, a hash, or a computer file,
wherein the subgraph further provides the solution on a user interface in an interactive format for a user, and
wherein the solution comprises a link to a downloadable security patch and information detailing instructions to install the security patch;
transferring, by the one or more hardware processors, the subgraph through intelligent traversals to the interfacing entity;
displaying, by the one or more hardware processors, the subgraph on the user interface; and
responsive to the user interacting with the link, installing and initiating, by the one or more hardware processors, the security patch on the interfacing entity.

US Pat. No. 10,367,836

METHOD AND APPARATUS FOR DETECTING ABNORMAL STATE OF BEACON DEVICE IN WIRELESS MESH NETWORK AND RECORDING MEDIUM STORING COMPUTER PROGRAM FOR EXECUTING THE METHOD

SK PLANET CO., LTD., Seo...

7. A service device for providing service information corresponding to beacon identification information to a plurality of user terminal devices through a communication network, the service device comprising:a communicator configured to:
communicate with a beacon device and the user terminal device, respectively; and
collect information regarding service traffic of the beacon device;
a processor configured to:
collect statistical data regarding the service traffic of the beacon device in a normal state;
monitor service traffic generated between the service device and the plurality of user terminal devices;
determine a state of the beacon device corresponding to the beacon identification information based on a variation of an amount of service traffic, wherein the beacon identification information is assigned to each beacon device;
receive, from the user terminal device, a service request based on the beacon identification information;
identify the service information stored in a memory that is corresponding to the beacon identification information; and
transmit, to the user terminal device, the identified service information corresponding to the beacon identification information; and
the memory configured to:
store the service information corresponding to the beacon identification information; and
store an average amount of the service traffic of the beacon device in the normal state based on the collected statistical data, wherein
the communicator is further configured to periodically receive, from the beacon device, a state check message; and
the processor is further configured to:
determine whether the service traffic of the beacon device is valid based on the received state check message; and
control the beacon device such that the beacon device changes channels.

US Pat. No. 10,367,835

METHODS AND APPARATUS FOR DETECTING SUSPICIOUS NETWORK ACTIVITY BY NEW DEVICES

EMC IP Holding Company LL...

1. A method comprising:obtaining network event data for a given entity, wherein said given entity comprises one of a user and a user device;
determining, using at least one processing device, a number of distinct other entities associated with said given entity during a predefined short time window, wherein said distinct other entities comprise user devices used by said user if said given entity comprises a user and comprise users of the user device if said given entity comprises a user device;
determining, using the at least one processing device, a number of distinct other entities associated with said given entity during a predefined longer time window, wherein said predefined longer time window is longer than said predefined short time window;
assigning, using the at least one processing device, a risk score to said given entity by one or more of (i) evaluating said number of distinct other entities associated with said given entity during said predefined short time window relative to said number of distinct other entities associated with said given entity during said predefined longer time window, and (ii) evaluating said number of distinct other entities associated with said given entity during said predefined short time window relative to a predefined number; and
detecting, using the at least one processing device, anomalous network activity by said given entity based on said assigned risk score.

US Pat. No. 10,367,834

SYSTEMS AND METHODS FOR IMPLEMENTING INTRUSION PREVENTION

CloudPassage, Inc., San ...

1. A computer system comprising:one or more processing units;
memory storing one or more programs for execution by the one or more processors, the one more programs comprising:
instructions for receiving data collected at one or more remote computing assets;
instructions for obtaining a plurality of workflow templates, wherein each respective workflow template in the plurality of workflow templates corresponds to a different threat vector in a plurality of threat vectors and wherein each respective workflow template in the plurality of workflow templates comprises: (i) a trigger definition, (ii) an authorization token, and (iii) an enumerated countermeasure responsive to the corresponding threat vector; and
instructions for identifying an active threat by comparing the data collected at the one or more remote computing assets against the trigger definition of respective workflow templates in the plurality of workflow templates, wherein, when a match between the data collected at the one or more remote computing assets and a specific trigger definition of a corresponding specific workflow template is identified, an active threat is deemed to be identified, and the instructions for identifying further comprise:
(A) enacting the authorization token of the corresponding workflow template, wherein the enacting comprises:
(a) obtaining authorization from a first authorization contact associated with the corresponding workflow template, the obtaining (a) comprising (i) pushing an alert regarding the corresponding workflow template through a first established trust channel to a first remote device associated with the first authorization contact without user intervention by the first authorization contact, wherein the first remote device is other than the one or more remote computing assets, and (ii) receiving a first indication to proceed from the first authorization contact, and
(b) obtaining authorization from a second authorization contact associated with the corresponding workflow template, by a method comprising (i) pushing the alert regarding the corresponding workflow template through a second established trust channel to a second remote device associated with the second authorization contact without user intervention by the second authorization contact, wherein the second remote device is other than the one or more remote computing assets and wherein the second remote device is other than the first remote device, and (ii) receiving a second indication to proceed from the second authorization contact,
(c) pushing the alert to a plurality of authorization contacts, wherein the plurality of authorization contacts consists of three of more authorization contacts and includes the first and the second authorization contacts,
(B) responsive to satisfactory completion of authorization protocol, wherein satisfaction of the authorization protocol requires receiving an indication to proceed from more than a predetermined number of authorization contacts in the plurality of authorization contacts, including the first and the second indication to proceed, wherein the predetermined number of authorization contacts is less than the number of authorization contacts in the plurality of authorization contacts, executing the enumerated countermeasure of the corresponding workflow template, and
(C) originating or maintaining the established first trust channel by:
receiving a request from a security control module running within an operating system on the first remote device, wherein the request includes a policy identifier that identifies a security policy,
generating a unique agent identity token, which includes a cryptographic key,
transmitting the unique agent identity token to the security control module,
selecting a set of commands according to the identified security policy, based on (i) a current state of the operating system, (ii) a current state of the security control module, and, optionally (iii) a current state of one or more applications running in the operating system on the first remote device,
placing the set of commands in a command queue for retrieval and execution by the first remote device,
receiving data from the first remote device responsive to execution of the set of commands on the first remote device, and
using the data to originate or maintain the first established trust channel with the first remote device.

US Pat. No. 10,367,833

DETECTION OF FORBIDDEN SOFTWARE THROUGH ANALYSIS OF GUI COMPONENTS

International Business Ma...

1. A computer-implemented method for controlling execution of a computer program, upon the computer program being executed on a computer system, the method comprising:detecting structural elements of a graphical user interface of the computer program, the structural elements of the graphical user interface of the computer program comprising a number of menu items in the graphical user interface, a type of each menu item in the graphical user interface, a structure of elements of a toolbar of the graphical user interface, and a number of elements of the toolbar of the graphical user interface;
comparing the detected structural elements with each signature of a set of stored signatures, each signature comprising structural elements of a graphical user interface of allowed computer programs, the structural elements of the graphical user interface of each allowed computer program comprising a number of menu items in the graphical user interface, a type of each menu item in the graphical user interface, a structure of elements of a toolbar of the graphical user interface, and a number of elements of the toolbar of the graphical user interface, wherein each signature of the set of stored signatures is generated based on the structural elements of the graphical user interface of an associated allowed computer program by the method comprising:
generating a complexity factor using the structural elements of the graphical user interface of the associated allowed computer program, wherein one or more of the structural elements are weighted such that at least one structural element is weighted more than one other structural element;
comparing the generated complexity factor to a predefined threshold value;
responsive to the complexity factor exceeding the predefined threshold value, generating the signature; and
responsive to the complexity factor failing to exceed the pre-defined threshold value, rejecting the generation of the signature; and
upon failing to find a matching signature among the set of stored signatures when comparing, inhibiting further executing of the computer program.

US Pat. No. 10,367,832

REACTIVE VIRTUAL SECURITY APPLIANCES

Rapid7, Inc., Boston, MA...

1. A method for monitoring network activity, the method comprising:deploying at least a first virtual security appliance simulating a service to a location on a network corresponding to a physical location;
receiving data regarding an attack on the first virtual security appliance, wherein the attack targets the simulated service;
deploying at least one subsequent virtual security appliance simulating the targeted service to the location on the network corresponding to the physical location in response to the attack; and
alerting a user of the targeted service in the physical location about the attack on the first virtual security appliance targeting the service, wherein the user is alerted about the attack based on the user being in the physical location of the attack and based on the user using the targeted service.

US Pat. No. 10,367,831

SYSTEMS, METHODS, AND DEVICES FOR DEFENDING A NETWORK

1. A system, comprising:a memory that stores instructions; and
a processor that executes the instructions to perform operations, the operations comprising:
determining if greater than a configurable amount of network traffic during a time period comprises attack traffic, wherein the network traffic is addressed to a target;
assessing an existing route and next hop for the network traffic;
inserting a route to a backbone network ingress point comprising a longer prefix than the existing route and a next hop address associated with the scrubbing complex, thereby causing the route to be a more specific route than the existing route;
redirecting, if greater than the configurable amount of the network traffic is determined to comprise the attack traffic, a portion of the attack traffic to a scrubbing complex by using the route;
transmitting, to the target, scrubbed attack traffic from the scrubbing complex; and
ranking, by utilizing statistics determined by the scrubbing complex, a plurality of ingress points contributing to the attack traffic and ranking each traffic of the attack traffic contributing to the attack traffic, wherein the statistics specify an amount of the network traffic that each ingress point of the plurality of ingress points contributes to the attack traffic.

US Pat. No. 10,367,830

SECURITY ACTION OF NETWORK PACKET BASED ON SIGNATURE AND REPUTATION

TREND MICRO INCORPORATED,...

1. A device comprising a hardware processor and a memory, the memory comprising instructions that, when executed by the hardware processor, cause the device to:determine a reputation of an entity associated with a network packet;
determine whether a signature matches the network packet or associated flow of the network packet, wherein the signature that matches the network packet or associated flow of the network packet is a partial or full match of a malware; and
determine a security action based on the reputation of the entity associated with the network packet and the signature that matches the network packet or associated flow of the network packet.

US Pat. No. 10,367,829

PROTECTING THREAT INDICATORS FROM THIRD PARTY ABUSE

Anomali Incorporated, Re...

