US Pat. No. 10,193,991

METHODS AND APPARATUSES FOR PROVIDING INFORMATION OF VIDEO CAPTURE DEVICE

Xiaomi Inc., Beijing (CN...

1. A method for providing an operation status of a video capture device over a network, the method being performed by the video capture device and comprising:receiving, by the video capture device, a communication request from a predetermined terminal;
determining, based on the communication request, one or more terminals connected with the video capture device, wherein the determining one or more terminals connected with the video capture device comprises:
extracting a terminal identifier from the communication request; and
determining, based on the extracted terminal identifier, at least one connection status parameter of the video capture device, the at least one connection status parameter including at least one of: a first value representing a number of terminals currently connected with the video capture device, and a second value representing a number of terminals connected with the video capture device during a preset time interval;
transmitting status information of the video capture device over the network and to the predetermined terminal, the status information including information of the one or more terminals connected with the video capture device,
wherein the information of the one or more terminals connected with the video capture device comprises the connection status parameter of the video capture device, and
wherein the status information of the video capture device is transmitted to the network after the video capture device determines that the at least one connection status parameter exceeds a preset threshold.

US Pat. No. 10,193,989

VISUALIZATION OF USER BEHAVIOR

Amazon Technologies, Inc....

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed, causing the at least one computing device to at least:receive a request to initiate a workflow session between a service representative and a user;
transmit a plurality of network pages to a client computing device of the service representative enabling the service representative to assist the user with an issue related to a service, wherein the plurality of network pages are configured to detect a navigation event triggered by the client computing device;
obtain a plurality of navigation events responsive to interactions performed by the client computing device with respect to a navigation through a predefined sequence of the plurality of network pages by the client computing device;
obtain data associated with progression through the predefined sequence of the plurality of network pages by the client computing device, the data including at least a screen capture of a user interface of the client computing device during the workflow session;
store the plurality of navigation events and the data in a data store; and
after termination of the workflow session, generate a workflow visualization of progression of the client computing device through the plurality of network pages by at least determining a plurality of time durations and transitions in focus of the client computing device as functions of the plurality of the navigation events, the plurality of time durations respectively comprising a consecutive amount of time a user interface focus of the client computing device is directed to an associated one of the plurality of network pages, wherein the workflow visualization comprises:
a plurality of visual elements respectively embodying the consecutive amount of time the user interface focus of the client computing device is directed to a respective one of the plurality of network pages and having a size based at least in part on the consecutive amount of time; and
at least one visual link graphically connecting a respective pair of visual elements from the plurality of visual elements whose corresponding focus durations occur consecutively, the at least one visual link embodying a transition in focus of the client computing device between a respective pair of the plurality of network pages,
wherein a selection of at least one visual element causes the screen capture of the user interface of the client computing device corresponding to the selected visual element to be displayed.

US Pat. No. 10,193,987

ACTIVITY CONTINUATION BETWEEN ELECTRONIC DEVICES

APPLE INC., Cupertino, C...

1. A method, comprising:in a companion electronic device, performing operations for:
receiving an activity advertisement message from a source electronic device, the activity advertisement message comprising an encoded representation of information about an activity performed in a first application at the source electronic device, the encoded representation being created by applying a function to the activity information that creates the encoded representation that is smaller in size than the activity information, wherein the activity information comprises an identifier that identifies the first application and an activity descriptor that identifies the activity performed in the first application;
evaluating the encoded representation against a plurality of activity descriptor representations to identify the activity, each of the plurality of activity descriptor representations comprising an identifier that identifies an available application and an activity descriptor that identifies an activity to perform using the available application;
determining, based on the evaluating, that a second application that is associated with the activity is available at the companion electronic device, the second application being identified by at least one of the plurality of activity descriptor representations, wherein the second application is different from the first application, and wherein the evaluating comprises determining that instructions or information on how to perform the corresponding activity will be provided;
requesting extended activity data for the activity from the source electronic device;
using the extended activity data received from the source electronic device to configure the second application at the companion electronic device to perform a corresponding activity; and
commencing performing the corresponding activity in the second application at the companion electronic device.

US Pat. No. 10,193,986

METHOD AND APPARATUS FOR PRESENTING GEOGRAPHICAL LOCATION

TENCENT TECHNOLOGY (SHENZ...

1. A method of sharing location information in a social network application, comprising:at a first user device having one or more processors and memory for storing one or more programs to be executed by the one or more processors:
providing an instant messaging interface of the social network application at the first user device;
detecting, within the instant messaging interface, a trigger input from a first user of the first user device, the trigger input is associated with location information of the first user device;
in response to the trigger input associated with location information, obtaining a map of a location of the first user device based on the trigger input; and
sharing the map of the location of the first user device with a second user device through the social network application, enabling the second user device to display the map of the location of the first user device in a corresponding instant messaging interface of the social network application executed at the second user device.

US Pat. No. 10,193,985

METHOD AND DEVICE FOR PERFORMING SERVICE DISCOVERY IN WIRELESS COMMUNICATION SYSTEM

LG Electronics Inc., Seo...

1. A method of performing service discovery performed by a first NAN (neighbor awareness networking) device in a wireless communication system, the method comprising:exchanging a subscribe message with a second NAN device; and
transmitting a first service discovery frame (SDF) based on the exchanged subscribe message,
wherein the first service discovery frame comprises a NAN connection capability attribute field,
wherein the NAN connection capability attribute field comprises a first type interface information field indicating whether the first NAN device supports a first type interface, and
wherein the NAN connection capability attribute field further comprises a beacon frame field containing information about a beacon frame associated with the first type interface.

US Pat. No. 10,193,984

ARCHITECTURE FOR ENABLING FINE GRANULAR SERVICE CHAINING

TELEFONAKTIEBOLAGET LM ER...

1. A method implemented by a network device, the method for implementing a service chain by instantiating services on demand by a lightning module that provides the services as applications executed by unikernels supported by a hypervisor, the method comprising:receiving authentication, administration and accounting (AAA) service authentication of a user by the lightning module;
instantiating, by the lightning module, a special unikernel monitor to only monitor a session for packets from the user, in response to receiving the AAA service authentication of the user;
determining at least one unikernel configuration file for the user;
checking whether a packet from the user is received in the session by the special unikernel monitor; and
responsive to detecting the packet, instantiating a plurality of service chain unikernels identified in the at least one unikernel configuration file, by the special unikernel monitor, the plurality of service chain unikernels to process packets of the session.

US Pat. No. 10,193,983

INFORMATION DISTRIBUTION DEVICE INFORMATION RECEPTION DEVICE, INFORMATION DISTRIBUTION METHOD, AND RECORDING MEDIUM

NEC Corporation, Tokyo (...

1. An information reception device comprising:a memory storing instructions; and
one or more processors to execute the instructions to:
receive, from an information distribution device, a plurality of pieces of distribution information representing advertisements;
receive, from the information distribution device, a plurality of personalization rules, each of the plurality of personalization rules including a selection condition and selection information, wherein
the selection condition is generated based on information concerning at least one of a plurality of pieces of action information, which are extracted from actions of a user who uses the user's own device, and
the selection information represents one of the plurality of received pieces of distribution information and is generated by using information concerning at least another one of the plurality of extracted pieces of action information;
acquire a piece of action information;
extract, from the plurality of received personalization rules, personalization rules based on a corresponding selection condition that matches the acquired piece of action information and select, from the plurality of received pieces of distribution information, a piece of distribution information indicated by selection information included in the extracted personalization rules; and
output the selected piece of distribution information, wherein the one or more processors execute the instructions to:
associate, for each of a plurality of user identifications and from a plurality of pieces of action information from the plurality of user identifications, first type of action attribute information with second type of action attribute information to form a pair,
count a number of each unique pair of first type of action attribute information together with second type of action attribute information for all of the plurality of user identifications, and
rank the counted numbers of unique pairs to form at least a personalized rule including, as a combination of selection condition and selection information, a pair of first type of action attribute information together with second type of action attribute information.

US Pat. No. 10,193,981

INTERNET OF THINGS (IOT) SELF-ORGANIZING NETWORK

CenturyLink Intellectual ...

1. A method for implementing Internet of Things (“IoT”) self-organizing network functionality, comprising:receiving, with a computing system, at least one first data from at least one first IoT-capable device of a plurality of IoT-capable devices, the at least one first data comprising data regarding one or more second IoT-capable devices of the plurality of IoT-capable devices of a self-organizing network (“SON”) of IoT-capable devices;
analyzing, with the computing system, the at least one first data to determine a status of at least one second IoT-capable device of the one or more second IoT-capable devices;
based at least in part on the determined status of the at least one second IoT-capable device, generating, with the computing system, one or more control instructions; and
autonomously sending, with the computing system, the one or more control instructions to one or more third IoT-capable devices of the plurality of IoT-capable devices, based at least in part on the determined status of the at least one second IoT-capable device, the one or more control instructions causing each of the one or more third IoT-capable devices to change at least one of its device settings, its device configurations, its network configurations, or its functions within the SON of IoT-capable devices.

US Pat. No. 10,193,980

COMMUNICATION METHOD BETWEEN TERMINALS AND TERMINAL

SAMSUNG ELECTRONICS CO., ...

1. A terminal comprising:a communicator configured to receive media data of a first terminal arbitrating a transmission authority among other terminals, transmit a transmission authority request message to each of the other terminals in response to an expiry of a first timer based on receiving the media data; and
a controller configured to enter a permission state in response to a Nth expiry of a second timer started upon transmitting the transmission authority request message,
wherein in the permission state, the terminal has permission to transmit media data of the terminal.

US Pat. No. 10,193,979

SYSTEM ARCHITECTURE FOR WIRELESS METROLOGICAL DEVICES

General Electric Company,...

1. A computer-based method by a wireless metrological device, the wireless metrological device including a wireless communication interface configured to communicate with at least one mobile computing device, the method comprising:receive a connection request from the at least one mobile computer device;
send a connection confirmation to the at least one mobile computer device;
respond to the at least one mobile computer with Device Information Service (DIS);
acknowledge to the at least one mobile computer a universal generic data service;
send a data descriptor to the at least one mobile device, wherein the data descriptor is affiliated with a measurement; andsend a data packet comprising the measurement using the universal generic data service to the at least one mobile computing device, wherein the wireless metrological device comprises a taper gauge.

US Pat. No. 10,193,977

SYSTEM, DEVICE AND PROCESS FOR DYNAMIC TENANT STRUCTURE ADJUSTMENT IN A DISTRIBUTED RESOURCE MANAGEMENT SYSTEM

HUAWEI TECHNOLOGIES CO., ...

1. A process for managing workloads by a distributed resource management system of a distributed computing system, the process comprising:receiving a tenant update for a hierarchical queue, the hierarchical queue comprising tenants and sub-tenants, the tenant update identifying a modification to a tenant or sub-tenant of the hierarchical queue;
retrieving, by a rule-based workload management engine, a rule having a tenant event corresponding to the tenant update, wherein the rule-based workload management engine retrieves the rule from a database storing rules, each rule stored in the database including a tenant event identifying a tenant or sub-tenant of the tenants or sub-tenants the rule is applicable to and an action for one or more workloads of the tenant or sub-tenant;
determining, from the retrieved rule, the action for the one or more workloads of the tenant or sub-tenant identified in the tenant event of the retrieved rule, each of the one or more workloads of the tenant or sub-tenant identified associated with a resource request; and
applying the action for the one or more workloads of the tenant or sub-tenant, without interrupting execution of any workloads of other tenants or sub-tenants of the hierarchical queue.

US Pat. No. 10,193,976

METHOD AND SYSTEM FOR RECONSTRUCTING A SLOT TABLE FOR NFS BASED DISTRIBUTED FILE SYSTEMS

Dell Products L.P., Roun...

6. A system for enabling a seamless failover between distributed system controllers in a Network File System (NFS) based distributed file systems, the system comprising:a distributed cluster of controllers configured to receive a retried request from a client, wherein each controller comprises substitute slot table modules being a process running on it respective controller;
wherein each of the substitute slot table modules is configured to:
determine an expected size of sessions slot table by inspecting a COMPOUND message's SEQUENCE operation ‘highest_slotid’ field at said client request;
in a case that the retried request is of a re-enter idempotent type, process the request again;
in a case that the retried request is file state related, check in already opened file handles if the already opened file handles are open with exactly same properties already exist for the particular client, and if found, returning the file handle information to the client as if it was just opened by it; and
in a case that the retried request is of a non-idempotent type, attempt to perform the operation again, wherein if the source file does not exist, check the existence of the expected outcome, and reply with a success,
wherein the distributed file systems are compliant with NFSv4.1 protocol.

US Pat. No. 10,193,975

MANAGING MULTIPLE CLOUD STORES THROUGH A WEB SERVICE

Microsoft Technology Lice...

1. A computing system, comprising:a processor; and
memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to:
receive, from a client device through a storage system-independent application programming interface, a call that is associated with an application on the client device and indicates a data access request to move an identified file from a first cloud-based storage system to a second cloud-based storage system, wherein
the first cloud-based storage system implements a first storage system-specific interface, and
the second cloud-based storage system implements a second storage system-specific interface that is different than the first storage system-specific interface;
perform an authentication operation to authenticate the application to the first cloud-based storage system;
transform the call into a storage system-specific call that is configured in accordance with the first storage system-specific interface; and
execute the storage system-specific call against the first storage system-specific interface to perform the operation, by moving the identified file from the first cloud-based storage system to the second cloud-based storage system without downloading the identified file to the client device.

US Pat. No. 10,193,974

MANAGING COLLABORATION OF SHARED CONTENT USING COLLABORATOR INDEXING

Box, Inc., Redwood City,...

1. A method comprising:identifying a server in a cloud-based environment that is interfaced with one or more storage devices that store one or more content objects accessible by one or more collaborators;
receiving a content object transaction request from a transaction requestor, the content object transaction request to result in a change of collaboration attributes pertaining to the content object;
maintaining a collaboration index as a database table, the database table comprising:
(i) a first column that identifies an object path associated with the content object,
(ii) a second column that identifies an object parent associated with the content object,
(iii) a third column that identifies user identifiers associated with the one or more collaborators; and
(iv) one or more database rows associated with the user identifiers from the third column, wherein a user is designated as a collaborator for the content object by inserting a database row for the user identified from the third column into the one or more database rows of the database table where the object path in the first column for the database row corresponds to the content object and one or more object parents for the content object associated with the user is included in the second column;
querying the database table to determine a set of potential content object collaborators for a current object by identifying the user identifiers from the third column from among the one or more database rows that are identified as having a current content object path or having a current content object parent path listed in at least one of the first column or the second column;
generating one or more updated database rows in the database table based at least in part on the set of content object collaborators; and
triggering an update to the collaborator index based at least in part on the one or more updated database rows.

US Pat. No. 10,193,971

METHOD, SERVER AND SYSTEM FOR APPLICATION SYNCHRONIZATION

TENCENT TECHNOLOGY (SHENZ...

1. An application synchronization method, comprising:establishing, by a server, a communication connection between an originating terminal and a destination terminal, wherein the originating terminal and the destination terminal respectively log in the server with a same login account;
upon establishing the communication connection between the originating terminal and the server and between the destination terminal and the server, displaying a device list including the originating terminal and the destination terminal on the originating terminal and the destination terminal;
receiving, by the server, a synchronization request message sent by the originating terminal, wherein the synchronization request message includes a program identification of a target application and a terminal identification of the destination terminal;
obtaining, by the server, device information and address information of the destination terminal based on the terminal identification of the destination terminal;
querying, by the server, an installation file matching with the program identification of the target application and the device information of the destination terminal; and
sending, by the server, the installation file to the destination terminal based on the address information.

US Pat. No. 10,193,970

WIRELESS SYNCHRONIZATION OF MEDIA CONTENT AND SUBSCRIPTION CONTENT

Microsoft Technology Lice...

1. A computing device comprising:at least one processor; and
memory storing computer-executable instructions that, when executed by the at least one processor, cause the computing device to:
establish a wireless synchronization connection to a portable computing device;
receive, from the portable computing device over the wireless synchronization connection, wireless configuration setup parameters used by the portable computing device to connect to a particular wireless local area network and subscription data used by the portable device to access a web-based media content delivery service over the Internet;
re-use the wireless configuration setup parameters to connect to the particular wireless local area network; and
re-use the subscription data to access the web-based media content delivery service over the Internet, wherein the subscription data indicates an action to execute, the action comprising an order to retrieve media data from the web-based media content delivery service, the order based on a global state of a user subscription.

US Pat. No. 10,193,969

PARALLEL PROCESSING SYSTEM, METHOD, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A parallel processing system which is a multi-layered fullmesh system in which a plurality of layers of fullmesh systems, having a plurality of Leaf switches fullmesh-coupled to each other, are coupled to each other, the parallel processing system including a plurality of nodes, the parallel processing system being configured to perform a parallel arithmetic operation of applications, at least one of the plurality of nodes being coupled to each of the plurality of Leaf switches, the parallel processing system comprising:circuitry configured to:
obtain communication recording information in which a number of times of communication between the plurality of nodes during execution of an application is recorded;
obtain communication pattern information in which assignment information indicating which connection topology of a fullmesh topology and a fattree topology is to be selected for each a plurality of communication patterns, in the fullmesh topology, the plurality of nodes having an intra-layer connection relationship, and in the fattree topology, the plurality of nodes having inter-layer connection relationship;
select a first communication pattern from the plurality of communication patterns based on the number of times of communication;
identify, based on the communication pattern information, a connection topology from the fullmesh topology and the fattree topology corresponding to the selected first communication pattern; and
assign, based on the identified connection topology, nodes included in the parallel processing system that execute the application.

US Pat. No. 10,193,967

REDIRECTING DEVICES REQUESTING ACCESS TO FILES

Oracle International Corp...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising:receiving, at a first storage node of a plurality of storage nodes, a first file download request for a file;
wherein the first storage node has dual functionality to (a) serve file requests and (b) select other nodes to serve file requests;
serving, by the first storage node, the first file download request for the file;
receiving, at the first storage node, a second file download request for the file from a requesting device;
determining that an access load corresponding to the first storage node exceeds a threshold value;
responsive to determining that the access load corresponding to the first storage node exceeds the threshold value:
identifying, by the first storage node, at least two storage nodes in the plurality of storage nodes that can serve the second file download request for the file;
selecting, by the first storage node, a second storage node from the at least two storage nodes to serve the second file download request for the file;
wherein the second storage node is selected by the first storage node based on the second storage node having a higher priority value, than other nodes in the at least two storage nodes, for serving a geographical region of the requesting device; and
redirecting the requesting device to the second storage node that stores the file.

US Pat. No. 10,193,966

METHOD FOR A USER TO ACCESS AT LEAST ONE COMMUNICATION SERVICE PROVIDED VIA A DATA CENTRE OF A CLOUD COMPUTING SYSTEM

ORANGE, Paris (FR)

1. A method for a user to access at least one communication service provided via a first data center of a cloud computing system, the first data center being located in a first geographic area, the method comprising the following acts, executed in the first data center:a) after a user's terminal has been connected to a web portal for accessing said service, receiving in the first data center a message providing information on the location of the terminal;
b) determining the geographic location of the terminal on the basis of the received terminal location information, and if the geographic location of the terminal corresponds to a second geographic area, different from the first area, then:
d) searching for a second data center of the cloud computing system capable of providing the service in the second area;
e) if this second data center exists, transferring computing functionality adapted to provide the communication service to the user to the second data center, so that the communication service can be used in the user's terminal, based on the second data center
wherein said computing functionality adapted to the provision of the service is implemented in a virtual machine hosted by a server of the first data center, and wherein, in act e), the transfer of said functionality from the first data center to the second data center corresponds to sending, to a server of the second data center, of a copy of some or all of the execution code of said virtual machine and its execution context.

US Pat. No. 10,193,965

MANAGEMENT SERVER AND OPERATION METHOD THEREOF AND SERVER SYSTEM

ThroughTek Technology (Sh...

1. A server system, comprising:a client, generating a request signal, wherein the request signal has a request number; and
a management server, comprising:
a plurality of storage units, respectively storing a datum, the datum stored in each of the storage units is a portion of all data which are stored in a database of the management server;
a sub-server, corresponding to the storage units and configured to obtain the datum from the storage unit in response to the request signal; and
a load balancing unit, operatively connected to the client and coupled to the sub-server, the load balancing unit being configured to receive the request signal from the client and distribute the request signal to the corresponding sub-server in response to the request number;
wherein, the management server outputs the datum obtained by the sub-server from the storage unit according to the request number;
comparing the request number with a predetermined request number;
obtaining the datum by the sub-server from the storage unit according to the request number when the request number is equal to the predetermined request number; and
returning to the step of receiving the request signal when the request number is not equal to the predetermined request number.

US Pat. No. 10,193,964

CLUSTERING REQUESTS AND PRIORITIZING WORKMANAGER THREADS BASED ON RESOURCE PERFORMANCE AND/OR AVAILABILITY

International Business Ma...

1. A computer program product for optimizing a resource manager thread pool in a production environment, the computer program product comprising:one or more non-transitory computer readable storage media and program instructions stored on the one or more non-transitory computer readable storage media, the program instructions comprising:
first program instructions programmed to divide a set of vouchers into a plurality of voucher subsets so that each voucher subset respectively corresponds to a resource manager of a plurality of resource managers, where each resource manager of the plurality of resource managers respectively corresponds to a resource in an application server and where each voucher subset corresponds respectively to a thread subset associated with the resource and clustered based on the resource;
second program instructions programmed to receive a plurality of incoming pending requests with each incoming pending request respectively corresponding to a resource;
third program instructions programmed to temporarily remove a voucher from its voucher subset corresponding to a given resource manager upon each instance that a given pending incoming request is assigned to that given resource manager for responsive processing such that the given pending incoming request thereby becomes an assigned request;
fourth program instructions programmed to determine which request of the plurality of pending incoming requests will be next assigned to a corresponding resource manager based, at least in part, upon which resource manager has the greatest number of vouchers in its respective subset of vouchers;
fifth program instructions programmed to assign the plurality of pending incoming requests to a corresponding resource manager for execution by a thread associated with the thread subset; and
sixth program instructions programmed to return a temporarily removed voucher to its voucher subset corresponding to a given resource manager upon each instance that the given resource manager has completed responsive processing of a given assigned request such that the given assigned request thereby becomes a completed request.

US Pat. No. 10,193,962

OPPORTUNISTIC ROUTING

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a request for at least a first portion of content from a client;
providing the first portion of the content to the client from a first server, the first server configured to transmit data at least at a threshold transmission rate;
determining that processing or characteristics of a connection with the client are below a threshold;
selecting a second server to provide a second portion of the content to the client based at least in part on the processing or characteristics of the connection and a determination that the client has a threshold amount of the content buffered;
buffering the content until the threshold amount of the content is available to the client; and
providing the second portion of the content to the client from the second server at a transmission rate less than the threshold transmission rate, wherein the second server has a lower demand than the first server based at least in part upon the second server being at a second geographic location that is further from the client than a first geographic location of the first server.

US Pat. No. 10,193,957

MULTIMEDIA FILE UPLOAD

1. A computerized method for accelerating a handling of a media file being uploaded from a first computer system to a second computer system over a communication network, comprising:at a first computer system, electronically communicating with a second computer system over a communication network:
receiving, during a continuous uploading event, an incoming stream of packets sent by said second computer system over said communication network, wherein the packets are generated from a media file comprising both at least one image and at least thumbnail image of said at least one image, wherein the at least one image is encoded according to a file format of the media file, and wherein packets generated from the at least one thumbnail image of the at one image and packets generated from the at least one image of the media file are transmitted to the first computer system;
extracting the at least one thumbnail image of the at least one image of the media file, from one or more of the incoming packets, during the continuous uploading event of said at least one image of the media file and completing said extracting before all the packets of the incoming stream are received; and
accelerating a displaying of a representative image of said at least one image, by displaying the at least one thumbnail image of the at least one image during the continuous uploading event of said at least one image of the media file, before all the packets of the incoming stream are received at the first computer system.

US Pat. No. 10,193,955

SYSTEM AND METHOD FOR VIDEO COMMUNICATION

Huawei Technologies Co., ...

1. A method for transmitting video, the method comprising:receiving, by a first device, a first video transmission schedule indicating a first frame type of different frame types to be transmitted;
encoding, by the first device, a first video frame of video frames to generate a first encoded video frame based on the first frame type of the first video transmission schedule;
transmitting, by the first device towards a second device, the first encoded video frame;
after the transmitting the first encoded video frame, receiving, by the first device, a second video transmission schedule determined in accordance with characteristics of a channel and use of the channel by other devices, the second video transmission schedule indicating a second frame type of the different frame types to be transmitted, wherein the use of the channel by other devices comprises information for selecting a predicted picture coded frame (P-frame) to avoid collisions of intra-coded frames (I-frames);
encoding, by the first device, a second video frame of the video frames to generate a second encoded video frame based on the second frame type of the second video transmission schedule; and
transmitting, by the first device towards the second device, the second encoded video frame.

US Pat. No. 10,193,954

SYSTEM AND METHOD FOR PROVIDING AN APPLICATION TO A DEVICE

Comcast Cable Communicati...

1. A method comprising:determining, for a computing device, device capability information;
determining, based on the device capability information, a set of applications that is supported by the computing device;
generating, for the set of applications, a set of messages that comprises data indicating a download location for the set of applications; and
based on determining that porting, from a first account to a second account, information associated with the computing device is complete, sending, to the computing device, the set of messages.

US Pat. No. 10,193,953

SELF DESCRIBING CONFIGURATION

Oracle International Corp...

1. A method comprising:providing, by a cloud infrastructure system, an application programming interface (API) to a data model used by a cloud-based application of the cloud infrastructure system;
receiving, by the cloud infrastructure system, a request for configuration data of the data model through the API, wherein the request is generated by a data security provider monitoring communications between a client device and the cloud-based application;
generating, by the cloud infrastructure system, a response that includes the configuration data, wherein the configuration data includes a set of protectable attributes of an entity modeled using the data model;
receiving, by the cloud infrastructure system, an indication of an attribute from the set of protectable attributes that is to be protected; and
marking, by the cloud infrastructure system, the indicated attribute from the set of protectable attributes as protected.

US Pat. No. 10,193,950

NETWORK SYSTEM AND CONTROL METHOD

CANON KABUSHIKI KAISHA, ...

1. A network system comprising:a first information processing terminal on which a first web browser runs;
a second information processing terminal on which a second web browser runs; and
a shared server,
wherein the shared server includes a memory storing instructions and a processor which is capable of executing the instructions causing the shared server to:
manage access data on a first tab of the first web browser in which to access a website and data on session storage valid for a session with the website in association with the first information processing terminal, the data on the session storage being locally managed by the first web browser in association with the first tab, wherein the data on the session storage includes data defined by using a combination of a key and a value that are designated by the website,
receive an instruction for sharing the first tab of the first web browser with the second web browser,
transmit the access data and the data on the session storage related to the first tab to the second web browser according to the instruction,
delete association between the transmitted data on the session storage and the first information processing terminal so that the data on the session storage being locally managed by the first web browser is deleted by the first web browser, and
manage the data on the session storage in association with the second information processing terminal.

US Pat. No. 10,193,949

COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND STORAGE MEDIUM

Canon Kabushiki Kaisha, ...

1. A communication apparatus comprising:a hardware processor; and
a memory storing one or more programs configured to be executed by the hardware processor, the one or more programs including instructions for:
acquiring a media content;
transmitting the media content acquired by the acquiring to another communication apparatus;
determining whether to describe, as an acquisition source URL of the media content acquired by the acquiring, a URL of the communication apparatus or a URL of the another communication apparatus, in accordance with a state of transmission of the media content;
generating, based on the determination made by the determining, a description file in which the acquisition source URL of each predetermined unit of the media content is described; and
providing the description file generated by the generating.

US Pat. No. 10,193,946

METHOD FOR DOWNLOADING MULTIMEDIA FILE AND ELECTRONIC DEVICE

Acer Incorporated, New T...

1. A method for downloading a multimedia file, adapted to an electronic device, the method for downloading the multimedia file comprising:obtaining first bandwidth information of a first source device;
calculating a first time point from a start time point of the multimedia file according to the first bandwidth information, comprising:
obtaining first preloading time information of the multimedia file and frame rate information of the multimedia file;
calculating first pause time information according to the first preloading time information, the frame rate information, and the first bandwidth information, wherein the first pause time information is a predicted play pause time point of the multimedia file; and
determining the first time point according to the first preloading time information and the first pause time information;
sending a first download request to the first source device to request downloading a first multimedia streaming from the start time point to the first time point in the multimedia file; and
sending a second download request to a second source device to request downloading a second multimedia streaming from the first time point in the multimedia file.

US Pat. No. 10,193,945

SYSTEMS AND METHODS FOR DISTRIBUTING MEDIA TO PERSONAL ELECTRONIC DEVICES

1. A media streaming apparatus comprising:a media streaming board for processing requests for media content;
a storage module for storing the media content;
a battery pack for supplying power to the media streaming apparatus without tapping power from any other source while in use;
an antenna for receiving global positioning information from global positioning satellites; and
an access point, wherein the access point provides a Wi-Fi connection to a plurality of personal computing devices and further provides individually-tailored media streams of the media content to each of the plurality of personal computing devices for viewing and listening thereon,
wherein the access point optimizes each of the media streams via:
using airtime fairness to send and receive data based on time increments;
using dual band transmitting on a 2.4 GHz radio band and a 5 GHz radio band;
using band steering, wherein personal computing devices capable of sending and receiving the media streams over the 5 GHz radio band are automatically routed through the 5 GHz radio band; and
using multiple input/multiple output optimization using a plurality of antennas and spatial multiplexing modulation,
wherein the access point is powered separately from the media streaming board,
wherein the access point is dynamically powered wherein power to the access point dynamically increases as the number of personal computing devices wirelessly connected thereto increases,
wherein there is no connection to the Internet when streaming the media content to the plurality of personal computers;
wherein the media content comprises a map, wherein the map shows the position of the media streaming apparatus based on the global positioning information received from the global positioning satellites.