1. A computer-based method for detecting threats based on obfuscated threat indicators, the method comprising:receiving, from a server, an obfuscated threat indicator associated with an identified cyber-threat that was determined by the server to be above a threshold level of quality, the obfuscated threat indicator having been generated by the server responsive to determining that the identified-cyber-threat is above the threshold level of quality by: including a threat data source of a threat indicator and excluding raw information of the threat indicator;
identifying one or more client-side events occurring within a third-party system, each client-side event identified by an entity identifier indicating an entity to which the client-side event is attributed;
determining that the third-party system experienced a cyber-threat when the obfuscated threat indicator matches at least one entity identifier; and
in response to determining that the third-party system experienced the cyber-threat:
generating descriptive information associated with the obfuscated threat indicator; and
transmitting the descriptive information to the third-party system.

US Pat. No. 10,367,828

ACTION RESPONSE FRAMEWORK FOR DATA SECURITY INCIDENTS

International Business Ma...

1. A method for responding to data security incidents in an enterprise network, comprising:storing, in an incident manager, information concerning the data security incidents, the information being one or more incident objects, wherein at least one incident object includes information for at least one data security incident, and one or more incident artifacts that include information for data resources identified within the incident object, wherein the incident objects and the incident artifacts are organized as an object-oriented inheritance hierarchy with the incident artifacts distinct from the incident objects;
comparing the information to a set of action conditions to determine action conditions satisfied by at least some of the information;
combining into a message contents of any incident object and incident artifact associated with a satisfied action condition;
providing the message to one or more devices, wherein at least one device includes a message interface that receives the message over a virtual connection established between the incident manager and the message interface; and
executing actions that reference the information on the one or more devices.

US Pat. No. 10,367,827

USING NETWORK LOCATIONS OBTAINED FROM MULTIPLE THREAT LISTS TO EVALUATE NETWORK DATA OR MACHINE DATA

SPLUNK INC., San Francis...

1. A computer-implemented method for identifying notable events in a set of events to facilitate identification of computer or network security-related events, the set of events including a plurality of subsets of events, an event in the set of events comprising a portion of raw machine data representing activity involving at least one host in a plurality of hosts distributed across an enterprise's network, the method comprising:accessing a plurality of threat location lists from third-party sources;
receiving, from a user:
(i) criteria for at least one correlation search for notable events that occur on the enterprise's network, and
(ii) designation of a set of threat location lists from the accessed plurality of threat location lists;
generating an aggregated threat location list by merging and deduplicating the designated set of threat location lists from the plurality of threat location lists, the aggregated threat list stored in an index;
in response to receiving the criteria for the at least one correlation search, for a subset of events in the set of events:
extracting a network location and values for one or more fields identified in the criteria from at least one event in the subset of events, at analysis time, by using an extraction rule or regular expression that is associated with an identified field and with the subset of events, the extraction rule or regular expression defining how to extract the network location from the portion of raw machine data, and
determining notable events based on the criteria by determining that:
(i) the extracted network location for the at least one event in the subset of events matches a threat location in the aggregated threat location list stored in the index, and
(ii) the extracted values for the one or more identified fields for the at least one event in the subset of events match user-specified values in the criteria;
generating, for each of a plurality of threat locations from the aggregated threat location list, a count of events from the identified notable events that include a network location matching the threat location; and
causing display of a graphical user interface (GUI) including at least one interface element indicating an amount of activity associated with threat locations from the aggregated threat location list, the amount of activity based on the generated count of events, from the determined notable events, for each of the plurality of threat locations from the aggregated threat location list, the amount of activity associated with threat locations used to facilitate operation performance or security associated with at least one component in an IT environment.

US Pat. No. 10,367,826

IDENTITY AND TRUSTWORTHINESS VERIFICATION USING ONLINE AND OFFLINE COMPONENTS

Airbnb, Inc., San Franci...

1. A computer implemented method, comprising:receiving, from a user, by a computer, information about an identity of the user of a first-party online system;
sending a request to a third party online system for information about the user, the third party online system different than the first-party online system;
receiving, from the third-party online system, information about activities performed by the user in the third-party online system;
determining an online trustworthiness score based at least on the information about the activities performed by the user in the third-party online system, wherein determining the online trustworthiness score comprises:
identifying a most recent update in a user profile associated with the user in the third-party online system,
determining an amount of time since the most recent update, and
in response to the amount of time not exceeding a threshold amount of time, determining the online trustworthiness score at least based on the amount of time;
sending a request to one or more databases for information associated with the identity of the user;
receiving, from the one or more databases, offline information about the user;
determining an offline trustworthiness score based on the offline information;
determining a trustworthiness score based on the online trustworthiness score and the offline trustworthiness score; and
responsive to determining that the trustworthiness score of the user is below a threshold value, blocking an interaction of the user with another user in the first-party online system.

US Pat. No. 10,367,825

METHOD AND SYSTEM FOR PARALLEL VALIDATION OF DOMAIN NAME SYSTEM SECURITY EXTENSION RECORDS

VERISIGN, INC., Reston, ...

1. A parallelized method for authenticating a domain name system (DNS) query using domain name system security extensions (DNSSEC), the method comprising:obtaining, at a validating DNSSEC-aware DNS client, a DNS query for a resource record for a fully qualified domain name (FQDN);
segmenting the FQDN into more than one specific sub-FQDN;
providing, in parallel, a DNS query for a DNSSEC-related resource record for each of the more than one specific sub-FQDN to a respective authoritative name server or recursive resolver;
obtaining, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN;
validating, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN;
combining each of the DNSSEC-related resource records for each of the more than one specific sub-FQDN; and
verifying a chain of trust of the DNSSEC-related resource records.

US Pat. No. 10,367,824

POLICY MANAGEMENT, ENFORCEMENT, AND AUDIT FOR DATA SECURITY

BlueTalon, Inc., Redwood...

1. A method, comprising:receiving, by a policy enforcement point of a policy appliance, a data request from an application, the request including a user specification specifying the user and a data specification specifying a data item to be accessed, the policy enforcement point being connected to a first database having a first database format and a second database having a second database format;
submitting, by the policy enforcement point, the user specification and the data specification to a policy decision point of the policy appliance, the policy decision point being configured to decide whether the user is permitted to access at least a portion of the data item according to a policy that defines an access privilege of the user on data;
receiving, by the policy enforcement point and from the policy decision point, a data access decision that is made by the policy decision point according to the policy, the data access decision specifying that the user is permitted to access a portion of the data item;
customizing, by the policy enforcement point, the data request for each of the databases based on the data access decision and a respective database format, including changing the data request into a first customized query according to the first database format and changing the data request into a second customized query according to the second database format, the customized query preventing at least a first portion of the data item from being retrieved from the databases;
retrieving, by the policy enforcement point, a second portion of the data item from the databases as a response to the customized query, the second portion being different from the first portion; and
providing, by the policy enforcement point to the application, the second portion of the data item,
wherein the policy appliance, including the policy decision point, and the policy enforcement point, executes in a container on a system that includes one or more computer processors.

US Pat. No. 10,367,823

AUGMENTED AND VIRTUAL REALITY BASED PROCESS OVERSIGHT

The Toronto-Dominion Bank...

1. A system at a second location, the system comprising:a memory;
a communications module; and
at least one hardware processor interoperably coupled with the memory and the communications module, the at least one hardware processor configured to:
monitor, from the second location remote from a first location, a process-based operation performed at the first location;
receive, at the second location and via the communications module, a first signal from the first location indicating availability for oversight of the process-based operation, wherein the first signal is associated with an automatic request for oversight to the system at the second location generated by an application being executed at the first location, wherein the application is associated with the execution of the process-based operation, and wherein the application identifies a particular operation of the process-based operation determined to require oversight prior to the particular operation being performed;
receive, at the second location and via the communications module, a second signal from the first location including contextual data from at least one data source located at the first location associated with a current state of the process-based operation associated with the particular operation;
identify a user at the first location associated with the execution of the application and the process-based operation;
determine a plurality of users associated with the second system authorized to perform oversight to the particular operation being performed and associated with the identified user; and
based on a set of prioritization rules, identify a particular one of the determined plurality of users as a supervising user to which the oversight is assigned;
identify, at the second location and for execution at the first location, a set of instructions associated with the current state of the process-based operation at the first location as provided by the supervising user; and
send, via the communications module, a third signal including the set of instructions as provided by the supervising user to the first location.

US Pat. No. 10,367,822

RESTRICTIVE ACCESS CONTROL FOR MODULAR REFLECTION

Oracle International Corp...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, cause performance of steps comprising:identifying an operation, expressed in a first module, wherein execution of the operation requires access to a module element of a second module;
wherein, in absence of any modular boundary associated with the module element, a non-module-specific accessibility configuration associated with the module element controls the access to the module element;
wherein, if a module boundary associated with the module element is present, the non-module-specific accessibility configuration associated with the module element controls the access to the module element if the module boundary associated with the module element permits the access to the module element;
determining that the operation is associated with a highest possible level of non-module-specific access;
determining whether the module element is exposed by the second module to the first module based on the module boundary associated with the module element;
responsive to determining that the module element is not exposed by the second module to the first module based on the module boundary associated with the module element: prohibiting the operation.

US Pat. No. 10,367,821

DATA DRIVEN ROLE BASED SECURITY

MICROSOFT TECHNOLOGY LICE...

1. A computer system comprising:one or more hardware processors;
system memory coupled to the one or more hardware processors, the system memory storing instructions that are executable by the one or more hardware processors; and
the one or more hardware processors executing the instructions stored in the system memory to control performance of a requested user operation, including the following:
determine if the requested user operation can access data on behalf of a user based on user context associated with the user retrieved from an electronic data source, the user context identifying a location of an object representing the user relative to other objects within a hierarchical data structure, the hierarchical data structure organized at least in part based on an organizational structure of an organization;
use the user context to dynamically derive a role for the user, wherein dynamically deriving the role for the user includes using the user context to dynamically identify a direct report of the user;
access a control expression governing performance of the requested user operation for the derived role;
form a set of permissions for the user by evaluating the control expression using the user context and a data context for the data, the data context including information in addition to or other than the data, and wherein forming the set of permissions for the user includes evaluating a location of the data in the hierarchical data structure;
determine authorization of the user to perform the requested user operation from the set of permissions; and
perform the requested user operation according to the determined authorization of the user.