US Pat. No. 10,193,944

SYSTEMS AND METHODS FOR MULTI-DEVICE MEDIA BROADCASTING OR RECORDING WITH ACTIVE CONTROL

1. A multi-device media broadcasting system, comprising:a controller comprising a stream controller and a network interface in communication with a plurality of media devices and a server;
wherein the stream controller is configured to:
select a first media stream from a plurality of media streams generated by the corresponding plurality of media devices, and
generate a multi-device stream configuration file identifying the selected first media stream; and
wherein the network interface is configured to transmit the generated multi-device stream configuration file to the server, the server providing at least one additional device with a stream manifest identifying the selected first media stream responsive to receipt of the configuration file,
wherein the controller is further configured to subsequently select a second media stream from the plurality of media streams, and generate an updated multi-device stream configuration file identifying the selected second media stream; and
wherein the network interface is further configured to transmit the updated multi-device stream configuration file to the server, the server replacing a media chunk identified in the first stream manifest generated by a first media device of the plurality of media devices with a media chunk generated by a second media device of the plurality of media devices, responsive to receipt of the updated multi-device stream configuration file, the server providing the at least one additional device with media comprising the stream without adjusting the manifest or the configuration file provided to the additional device.

US Pat. No. 10,193,943

DATA-PLAN-BASED QUALITY SETTING SUGGESTIONS AND USE THEREOF TO MANAGE CONTENT PROVIDER SERVICES

T-Mobile USA, Inc., Bell...

1. A computer-implemented method comprising:receiving, by a telecommunication network, an indication that a device associated with a subscriber to a data plan is consuming video content from a third party content provider;
determining, by the telecommunication network, whether the subscriber is participating in a program offering consumption of the video content free of charge in exchange for the video content being provided to the device at a limited service quality;
in response to determining that the subscriber is participating in the program, reducing, by the telecommunication network, network resources available for transmission of the video content to the device to cause the third party content provider to reduce a service quality of the video content being transmitted to the device to no more than the limited service quality; and
conditionally excluding, by the telecommunication network, the consuming of the video content from a consumption metric of the data plan that tracks a total amount of content consumed in a time period that counts toward a consumption limit based at least in part on whether the subscriber is participating in the program.

US Pat. No. 10,193,941

INTERWORKING BETWEEN FIRST PROTOCOL ENTITY OF STREAM RESERVATION PROTOCOL AND SECOND PROTOCOL ENTITY OF ROUTING PROTOCOL

TELEFONAKTIEBOLAGET LM ER...

1. A method for interworking between a first protocol entity adapted to operate in accordance with a stream reservation protocol for reserving resources for a data stream along a stream path of the data stream and a second protocol entity adapted to operate in accordance with a routing protocol for distributing information in a bridge network, wherein the stream reservation protocol and the routing protocol form a protocol stack in a network node, the method comprising:sending, from the first protocol entity to the second protocol entity via an interface between the first and the second protocol entities, a request for stream path information indicating, for a data stream to be sent, a stream path in the bridge network,
determining, by the second protocol entity, which controls the bridge network based on Layer 2 add-ons, the stream path information for the stream path based on the request, wherein the second protocol entity stores network topology information, and the step of determining stream path information is performed by locally processing the network topology information according to Dijkstra's algorithm using the Layer 2 add-ons,
sending, from the second protocol entity to the first protocol entity, the determined stream path information, and
initiating, by the first protocol entity, a resource reservation procedure for reserving resources in response to receiving the stream path information.

US Pat. No. 10,193,940

ADDING RECORDED CONTENT TO AN INTERACTIVE TIMELINE OF A TELECONFERENCE SESSION

Microsoft Technology Lice...

1. A device comprising:one or more processing units; and
a computer-readable medium having encoded thereon computer-executable instructions to cause the one or more processing units to:
display an interactive timeline associated with previously recorded content of a teleconference session;
receive first input to add content to the interactive timeline at a position associated with an interactive timeline cursor;
based at least in part on receiving the first input, determining supplemental recorded content;
receive second input that indicates that the supplemental recorded content is to be added to the interactive timeline by one of (i) injecting the supplemental recorded content into the previously recorded content of the teleconference session thereby splitting the previously recorded content of the teleconference session at the position associated with the interactive timeline cursor, or (ii) appending the supplemental recorded content to the interactive timeline at the position associated with the interactive timeline cursor; and
send data to add the supplemental recorded content to the interactive timeline based at least in part on the second input.

US Pat. No. 10,193,939

SPI HANDLING BETWEEN UE AND P-CSCF IN AN IMS NETWORK

T-Mobile U.S.A., Inc., B...

1. At least one non-transitory computer-readable memory, storing instructions, which when executed by at least one data processing device, manages security parameters that enable a device to receive Internet Protocol Multimedia Subsystem (IMS) services via a telecommunications network, the instructions comprising:receiving a registration request for the device to receive one or more IMS services via the telecommunications network;
negotiating a first pair of security associations,
wherein the first pair of security associations include a first expiration time;
permitting access to an IMS service based at least in part on the first pair of security associations;
receiving a re-registration request for the device to receive one or more IMS services via the telecommunications network;
negotiating a second pair of security associations,
wherein the second pair of security associations include a second expiration time;
deleting the first pair of security associations; and
permitting access to the IMS service or another IMS service based at least in part on the second pair of security associations.

US Pat. No. 10,193,936

DATA COMMUNICATIONS

BRITISH TELECOMMUNICATION...

1. A method of establishing a connection between a WebRTC-capable software application and a server in a communications network;in which the connection is associated with a CLI or a URI;
in which the method is performed by a WebRTC gateway and comprises:
associating credentials with the WebRTC-capable software application;
receiving from the server over a non-WebRTC communications channel, a connection request comprising the CLI or a URI;
identifying from the CLI or the URI comprised in the connection request, a signalling channel for WebRTC for signalling to the WebRTC-capable software application;
using the signalling channel, setting up a WebRTC media channel extending to the WebRTC-capable software application as part of the connection between the server and the WebRTC-capable software application; in which the connection comprises the WebRTC media channel extending to the WebRTC-capable software application and a non-WebRTC channel extending to the server; in which the WebRTC media channel and the non-WebRTC channel are interconnected for communication at an intermediate point of the connection; and
disassociating the credentials from the WebRTC-capable software application at a time at which it is determined that the credentials are no longer required;
in which the credentials are disassociated from the WebRTC-capable software application in response to the user navigating away from a web page.

US Pat. No. 10,193,935

METHOD AND SYSTEM FOR ENABLING A COMMUNICATION DEVICE TO REMOTELY EXECUTE AN APPLICATION

Hammond Development Inter...

1. A communication system enabling at least one communication device to remotely execute one or more applications, comprising:one or more application servers coupled to a first communication link, the first communication link comprising a data connection, at least one of the one or more application servers adapted to execute an application to establish a communication session with at least one communication device coupled to the data connection in response to a request from the at least one communication device to establish the communication session, the one or more application servers residing at a location remote from the at least one communication device;
wherein the one or more application servers is operable to receive over a second communication link the application from at least one repository having access to one or more applications maintained in a database coupled to the at least one repository, wherein the one or more application servers is further operable to execute the application remote from the at least one communication device and to establish the communication session with the at least one communication device, wherein the one or more application servers is operable to communicate a request for processing service to the at least one communication device, and wherein the request for processing service is communicated to the at least one communication device over the data connection.

US Pat. No. 10,193,934

DATA COMPRESSION FOR COMMUNICATIONS SIGNALLING

Microsoft Technology Lice...

1. A method of establishing a communication event between an initiating device and a responding device, the establishing of the communication event being under the control of a remote communications controller, the method comprising implementing by the initiating device the following steps:in a pre-session establishment phase: receiving at the initiating device, from a dictionary server, a compression dictionary or a dictionary link that identifies an addressable memory location, at which a compression dictionary is held;
storing the received compression dictionary or the received dictionary link in electronic storage of the initiating device;
generating an initial session establishment request message for transmission to the remote communications controller;
applying compression to the initial session establishment request message to compress the initial session establishment request message in size based on the compression dictionary, by accessing the stored compression dictionary or by using the stored dictionary link to access the compression dictionary; and
in response to a communication event establishment instruction received at the initiating device after the dictionary or the dictionary link has been received and stored at the initiating device, establishing a session between the initiating device and the remote communications controller by the initiating device transmitting the compressed initial session establishment request message to the remote communications controller;
wherein the communication event is established between the initiating device and the responding device based on the established session between the initiating device and the remote communications controller.

US Pat. No. 10,193,933

SYSTEM AND METHOD FOR POST-DISCOVERY COMMUNICATION WITHIN A NEIGHBORHOOD-AWARE NETWORK

Qualcomm Incorporated, S...

1. A method comprising:determining, at a first mobile device, a post-discovery communication protocol for communicating within a mobile device cluster after a discovery interval;
during the discovery interval, sending, through a first communication channel, a discovery message indicating which particular post-discovery communication protocol of a plurality of post-discovery communication protocols is the determined post-discovery communication protocol, the discovery message indicating a time interval when the first mobile device is to receive association requests, wherein the discovery message indicates a second communication channel for sending post-discovery communications to a second mobile device, wherein the second communication channel is different than the first communication channel;
in response to sending the discovery message, receiving, from the second mobile device, during the indicated time interval, an association request that includes a security information request and a paging request; and
sending one or more post-discovery communications to the second mobile device based on the security information request.

US Pat. No. 10,193,932

REAL-TIME ENERGY DATA PUBLISHING SYSTEMS AND METHODS

SolarCity Corporation, S...

1. A method comprising:subscribing to real-time data enable requests for a device on an energy generation (EG) network;
intercepting, from a first requester, a first request for real-time data for the device on an EG system within the EG network;
intercepting, from a second requester, a second request for real-time data for the device within a predetermined period after intercepting the first request; and
publishing a single request to the device to post a single measurement corresponding to the real-time data request; wherein:
publishing the single request comprises publishing at less than or equal to a predetermined frequency for a predetermined duration, and
the predetermined period is a reciprocal of the predetermined frequency.

US Pat. No. 10,193,931

SESSION INITIATION PROTOCOL CALL PRESERVATION BASED ON A NETWORK FAILURE

Avaya Inc., Santa Clara,...

1. A system comprising:a microprocessor; and
a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that cause the microprocessor to execute:
a communication application that:
receives a first Session Initiation Protocol (SIP) INVITE with replaces header message from a first communication endpoint, wherein the first SIP INVITE with replaces header message comprises a first Session Description Protocol (SDP) offer that is based on a first changed network address of the first communication endpoint;
receives a second SIP INVITE with replaces header message from a second communication endpoint, wherein the second SIP INVITE with replaces header message comprises a second SDP offer that is based on a second changed network address of the second communication endpoint and wherein the first communication endpoint and the second communication endpoint had an established media stream; and
sends a first SIP 200 OK message with a first fabricated SDP answer to the first communication endpoint in response to receiving the second SIP INVITE with replaces header message.

US Pat. No. 10,193,926

APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM

1. A method comprising:receiving a Payload-specific request to access one or more corporate resources;
receiving, using at least one processor, user authentication credentials from a non-trusted entity;
analyzing, using the at least one processor, one or more formats of the received user authentication credentials;
determining a validity of the one or more foil cats of the received user authentication credentials; and
if the one or more formats of the received user authentication credentials are valid:
conducting an authentication process based on the received user authentication credentials,
establishing a first secure connection with a corporate server controlling the one or more corporate resources,
providing the received request and the received user authentication credentials to the corporate server via the first secure connection,
establishing a second secure connection between the non-trusted entity and a Transfer Plane entity,
receiving a plurality of control policies and a plurality of user data from the corporate server via the first secure connection, and
providing the control policies and the user data to the non-trusted entity via the second secure connection,
wherein the Transfer Plane entity is configured to forward the control policies and the user data to the non-trusted entity via the second secure connection.

US Pat. No. 10,193,924

NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK

ACALVIO TECHNOLOGIES, INC...

1. A method for diverting a client device from a production device in a network, the method comprising:receiving, at a deception network device, an indication that a connection is suspicious, wherein the connection is a protocol-based network connection between the client device and the production device, and wherein the production device has an Internet Protocol (IP) address;
stalling the connection to divert communications over the connection to a decoy host on a host emulator, wherein the connection is stalled in response to receiving the indication, wherein stalling causes the client device to terminate the connection;
receiving a reconnection request for the client device to reconnect to the production device, wherein the reconnection request is received after the connection is stalled;
determining a configuration of the production device;
configuring the host emulator using the configuration, wherein configuring the host emulator includes assigning the IP address of the production device to the decoy host, and wherein, when configured, the decoy host has a similar hardware and software configuration as the production device; and
requesting redirection of the reconnection request to the host emulator, wherein requesting redirection facilitates a second connection between the client device and the host emulator, and wherein the host emulator enables an appearance of a successful intrusion into the production device by the second connection.

US Pat. No. 10,193,923

METHODS FOR PREVENTING CYBER INTRUSIONS AND PHISHING ACTIVITY

Duo Security, Inc., Ann ...

1. A system for mitigating attacks on a computer network, the system comprising:a web interface configured to receive target domain name input;
a remote computing server that is configured to generate phishing domain names and that comprises one or more computer processors and a memory storing computer-executable instructions that when executed by the one or more computer processors perform the steps of:
receiving the target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to generate a plurality of phishing attack domain names;
using the target domain name input to create a plurality of phishing attack domain names, wherein creating the plurality of phishing attack domain names includes:
identifying a plurality of domain name transformation operations that operate to transform the domain name associated with the target entity to one or more attack domain names;
selecting one or more of the identified domain name transformation operations based on features of the domain name; and
applying the selected domain name transformation operations to the domain name;
generating a phishing value for each of the plurality of phishing attack domain names, wherein generating the phishing value includes calculating a likelihood a user would succumb to a phishing attack using a respective phishing attack domain name of the plurality of phishing attack domain names;
setting a phishing value threshold indicating a minimum likelihood of implementing the phishing attack with a created phishing attack domain name;
dynamically changing the phishing value threshold based on a number of phishing attack domain names created;
calculating a visual similarity score for each of the plurality of phishing attack domain names, wherein the visual similarity score indicates a level of resemblance between the target domain name and a phishing attack domain name of the plurality of phishing attack domain names;
selecting a subset of the plurality of phishing attack domain names based on the phishing value threshold and the visual similarity;
implementing one or more computer security protocols that mitigate the likelihood or the probability that the plurality of phishing attack domain names are used in the phishing campaign against the computer network, wherein implementing the one or more computer security protocols includes:
generating one or more e-mail validation policies that restrict e-mail activity from the subset of the plurality of phishing attack domain names to one or more networked devices of the computer network;
updating a security certificate for each of the phishing attack domain names in the subset; and
managing access to each of the phishing attack domain names based on the security certificate.

US Pat. No. 10,193,922

ISP BLACKLIST FEED

Level 3 Communications, L...

1. A method of providing a notification containing an ISP from which DDoS attacks originate, the method comprising performing by a computing system:receiving an indication that one or more network resources are being targeted as part of one or more DDoS attacks;
obtaining one or more malicious IP addresses corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;
sending a request to a database system to determine an Internet Service Provider (ISP) associated with each of the one or more malicious IP addresses;
computing a metric associated with a first ISP involved in the one or more DDoS attacks, wherein the metric includes at least one of: a quantity of malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks and a quantity of malicious requests from the malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;
comparing the metric to a threshold; and
sending, to a list of subscribers, an alert message indicating that the first ISP is involved in the one or more DDoS attacks when the metric exceeds the threshold.

US Pat. No. 10,193,921

MALWARE DETECTION AND PREVENTION SYSTEM

Level 3 Communications, L...

1. A method for managing access to a public network, the method comprising:utilizing a control system to control a computing device to access a first node in the public network;
applying a personality profile to the computing device to access a second node in the public network, the personality profile comprising a plurality of inputs provided to the computing device, the plurality of inputs applied to a browser program displayed on a display of the computing device to mimic characteristics of a user associated with the computing device;
analyzing transmission of information between the computing device and the public network, in response to the browser program, during accessing of the second node of the public network;
detecting an indication of a malware program stored in the public network accessible through the second node based on the analyzed transmission of information; and
storing information of the malware program in a database according to the detected indication of the malware program.

US Pat. No. 10,193,920

MANAGING SECURITY ACTIONS IN A COMPUTING ENVIRONMENT BASED ON COMMUNICATION ACTIVITY OF A SECURITY THREAT

Splunk Inc., San Francis...

1. A method of improving security actions in a computing environment, wherein the computing environment comprises a plurality of computing assets, the method comprising:identifying a security threat within the computing environment;
obtaining state information for the security threat within the computing environment from computing assets of the plurality of computing assets in the computing environment, wherein the state information comprises at least communication activity related to the security threat, wherein the communication activity comprises at least a quantity of connections associated with the security threat and a quantity of exchanged data associated with the security threat;
determining a current state for the security threat within the computing environment based on the state information;
obtaining enrichment information for the security threat; and
determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

US Pat. No. 10,193,919

RISK-CHAIN GENERATION OF CYBER-THREATS

Empow Cyber Security, Ltd...

1. A method for cyber threat risk-chain generation, comprising:obtaining a plurality of events;
mapping each event of the plurality of obtained events to a global threat type, wherein each global threat type is associated with a risk-chain group;
correlating among the mapped plurality of events to determine at least a transition between one global threat type to another; and
updating a data structure maintaining data of at least one risk-chain, when the transition is determined, wherein the at least one risk-chain is a lifecycle of a cyber-attack.

US Pat. No. 10,193,917

RULE-BASED NETWORK-THREAT DETECTION

Centripetal Networks, Inc...

1. A method comprising:receiving, by a packet-filtering device, a plurality of packets;
responsive to a determination by the packet-filtering device that a first packet of the plurality of packets corresponds to one or more packet-filtering rules:
applying, by the packet-filtering device and to the first packet, an operator specified by a corresponding packet-filtering rule and configured to cause the packet-filtering device to either prevent the first packet from continuing toward a destination of the first packet or allow the first packet to continue toward the destination of the first packet; and
generating, by the packet-filtering device, a packet log entry comprising at least one threat identifier corresponding to the first packet and data indicating whether the packet-filtering device prevented the first packet from continuing toward the destination of the first packet or allowed the packet to continue toward the destination of the first packet;
updating, by the packet-filtering device and based on the packet log entry, a packet flow entry, corresponding to the generated packet log entry, of packet flow analysis data for a plurality of logged packets, wherein the packet flow analysis data comprises data corresponding to a plurality of packet flow entries, and wherein each packet flow entry consolidates a plurality of packet log entries corresponding to a common threat identifier;
communicating, by the packet-filtering device and to a computing device, the packet flow analysis data; and
causing, based on the communicated packet flow analysis data, display of at least a portion of the packet flow analysis data,
wherein the packet flow analysis data comprises at least one threat identifier corresponding to each of the plurality of logged packets, packet time data for packets corresponding to the packet flow entry, and data indicating whether the packet-filtering device prevented packets from continuing toward a respective destination or allowed packets to continue toward the respective destination.

US Pat. No. 10,193,916

CONFIGURING THE GENERATION OF EVENT DATA BASED ON A TRIGGERING SEARCH QUERY

Splunk Inc., San Francis...

1. A computer-implemented method, comprising:receiving input specifying a search query for time-series event data;
causing execution of the search query based on a recurring schedule to search time-series event data stored by a data storage server, the time-series event data generated, by a remote capture agent located in a computer network, based on network traffic monitored by the remote capture agent and involving at least one resource running in the computer network;
identifying, based on the execution of the search query, one or more events of the time-series event data stored by the data storage server satisfying the search query; and
in response to identifying the one or more events, sending configuration information to the remote capture agent, the configuration information causing the remote capture agent to generate additional time-series event data.

US Pat. No. 10,193,913

JOINT ANOMALY DETECTION ACROSS IOT DEVICES

Cisco Technology, Inc., ...

1. A method, comprising:monitoring, at a gateway device, network communications between a plurality of computing devices connected to a network associated with the gateway device;
creating, at the gateway device, a graph, wherein each vertex of the graph represents one of the computing devices connected to the network and each edge of the graph represents network communication that has occurred between the computing devices connected by that edge during a time window;
receiving, from each of the computing devices, a collection of one or more performance metrics observed by that computing device during the time window;
determining, based on the graph and the collections of one or more performance metrics, a respective measure of risk for each of the computing devices for the time window;
determining, from the graph, a clique of computing devices that are linked by edges in the graph;
adjusting the respective measure of risk for the time window for one of the computing devices in the clique based on the measures of risk for the remaining computing devices in the clique; and
in response to determining that a given computing device in the clique is infected with malware based on the respective measure of risk exceeding a threshold, setting an alert flag at the gateway device indicating that the given computing device is infected.

US Pat. No. 10,193,912

WARM-START WITH KNOWLEDGE AND DATA BASED GRACE PERIOD FOR LIVE ANOMALY DETECTION SYSTEMS

Cisco Technology, Inc., ...

1. A method, comprising:loading, by a device in a network, an anomaly detection model for warm-start;
filtering, by the device, input data for the model during a warm-start grace period after warm-start of the anomaly detection model, wherein the model is not updated during the warm-start grace period based on the filtering;
determining, by the device, an end to the warm-start grace period;
updating, by the device, the anomaly detection model using unfiltered input data for the anomaly detection model after the determined end to the warm-start grace period; and
sending, by the device, a notification of the warm-start of the anomaly detection model to a supervisory device in the network.

US Pat. No. 10,193,911

TECHNIQUES FOR AUTOMATICALLY MITIGATING DENIAL OF SERVICE ATTACKS VIA ATTACK PATTERN MATCHING

VERISIGN, INC., Reston, ...

1. A method for mitigating a denial of service attack, the method comprising:determining that a number of requests transmitted by a first client to a server during a first time period is greater than a first threshold;
in response, classifying the first client as a top talker;
generating one or more first attack patterns based on the requests transmitted by the first client to the server;
determining, at least partially in parallel with generating the one or more first attack patterns, that a number of requests transmitted by a second client to a server during a second time period is greater than the first threshold;
identifying additional requests being transmitted by at least one of the first client and the second client to the server;
determining that a number of the additional requests transmitted by the at least one of the first client and the second client to the server matches the one or more first attack patterns; and
in response, performing one or more operations to address the additional requests being transmitted to the server.

US Pat. No. 10,193,910

NETWORK ATTACK DETECTION METHOD

The Hong Kong Polytechnic...

1. A method, comprising:at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors,
conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis;
probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and
determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric,
wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node,
wherein the probing pattern is Round Trip Probing (RTP),
wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises:
sending at least two RTP probing packets from the probing node to the target node;
receiving RTP response packets in responsive to the RTP probing packets from the target node of the first probing path, each RTP response packet having a sequence number and an ACK number; and
according to the sequence numbers and the ACK numbers of the RTP response packets, determining one or more of the following performance metric of the first probing path: a RTP packet loss rate on the forward path, a RTP loss pair rate on the forward path, a RTP packet reordering rate on the forward path, a RTP packet loss rate on the reverse path, a RTP packet reordering rate on the reverse path, and a RTP loss pair rate on the reverse path,
wherein a packet pair on the forward path is placed between load packets and measurement packets and consists of an ?th RTP probing packet and an ?+1th RTP probing packet, a packet pair on the reverse path consists of an ?th RTP response packet and an ?+1th RTP response packet, the ?th RTP probing packet corresponds to the ?th RTP response packet, a time gap between the ?th RTP response packet and the ?+1th RTP response packet being used to estimate an interval between head and tail load packets.

US Pat. No. 10,193,909

USING INSTRUMENTATION CODE TO DETECT BOTS OR MALWARE

1. A method comprising:obtaining data corresponding to requests from a plurality of client devices for a web resource comprising web code, wherein the web resource is hosted by a first web server system;
for a first client device of the plurality of client devices, serving instrumentation code that is configured to execute on the first client device to monitor execution of the web code of the web resource at the first client device;
receiving, from the first client device, one or more responses generated by the instrumentation code at the first client device based one or more interactions with the web code at the first client device;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,193,907

INTRUSION DETECTION TO PREVENT IMPERSONATION ATTACKS IN COMPUTER NETWORKS

Cisco Technology, Inc., ...

1. A data processing method comprising:storing, by a central computer, authentication records in a hosts database, wherein each authentication record comprises a certificate and a host identifier of a sender computer;
receiving, by the central computer, a suspect record that was sent by a first intrusion sensor, from one or more intrusion sensors, and that comprises a first particular certificate and a first particular host identifier of a suspect sender computer, wherein the suspect record is generated based on network telemetry data exchanged in compliance with an Internet Protocol Flow Information Export (IPFIX) or a NetFlow protocol;
determining, by the central computer, whether the hosts database contains a matching record having a same certificate as the first particular certificate of the suspect record and a same host identifier as the first particular host identifier of the suspect record, the first particular certificate comprising a first particular thumbprint of a first particular public key certificate, the first particular host identifier comprising an Internet Protocol (IP) address of the suspect sender computer;
in response to determining, by the central computer, that the hosts database does not contain the matching record, generating, by the central computer, an intrusion alert;
propagating, by the central computer, the intrusion alert to the one or more intrusion sensors to ban network traffic from the suspect sender computer; and
instructing the one or more intrusion sensors to periodically request a second particular certificate from the suspect sender computer.

US Pat. No. 10,193,905

METHOD AND APPARATUS FOR ADAPTIVE CACHE MANAGEMENT

Samsung Electronics Co., ...

1. A method for processing data by a terminal implemented using at least one hardware processor, the method comprising:identifying, by the terminal, a plurality of inspection types for a packet;
determining, by the terminal, an inspection type from the plurality of inspection types for the packet based on a network type for transmitting or receiving the packet and an Internet Protocol (IP) version; and
processing, by the terminal, the determined inspection type for the packet,
wherein the network type includes at least one of a Wi-Fi network and a cellular network, and
wherein determining the inspection type comprises determining, by the terminal, if at least one packet is transmitted or received through an application being executed in the terminal, a size of the at least one packet is over a predetermined size that can be transmitted through an application, to process a security inspection for the packet.

US Pat. No. 10,193,904

DATA-DRIVEN SEMI-GLOBAL ALIGNMENT TECHNIQUE FOR MASQUERADE DETECTION IN STAND-ALONE AND CLOUD COMPUTING SYSTEMS

QATAR UNIVERSITY, Doha (...

1. A method for identifying masquerade attacks in a network computing environment, the method comprising:receiving data from at least one user with an active session on a system;
receiving historical data for each of the at least one user;
applying an algorithm to the received data to build at least one profile for each of the at least one user, wherein the at least one profile comprises one or more sample signatures;
applying an algorithm to the received historical data to build at least one model for each of the at least one user, wherein said at least one model comprises one or more reference signatures;
identifying a dynamic threshold;
determining an alignment score between the sample signatures to the reference signatures by comparing first alignment parameters from the sample signatures with second alignment parameters from the reference signatures;
determining an intrusion masquerade event based on the alignment score being greater than the identified dynamic threshold; and
updating patterns for each of the at least one active user,
wherein the first alignment parameters are selected from at least three of: optimal gap penalties, mismatch score, average optimal threshold, and maximum factor of test gaps, and
wherein the second alignment parameters are selected from at least three of: optimal gap penalties, mismatch score, average optimal threshold, and maximum factor of test gaps.

US Pat. No. 10,193,901

INTERFACE PROVIDING AN INTERACTIVE TIMELINE FOR EVALUATING INSTANCES OF POTENTIAL NETWORK COMPROMISE

Splunk Inc., San Francis...

1. A method comprising:receiving event data generated by network activities of entities that interact with a computer network, wherein the event data comprises machine data, and the entities include at least one of computer users and devices in communication with the computer network;
identifying instances of potential network compromise from the event data comprising threats based on one or more anomalies automatically triggered by detecting deviations from expected or permitted network activities, wherein each of the instances of potential network compromise is classified by type and associated with a time period of occurrence and an entity or entities that participated in the network activity that triggered the corresponding automated determination;
causing display, in a graphical user interface, of an interactive graphic of data values indicating identified instances of potential network compromise occurring at time periods along a timeline, including graphical representations indicating a level of risk and the number of instances of network compromise occurring during a same time period;
upon receiving a selection by a user, via the graphical user interface, of a time period from the timeline, causing display of a listing of each identified instance of potential network compromise occurring at the selected time period, the listing including the type of instance and each associated entity; and
upon receiving a selection of a threat from the listing of instances of potential network compromise, causing display of a graphical representation of a relationship between the entities participating in the network activities that triggered the threat, wherein the display includes one or more lines that connect the entities whose participation together in a network activity triggered an anomaly, and upon receiving a selection of a line in the display, causing the type of the anomaly to be displayed.