US Pat. No. 10,367,820

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIUMS FOR IDENTIFYING COMPONENTS OF A COMPUTING SYSTEM

VCE IP Holding Company LL...

1. A method for identifying a component of a computing system, the method comprising:starting a component with a custom basic input/output system (BIOS) extension that responds to an identification information request with identification information, wherein the component includes a virtual machine (VM) or a virtual resource associated with the virtual machine;
receiving, while the component is in a low power state, a request for identification information about the component from a requesting entity; and
after receiving the request for the identification information, the custom BIOS extension triggers a change in power state of the component prior to sending, by the component, the identification information about the component to the requesting entity, wherein the identification information includes a VM identifier or a virtual resource identifier.

US Pat. No. 10,367,819

STREAMLINED UTILITY PORTALS FOR MANAGING DEMAND-RESPONSE EVENTS

Google LLC, Mountain Vie...

11. A device management server of an energy management system, the device management server comprising:one or more processors;
one or more memory devices comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
receiving, at the device management server that manages a plurality of smart-home devices, an identification of a user account, wherein:
the identification of the user account is sent from a utility provider computer system based at least in part on an agreement that a smart-home device will be enrolled in a demand-response program; and
the identification of the user account is sent to indicate to the device management server that the smart-home device should be sent to a location associated with the user account;
causing the smart-home device to be sent to the location associated with the user account;
receiving, at the device management server, an indication from the smart-home device that the smart-home device has been installed at the location associated with the user account; and
enrolling the smart-home device in the demand-response program.

US Pat. No. 10,367,818

RESPONSE TO A MACHINE-READABLE LINK

Hewlett-Packard Developme...

1. A method comprising:receiving, by a system, a user identifier and a link identifier to identify a machine-readable link in an image captured by a first device of a user;
determining, by the system, whether the user identifier indicates that the user is an administrator having an administrative privilege with respect to the machine-readable link or that the user is a consumer having a consumption privilege with respect to the machine-readable link;
in response to determining that the user identifier indicates that the user is the consumer, sending, by the system to the first device, content associated with the machine-readable link for viewing by the user on the first device; and
in response to determining that the user identifier indicates that the user is the administrator, sending, by the system to the first device, a response containing information to allow performance of management with respect to the content associated with the machine-readable link, and permitting the user to change the content associated with the machine-readable link that is viewed by the consumer.

US Pat. No. 10,367,817

SYSTEMS AND METHODS FOR CHALLENGELESS COAUTHENTICATION

University of South Flori...

1. A method of authentication, the method comprising:receiving, at an authenticator, an authentication request to access a resource, wherein the authentication request is generated by a requestor;
receiving, at a collaborator, a verification request to access the resource,
wherein the verification request is generated by the requestor and received from the requestor;
generating, at the collaborator, a participation message, wherein the participation message is generated in response to the verification request to access the resource received from the requestor and wherein the participation message is not generated in response to a challenge generated by the authenticator:
receiving, at the authenticator, the participation message generated by the collaborator in response to the verification request to access the resource generated by the requestor;
analyzing, at the authenticator computing device, the authentication request to access a resource and the participation message to determine whether the requestor should be granted access to the resource; and
granting the requesting user access to the resource when it is determined that the requesting user should be granted access to the resource based upon the analysis of the authentication request to access a resource and the participation message.

US Pat. No. 10,367,816

INVALIDATION OF AN ACCESS TOKEN

International Business Ma...

1. A computer-implemented method for invalidating an access token, the method comprising:generating the access token for authorizing access to protected online resource servers and a Hyper Text Markup Language (HTML) file in response to receipt of a request for issuing the access token, wherein the HTML file comprises a set of instructions for rendering on a window in a browser, a code for generating a child segment in a memory which is controlled by the window, and a code for invalidating the access token in response to completion of rendering on the child segment, the code for invalidating the access token including a Uniform Resource Identifier (URI) for an authorization server;
sending the access token and the HTML file to the browser; and
invalidating the access token, in response to receipt, from the browser, of the code for invalidating the access token in response to completion of rendering on the child segment.

US Pat. No. 10,367,815

PROTECTING SENSITIVE INFORMATION FROM A SECURE DATA STORE

Sophos Limited, Abingdon...

1. A method of protecting stored information, the method comprising:storing a security policy for controlling access by a network endpoint to an encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements for identification as a secure data store, the one or more security requirements including a requirement that the data store connected to the network endpoint be encrypted;
receiving an indication at a threat management facility that a first endpoint has access to the encrypted remote data store;
auditing the first endpoint to determine whether a security parameter of a first data store connected to the first endpoint is compliant with the one or more security requirements for identification as a secure data store;
when the security parameter of the first data store is compliant with the one or more security requirements for identification as a secure data store, permitting dissemination of data from the encrypted remote data store to the first endpoint; and
when the security parameter of the first data store is not compliant with at least one of the one or more security requirements, causing the first endpoint to implement an action by the first endpoint to regulate dissemination of data from the encrypted remote data store to the first endpoint.

US Pat. No. 10,367,814

ENABLING USER ENTROPY ENCRYPTION IN NON-COMPLIANT MOBILE APPLICATIONS

Citrix Systems, Inc., Fo...

1. A method comprising:initializing, by a processor of a mobile device, a background process of a mobile application executing on the mobile device, wherein said initializing is in response to the mobile device being powered on, and without receiving user input indicating a request to initiate the mobile application;
determining, by the processor of the mobile device, that the background process associated with the mobile application is automatically making an initial request to access to an encrypted resource;
determining, by the processor of the mobile device, whether the mobile application has been secured with user input authentication information; and
responsive to determining, by the processor, that the background process has made the initial request and that the mobile application has not been secured:
suspending, by the processor of the mobile device, prior to receiving the user input indicating the request to initiate the mobile application, and prior to receiving the user input authentication information, the background process until the mobile application has been secured, wherein suspending the background process comprises an initial suspension of the background process and occurs prior to receiving an initial authentication attempt corresponding to the user input authentication information, wherein suspending the background process comprises suspending one or more components if the mobile application configured to access encrypted resources while allowing other components of the mobile application to continue to operation;
and transmitting, by the processor of the mobile device, a request to a mobile application management agent to secure the mobile application using the user input authentication information.

US Pat. No. 10,367,813

DISTRIBUTED AUTHENTICATION WITH THRESHOLDS IN IOT DEVICES

McAfee, LLC, Santa Clara...

1. A non-transitory computer readable medium comprising instructions which, when executed, cause at least one host device processor to at least:determine a processing resource of a child device operably coupled to the at least one host device processor;
derive simplified authentication data from sensor data from the child device, the simplified authentication data able to be processed by the processing resource of the child device to authenticate a user of the child device without analysis of the sensor data by the at least one host device processor;
store the simplified authentication data in an authentication profile for the child device; and
transmit the simplified authentication data to the child device, wherein the simplified authentication data is to allow the child device to authenticate the user without the at least one host device processor,
wherein the simplified authentication data stored in the authentication profile for the child device is to be updated by the at least one host device processor based on a change in the sensor data, the updated simplified authentication data to be provided to the child device to authenticate the user.

US Pat. No. 10,367,812

INTEGRATED SYSTEM COMPONENT AND ELECTRONIC DEVICE

Vivint, Inc., Provo, UT ...

1. A computer-implemented method for implementing an integrated device, the method comprising:operating a component of a security and/or automation system, wherein the component is housed with an electronic device that is connected to electrical wiring of a building, wherein the component comprises one or more sensors capable of monitoring for voice command parameters;
receiving, via the component, a voice command from a user of the security and/or automation system;
determining an identity of the user of the security and/or automation system based at least in part on the received voice command and a voice profile;
determining a set of commands associated with the identity of the user;
determining that the voice command is included within the set of commands;
generating, by the component of the security and/or automation system, instructions corresponding to the voice command based at least in part on the determination that the voice command is included within the set of commands;
communicating the instructions between the component and a control panel of the security and/or automation system based at least in part on the determined identity of the user of the security and/or automation system; and
providing power to the electronic device through the electrical wiring based at least in part on the communicating the instructions between the component and the control panel of the security and/or automation system, wherein the electronic device provides power to the one or more sensors included in the component.

US Pat. No. 10,367,811

METHODS FOR INTERNET COMMUNICATION SECURITY

Stealthpath, Inc., Resto...

1. A product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable by a first computing device of the plurality of network computing devices to perform communication management operations, the communication management operations comprising:i) forming a configured communication pathway by configuring a pre-established communication pathway to exclusively communicate application data between a first user-application on the first computing device and a second user-application on a second computing device of the plurality of network computing devices, the first user-application operated by a first user and the second user-application operated by a second user, the configuring comprising:
a) sending a first configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the first configuration packet containing a nonpublic first device identifier for the first computing device in an application layer portion of the first configuration packet;
b) receiving a second configuration packet from the second computing device, the second configuration packet containing a nonpublic second device identifier for the second computing device in an application layer portion of the second configuration packet;
c) confirming, in a kernel space of the first computing device, that the second computing device is authorized to communicate with the first user-application, comprising: matching the nonpublic second device identifier to a preconfigured nonpublic second device code for the second computing device;
d) further sending a third configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the third configuration packet containing a nonpublic first user-application identifier in an application layer portion of the third configuration packet, wherein the nonpublic first user-application identifier is exclusive to the first user-application and the second user-application;
e) further receiving a fourth configuration packet from the second computing device, the fourth configuration packet containing a nonpublic second user-application identifier in an application layer portion of the fourth configuration packet; and ii) preventing any transport layer ports used by the configured communication pathway from being used by any other communication pathway.

US Pat. No. 10,367,810

ELECTRONIC SUBSCRIBER IDENTITY MODULE (ESIM) INSTALLATION AND TESTING

Apple Inc., Cupertino, C...

1. A method comprising:at an embedded Universal Integrated Circuit Card (eUICC):
in a first installation session, installing to a memory of the eUICC an eSIM based on an eSIM package received from an eSIM server;
in a second installation session:
bypassing an authentication of the eSIM server; and
installing to the memory the eSIM based on the eSIM package captured by test equipment.

US Pat. No. 10,367,809

DEVICE REGISTRATION, AUTHENTICATION, AND AUTHORIZATION SYSTEM AND METHOD

Level 3 Communications, L...

1. A system, comprising:a server comprising at least one processor to:
receive a registration request, the registration request comprising a representation of a username and a password;
verify the username and the password and transmit a one-time-use password;
receive the one-time-use password and first device identifier information from a mobile computing device;
receive an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information;
verify the username, the password, the second device identifier information, and the application key information at the server, and transmit a token to the mobile computing device;
receive a resource request from the mobile computing device comprising the token and third device identifier information;
verify the token and the third device identifier information; and
transmit information associated with the resource request to the mobile computing device.

US Pat. No. 10,367,808

CONTEXTUAL AND TIME SENSITIVE OUT OF BAND TRANSACTIONAL SIGNING

WELLS FARGO BANK, N.A., ...

1. A system, comprising:a processor that executes the following computer executable components stored in a memory:
a machine learning and reasoning component that employs automated learning and reasoning procedures in connection with determining a level of actions to complete an authentication;
a security manager component that transmits the determined level of actions in response to an indication of a transaction attempt, wherein the indication is received over a first communications channel and at least one of the actions of the level of actions are transmitted over a second communications channel different from the first communications channel, wherein the different communication channels are channels between a same communication pair; and
an authorization manager component that analyzes a reply to the determined level of actions and selectively allows the transaction based on the analysis, wherein the analysis makes use of the machine learning and reasoning component in connection with determining whether a user device may be authenticated for the transaction attempt.

US Pat. No. 10,367,807

SECURELY SHARING CONFIDENTIAL INFORMATION IN A DOCUMENT

International Business Ma...

1. A computer program product for securely sharing confidential information in a document, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable to:set, by a first computer, one or more confidential attributes of the confidential information in the document, the one or more confidential attributes including one or more visibility levels of the confidential information and one or more authorization levels of access to the confidential information;
create, by the first computer, metadata of the confidential information, the metadata including information of the one or more confidential attributes;
create, by the first computer, a first file including the confidential information and the metadata;
create, by the first computer, a second file including non-confidential information in the document and the metadata, the metadata in the second file being as a reference to the confidential information;
generate, by the first computer, a hash value from the second file;
request, by the first computer, a user of the first computer to enter a password;
determine, by the first computer, whether the user of the first computer enters the password;
create, by the first computer, a key for encryption, based on the hash value, in response to determining that the user of the first computer does not enter the password;
create, by the first computer, the key for the encryption, by combing the hash value and the password, in response to determining that the user of the first computer enters the password;
encrypt, by the first computer, with the key for the encryption, the confidential information to generate encrypted confidential information;
write, by the first computer, the encrypted confidential information into the first file;
wherein the confidential information in the first file is displayed by a second computer at a confidential information visibility level in accordance with an authorization level of an authorized user of the second computer; and
wherein the second file is displayed at a visibility level of showing no confidential information, wherein the second file is accessible by all users.

US Pat. No. 10,367,806

MANAGING AND SECURING MANAGEABLE RESOURCES IN STATELESS WEB SERVER ARCHITECTURE USING SERVLET FILTERS

International Business Ma...

1. A computer-based method comprising:in a stateless web server:
extracting, by a computer, a request pattern from a valid relative path portion of a validly-formatted Uniform Resource Locator request;
mapping, by a computer, at least a portion of the extracted request pattern to one or more application program components;
responsive to the mapping, performing, by a computer, security access to the one or more application program components according to one or more associated security constraints, wherein at least one security constraint comprises at least a portion of the extracted request pattern, and wherein different security constraints are associated with different extracted request patterns; and
sending, by a computer to a requester, a Uniform Resource Locator request to the mapped application program component, thereby providing improved management to administration of computer resources in a stateless web server which are non conformant to rules of a central administration unit.

US Pat. No. 10,367,805

METHODS FOR DYNAMIC USER IDENTITY AUTHENTICATION

AirSig Inc., Grand Cayma...

1. A method for dynamic user Identity authentication, configured to authenticate the identity of a user of a login device during a login process, comprising the steps of,using a web server to receive an access request from the login device;
using the web server to generate a resource address information and a session identifier (session ID) based on the access request and transfer the resource address information and the session ID to the login device;
using the login device to generate an initiation signal comprising the resource address information and the session ID and transfer the initiation signal to a signing device;
using the signing device to perform an air signature procedure based on the initiation signal for generating a target signature, wherein the signing device comprises a motion sensor, the motion sensor comprises an accelerometer and a gyroscope and is configured to detect a motion feature of the signing device, the motion feature comprises a movement direction, acceleration and angular velocity, the air signature procedure is performed to measure acceleration readings of the signing device in each axis by the accelerometer, measure the angular velocity of the signing device in each axis by the gyroscope, and calculate the movement direction and the acceleration according to the acceleration readings;
using a determination module to compares the movement direction, acceleration and angular velocity of the target signature with a movement direction, acceleration and angular velocity of a pre-stored reference signature, calculate a similarity between the target signature and the reference signature, determine that the target signature matches with the reference signature when the similarity is greater than a threshold, generate an authentication information according to whether the target signature matches with the reference signature, and transfer the authentication information to the web server, wherein the authentication information comprises a signature similarity information and the session ID; and
using the web server to determine whether the access request is to be granted based on the authentication information.

US Pat. No. 10,367,804

TRUST METRICS ON SHARED COMPUTERS

Facebook, Inc., Menlo Pa...

1. A method comprising:by a verification authority associated with a virtualized computing resource, receiving a request to access the virtualized computing resource, wherein the request comprises authentication data uniquely identifying a user associated with a client device, wherein the request was generated by the client device;
by the verification authority, accessing a social graph of the user associated with the client device to determine whether one or more social-networking users have previously accessed a shared device, and wherein the shared device is configured for use by a plurality of social-networking users;
by the verification authority, verifying the user associated with the client device is allowed to access the virtualized computing resource based on the authentication data received from the client device and information from the social graph indicating at least one or more of the social-networking users have previously accessed the shared device; and
by the verification authority, upon verifying the user associated with the client device is allowed to access the virtualized computing resource, sending a digital certification to the client device allowing the client device access to the virtualized computing resource.

US Pat. No. 10,367,803

MANAGED OPEN SOURCE MEDICAL DEVICES

1. A method of maintaining electronic access to a medical device, comprising:storing an application in code storage for the medical device,
storing one or more custodian certificates in certificate storage for the medical device,
receiving a signed request to update code for the application stored in the code storage for the medical device,
authenticating the signed update request with at least one of the stored custodian certificates,
adding a further custodian certificate to the certificate storage for the medical device,
authenticating the further custodian certificate based on at least one of the stored custodian certificates,
receiving an additional signed request to update code for the application stored in the code storage for the medical device, and
authenticating the additional signed update request with at least the added authenticated custodian certificate.

US Pat. No. 10,367,802

DESKTOP APPLICATION FULFILLMENT PLATFORM WITH MULTIPLE AUTHENTICATION MECHANISMS

Amazon Technologies, Inc....

1. A system, comprising:one or more computing devices that implement a fulfillment platform for a service provider, wherein the fulfillment platform is configured to:
receive a request from an agent installed on a computing resource instance of a user, wherein the computing resource instance comprises a virtualized computing resource instance or a virtual desktop instance implemented on one or more resources of the service provider, and wherein the request comprises a request to subscribe to an application, a request to unsubscribe from an application, or a request to install, uninstall, or reinstall an application on the computing resource instance;
validate an identity of the computing resource instance and a credential for the computing resource instance, or validate an identity of the user and a credential for the user; and
in response to validation of the identity and the credential for the computing resource instance or for the user, process the request.

US Pat. No. 10,367,801

SYSTEMS AND METHODS FOR CREDENTIALING OF NON-LOCAL REQUESTORS IN DECOUPLED SYSTEMS UTILIZING A DOMAIN LOCAL AUTHENTICATOR

OPEN TEXT SA ULC, Halifa...

1. A system, comprising:a domain, including:
a processor coupled to a memory,
a set of resources,
the processor executing instructions implementing a local domain authenticator for:
providing a member credential to use in accessing the set of resources of the domain during a session,
authenticating the member credential associated with the domain; and
a remote authenticator, for:
providing the member credential to a non-local requestor which is not a member of the domain by:
receiving an authentication request from the non-local requestor outside the domain, wherein the request is to be authenticated for accessing the set of resources,
authenticating the non-local requestor using the authentication request, wherein authenticating the non-local requestor comprises establishing a secure channel with the non-local requester based on a unique previously provisioned domain key associated with both that domain and the non-local requestor,
accessing the local domain authenticator to obtain the member credential associated with the domain, and
providing the member credential to the non-local requester, wherein the non-local requester can access the set of resources of the domain during a session maintained between the non-local requester and the domain using the member credential and authentication of an access of the non-local requester to the set of resources during the session is performed using the local domain authenticator and the member credential.

US Pat. No. 10,367,800

LOCAL DATA AGGREGATION REPOSITORY

MX TECHNOLOGIES, INC., L...

1. An apparatus comprising:a hardware device comprising a local repository of data aggregated, for a user, from a plurality of third party service providers;
the hardware device comprising a local authentication module configured to secure, on the hardware device, the aggregated data and electronic credentials of the user for the plurality of third party service providers; and
the hardware device comprising an interface module configured to provide access controls to the user, the access controls defining which of a plurality of other third party service providers the user authorizes to access the aggregated data, and to provide the aggregated data to the authorized other third party service providers.

US Pat. No. 10,367,799

SYSTEMS AND METHODS FOR DETERMINING AN AUTHENTICATION ATTEMPT THRESHOLD

PAYPAL, INC., San Jose, ...