US Pat. No. 10,193,900

METHODS AND APPARATUS TO IDENTIFY AN INTERNET PROTOCOL ADDRESS BLACKLIST BOUNDARY

1. A method to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address, the method comprising:collecting, by executing an instruction with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address;
generating, by executing an instruction with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address;
generating, by executing an instruction with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address;
for respective Internet protocol addresses in the first and second windows, calculating, by executing an instruction with the processor, occurrence counts associated with behavior features identified in the netflow data;
identifying, by executing an instruction with the processor, candidate boundaries within the netblock based on breakpoint scores calculated from divergence values associated with the behavior features, the divergence values based on a first multinomial distribution of the occurrence counts associated with the first window and a second multinomial distribution of the occurrence counts associated with the second window; and
identifying, by executing an instruction with the processor, a first one of the candidate boundaries as an Internet protocol address boundary associated with the malicious Internet protocol address by comparing the breakpoint scores of the candidate boundaries to a threshold.

US Pat. No. 10,193,896

VEHICLE COMMUNICATION APPARATUS, IN-VEHICLE NETWORK SYSTEM, AND VEHICLE COMMUNICATION METHOD

PANASONIC INTELLECTUAL PR...

1. An electronic control unit connected to an in-vehicle network bus in an in-vehicle network system, the in-vehicle network system including a plurality of apparatuses that perform communication of frames via the in-vehicle network bus, the electronic control unit comprising:a first control circuit; and
a second control circuit,
wherein the first control circuit is connected to the in-vehicle network bus via the second control circuit over at least one of wired communication or wireless communication,
wherein the second control circuit receives a frame from the in-vehicle network bus, to which the second control circuit is connected, performs a first determination process on the received frame to determine a conformity of the received frame with a first rule related to at least a reception time of the received frame by the second control circuit, upon determining that the received frame conforms to the first rule, executes a predetermined process based on content of the received frame, and transmits the received frame to the first control circuit, and
wherein the first control circuit receives the received frame from the second control circuit and performs a second determination process on the received frame to determine a conformity of the received frame with a second rule that is different from the first rule.

US Pat. No. 10,193,895

SYSTEM AND METHOD FOR REMOTE AUTHENTICATION WITH DYNAMIC USERNAMES

1. A first device for authenticating a user for access to a service provider over a network comprising:circuitry configured to:
receive a request for a ticket;
generate the ticket, wherein the ticket includes a one-time username;
send the ticket to at least one additional device;
generate a first partial signature of the ticket;
receive at least one additional partial signature of the ticket from each of the at least one additional device;
generate a complete signature of the ticket based on the first partial signature and the at least one additional partial signature of the ticket;
encrypt the ticket and the complete signature of the ticket;
send the encrypted ticket and encrypted complete signature of the ticket to the service provider;
receive an encrypted verification code from the service provider;
decrypt the encrypted verification code; and
display the decrypted verification code.

US Pat. No. 10,193,894

ENABLING ACCESS TO RESTRICTED DATA USING GEOFENCES

1. A system comprising:a processor; and
a memory that stores computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising
identifying a device associated with restricted data, wherein the restricted data comprises network data that law prohibits network operators from using for commercial purposes without authorization from a user associated with the device,
determining use parameters associated with the device, wherein each of the use parameters comprises
a device identifier associated with the device,
a geofence that defines a location at which the use of the restricted data is authorized by the user, wherein boundaries of the geofence are defined in response to receiving, by the device, the user input via a touchscreen, the input corresponding to drawing the boundaries,
time limits associated with the geofence, and
a commercial purpose for which the use of the restricted data by the network operator is authorized by the user,
determining if the device is at a geographic location that satisfies the location that is defined by the geofence,
determining if the time limits associated with the geofence are satisfied,
determining a purpose for which the restricted data will be used, and
if a determination is made that the location that is defined by the geofence is satisfied, that the time limits are satisfied, and that the purpose matches the commercial purpose of one of the use parameters, using the restricted data for the purpose.

US Pat. No. 10,193,893

SYSTEM AND METHOD FOR ACCESS CONTROL USING NETWORK VERIFICATION

Open Text SA ULC, Halifa...

1. A system for data access control, comprising:a computing device having a processor and at least one non-transitory memory containing instructions executable by the processor to:
determine a first unique device identifier identifying a first access point being used by the computing device to access a network;
determine first access control data associated with the first unique device identifier and a first application executing on the computing device, the first access control data specifying an access control level selected from at least three different levels of access; and
control access of the first application to data associated with a target server to which the computing device is connected through the first access point and over the network based on the first access control data, wherein the first access control data specifies a first level of access to the data associated with the target server applicable when the computing device connects to the target server through the first access point.

US Pat. No. 10,193,892

RESOURCE RESTRICTION

HEWLETT PACKARD ENTERPRIS...

1. A data sharing system comprising:a processor; and
a non-transitory computer readable medium storing instructions executable by the processor, the instructions comprising:
instructions to identify an environment that satisfies a first level of trust of a first entity and a second level of trust of a second entity, wherein the first entity and the second entity are different devices;
instructions to request access to a set of data associated with the first entity in response to a procedure received from the second entity;
instructions engine to execute the procedure in the environment, the procedure to request access to the set of data;
instructions to receive a restriction from the first entity, wherein the restriction associated with a resource of the environment is to limit information that can be accessed in the set of data by the procedure of the second entity based on resource utilization information associated with the resource;
instructions to maintain the resource utilization information of the environment associated with the resource; and
instructions to limit execution of the procedure based on the restriction and the resource utilization information.

US Pat. No. 10,193,891

DEVICE-TO-DEVICE NETWORK LOCATION UPDATES

Neone, Inc., Austin, TX ...

1. An electronic device, comprising:an interface circuit configured to communicate with a group of one or more other instances of the electronic device via dynamic connections that are based on pre-established and maintained associations in a device-to-device network of a user of the electronic device, wherein each instance of the electronic device in the device-to-device network stores locally the pre-established and maintained associations comprising encryption keys and locations for each of the instances of the electronic device in the group that are maintained for a longer time than the dynamic connections,
wherein a given dynamic connection between the electronic device and a given instance of the electronic device in the group is setup by the electronic device without storing the pre-established and maintained associations in a computer in another network; and
wherein the interface circuit is configured to communicate with the given instance of the electronic device via at least a non-wireless communication technique and the other network; and
a control circuit, coupled to the interface circuit, configured to:
detect, via the interface circuit, a change to a location of the electronic device in the other network, wherein detecting the change to the location involves poking a hole through a firewall to determine the location of the electronic device and tracing a route back to the electronic device;
communicate, via the interface circuit, a message with an update to the location based on the detected change that is encrypted with the encryption key of the user, to a second user of a second instance of the electronic device in the group in the device-to-device network at a second location specified by one of the pre-established and maintained associations and use the updated location to update a pre-established and maintained association stored locally on the second instance of the electronic device; and
when a communication with a third instance of the electronic device fails for a time interval, poll one or more other instances of the electronic device in the group to determine an update to a third location from the pre-established and maintained associations, wherein the one or more other instances does not include the given instance, second instance or third instance of the electronic device.

US Pat. No. 10,193,881

METHOD FOR CONTROLLING INFORMATION TERMINAL IN COOPERATION WITH WEARABLE TERMINAL

PANASONIC INTELLECTUAL PR...

1. A control method for an information terminal that is configured to communicate with an electronic mail server and a wearable terminal used while being worn on a portion of a user's body, the information terminal having a first display, and the wearable terminal having a second display, the method causing a computer of the information terminal to:receive electronic mail from the electronic mail server by using a mail application for executing transmission and reception of the electronic mail, the mail application being stored in a memory of the information terminal;
transfer the received electronic mail to the wearable terminal;
receive viewing information from the wearable terminal, the viewing information indicating that the electronic mail was displayed on the second display at a first time;
determine whether or not the electronic mail is being displayed on the second display at a second time, which is a predetermined period of time after the first time, based on the viewing information; and
automatically display, on the first display, a reply-mail creation screen for creating a reply mail to the electronic mail that was displayed on the second display at the first time, when it is determined that the electronic mail is being displayed on the second display, and the computer of the information terminal launches the mail application, and
automatically stop displaying, on the first display, the reply-mail creation screen at the second time when it is determined that the electronic mail is not being displayed on the second display.

US Pat. No. 10,193,879

METHOD AND SYSTEM FOR SOFTWARE APPLICATION DEPLOYMENT

Cisco Technology, Inc., ...

1. A method for deploying applications, the method comprising:deploying an application from an application image in an application virtual machine of a computing device, wherein the application is accessible using a first uniform resource locator (URL);
sending an application creation message to an authoritative domain name system (DNS) server to create a record mapping the first URL to a second URL, wherein the first URL is in a first domain and the second URL is in a second domain;
providing, to a service virtual machine (SVM) of the computing device, a digital certificate associated with the application virtual machine, wherein the service virtual machine is configured to store the digital certificate isolated from and inaccessible by the application virtual machine, and wherein the service virtual machine is separate from a certificate authority that issues the digital certificate;
generating, by the service virtual machine and in response to one or more applications requesting communication based on the digital certificate, certificate data using the digital certificate; and
sending, to a remote application server comprising a client software module, the second URL and the certificate data,
wherein the client software module is configured to establish a connection to the application on the computing device using the second URL and the certificate data.

US Pat. No. 10,193,878

USING APPLICATION LEVEL AUTHENTICATION FOR NETWORK LOGIN

Hewlett Packard Enterpris...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors of a controller, cause the one or more hardware processors of the controller to:intercept an authentication request addressed to an identity authentication server that would have received the authentication request in an absence of the interception in response to a network authentication provider determining that a first client device is not associated with a currently active session;
retrieve a token associated with the first client device that is stored in a cache at the controller in response to the interception, wherein the token is generated in response to receiving a first client authentication information including an indication that the first client device was successfully authenticated by a network authentication server based on credentials provided by the first client device;
redirect the intercepted authentication request with the token to the identity authentication server using an address that will not be intercepted by the controller;
receive, from the identity authentication server, an indication that the first client device was successfully authenticated; and
based on the indication received from the identity authentication server, grant network access to the first client device.

US Pat. No. 10,193,877

ON-PREMISES AGENT FOR MOBILE CLOUD SERVICE

Oracle International Corp...

1. A method comprising:receiving, by an application executing on a computer system connected to a network behind a firewall, from a first server computer executing outside the firewall over a connection according to a WebSocket protocol, a first request for data stored on a second server computer behind the firewall on the network, the first request comprising a request uniform resource locator (URL), a request header, and a request body, wherein the first request has a first format compliant for the connection according to the WebSocket protocol;
translating, by the application, the first request received from the first server computer into a second request having a second format according to a hypertext transport protocol (HTTP) for communication with the second server computer on the network, wherein:
translating comprises converting the first format of the first request to the second format of the second request for communication with the second server computer,
converting the first format comprises converting the request URL into a converted request URL, and
the second request comprises the request header, the request body, and the converted request URL;
receiving, by the application, from the second server computer, a first response to the second request sent by the application to the second server computer, wherein the first response has the first format;
based on converting the first response from the second format to the first format, creating, by the application, a second response having the first format; and
sending, by the application, the second response over the connection to the first server computer.

US Pat. No. 10,193,876

SYSTEM AND METHOD FOR VERIFYING USER SUPPLIED ITEMS ASSERTED ABOUT THE USER FOR SEARCHING

Zoosk, Inc., San Francis...

1. A method of verifying registration information, comprising:receiving information about a user of a web site, including purported characteristics of the user of the web site for display to other users of the web site, and/or at least one photograph purported to represent the user of the web site for display to the other users of the web site;
providing at least one instruction to the user of the web site requesting the user to pose in a certain manner while causing at least one image to be recorded of the user posing in the certain manner;
receiving the at least one image recorded, either simultaneously with their recording or thereafter;
providing the at least one image to a moderator and at least one of the purported characteristics and/or at least one of the at least one photograph from the information about the user of the web site;
receiving an indication from the moderator whether the at least one image of the user at least correspond to the at least one of the purported characteristics and/or the at least one of the at least one photograph provided to the moderator;
receiving a first request to display information about a plurality of users of the web site who meet a criteria specified as part of the request; and
displaying, responsive to the indication, the information about the user as part of a response to the request.

US Pat. No. 10,193,875

METHOD AND APPARATUS FOR CONTROLLING ACCESS TO SURVEILLANCE VIDEO

XIAOMI INC., Haidian Dis...

1. A method for controlling access to a surveillance video, comprising:acquiring from a user account a view request for viewing a surveillance video file, the view request comprising authorization information of the user account;
performing an identity authentication on the user account according to the authorization information;
allowing a user with the user account to view the surveillance video file when the identity authentication is passed; and
performing a privacy protection operation on the surveillance video file uploaded from a camera device;
wherein said performing a privacy protection operation on the surveillance video file uploaded from a camera device comprises at least one of the following operations:
setting an attribute of the surveillance video file to be hidden; and
encrypting the surveillance video file;
wherein said encrypting the surveillance video file comprises:
acquiring a file key used for encrypting the surveillance video file;
encrypting the surveillance video file based on the file key;
wherein when the surveillance video file is encrypted, the method further comprises:
acquiring a user private key of a preset user account;
generating a user public key of the preset user account according to the file key and the user private key of the preset user account; and
sending the user public key to a corresponding preset user account, such that the preset user account generates a file key of the surveillance video file according to the user public key and the user private key.

US Pat. No. 10,193,874

COMMUNICATION SYSTEM

NATIONAL INSTITUTE OF INF...

1. A communication system in which a terminal communicates with a server via a portable communication network used for communication between portable communication devices, wherein:the portable communication device includes a first pre-shared key and an encryption key,
the terminal includes a second pre-shared key,
the server has an encryption key which is the same as the encryption key included in the portable communication device,
authentication between the terminal and the portable communication device is performed by using the first pre-shared key and the second pre-shared key,
the terminal communicates with the server via the portable communication device by performing key synchronization of the encryption key while setting a hash value of the encryption key as an ID,
the hash value is generated by using a strongly universal hash function by a Toeplitz matrix, and
the portable communication device and the server respectively include a same plurality of different encryption keys and perform communication by using a one time pad, and the encryption keys of the portable communication device and the server are respectively supplied to the portable communication device and the server by using quantum key distribution from a quantum key generation device.

US Pat. No. 10,193,873

KEY DERIVATION FOR SECURE COMMUNICATIONS

Comcast Cable Communicati...

1. A method comprising:performing, by a computing device, a first encryption using a device security key stored in a first memory storage area of the computing device as cleartext;
deriving, using a first seed value comprising a combination of an address of the computing device and a first random number, a first derived key;
storing the first derived key in a second memory storage area of the computing device;
performing, after a compromise of the first derived key, a second encryption using the device security key as cleartext;
deriving, using a second seed value comprising a combination of the address of the computing device and a second random number, a second derived key; and
storing the second derived key in the second memory storage area of the computing device.

US Pat. No. 10,193,872

SYSTEM AND METHODS FOR DYNAMICALLY AND RANDOMLY ENCRYPTING AND DECRYPTING DATA

Cyphyx, LLC, Bonita Spri...