1. A system, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
accessing an authentication attempt history for a user that details a plurality of previous authentication attempts with a secure system using a username associated with the user;
determining, based on the authentication attempt history, a threshold number N of consecutive failed authentication attempts that will be allowed by the secure system using the username before a successful authentication attempt must be received, the threshold number N for the user being different from a threshold number M for a different user, N and M being integers with values of two or larger;
receiving a plurality of subsequent authentication attempts with the secure system using the username; and
performing a security action when the plurality of subsequent authentication attempts using the username includes N consecutive authentication attempts that are also failed authentication attempts.

US Pat. No. 10,367,798

COMMUNICATIONS DEVICE, SYSTEM AND METHOD

Nettoken Limited, London...

1. A contactless communications device comprising:one or more near-field communication (NFC) chips each configured to store information and be read by a corresponding NFC reader; and
a selection means, provided on the contactless communications device, for selectively activating one or more of said chips, the selection means being movable relative to the one or more NFC chips to an activation position aligned with a location of one of said NFC chips from which information is desired to be read, and also to one or more other authentication positions to authenticate the device to enable said information to be read when said selection device is placed in said activation position;
wherein, in use, a said NFC reader can read information from one or more of said chips only when selected and activated and when in NFC reading range, and the communications device is configured to permit data to be read from one or more of said chips only when an authentication is performed utilising the selection means in range of a said NFC chip reader, wherein the authentication comprises determining that detecting a position of the selection means has been moved to one or more predefined authentication positions relative to the one or more NFC chips.

US Pat. No. 10,367,797

METHODS, SYSTEMS, AND MEDIA FOR AUTHENTICATING USERS USING MULTIPLE SERVICES

The Trustees of Columbia ...

1. A method for authenticating a user using multiple services, the method comprising:receiving, from a client device, first user-entered credentials for a target service account;
authenticating the target service account based on the first user-entered credentials;
issuing a redirecting request that directs the client device to at least one vouching service in response to authenticating the target service account;
receiving a vouching response indicating that the client device has authenticated a vouching service account with the at least one vouching service by providing second user-entered credentials to the vouching service, wherein the vouching response includes a vouching token, and wherein the second user-entered credentials are different from the first user-entered credentials;
determining, using a hardware processor, whether the vouching service account is associated with the target service account based on the vouching token; and
providing the client device with access to the target service account in response to (1) authenticating the target service account based on the first user-entered credentials, (2) receiving the vouching response indicating that the client device has authenticated the vouching service account with the at least one vouching service, and (3) determining that the vouching service account is associated with the target service account.

US Pat. No. 10,367,796

METHODS AND APPARATUS FOR RECORDING A CHANGE OF AUTHORIZATION STATE OF ONE OR MORE AUTHORIZATION AGENTS

Cygnetise Limited, Londo...

1. A method of recording a change of authorization state of one or more authorization agents, the method comprising:establishing a copy of a blockchain ledger at each of a plurality of blockchain nodes, wherein each of the blockchain nodes is associated with a different controlling entity;
providing a public key/private key pair for a first of the blockchain nodes, the private key being for storage in, or in a manner accessible to, a communication device associated with a first controlling entity;
receiving, from the communication device, a first message comprising:
first data indicative of a change of authorization state of a first authorization agent associated with the first controlling entity, the first data being encrypted; and
a digital signature based on the blockchain ledger and the private key;
authenticating the first message using the public key;
adding a block to the blockchain ledger based on the first message to generate a new blockchain ledger that records the change of authorization state of the first authorization agent; and
outputting a copy of the new blockchain ledger for distribution to another blockchain node of the plurality of blockchain nodes.

US Pat. No. 10,367,795

VEHICLE WIRELESS INTERNET SECURITY

International Business Ma...

1. A method comprising:receiving, by one or more processors, a connection request from a mobile device;
transmitting, by one or more processors, a data request to the mobile device, wherein the data request comprises a request for location-based data of the mobile device;
receiving, by one or more processors, a first data from the mobile device, wherein the first data corresponds to the data request;
generating, by one or more processors, a vehicle data, wherein the vehicle data comprises location-based data of the vehicle;
determining, by one or more processors, whether the first data matches the vehicle data, wherein a match is determined where the location-based data of the mobile device is within a pre-determined threshold of the location-based data of the vehicle; and
re-authenticating, by one or more processors, the mobile device, by:
transmitting, by one or more processors, a second data request from the mobile device, wherein the second data request comprises a request for an updated velocity of the mobile device;
receiving, by one or more processors, a second data from the mobile device, wherein the second data corresponds to the second data request;
re-generating, by one or more processors, the vehicle data, including generating an updated velocity of the vehicle; and
determining, by one or more processors, whether the second data matches the vehicle data based, at least in part, on the updated velocity of the mobile device and updated velocity of the vehicle.

US Pat. No. 10,367,794

METHOD AND APPARATUS FOR SECURING A SENSOR OR DEVICE

1. An apparatus comprising:a. a sensor/device network system for communicating with at least one sensor/device;
b. the said sensor/device configured to store one or more encryption keys;
c. an IOT Equipment Registry (IER) database configured to store one or more encryption keys for the said sensor/device;
d. an IOT Access Node (IAN) configured to permit the said sensor/device access to the said sensor/device network;
e. the said sensor/device configured to generate a registration message encrypted with an encryption key from the pre-stored list, the said registration message containing at least a manufacturing serialized number;
f. the said IOT Access Node (IAN) configured to recognize the said message as a registration message;
g. additionally the said IOT Access Node (IAN) configured to forward said registration message to the said IOT Equipment Registry (IER) database;
h. the said IOT Equipment Register (IER) database including a decryption unit including a decryption method for the said registration message using said pre-stored encryption keys;
i. the said IOT Equipment Registry (IER) database including a validation unit to verify the said manufacturing serialized number and the said encryption key;
j. the said IOT Equipment Registry (IER) database further configured to forward a set of said stored encryption keys for the said sensor/device to the said IOT Access Node (IAN); and
k. the said IOT Equipment Registry (IER) database configured to return a registration acknowledgement message to the said sensor/device.

US Pat. No. 10,367,793

SECURE DATA EXCHANGE METHOD BETWEEN A COMMUNICATION DEVICE AND A SERVICE PROVIDER BASED ON ASYMMETRIC PUBLIC KEY HANDLING AND ENCRYPTION USING HARDWARE KEY, AND COMMUNICATION DEVICE AND SYSTEM IMPLEMENTING THE SAME

SAGEMCOM BROADBAND SAS, ...

1. A method for securing communications between a first communication device and a server of a service provider via a communications network, the method comprising:associating a particular asymmetrical public key of a first user that is a user of the first communication device with a community that groups users together through the use of asymmetrical public keys, wherein the grouped users of the community exchange data, and the community is managed by the server that receives and distributes the exchanged data between the first user and the (i) community and (ii) other users of the community;
securing the data exchanged between the first user and the (i) community and (ii) a second user of the grouped users of the community, through the server, by
encrypting at least a portion of the data with a hardware key, wherein the hardware key is unique to the first communication device, known to the service provider, and stored within the first communication device, and wherein hardware keys unique to other communication devices are known to the service provider, and
upon receiving the encrypted data, decrypting the encrypted data with the hardware key,
wherein the data exchanged through the server comprises a unique identifier specific to the first communication device that allows the service provider to identify the first communication device and find the hardware key associated with the first communication device, and wherein the data exchanged with respect to the first user comprises the particular asymmetrical public key allowing identification of the first user and specific services to which the first user has access; and
allowing the first user to exchange the data with the community and at least the second user of the grouped users of the community, by recognition, by the server, of the particular asymmetrical public key associated with the community, such that the first user is allowed to access (i) specific services associated with the community to be provided by the service provider and (ii) content from the second user, wherein the second user is a user of a second communication device.

US Pat. No. 10,367,792

END-TO END ENCRYPTION FOR PERSONAL COMMUNICATION NODES

Orion Labs, San Francisc...

1. A method for end-to-end encryption of streaming group communications, the method comprising:a first end user device obtaining an encrypted group key, wherein the encrypted group key is generated by encrypting an unencrypted group key with a message key, the message key being generated from a chain key, the chain key being generated using a pairwise encryption process implemented by the first end user device and a second end user device
wherein the first and second end user devices are members of a communication group comprising a plurality of end user devices;
the first end user device generating an unencrypted first stream key;
the first end user device encrypting the unencrypted first stream key using the unencrypted group key to generate an encrypted first stream key;
the first end user device encrypting first stream data using the unencrypted first stream key to generate encrypted first stream data; and
the first end user device transmitting the encrypted first stream key and the encrypted stream data to the second end user device and at least one other member of the communication group; and
the first end user device updating the chain key each time a new message key is needed, such that the message key and chain key are ephemeral.

US Pat. No. 10,367,791

RESOURCE LOCATORS WITH KEYS

Amazon Technologies, Inc....

1. A method, comprising:receiving a request for information from a user, the request including a uniform resource locator comprising a first cryptographic key, a portion signed with the first cryptographic key, and an unsigned portion; and
providing access to the information to the user based, at least in part, on the first cryptographic key and on information in the unsigned portion modified by a third party without affecting validity of the signed portion.

US Pat. No. 10,367,790

EFFICIENT SENSOR DATA DELIVERY

International Business Ma...

1. A method comprising:compressing a batch of messages having a message pattern to create a set of compressed messages, the messages including sensor event data;
associating a first batch metadata with the set of compressed messages, the first batch metadata describing how the set of compressed messages is formatted;
applying a security operation to the set of compressed messages to create a set of secured messages;
updating the first batch metadata with security operation information to create a second batch metadata; and
associating the second batch metadata with the set of secured messages;
wherein:
the message pattern for each message in the batch of messages is the same.

US Pat. No. 10,367,789

DATA SYNCHRONIZATION METHOD AND APPARATUS

Alibaba Group Holding Lim...

1. A method for synchronizing data between a first system and a second system in a first device, the method comprising:retrieving data from a storage area corresponding to the first system;
sending the data to a second device for the second device to process the data;
upon receiving processed data returned from the second device:
temporarily storing the processed data in another storage area independent from the storage area corresponding to the first system and a storage area corresponding to the second system,
starting the second system and causing the first system to hibernate, and
storing, through the second system, the processed data into the storage area corresponding to the second system;
determining a last storage time when the processed data returned from the second device is stored into the storage area corresponding to the second system; and
determining that a period of time from the last storage time to a current time exceeds a set threshold.

US Pat. No. 10,367,788

PASSPORT-CONTROLLED FIREWALL

International Business Ma...

1. A method for dynamically modifying rules in a firewall infrastructure, said method comprising:receiving, by one or more processors, a signed passport comprising a hash value that includes a heart-beat time-out interval and a firewall rule, said one or more processors being hardware processors;
encrypting, by the one or more processors, the signed passport based on a public key certificate registered with a trusted signer;
generating, by the one or more processors, a trigger signal within the heart-beat time-out interval;
transmitting, by the one or more processors, the signed passport and the trigger signal within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure;
in response to receiving, by the one or more processors from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, modifying, by the one or more processors, the firewall according to the firewall rule;
in response to determining, by the one or more processors, that the trigger signal was not received by the border control agent within the heart-beat time-out interval, resetting, by the one or more processors, the firewall rule.

US Pat. No. 10,367,787

INTELLIGENT FIREWALL ACCESS RULES

McAfee, LLC, Santa Clara...

1. A machine readable storage device or storage disk comprising instructions that, when executed, cause a firewall device to at least:create a dynamic object for a firewall rule, the dynamic object to define a variable set of devices that satisfy a plurality of conditions included in the dynamic object, the dynamic object to be created by:
accessing device data from a real-time data source external to the firewall device;
analyzing the device data from the real-time data source to determine information identifying a first set of devices that satisfy a first one of the plurality of conditions included in the dynamic object; and
populating the dynamic object with the information identifying the first set of devices that satisfy the first one of the plurality of conditions;
evaluate the dynamic object for a first device associated with first network traffic to determine whether to apply the firewall rule to the first network traffic, the dynamic object to be evaluated for the first device based on the information populated in the dynamic object;and
when the firewall rule is to apply to the first network traffic, at least one of block, permit, rate limit, quarantine or capture the first network traffic in accordance with the firewall rule.

US Pat. No. 10,367,786

CONFIGURATION MANAGEMENT FOR A CAPTURE/REGISTRATION SYSTEM

McAfee, LLC, Santa Clara...

1. At least one non-transitory machine-readable storage medium comprising executable instructions that when executed, cause at least one processor to:distribute, to a distributed capture system, a rule defining an action for the distributed capture system to perform regarding packets intercepted by the distributed capture system;
store the rule in a memory element, wherein the memory element is a configuration database including rules stored therein to be selectively distributed to a plurality of distributed capture systems, wherein the distributed capture system is associated with registered objects, each of the registered objects indicated by a respective signature and a respective object identifier that collectively form a searchable key, wherein the action is based on a particular one of the registered objects and content of an intercepted object provided in the packets, and wherein the particular registered object is to be identified, at least in part, by one or more signatures, which can be compared against signatures derived from the intercepted object; and
distribute a plurality of crawler tasks in a network that includes the distributed capture system, wherein the crawler tasks are to search for rule violations within resting objects on the network that are not being transmitted over a network connection.

US Pat. No. 10,367,785

SOFTWARE DEFINED TRAFFIC MODIFICATION SYSTEM

PERFECTA FEDERAL LLC, Sp...

1. A method comprising:routing data from a browser through a first system, the first system comprising a kernel module; executing, at the first system, a mangling application when the kernel module is in kernel mode;
capturing a packet that matches a triggering filter set by the mangling application;
applying a list of rules of the mangling application to the packet, the list of rules being mapped to the triggering filter, the list of rules comprising modifying a first system pOf signature to a second system pOf signature;
and analyzing the packet transmitted through the system for packet information, wherein the first system pOf signature is different from the second pOf signature;
and modifying the first system pOf signature comprises modifying a plurality of fields of the packet by applying operations so a finger printing tool recognizes a second system, the operations comprising: modifying a first filed of the plurality of fields to match a kernel field of the second system;
modifying a second field of the plurality of fields to match a port field of the second system;
modifying a third field of the plurality of fields to replace a time to live value;
and modifying a fourth field of the plurality of fields to a user-agent field associated by the finger printing tool to the second system.

US Pat. No. 10,367,784

DETECTION OF COMPROMISED CREDENTIALS AS A NETWORK SERVICE

Palo Alto Networks, Inc.,...

1. A system, comprising:a processor configured to:
monitor a plurality of sessions at a firewall;
log a plurality of failed or timed out attempts to authenticate at the firewall in a log;
analyze the log for a pattern of the failed or timed out attempts to authenticate at the firewall to identify potentially compromised credentials for authentication;
determine that a set of credentials for authentication have been compromised based on the analysis of the log, wherein the log includes a first threshold number of successful authentication events for a first authentication factor followed by a second threshold number of timed-out authentication events for a second authentication factor, wherein the first authentication factor is distinct from the second authentication factor, and wherein the second threshold number of timed-out authentication events for the second authentication factor correspond to timed-out authentication attempts based on an authentication timeout setting associated with the second authentication factor; and
perform a responsive action based on determining that the set of credentials for authentication have been compromised based on the analysis of the log that determines that a number of monitored authentication success events for the first authentication factor exceeds the first threshold number of successful authentication events for the first authentication factor and that a number of monitored authentication failure events for the second authentication factor exceeds the second threshold number of timed-out authentication events for the second authentication factor; and
a memory coupled to the processor and configured to provide the processor with instructions.

US Pat. No. 10,367,783

MECHANISM FOR OPTIMIZED CUSTOMER MAC ADDRESS FLUSHING IN PBB-EVPN

CISCO TECHNOLOGY, INC., ...

1. A method comprising:detecting, at a first provider edge (PE) device, at least one failed Ethernet virtual circuit (EVC) on a first interface;
identifying from a plurality of service instances configured on the first interface, at least one service instance from the plurality of service instances that is associated with the at least one failed EVC, wherein the at least one service instance is associated with a plurality of customer edge devices with at least one address; and
sending, to a second PE device, a message that identifies the at least one service instance,
wherein the message causes the second PE device to remove at least address belonging to the plurality of customer edge devices associated with the at least one service instance.

US Pat. No. 10,367,782

SERIAL BUS AUTO-ADDRESSING

Elmos Semiconductor AG, ...

1. A method for controlling a serial data bus system comprising:a bus line;
a bus master connected to the bus line; and
a plurality of bus nodes serially connected to the bus line; wherein the plurality of bus nodes includes:
at least two addressable bus nodes configured to receive addresses in an addressing phase; and
zero or more standard bus nodes having respectively already fixed addresses;
wherein the method includes the addressing phase for assigning addresses to at least one of the at least two addressable bus nodes, and an operating phase for operating the serial data bus system after termination of the addressing phase;
wherein, in the addressing phase, at least two of the plurality of bus nodes are operative to feed into the bus line a respective current flowing to the bus master, and the plurality of bus nodes includes:
a first bus node, connected to the bus line at a site upstream from, and closest to the bus master;
a last bus node, connected to the bus line at a site upstream from, and farthest from the bus master; and
zero or more middle bus nodes, connected to the bus line in between the first bus node and the last bus node;
wherein:
each of the at least two addressable bus nodes is configured to receive a respective address assigned from the bus master during the addressing phase and comprises a respective current measurement circuit adapted to be switched into the bus line and a respective controllable bypass switch connected in parallel to the respective current measurement circuit, and,
each of the zero or more standard bus nodes has the respective address that is fixed prior to performing the addressing phase,
wherein, in the method;
in the addressing phase, the respective address is assigned to the at least one of the at least two addressable bus nodes in an open state of the respective controllable bypass switch, and
in the operating phase, the respective current measurement circuit of the at least one addressed addressable bus node is bypassed by closing the respective controllable bypass switch.

US Pat. No. 10,367,781

INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM

CANON KABUSHIKI KAISHA, ...

1. An information processing apparatus comprising:a processor; and
a memory storing instructions which, when executed by the processor, cause the information processing apparatus to:
determine, when a data transmission is executed, whether or not a host name designated as a destination of the data transmission is set to a terminal list indicating an external terminal that is permitted as a data transmission destination;
permit, in a case where a result of the determination is that the host name is set to the terminal list, data transmission irrespective of whether or not an IP address corresponding to the host name is set to the terminal list;
determine, in a case where the result of the determination is not that the host name is set to the terminal list, whether or not the IP address designated as the destination of the data transmission is set to the terminal list;
permit, if a result of the determination is that the IP address is set to the terminal list, the data transmission; and
execute data transmission if data transmission is permitted.

US Pat. No. 10,367,780

COMMUNICATION MESSAGE CONSOLIDATION WITH CONTENT DIFFERENCE FORMATTING

INTERNATIONAL BUSINESS MA...

1. A system, comprising:a memory; and
a processor programmed to:
detect a set of similar messages addressed to a user;
identify redundantly similar portions of the set of similar messages that provide contextual details related to a progressive set of differences between the set of similar messages;
consolidate, within the memory, the set of similar messages into a single consolidated message comprising the redundantly similar portions preserved in association with sequential entries of the progressive set of differences in a sequence as context usable for interpretation of the progressive set of differences, and with the progressive set of differences formatted differently from formatting applied to the redundantly similar portions within the single consolidated message, where a configured presentation number of difference details specifies a quantity of the progressive set of differences viewable by the user within the single consolidated message;
detect a level of detail adjustment entered by the user; and
adjust the quantity of the progressive set of differences viewable by the user within the single consolidated message according to the detected level of detail adjustment.

US Pat. No. 10,367,779

METHOD AND CLIENT TERMINAL FOR PROMPTING INSTANT COMMUNICATION MESSAGE

Alibaba Group Holding Lim...