1. One or more non-transitory computer readable media bearing one or more instructions that when executed by a processor cause the processor to execute steps for the dynamic management of the encryption and decryption of a target data element including at least one target data sub-element provided by a local sender for transmission to a remote user, the steps comprising:a. providing an encryption configuration application for installation on a local computer processor, receiving the target data element from the local sender and transmitting an encrypted target data element over a communication channel to a remote computer processor within the computer network;
b. installing a decryption configuration application on the remote computer processor;
c. configuring the encryption configuration application on the local computer processor to prepare and transmit the target data element by:
i. providing a synchronization point value;
ii. using the synchronization point value to provide a multidimensional table having a plurality of arrays of random data;
iii. providing an encryption algorithm sub-table of a plurality of encryption algorithms associated with the multidimensional table;
iv. using the synchronization point value to provide a semaphore command sub-table of a plurality of semaphore codes expressing a plurality of semaphore commands, wherein the semaphore command sub-table is associated with the multidimensional table and the encryption algorithm sub-table;
v. using the synchronization point value to provide an execution step table having step data corresponding to the order of semaphore execution;
vi. providing an encryption configuration manager and a data encryption manager, wherein the encryption configuration manager executes computer programming steps for:
1. using a pseudo-random number generation algorithm to select an encryption algorithm type from the plurality of encryption algorithm types and to select any algorithm parameters according to any requirements of the encryption algorithm type;
2. selecting values for the algorithm parameters from the multidimensional table and applicable semaphore codes corresponding to the semaphore commands specifying those values;
3. communicating the multidimensional table, the selected encryption algorithm type, and the semaphore codes to the data encryption manager;
vii. receiving within the data encryption manager the target data element, the multidimensional table, the selected encryption algorithm type, and the semaphore codes, wherein the data encryption manager executes computer programming steps for:
1. accessing an encryption algorithm corresponding to the selected encryption algorithm type;
2. encrypting the target data element with the selected encryption algorithm in accordance with semaphore commands to form an encrypted target data element;
3. inserting the semaphore codes randomly into the encrypted target data element;
4. transmitting the encrypted target data element with the semaphore codes;
d. configuring the remote computer processor to receive and decrypt an encrypted target data element by:
i. determining the synchronization point value;
ii. receiving the encrypted target data element and semaphore codes;
iii. extracting the semaphore codes;
iv. providing a decryption configuration manager and a data decryption manager, wherein the decryption configuration manager executes computer programming steps for:
1. using the semaphore codes to determine the selected encryption algorithm type, the values for the algorithm parameters, any other semaphore commands, and to apply any predetermined restrictions to the random data of the multidimensional table; and
2. communicating the selected encryption algorithm type, the values for the algorithm parameters, the predetermined restrictions, and any other semaphore commands to the data decryption manager;
v. receiving within the data encryption manager the selected encryption algorithm type, the values for the algorithm parameters, the predetermined restrictions, and any other semaphore commands, wherein the data decryption manager executes computer programming steps for:
1. accessing the encryption algorithm corresponding to the selected encryption algorithm type;
2. decrypting the encrypted target data element with the selected encryption algorithm in accordance with semaphore commands and predetermined restrictions to form a decrypted target data element.

US Pat. No. 10,193,871

INFORMATION PROCESSING APPARATUS, CONTROL METHOD, AND PROGRAM

CANON KABUSHIKI KAISHA, ...

1. A camera comprising:a hardware processor; and
a memory for storing instructions to be executed by the hardware processor,
wherein, when the instructions stored in the memory are executed by the hardware processor, the camera functions as:
a first processing unit configured to perform a setting for performing encrypted communication on the camera in response to a command based on a Device Management service defined in the Open Network Video Interface Forum (ONVIF) standard;
a second processing unit configured to perform a setting for performing encrypted communication on the camera in response to a command based on an Advanced security service defined in the ONVIF standard; and
a transmitting unit configured to transmit information indicating that the setting for performing the encrypted communication is made in response to the command based on the Device Management service defined in the ONVIF standard to a client apparatus if the command based on the Advanced security service defined in the ONVIF standard is received from the client apparatus after the first processing unit performs the setting for performing the encrypted communication on the camera in response to the command based on the Device Management service defined in the ONVIF standard.

US Pat. No. 10,193,868

SAFE SECURITY PROXY

BAE Systems Information a...

1. A method of protecting at least one networked enclave, comprising,providing a proxy node per networked enclave, wherein the proxy node of the networked enclave comprises a timer and is configured to communicate with other networked enclaves via a respective proxy node;
the networked enclaves comprising electronic control units of a vehicle;
providing one or more regular nodes per networked enclave, wherein the proxy node establishes a connection between the one or more regular nodes within a networked enclave and establishes the connection between the one or more regular nodes of the other networked enclaves via their respective proxy node;
monitoring a state of the proxy nodes or regular nodes, wherein the proxy nodes and regular nodes have reputations and states, where said states include at least healthy, compromised, and off-line;
detecting an attack on the proxy nodes or regular nodes;
isolating the one or more attacked nodes;
cleansing the one or more attacked nodes by sending a reboot message via the proxy node of the networked enclave to the one or more attacked nodes within the networked enclave or to a respective proxy node of another networked enclave;
reducing the reputation of the one or more attacked nodes; and
rebooting the one or more attacked nodes to restore the state of the one or more attacked nodes to healthy.

US Pat. No. 10,193,867

METHODS AND SYSTEMS FOR API PROXY BASED ADAPTIVE SECURITY

Ping Identity Corporation...

1. A method for securing one or more API servers, the method comprising:receiving at a first security server within a cluster of security servers, a first set of information comprising proxy access log information from at least a first proxy within a proxy cluster;
analysing the first set of information for identifying a first set of indicators of compromise;
receiving at a second security server within the cluster of security servers, a second set of information comprising proxy access log information from at least a second proxy within the proxy cluster;
analysing the second set of information for identifying a second set of indicators of compromise;
responsive to receiving an indicator of compromise at a proxy within the proxy cluster, discarding a received client message corresponding to a client or connection id associated with the received indicator of compromise, without onward transmission to an API server identified in the received client message;wherein the proxy cluster comprises a networked plurality of proxies, wherein each of the plurality of proxies is configured to extract information identifying a target API from data packets corresponding to a received client message, and to transmit the received client message to an API server implementing the target API; andwherein at least one of the first set of information and the second set of information is acquired by:
capturing at each protocol specific data plane or TCP port specific data plane within the first proxy or second proxy, real time API traffic data routed through said data plane; and
for each data plane, generating a log uniquely corresponding to said data plane, wherein said log comprises captured real time API traffic data routed through said data plane; and persisting each generated log file along with a unique id associated with the generated log.

US Pat. No. 10,193,866

PRIVATE NETWORK PEERING IN VIRTUAL NETWORK ENVIRONMENTS

Amazon Technologies, Inc....

1. A provider network, comprising;a network substrate;
a plurality of host devices implementing a plurality of resource instances for clients of the provider network, wherein subsets of the resource instances are provisioned in virtual networks for the clients on the provider network;
one or more computing devices implementing a peering service, wherein the one or more computing devices implementing the peering service are configured to:
determine routing information for routing network packets between one or more resource instances of a first virtual network and one or more resource instances of another virtual network via a peering on the provider network; and
enable the first virtual network and the other virtual network to exchange network packets via the peering on the provider network, wherein the packets are addressed to respective private IP addresses of the first virtual network or the other virtual network when being transmitted from a resource instance of the first virtual network or the other virtual network.

US Pat. No. 10,193,864

CLOUD INTERFACE FOR USE OF CLOUD SERVICES

Comcast Cable Communicati...

1. A system comprising:a user device; and
a cloud carrier device communicatively coupled to a first cloud provider, of a plurality of cloud providers, and to a second cloud provider, of the plurality of cloud providers and different from the first cloud provider;
wherein the cloud carrier device is communicatively coupled to the user device via a cloud service user interface associated with a physical layer comprising data over cable service interface specification (DOCSIS) attributes; and
wherein the cloud carrier device comprises:
one or more processors;
memory storing instructions that, when executed by the one or more processors, cause the cloud carrier device to:
coordinate access of cloud services of the first cloud provider and cloud services of the second cloud provider by the user device; and
relay communications between the cloud carrier device and at least one of the plurality of cloud providers; and
an interface associated with an Internet Protocol version 6 (IPv6) virtual private network (VPN) attribute and an Internet Protocol version 4 (IPv4) VPN attribute.

US Pat. No. 10,193,863

ENFORCING NETWORK SECURITY POLICY USING PRE-CLASSIFICATION

Microsoft Technology Lice...

1. A system comprising:at least one computer processor; and
at least one memory comprising computer program code configured to cause the at least one computer processor to:
create a pre-classifier layer for a network traffic property according to a network security policy, the pre-classifier layer having a pre-classifier filter for each element of a set of elements associated with the network traffic property;
classify, in the pre-classifier layer, inbound or outbound network traffic based on the network traffic property;
set a bit in a pre-classifier bit array for each pre-classifier filter based on classifying the network traffic in the pre-classifier layer, wherein the bit represents a classification of the network traffic; and
allow or deny, in a network security layer, the network traffic based on the bit in the pre-classifier bit array.

US Pat. No. 10,193,861

METHOD AND APPARATUS FOR BEST EFFORT PROPAGATION OF SECURITY GROUP INFORMATION

CISCO TECHNOLOGY, INC., ...

13. A network device comprising:one or more processors;
one or more network interfaces coupled to the one or more processors, wherein
the one or more network interfaces are configured to couple the network device to a sub-network and a core network;
a non-transitory computer-readable storage medium coupled to the one or more processors; and
a plurality of instructions, encoded in the non-transitory computer-readable storage medium and configured to cause the one or more processors to
receive a packet from the sub-network via one of the one or more network interfaces, wherein
the packet comprises a source group identifier and a destination address,
determine whether the destination address is associated with any security group identifier, and
in response to a determination that the destination address is associated with a security group identifier,
determine whether the security group identifier is a reserved group identifier,
if the security group identifier is the reserved group identifier, forward the packet to another network device in the core network, and
if the security group identifier is not the reserved group identifier, perform access control processing on the packet using the source group identifier, wherein
the plurality of instructions configured to cause the one or more processors to perform the access control processing is further configured to cause the one or more processors to
 identify a permissions matrix entry in a permissions matrix, using the source group identifier and a destination group identifier,
 identify a role-based access control list using information in the permissions matrix entry, and
 determine handling of the packet using information in the role-based access control list.

US Pat. No. 10,193,860

SECURE APPLICATION DELIVERY SYSTEM WITH DIAL OUT AND ASSOCIATED METHOD

Akamai Technologies, Inc....

1. A system to deliver an application, hosted by a private application provider system, over a network, comprising:an application delivery system that includes at least one hardware processor and a storage device configured to provide:
a first network interface that includes a computing entity instance of a first type;
a second network interface that includes one or more computing entity instances of a second type;
a network security interface that includes one or more computing entity instances of a third type comprising a decryption service, an authentication service, an encryption service, and a connection stitching service; and
an application agent disposed within the private application provider system;
wherein the application agent is configured to create a pool of third connections between the application agent and one or more computing entity instances of the second type within the second network interface;
wherein in response to creation of the pool of third connections each computing entity instance of the second type within the second network interface provides a fourth connection to a computing instance of the third type within the network security interface, wherein each fourth connection corresponds to a separate third connection in the pool of third connections;
wherein a computing entity instance of the first type within the first network interface provides a second connection to a computing instance of the third type and uses that second connection to send to the computing instance of the third type a request for access to the application, the request for access having been received over a first connection established to the computing entity of the first type; and
wherein the decryption service receives the request for access over the second connection and decrypts it to generate a result;
wherein, upon a successful authentication of the result by the authentication service, the encryption service re-encrypts the request for access and the stitching service creates a connection pair between the second connection and one of the fourth connections; and
wherein the request for access as re-encrypted is then provided to a computing entity instance of the second type over the connection pair.

US Pat. No. 10,193,859

SECURITY APPARATUS, ATTACK DETECTION METHOD, AND STORAGE MEDIUM

PANASONIC INTELLECTUAL PR...

1. A security apparatus connected to a bus, comprising:a receiver that receives a first frame from the bus;
a memory that stores an examination parameter defining a content of an examination on the first frame; and
processing circuitry that, in operation, performs operations including
first determining whether a predetermined condition is satisfied for the first frame,
in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory, and
second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory,
wherein the first frame is a data frame including an ID field storing an ID, Data Length Code (DLC), and a data field,
the examination parameter stored in the memory includes a threshold value indicating an upper limit of an allowable range of a frequency of transmission of one or more frames whose ID values are identical within a predetermined unit time,
the first determining determines that the predetermined condition is satisfied for the first frame received by the receiver, in a case where a transmission interval is out of a predetermined allowable range, the transmission interval being defined by a reception interval between the first frame and a second frame whose ID value is identical to the ID value of the first frame,
the updating updates the threshold value, in a case where the first determining determined that the predetermined condition is satisfied, and
the second determining determines that the first frame received by the receiver is an attack frame, in a case where the frequency of transmission of the first frame received by the receiver is higher than the updated threshold value.

US Pat. No. 10,193,857

SECURE UNRESTRICTED NETWORK FOR INNOVATION

The United States of Amer...

1. A dual network computing system comprising:a workstation comprising:
a first computing system communicably coupled with a first data storage system within a first network, the first computing system is configured to access or transmit first network data;
a second computing system communicably coupled with a second data storage system within a second network, wherein the second network does not communicate outbound data to the first network;
a keyboard;
a video display;
a graphical user interface pointing device; and
a keyboard video, and graphical user interface pointing device (KVGUIPD) switch that is coupled to the first and second computing systems, the KVGUIPD switch selectively couples the keyboard, the video display, and the graphical user interface pointing device with either said first or said second computing systems, said KVGUIPD switch comprises a mechanical switch that enables coupling of the keyboard, the video display, and the graphical user interface pointing device with either the first or second computing systems while electrically isolating the first and second computing systems from each other;
a data transport server communicably coupled to the first data storage system and the second data storage system, the data transport server including a first network interface configured to receive first network data from the first data storage data system, wherein the first storage system further include a data or file synchronization system or program that automatically replicates the first network data selected for storage on the first data storage system to the data transport server when the first network data is selected for said storage to the first data storage system using the first computing system, wherein the data transport server further includes, and a second network interface configured to transmit data unidirectionally from the data transport server to the second data storage system, wherein the data transport server further includes a purging module, the purging module configured to scan for one or more predefined data elements from the first network data received from the first data storage system, the purging module is further configured to purge said one or more matching data elements from the first network data if detected, wherein the purging module outputs in remaining first network data elements, wherein the data transport server further comprises a second network interface configured to transmit the purging module outputs of remaining first network data elements unidirectionally from the data transport server; and
a first data link providing unidirectional data communication from the data transport server's second network interface to the second data storage system, wherein the second network interface and the first data link is implemented using a physical and logical one-way interface/data transport link with the second storage system;
the data transport server includes logic that overrides a purging function of the purging module when the data transport server verifies at least one authentication factor associated with one or more of the first plurality of data to determine whether the one or more of the first plurality of data originated from a trusted source; and
wherein the one or more of the first plurality of data include a binary data file and the at least one authentication factor includes a digital signature associated with at least one of the binary data file;
a second data blocking device communicably coupled to an encryption device, wherein the second data blocking device is configured to block first network data not selected for storage in the first data storage system via the first computing system from entering the second network comprising a closed network portion of the dual network computing system, and the second data routing device is communicably coupled to the encryption device, wherein the encryption device encrypts data transmitted by the second data routing device;
wherein the encryption device and the second data blocking device are configured to enable encrypted isolation between first network data not selected for storage in the first data storage system via the first computing system that is external to the second network's closed network portion and data internal to the closed network portion.

US Pat. No. 10,193,856

METHOD, TERMINAL, AND SERVER FOR PROVIDING COMMUNICATION SERVICE

Samsung Electronics, Co.,...

1. A communication service method of a terminal, the method comprising:generating a transmission control protocol (TCP) connection request;
determining a communication network type for transmitting the TCP connection request to a server;
mapping a first internet protocol (IP) address associated with a first communication network to a virtual address, when the communication network type is determined to the first communication network;
transmitting a first mapping request message including first information on the first IP address and the virtual address to the server through the first communication network;
mapping a second IP address associated with a second communication network to the virtual address, when a handover from the first communication network to the second communication network is detected; and
transmitting a second mapping request including second information on the second IP address and the virtual address to the server through the second communication network.

US Pat. No. 10,193,854

APPARATUS AND METHOD FOR DETECTING DUPLICATE TEMPORARY ID

DENSO International Ameri...

1. An apparatus mounted on a host vehicle to detect a duplicate temporary ID in basic safety messages (BSMs), the apparatus comprising:a receiver configured to receive the BSMs from surrounding vehicles through packet transmission; and
a duplication identifier configured to identify the duplicate temporary ID based on the BSMs having an identical temporary ID value commonly used by at least two surrounding vehicles, wherein
the apparatus further comprises a packet error rate (PER) calculator configured to calculate a PER during a specified time for the BSMs having the identical temporary ID value, wherein
the duplication identifier configured to identify the duplicate temporary ID when the PER calculated by the PER calculator is greater than a PER threshold.

US Pat. No. 10,193,853

WEB BROWSER OR WEB SERVICE BASED DETECTION OF INTERNET FACING DNS SERVER

Workday, Inc., Pleasanto...

1. A system for determining an IP address of an Internet facing DNS server, comprising:an input interface configured to:
receive a request for a web page from a client system, wherein the client system comprises the Internet facing DNS server in communication with a user of the client system, wherein the request includes a detection URL; and
a hardware processor configured to:
determine an ID code from the detection URL;
determine the IP address of the Internet facing DNS server based at least in part on the ID code;
determine a distance between an internet facing DNS server geolocation and a user geolocation; and
provide, using the web page, one or more of the following: the internet facing DNS server geolocation or the distance between the internet facing DNS server geolocation and the user geolocation.

US Pat. No. 10,193,851

TECHNIQUES FOR MAPPING MACHINE TO MACHINE COMMUNICATION TO DIFFERENT UNDERLYING NETWORKS

ZTE Corporation, Shenzhe...

1. A method for facilitating Machine-to-Machine (M2M) communication, the method comprising:providing a first machine identification to an M2M node, the first machine identification being specific to an underlying communication network via which the M2M node is communicatively accessible;
acquiring a second machine identification given to the M2M node, the second machine identification being specific to an M2M application layer by which other M2M application layer entities can communicate with the M2M node, wherein
the second machine identification is added as an additional attribute to an application resource structure of the M2M node,
the application resource structure is included at a Common Services Entity of an Infrastructure Node, and the application resource structure represents information about the M2M application layer known to the Common Service Entity of the Infrastructure Node;
storing a mapping between the first machine identification and the second machine identification; and
triggering the M2M node using the mapping.

US Pat. No. 10,193,850

DISCOVERING QUESTIONS, DIRECTIVES, AND REQUESTS FROM, AND PRIORITIZING REPLIES TO, A PREFERRED MESSAGE SENDER METHOD AND APPARATUS

Notion AI, Inc., Ann Arb...

1. An online method operating in an electronic mail environment that re-prioritizes electronic messages according to identifiable requests and automates responses to the electronic messages, the online method comprising:collecting, at an electronic message server, one or more electronic messages directed to a user of the email environment;
implementing a parsing circuit to detect one or more actionable message content within a content of the electronic message, wherein the one or more actionable message content includes one or more of a query and a directive from a sender of the electronic message to a recipient;
in response to detecting the one or more actionable message content:
(i) implementing an electronic message analyzer circuit that analyzes the content of the electronic message and a historical message database, wherein the electronic message analyzer circuit calculates (a) an urgency score and (b) an importance score for the electronic message based on a result of the analysis of the content of the electronic message and an estimated sender-recipient relationship score derived from historical electronic messages exchanged between the sender and the recipient of the electronic message;
(ii) automatically generating, by a timer circuit, a timer value based on an input of the urgency score and the importance score;
(iii) automatically setting, by the timer circuit, a timer for automatically generating a disposition for the electronic message, wherein the timer comprises the timer value;
upon an expiry of the timer, automatically disposing the electronic message according to one or more predetermined dispositions if a reply to the electronic message is not generated by the recipient of the electronic message.

US Pat. No. 10,193,849

DETERMINING STORIES OF INTEREST BASED ON QUALITY OF UNCONNECTED CONTENT

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:storing user profiles for users of the social networking system, each user profile comprising connections between one of the users and pages of social networking system, the connections representing interactions performed by the users on the pages of the social networking system;
receiving a plurality of content items posted on an additional page of the social networking system;
determining, by a processor, from the plurality of content items, a subset of content items determined to be high quality content items, the determination of the high quality content items comprising: computing a quality score representing a lexical quality for the content item;
extracting topics from the content items of the subset by analyzing terms and phrases of the content items of the subset;
selecting one of the content items of the subset having an extracted first topic;
mapping the extracted first topic to one or more related pages of the social networking system, the mapping comprising:
determining a first rate of interactions performed by additional users of the social networking system on the content item and additional rates of interactions performed by the additional users on the one or more related pages by accessing connections stored in the user profiles of the additional users of the social networking system; and
comparing the first rate of interactions to each of the additional rates of interactions;
for one of the one or more related pages:
identifying a user of the social networking system that previously interacted with the related page and previously did not interact with the additional page by accessing the connections in a stored user profile for the user of the social networking system; and
providing the content item in a newsfeed for display to the user.

US Pat. No. 10,193,848

SYSTEM AND RELATED METHOD FOR MANAGEMENT OF DEVICES OF A NETWORK SYSTEM VIA SOCIAL MEDIA INTERFACES

Extreme Networks, Inc., ...

1. A non-transitory social media agent implemented at one or more hardware computer devices for exchanging network management messages with a network infrastructure device of a network system via one or more social media interfaces, the social media agent comprising:a social media interface configured to receive an incoming message having a first message configuration via a social media network;
a session agent configured to translate the received incoming message into a command executable by the network infrastructure device of the network system, wherein the executable command has a second message configuration different from the first message configuration;
a network management interface configured to receive a log message acknowledging receipt of the executable command from the network infrastructure device, wherein the log message has the second message configuration;
the session agent being configured to translate the log message into an outgoing message having the first message configuration and select the social media network or another social media network for transmitting the outgoing message based on content of the outgoing message and a messaging format requirement defined by the social media network; and
the social media interface being configured to transmit the outgoing message having the first message configuration via the social media network.

US Pat. No. 10,193,847

CONTEXTUAL FEED

Microsoft Technology Lice...

1. A computer-implemented method comprising:maintaining member profiles representing members in an on-line social network system, the on-line social network system comprising a news feed web page generator to generate news feed web pages for presentation to members represented by respective member profiles;
detecting events originated with the member profiles from web pages that are distinct from news feed pages generated for the respective member profiles by the news feed web page generator;
using at least one processor, generating contextual engagement features, based on the detected events, the contextual engagement features reflecting respective areas of a web site provided by the on-line social network system where respective events occurred;
including the contextual engagement features as training data for training a second pass ranker;
for a focus profile representing a focus member in the on-line social network system, detecting a request to generate news feed web page, generating focus contextual engagement features based on recent events data representing events originated with the focus member from web pages that are distinct from news feed pages previously generated for the focus member, the recent events data represents respective events detected within a predetermined period of time from the request to generate news feed web page for the focus member, and providing the focus contextual engagement features as input to the second pass ranker; and
generating, using the second pass ranker that was trained using the contextual engagement features, respective ranks for items in an inventory of updates identified as potentially of interest to a the focus member and selecting a subset of items from the inventory based on the generated respective ranks, the second pass ranker to generate the respective ranks using as input the focus contextual engagement features.

US Pat. No. 10,193,846

METHOD AND SYSTEM FOR REPORTING MESSAGE DISPOSITION IN A COMMUNICATION NETWORK

Telefonaktiebolaget LM Er...

1. A method of operating a messaging application server in a communication network, the method comprising:receiving a message originating from a sender mobile station, the message being addressed to a recipient mobile station, the message being received via a first protocol;
determining that the recipient mobile station is not operative to receive the message via the first protocol;
responsive to determining that the recipient mobile station is not operative to receive the message via the first protocol, converting the message into a format compliant with a second protocol different from the first protocol, wherein the recipient mobile station is operative to receive the converted message via the second protocol;
transmitting the converted message toward the recipient mobile station via the second protocol;
receiving a notification message comprising an indication that the converted message was delivered to the recipient mobile station;
generating a disposition notification message comprising an indication that the message was delivered to the recipient mobile station via a protocol different from the first protocol, wherein the indication that the message was delivered to the recipient mobile station via a protocol different from the first protocol comprises a status element in the disposition notification message populated with a predetermined value indicative of a type of protocol used to deliver the message to the recipient mobile station; and
transmitting the disposition notification message toward the sender mobile station via the first protocol.

US Pat. No. 10,193,845

PREDICTIVE ELECTRONIC MESSAGE MANAGEMENT SYSTEMS AND CONTROLLERS

The Travelers Indemnity C...

1. An electronic message processing apparatus, comprising:a transceiver device;
a processor in communication with the transceiver device; and
a computer-readable memory device in communication with the processor, the computer-readable memory device storing instructions that when executed by the processor direct the processor to:
receive data indicative of at least one rule for recognizing an interaction pattern in a plurality of interaction events;
receive data indicative of a plurality of interaction events associated with a specific user, the plurality of interaction events comprising at least one electronic message from the specific user;
determine a respective interaction type associated with each at least one electronic message from the specific user;
determine, based on (i) the data indicative of the plurality of interaction events associated with the specific user and (ii) the respective interaction type associated with each at least one electronic message from the specific user, at least one interaction outgoing message to transmit to the specific user; and
output, via the transceiver device, the at least one interaction outgoing message to a user message device associated with the specific user.

US Pat. No. 10,193,844

SECURE CLOUD-BASED MESSAGING AND STORAGE

Amazon Technologies, Inc....

1. A method comprising:identifying a first electronic message intended for delivery to at least a first recipient by a gateway module operating in association with a first server;
determining, by the gateway module, at least a first permission level of the first recipient;
determining, by the gateway module, that the first recipient is authorized to receive the first electronic message based at least in part on the first permission level and at least a portion of the first electronic message;
comparing, by the gateway module, at least the portion of the first electronic message to at least one storage criterion;
determining, by the gateway module, that at least the portion of the first electronic message satisfies the at least one storage criterion;
in response to determining that at least the portion of the first electronic message satisfies the at least one storage criterion, identifying a first secure folder associated with the portion of the first electronic message by the gateway module, wherein the first secure folder is provided in association with the first server;
storing, by the gateway module, at least the portion of the first electronic message in the first secure folder;
generating, by the gateway module, a second electronic message intended for delivery to the first recipient, wherein the second electronic message comprises a hyperlink to at least a portion of the first secure folder;
causing, by the gateway module, the second electronic message to be transmitted over a network to the first recipient;
receiving, by the gateway module, information regarding a first selection of the hyperlink over the network, wherein the first selection of the hyperlink is received at a first computer device;
in response to the first selection of the hyperlink, determining that the first computer device is associated with the first recipient by the gateway module; and
causing, by the gateway module, a first file comprising at least the portion of the first electronic message to be transmitted to the first computer device over the network via a first contact path associated with the first recipient.

US Pat. No. 10,193,843

COMPUTING SYSTEM WITH CONVERSATION MODELING MECHANISM AND METHOD OF OPERATION THEREOF

Samsung Electronics Co., ...

1. A computing system comprising:a control circuit configured to:
access a subject interaction representing communication between a customer and a service provider, wherein the communication comprises a textual or linguistic communication via an electronic medium,
parse the communication to identify a communication segment and a sourcing party associated with the communication segment from the subject interaction,
generate a message label for the communication segment based on one of a categorization or classification of the communication segment, and
generate a dialog-flow framework based on the message label for representing the subject interaction, wherein the dialog-flow framework comprises a set of patterns representing one or more communications between the customer and the service provider; and
a storage circuit, coupled to the control circuit, configured to store the dialog-flow framework.

US Pat. No. 10,193,842

WORKFLOW MANAGEMENT AND CORRESPONDING INTEGRATED NOTIFICATION PROCESSING PLATFORM

West Corporation, Omaha,...

1. A method, comprising:receiving, via a receiver of a device, a request message from a customer device;
identifying, via a processor of the device, the request message as being a particular message type;
pre-processing, via the processor of the device, the request message based on the identified message type to identify message content and keywords included therein, wherein the keywords comprise an auto-identified purpose related to the request message; and
displaying, via a display of the device, the identified message content and the identified keywords, wherein the identified keywords are distinguished from other message content thereby distinguishing the auto-identified purpose related to the request message from the other message content.

US Pat. No. 10,193,841

PRODUCT ONBOARDING VIA MESSAGES

Microsoft Technology Lice...

1. A computer-implemented method comprising:accessing, via one or more data sources, email content data describing an email type of an email to be transmitted to a particular member of an online social network service;
accessing, via the one or more data sources, candidate information identifying a set of candidate onboarding content items associated with the email type, each of the onboarding content items in the set being configured to promote a product feature associated with the online social network service;
removing, from the set, a first subset of the candidate onboarding content items, responsive to determining that the particular member has already been onboarded to products associated with the candidate onboarding content items in the first subset;
removing, from the set, a second subset of the candidate onboarding content items, responsive to determining that the particular member has previously viewed and not further interacted with the candidate onboarding content items in the second subset after being exposed to the candidate onboarding content in accordance with an impression capping rule that is tuned to the particular member; and
dynamically selecting, using one or more processors, a specific onboarding content item from the set of candidate onboarding content items for inclusion in a portion of the email along with content displayed in an additional portion of the email.