1. A method implemented by a computing device, the method comprising:receiving a new instant message at the computing device; and
enhancing privacy of the new instant message by:
determining a message type based at least in part on the new instant message, the determined message type including at least one of a normal message type or a special message type;
invoking a corresponding way of prompting based at least in part on the determined message type, the corresponding way of prompting comprising a first way of prompting or a second way of prompting, the second way of prompting being different from the first way of prompting, the first way of prompting comprising setting a first prompting indicator at a first predetermined position of an interface image, and the second way of prompting comprising setting a second prompting indicator at a second predetermined position of the interface image, wherein the second prompting indicator is different from the first prompting indicator, the second predetermined position covering at least a part of the first predetermined position;
rendering the first prompting indicator at the interface image to have a first style in response to determining that the new instant message corresponds to the normal message type; and
rendering the second prompting indicator at the interface image to have a second style in response to determining that the new instant message corresponds to the special message type.

US Pat. No. 10,367,778

ELECTRONIC MESSAGING SYSTEM FOR MOBILE DEVICES WITH REDUCED TRACEABILITY OF ELECTRONIC MESSAGES

Vaporstream, Inc., Chica...

20. A system for reducing the traceability of electronic messaging between mobile devices, the system including:a server computer configured to communicate with a first application program on a first mobile device and a second application program on a second mobile device, the server computer being an intermediate device configured to receive an electronic message with reduced traceability from the first mobile device without the use of industry standard email and to send the electronic message to the second mobile device without the use of industry standard email, the electronic message including a header information and a message content, the header information including an identifier of a recipient and the message content including an image and/or video, the first application program including instructions executable by a first processor of the first mobile device to provide a first set of reduced traceability displays via a display device of the first mobile device, the second application program including instructions executable by a second processor of the second mobile device to provide a second set of reduced traceability displays via a display device of the second mobile device, the first and second sets of reduced traceability displays being configured to reduce the traceability of the electronic message, the first set of reduced traceability displays including a first display configured to allow a user of the first mobile device to associate an image and/or video with the message content and a second display configured to allow the user of the first mobile device to associate the identifier of a recipient with the electronic message, the instructions executable by the first processor providing the first and second displays such that the identifier of the recipient is not displayed with the message content via the first display preventing a single screen capture of both the identifier of a recipient and the message content, the second set of reduced traceability displays including a third display configured to present an identifier of a sender of the electronic message and a fourth display configured to present the message content, the instructions executable by the second processor providing the third and fourth displays such that the identifier of a sending user is not displayed with the message content via the fourth display preventing a single screen capture of both the identifier of a sending user and the message content;
a network connection allowing the server computer to communicate with the first mobile device to receive the electronic message and to communicate with the second mobile device to send the electronic message to the second mobile device; and
a storage module associated with the server computer and configured to store the electronic message;
wherein the first application program is configured to utilize a display-based keyboard to allow the user of the first mobile device to enter characters via a touchscreen screen of the first mobile device to include in the message content, wherein the characters are included with the image and/or video of the message content if the user of the first mobile device enters the characters, wherein if the message content is received at the server separately from the header information and/or if the message content is sent from the server separately from the header information and/or if the message content is stored separately from the header information, the server is configured to maintain a correspondence between the message content and the header information using a message ID, wherein the message ID is an alpha-numeric sequence that is unique for the electronic message for the system, the unique message ID being reusable by the system if the electronic message is deleted, wherein the message ID is separately associated with the message content and the header information, and wherein the system is configured to allow a notification message that is different from the electronic message to be sent to a non-user of the system at a third-party address of a third-party messaging service.

US Pat. No. 10,367,777

ONLINE GIFT DELIVERY CONFIRMATION SYSTEM AND METHOD

Gift Card Impressions, LL...

1. An online delivery servicing system comprising:a server comprising at least one processor and at least one memory for storing an application that, when executed by the at least one processor, is executed to:
obtain, from a customer computing device associated with a customer, delivery confirmation request information associated with an online gift purchased by the customer for a recipient, the delivery confirmation request information associated with a quantity of delivery confirmation messages to be transmitted to a recipient of the online gift and a period of elapsed time for each delivery confirmation message, wherein the delivery confirmation messages are to inform the recipient that the online gift has been previously sent, and wherein the quantity of delivery confirmation messages is selected by the customer,
wherein the delivery confirmation messages are sent using a first set of contact information associated with the recipient,
wherein the quantity of delivery confirmation messages is a plurality of delivery confirmation messages;
at each period of elapsed time, transmit one of the delivery confirmation messages to a recipient computing device associated with the recipient;
when a response to the one delivery confirmation messages is received from the recipient computing device, transmit a customer confirmation message to the customer computing device, the customer confirmation message indicating that the recipient has responded to the one delivery confirmation messages; and
when the quantity of delivery confirmation messages has been transmitted and no response has been received from the recipient computing device, transmit a customer delivery failure message to the customer computing device, the customer delivery failure message including information for re-submission of the online gift by the customer,
wherein the information for re-submission includes a request for a second set of contact information associated with the recipient and an option for cancellation of the gift purchase.

US Pat. No. 10,367,776

RESPONSE STATUS MANAGEMENT IN A SOCIAL NETWORKING ENVIRONMENT

International Business Ma...

1. A computer-implemented method for response status management in a social networking environment, the method comprising:detecting, in the social networking environment, a message from a source user to a recipient user;
detecting, in the social networking environment, a calendar-oriented request from the source user to the recipient user;
detecting, in the social networking environment, an information-oriented request from the source user to the recipient user;
detecting, in the social networking environment, an approval-oriented request from the source user to the recipient user;
identifying, related to the recipient user, a set of message response actions;
identifying, related to the recipient user, a set of accessed information in response to detecting the message;
identifying, related to the recipient user, a set of recipient user activities in response to detecting the message;
monitoring, related to the recipient user, the set of message response actions using a set of sensor devices;
determining, based on the set of message response actions, a response status;
determining, based on the set of message response actions, a nature of a set of response operations;
determining, based on the set of message response actions, an anticipated response;
determining, based on the set of message response actions, an expected response timeline;
providing, to the source user, an indication of the response status;
providing, to the source user, a still image indicator which indicates the response status;
providing, to the source user, a video indicator which indicates the response status;
providing, to the source user, an audio indicator which indicates the response status; and
providing, to the source user, a tactile indicator which indicates the response status.

US Pat. No. 10,367,775

CONVERTING ELECTRONIC MESSAGES TO MESSAGE POSTS

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving an electronic message at a first device, originating from a server, designated for one or more recipients in a first system;
automatically determining, in response to receiving the electronic message at the first device, that the one or more recipients are members of an online social network and members of a specific subset of users of the online social network;
automatically prompting a sender of the electronic message for a confirmation to post at least a portion of the electronic message, wherein the sender is operating a second device different from the first device and the server;
based on determining that the one or more recipients are members of the specific subset of the social network and receiving an indication of the confirmation, converting the at least a portion of the electronic message to a message post;
providing, for a second system associated with the online social network, the message post to a message stream associated with at least one of the one or more recipients with visibility to members of the specific subset; and
upon receiving a reply, prompting a replying recipient for a confirmation to post the reply to the message stream, wherein at least a portion of the reply is provided to the message stream as a reply post upon receiving the confirmation to post the reply.

US Pat. No. 10,367,774

METHODS, SYSTEMS, AND DEVICES FOR ENRICHING MICROBLOG PAGE

Tencent Technology (Shenz...

1. A server for providing an enriched message in a microblog page, comprising:a processor-readable storage medium comprising a set of instructions for providing an enriched message in an online social platform; and
a processor in communication with the processor-readable storage medium, configured to execute the set of instructions to:
provide a page of the online social platform on a terminal of a user, the page being displayed in a timeline format;
provide an enriched message associated with an interactive application in the timeline,
wherein the enriched message is configured to direct the terminal to present the interactive application in the timeline when the user clicks the enriched message; and
perform the following at an interval of predetermined duration:
determining whether the enriched message meets a predetermined content security requirement,
in response to determining that the enriched message does not meet the predetermined content security requirement, setting the enriched message in a reviewed state and prohibiting presentation of the enriched message on the online social platform, and
when a number of enriched messages corresponding to the interactive application that initially met the predetermined content security requirement and was accepted by the online social platform but later fail to meet the predetermined content security requirement is greater than a preset threshold, stop accepting any further enriched message associated with the interactive application.

US Pat. No. 10,367,773

SOCIAL NETWORK BASED ON GPS AND OTHER NETWORK CONNECTIONS

1. A computer-implemented system for interactively providing information to user in a social GPS environment, comprising:a server;
a plurality of user devices, wherein each of the plurality of user devices comprises a beacon installed therein; the plurality of user devices at least includes a first user device and a second user device and
a network communicating with the server and the plurality of user devices;
wherein each beacon emits a beacon signal of user location information to the server via the network when the each beacon is turned on,wherein the server receives a first beacon signal of a first user location information from a first beacon of the first user device and a second beacon signal of a second user location information from a second beacon of the second user device via the network or from a GPS system via a GPS network, and the first user device emits a first message along with the first beacon signal of user location information to the server, and the first message indicates that the second user device receives the first user location information of the first user device, and the server sends a second message to the second user device to share the first user location information of the first user device on a social GPS on the second user device; and a visibility of the each beacon is set at a street level, at a city level or not visible on the plurality of user devices;wherein the second message is accepted via the network by the second user device, the second beacon of the second user device is turned on and the second user location information of the second user device is shared with the first user device by the network, and the second beacon of the second user device is turned off by deleting the second message.

US Pat. No. 10,367,772

METHOD AND SYSTEM FOR REPORTING MESSAGE DISPOSITION IN A COMMUNICATION NETWORK

TELEFONAKTIEBOLAGET LM ER...

11. A method of operating a messaging application server, the method comprising:receiving an Instant Messaging, IM, message originating from a sender mobile station, the IM message being addressed to a recipient mobile station;
responsive to determining that the recipient mobile station is not operative to receive IM messages, converting the received IM message into a Short Message Service, SMS, message or a Multimedia Messaging Service, MMS, message;
transmitting the SMS message or the MMS message toward the recipient mobile station;
receiving a notification message comprising an indication that the SMS message or the MMS message was delivered to the recipient mobile station;
generating an Instant Message Disposition Notification, IMDN, message comprising a status element populated with a sub-element indicating that the IM message was delivered to the recipient mobile station as an SMS message or as an MMS message; and
transmitting the IMDN message toward the sender mobile station.

US Pat. No. 10,367,771

IDENTIFYING COMMUNICATION PARTICIPANTS TO A RECIPIENT OF A MESSAGE

Dropbox, Inc., San Franc...

1. A method comprising:receiving, at a management server, a first message to a first conversation among a first set of relevant participants, from an electronic messaging service, to be delivered to a client device of a client user, the message including identifying information of a sender;
receiving, at the management server, a second message to a second conversation among a second set of relevant participants, from the electronic messaging service, to be delivered to the client device of the client user, the message including the identifying information of the sender, wherein the second conversation and the first conversation are at least partially contemporaneous;
generating, by the management server, a first graphical user interface (GUI) comprising the first message and a first default display name of the sender for the first conversation, based at least in part on the identifying information of the sender, by:
extracting the identifying information of the sender;
generating a first initial default display name for the sender, based on the extracted identifying information of the sender;
determining that the first initial default display name does not uniquely identify the sender within the first set of relevant participants to the first conversation;
generating one or more first candidate alternative display names based on corresponding one or more rules by appending one or more additional characters to the first initial default display name that uniquely identifies the sender within the first set of relevant participants to the first conversation;
identifying first candidate alternative display name that is a shortest among the one or more first candidate alternative display names;
assigning, as the first default display name, the shortest first candidate alternative display name; and
populating the first default display name in a first sender display name field of the first message on the first GUI; and
generating, by the management server, a second GUI comprising the second message and a second default display name of the sender for the second conversation, based at least in part on the identifying information of the sender, by:
generating a second initial default display name for the sender, based on the extracted identifying information of the sender;
determining that the second initial default display name uniquely identifies the sender within the second set of relevant participants to the second conversation;
assigning, as the second default display name, the second initial default display name, wherein the second initial default display name does not uniquely identify the sender within the first set of relevant participants to the first conversation; and
populating the second default display name in a second sender display name field of the second message on the second GUI; and
transmitting, by the management server, the first GUI comprising the first message and the first default display name field, and the second GUI comprising the second message and the second default display name, to the client device of the client user.

US Pat. No. 10,367,770

NOTIFICATION BUNDLES FOR AFFINITIES BETWEEN NOTIFICATION DATA

Google LLC, Mountain Vie...

1. A method comprising:receiving, at a notification component that manages notifications at a computing device, respective notification data for each notification from a plurality of notifications, wherein the respective notification data for the plurality of notifications includes an indication of a priority of the corresponding notification, and wherein one notification from the plurality of notifications has a higher priority than at least two other notifications from the plurality of notifications; determining, based at least in part on the respective notification data for the plurality of notifications, whether content from the respective notification data for the plurality of notifications is related to each other;
responsive to determining that the content from the respective notification data for the plurality of notifications is related to each other:
grouping, based on least in part on the indication of the priority of the corresponding notifications included in the respective notification data for the plurality of notifications, the plurality of notifications into a first set of notifications having a first priority and a second set of notifications having a second priority, wherein the second set of notifications includes the one notification that has the higher priority, and wherein the first priority is lower than the second priority; and
generating a bundle notification graphical element that includes at least a portion of content from the notification data of the first set of notifications and has a visual effect that visually distinguishes the bundle notification graphical element from other types of notification graphical elements;
generating a singular notification graphical element that includes at least a portion of content from the notification data of the one notification that has the higher priority; and
outputting, by the computing device and for display, the bundle graphical notification element and the singular graphical element, the singular graphical element positioned above the bundle notification graphical element, and the bundle notification graphical element having the visual effect.

US Pat. No. 10,367,769

PROCESSING OF EMAIL BASED ON SEMANTIC RELATIONSHIP OF SENDER TO RECIPIENT

International Business Ma...

1. A computer system comprising:a processor in communication with memory;
an application in communication with the processor, the application to:
specify a source of semantic data; and
construct a set of electronic mail processing rules for the specified source, including a first set of rules and a second set of rules, the first sets based on an internal relationship to an organization and a second set based on an external relationship to the organization;
a manager in communication with the processor, the manager to:
receive an electronic mail message;
process the received message based upon the constructed sets of rules, wherein the sets of rules is based upon a semantic relationship derived from the received message, and wherein processing the received message comprises the manager to:
ascertain a property derived from the received message, and apply the first set of rules to the ascertained property;
in response to determining that the ascertained property is associated with the first set of rules, process the received message corresponding to at least one rule in the first set of rules; and
in response to determining that the ascertained property is not associated with the first set of rules, process the received message corresponding to at least one rule in the second set of rules; and
communicate the received message to a recipient based on at least one rule.

US Pat. No. 10,367,768

MESSAGING SYSTEM

MICROSOFT TECHNOLOGY LICE...

1. A user agent device comprising:a processor; and,
a memory in communication with the processor, the memory comprising executable instructions that, when executed by the processor, cause the processor to control the device to perform functions of:
analyzing content of a first user message created at a first user device for a second user device in communication with the first user device via a communication network;
searching second user information that is relevant to the analyzed content of the first user message;
based on the analyzed content of the first user message and the searched second user information, automatically predicting a response to the first user message on behalf of the second user; and
automatically causing the predicted response to be displayed on the first user device.

US Pat. No. 10,367,767

MODULAR INBOX AND GENERATION OF CONTENT MODULES

FACEBOOK, INC., Menlo Pa...

1. A method, comprising:presenting a module in an inbox interface for a messaging service, the module configured to share one or more content items from a social networking service from a sharer with a plurality of receiving users connected to the sharer in the messaging service, the module displayed in a portion of the inbox interface distinct from a portion of the inbox interface that provides message or message thread presentation features;
ranking the one or more content items and presenting the one or more content items in the module in ranked order;
receiving, through the module, a selection of a content item from the one or more content items;
analyzing the selected content item to determine an identity of the content item;
programmatically selecting, from among a set of users connected to the sharer in the messaging service, one or more recommended users predicted to have an interest in the content item, the selecting performed based on the analyzing; and
displaying the recommended users in the inbox interface;
receiving, through the module, a selection of one or more of the recommended users; and
sharing the content item with the one or more selected users through the messaging service.

US Pat. No. 10,367,766

INTERMEDIARY DEVICE FOR DATA MESSAGE NETWORK ROUTING

TEN DIGIT COMMUNICATIONS ...

1. An intermediary device to route data messages in a contact center environment, comprising:an intermediary device disposed in a data communication path between an electronic communications network and a client computing device, the intermediary device including at least one of a lobby assignment mechanism, a session storage unit, a default lobby construct, and a destination lobby construct, the default lobby construct and the destination lobby construct each constructed to include a plurality of data messages for sessions between contact center agent computing devices and client computing devices;
the intermediary device disposed to receive, via the electronic communications network, a first data message, the first data message having a characteristic;
the lobby assignment mechanism to assign the first data message to the default lobby construct;
the lobby assignment mechanism to obtain, from a contact center agent computing device, an indication of transfer of the first data message to the destination lobby construct that is a different lobby construct than the default lobby construct, the indication of the transfer identifying the first data message;
the lobby assignment mechanism to link, responsive to the indication of the transfer of the first data message to the destination lobby construct, the first data message with the destination lobby construct based on the characteristic of the first data message;
the intermediary device disposed to receive, via the electronic communications network, a second data message having a characteristic;
the intermediary device to identify a correlation between the first data message and the second data message based on the characteristic of the first data message and the characteristic of the second data message; and
the lobby assignment mechanism to bypass the default lobby construct to assign the second data message to the destination lobby construct based on the identification of the correlation between the second data message and the first data message assigned to destination lobby construct.

US Pat. No. 10,367,765

USER TERMINAL AND METHOD OF DISPLAYING LOCK SCREEN THEREOF

SAMSUNG ELECTRONICS CO., ...

1. A method of displaying a lock screen on a user terminal device comprising communication circuitry, a display, a memory, and a processor, the method comprising:storing, by the processor, a list including at least one friend user in the memory, wherein the at least one friend user is a friend of a user of the user terminal device;
receiving, via the communication circuitry, a message, the message including content capable of being reproduced;
determining whether a user who provided the message is a friend user included in the list;
if the user who provided the message is a friend user, displaying, under control of the processor, a lock screen on the display while the user terminal device is locked, the lock screen comprising information indicative of the content included in the received message, a first user interface element, and a second user interface element;
when a user input signal is received via the first user interface element, executing, by the processor, an application for reproducing the content, and displaying reproduced content on the lock screen while the user terminal device is locked; and
when a user input signal is received via the second user interface element on the lock screen, initiating, by the processor, unlocking of the locked user terminal device.

US Pat. No. 10,367,764

SYSTEM AND METHOD FOR AUTOMATED CONTACT CENTER AGENT WORKSTATION TESTING

CYARA SOLUTIONS PTY LTD, ...

1. A system for automated contact center agent workstation testing, comprising:a control portal module stored in the memory of and operating on a processor of a computing device and configured to:
receive a plurality of input parameters, the input parameters comprising at least a plurality of test commands;
direct the operation of an agent workstation test case based at least in part on at least a portion of the received input parameters;
incorporate at least a portion of the input parameters into a system resident test programming framework to produce an agent workstation test case;
a test manager configured to:
retrieve the agent workstation test case from the control portal module;
assign a plurality of agent workstation test case interaction;
wherein each agent workstation test case interaction is assigned between a system-generated virtual contact center agent and a system-generated virtual customer to an available agent workstation; and
wherein at least two of the plurality of agent workstation test case interactions are for agent workstations having differing physical specifications, or different third party software, or both;
direct execution of all agent workstation test case tasks within each interaction between a system generated virtual contact center agent and a system generated virtual customer;
collect pre-defined run-time data that results from execution of all agent workstation test case tasks within each interaction between a system generated virtual contact center agent and a system generated virtual customer; and
an output module stored in the memory of and operating on a processor of a computing device and configured to display result data in a format pre-defined by the agent workstation test case.