US Pat. No. 10,193,840

MESSAGE BLOCKING AND NETWORK QUEUING, FOR EXAMPLE WHILE RECIPIENT IS DRIVING

T-Mobile U.S.A., Inc., B...

15. A system, in a mobile telecommunications network, adapted to block delivery of messages to a destination mobile device located inside of a moving vehicle, the system comprising:a memory;
a processor coupled to the memory, wherein the system is further configured to:
receive, at the system, from a message originator, an incoming message to be delivered to the destination mobile device;
retrieve a driving status indicator from a Home Location Register (HLR) or a Home Subscriber Server (HSS) located within the mobile telecommunications network, wherein the driving status indicator provides an indication of whether the destination mobile device is in motion;
analyze the driving status indicator to determine whether the destination mobile device is in motion;
in response to determining when the destination mobile device is in motion, add the incoming message to a message queue, wherein the incoming message remains in the message queue without delivery to the destination mobile device as long as the destination mobile device remains in motion; and
in response to determining when the destination mobile device is not in motion, deliver the incoming message to the destination mobile device.

US Pat. No. 10,193,839

MANAGING SECURITY IN MESSAGING PROTOCOL COMMUNICATIONS

Amazon Technologies, Inc,...

1. A computer-implemented method for managing the execution of commands on a computing device utilizing a messaging protocol comprising:receiving, at a message processing service, from an administrative client device, information related to configuration of message processing functionality to publish messages to a subset of registered devices to receive messages published in accordance with a topic, wherein the messages are formed in accordance with the MQ Telemetry Transport protocol;
receiving, by the message processing service, a received message from a device, wherein the received message includes a topic portion that includes one or more levels associated with subject matter descriptors;
identifying, by the message processing service, a set of recipient devices registered to receive messages based on the topic portion of the messages;
processing, by the message processing service, the received message to identify a security identifier and additional information to select a subset of the recipient devices based on evaluation of at least one of a set of business rules or routing tables; and
publishing, by the message processing service, the processed received message based, at least in part, on the processing of the received message.

US Pat. No. 10,193,838

CONDITIONAL INSTANT DELIVERY OF EMAIL MESSAGES

Microsoft Technology Lice...

1. A method for delivery of a message, the method comprises:receiving the message from a client, wherein the message indicates a sender associated with a sender mailbox and a recipient associated with a recipient mailbox;
analyzing the message to determine that the recipient mailbox and the sender mailbox are in a domain managed by a single entity;
in response to determining that the recipient mailbox and the sender mailbox are not in the domain managed by the single entity, sending the message using a processing hub having a set of operations that include a queuing process for delivering the message to the recipient mailbox, wherein the set of operations further comprises at least one of malware scanning, compliance checking, SPAM filtering, creating copies of the message for redundancy for high availability purposes or a resolving process; and
in response to determining that the recipient mailbox and the sender mailbox are in the domain managed by the single entity, adding a direct delivery tag to the message, and sending the message using a direct delivery system having a subset of the set of operations that eliminates the queuing process for purposes of expediting delivery of the message to the recipient mailbox.

US Pat. No. 10,193,837

PRESENCE-BASED COMMUNICATIONS

1. A method of presenting information over a communications network, comprising:searching, via a processor, across a plurality of wireless communication networks for a network presence of a target user, among a plurality of users;
detecting, via the processor, the network presence of a user based on whether a rate of data being transmitted in a detected wireless communication performed on a device is lower than a reference threshold greater than zero;
identifying, with the processor, that the user for which the network presence is detected is the target user;
transmitting, to an agent device, the detected network presence of the target user;
monitoring the wireless communications network for continued presence of the target user;
detecting the continued presence of the target user on the device by confirming that the target user is actively communicating, in real time, on a network application with the device;
when the continued presence of the target user is detected, identifying product information to offer to the target user, based on the identity of the target user; and
receiving, from the agent device and via the wireless communication network, a push communication to the target user on the device in real time while the continued presence of the target user is detected,
wherein the network presence of the user is detected based on cookies received from a web server.

US Pat. No. 10,193,835

MESSAGE MANAGEMENT AND MESSAGE MODIFICATION APPLICATION

Open Invention Network LL...

1. A method, comprising:receiving a message from a user device at a network controller;
processing, by the network controller, the message to identify message content;
determining, by the network controller, whether the message should be modified based on the message content;
automatically filtering, by the networking controller, the message content if it includes information considered to be uninteresting;
automatically modifying the data based on user preferences if the network controller determines the message should be modified based on the message content;
determining, by the network controller, whether the message should be transmitted to its intended destination based on the message content;
determining, by the network controller, whether the message content relates to a particular issue;
forwarding, by the network controller, a first message that relates to the particular issue to a first predetermined storage location;
forwarding, by the network controller, subsequent messages that relate to the particular issue to a second predetermined storage location;
accumulating, by the network controller, a quantity of the stored subsequent messages that relate to the particular issue;
generating, by the network controller, a solution to the particular issue when the quantity of stored subsequent messages exceeds a threshold quantity; and
providing the solution to one or more user devices associated with the particular issue.

US Pat. No. 10,193,834

METHOD AND APPARATUS FOR DOWNLOADING AND DISPLAYING PICTURES

TENCENT TECHNOLOGY (SHENZ...

1. A computer-implemented method of downloading and displaying pictures associated with instant messages on a screen of a computing device, the method comprising:at the computing device having one or more processors and memory for storing program modules to be executed by the processors:
displaying a list of instant messages on the screen, at least one of the instant messages having an associated picture and including address information of the picture;
while the picture is being downloaded:
detecting a user instruction to slide the list of instant messages on the screen;
in response to the user instruction:
pausing the download of the picture;
determining, among the list of instant messages, a second instant message having an associated second picture and including address information of the second picture based on the user instruction; and
downloading the second picture associated with the second instant message according to the address information without receiving a download instruction from the user of the computing device.

US Pat. No. 10,193,832

NOTIFICATION DELIVERY MECHANISM FOR PRESENT VIEWING USERS

Google LLC, Mountain Vie...

1. A method comprising:identifying a notification to be sent to a user having a plurality of user devices;
determining presence of the user on a first user device of the plurality of user devices;
determining whether a media player on the first user device is playing media content; and
upon determining that the media player on the first user device is playing the media content, transmitting the notification to the first user device without transmitting the notification to other user devices of the plurality of user devices.

US Pat. No. 10,193,831

DEVICE AND METHOD FOR PACKET PROCESSING WITH MEMORIES HAVING DIFFERENT LATENCIES

Marvell Israel (M.I.S.L) ...

1. A packet processing system, comprising:a processor for processing units of data traffic received from a network;
a first memory composed of a first type of memory cells and disposed in proximity to the processor;
a second memory composed of a second type of memory cells that is different from the first type and being disposed further away from the processor than the first memory, wherein a head portion of a queue for queuing data units utilized by the processor is disposed in the first memory, and a tail portion of the queue is disposed in the second memory, wherein the second memory has a greater memory space than the first memory and the second memory is configured to receive bursts of high activity data traffic without dropping units of data traffic, the high activity data traffic being periodically received from the network at a data rate that is higher than a sustained data rate of the data traffic, the sustained data rate being indicative of an average rate at which data units are received over time; and
a queue manager configured to:
(i) manage the queue using a linked list, the linked list comprising linking indications between data units of the queue that are maintained across the first and second memories,
(ii) selectively push new data units to the tail portion of the queue at a burst data rate, at least some of the new data units from data traffic bursts of high-traffic activity, such that newer data units of the queue that are received during high-traffic activity are stored in the second memory at a rate that is higher than the sustained data rate, and generate a linking indication linking a new data unit to an earlier-received data unit that is physically located either in the head or tail portion of the queue, and
(iii) transfer, according to an order, a queued data unit from the tail portion of the queue disposed in the second memory to the head portion of the queue disposed in the first memory, without overloading the first memory, prior to popping the queued data unit from the head portion of the queue, such that older data units of the queue are stored in the first memory, and to update the linking indication for the queued data unit that is transferred from the tail portion to the head portion.

US Pat. No. 10,193,828

EDGE DATAPATH USING INTER-PROCESS TRANSPORTS FOR CONTROL PLANE PROCESSES

NICIRA, INC., Palo Alto,...

1. A method for implementing a gateway datapath for a logical network, the gateway datapath comprising a plurality of pipeline stages corresponding to entities of the logical network, the method comprising:receiving a packet from a network external to the logical network at the gateway datapath, the gateway datapath executing in a user space of the computing device;
executing a first set of pipeline stages in the plurality of pipeline stages to process the received packet, the plurality of pipeline stages corresponding to logical entities along the data path, wherein one of the pipeline stages of the first set identifies the packet as a control plane packet; and
based on the identification of the packet as a control plane packet, transporting the packet to a kernel network stack via a user-kernel transport, wherein the network stack provides the packet to a control plane process, wherein transporting the packet to the kernel network stack bypasses a second set of pipeline stages in the plurality of pipeline stages subsequent to the particular pipeline stage.

US Pat. No. 10,193,827

HOT CARRIER INJECTION TOLERANT NETWORK ON CHIP ROUTER ARCHITECTURE

1. An apparatus comprising:a plurality of input buffers that receives a plurality of input buffer data bits;
a plurality of multiplexers that shuffles the plurality of input buffer data bits to output multiplexer outputs, wherein the multiplexer outputs are buffered by a plurality of buffers to output a plurality of shuffled input buffer data bits;
a coupling module comprising semiconductor gates that switches first input buffer data bits of the plurality of input buffer data bits at the plurality of input buffers from first shuffled input buffer data bits to second shuffled input buffer data bits using the plurality of multiplexers in response to reaching an end of a time interval to reduce hot carrier injection for the apparatus;
a selector comprising semiconductor gates that receives the plurality of shuffled input buffer data bits at a plurality of decoders and selects, using the plurality of decoders, a virtual channel path to a virtual channel of the plurality of virtual channels for the shuffled input buffer data bits;
a connection module comprising semiconductor gates that switches the second shuffled input buffer data bits from a first virtual channel to a second virtual channel of the plurality of virtual channels using the plurality of decoders in response to reaching the end of the time interval to reduce the hot carrier injection for the apparatus.

US Pat. No. 10,193,826

SHARED MESH

INTEL CORPORATION, Santa...

1. A shared mesh comprising:an interconnect fabric on a die;
a plurality of tiles on the die coupled to the interconnect fabric, at least some of the plurality of tiles comprising
a mesh station comprising
a logic unit;
a first port coupled to the logic unit;
a second port coupled to the logic unit; and
a third port coupled to the logic unit;
a first core component coupled to the first port at a first side of the mesh station; and
a second core component that is flipped relative to the first core component to connect to the second port at a second side of the mesh station that is opposite to the first side to reduce an area of the shared mesh,
wherein the logic unit is configured to communicate data between the first core component and the interconnect fabric through the first port and the third port and wherein the logic unit is configured to communicate data between the second core component and the interconnect fabric through the second port and the third port; and
a memory coupled to the mesh station that is shared by the first core component and the second core component, wherein the logic unit is to identify each of the first core component and the second core component, to map a first identifier associated with the first core component to a first broadcast vector and a second identifier associated with the second core component to a second broadcast vector and to determine credits for the first core component and the second core component.

US Pat. No. 10,193,825

CAPACITY-BASED SERVER SELECTION

Avi Networks, Santa Clar...

1. A method, comprising:receiving a network request;
identifying a plurality of servers eligible to handle the network request and a determined traversal order of the plurality of servers eligible to handle the network request;
traversing at least a portion of the plurality of eligible servers in the determined traversal order to identify that a selected server of the plurality of servers eligible to handle the network request has a non-zero higher load as opposed to another server of the plurality of servers that has a lower load;
at least in part in response to the identification that the selected one of the plurality of servers has the non-zero higher load as opposed to the another server of the plurality of servers that has the lower load, determining to assign the network request to the selected server with the non-zero higher load, wherein the selected server has a load threshold that is dynamically exceedable based at least in part on a load level of a next server in the determined traversal order of the plurality of servers; and
enabling the selected server to handle the network request.

US Pat. No. 10,193,823

RICH RESOURCE MANAGEMENT INCORPORATING USAGE STATISTICS FOR FAIRNESS

Microsoft Technology Lice...

1. A system comprising:a processor and memory; and
an application executed by the processor and memory, the application configured to:
receive feedback from a target regarding ability of a plurality of resources of the target to service requests from one or more clients, the feedback including a metric indicative of a load of each of the resources;
calculate weights for the resources based on the feedback, wherein a weight for a resource is based on a product of a first term that determines a maximum difference in probabilities of selection between two resources and a second term including an exponent that is a difference between a current load of the resource and a current minimum load across the resources determined based on the feedback; and
select, for servicing a request from one of the clients, one of the resources in round robin manner based on the weights of the resources to evenly utilize the plurality of resources.

US Pat. No. 10,193,822

PREDICTIVE AUTO-SCALING AND REACTIVE AUTO-SCALING FOR NETWORK ACCESSIBLE MESSAGING SERVICES

Amazon Technologies, Inc....

1. A service provider network comprising:a network-accessible message processing service comprising asynchronous messaging protocol (AMP) infrastructure and configured to process messages;
a message prediction service configured to analyze control metrics for the network-accessible message processing service;
a resource management service configured to (i) predict, based upon the analyzing, a predicted level of resources needed by the network-accessible message processing service for processing of messages, and (ii) allocate, based at least in part upon the predicted level of resources, a first level of resources for the network-accessible message processing service for processing of messages;
a network-accessible queuing service configured to receive a stream of messages for processing by the network-accessible message processing service; and
a health check service configured to monitor an enqueue rate of messages at the network-accessible queuing service,
wherein based upon the monitoring, the resource management service is further configured to adjust the first level of resources for the network-accessible message processing service to a second level of resources.

US Pat. No. 10,193,821

ANALYZING RESOURCE PLACEMENT FRAGMENTATION FOR CAPACITY PLANNING

Amazon Technologies, Inc....

1. A distributed system, comprising:a plurality of resource hosts implementing a plurality of resources for the distributed system;
a capacity manager implemented via one or more hardware processors and memory and configured to:
access resource utilization data collected for the plurality of resource hosts;
analyze the resource utilization data to determine one or more capacity fragmentation measures that are associated with unutilized capacity of the distributed system unusable for placement of additional resources according to one or more placement constraints for placing resources in the distributed system, wherein the one or more placement constraints comprise an infrastructure diversity constraint to place a resource with respect to another one or more resources, and wherein to analyze the resource utilization data comprises to determine a number of possible resource placements amongst the resource hosts that satisfy the infrastructure diversity constraint;
update a capacity model for the distributed system to indicate an available capacity for placing additional resources at the distributed system based, at least in part, on the one or more capacity fragmentation measures;
compare the available capacity to a capacity threshold; and
responsive to a determination that the available capacity crosses the capacity threshold, perform at least one of:
generating a notification of a deficient state of the available capacity,
triggering a modification in total capacity of the distributed system, or
triggering a diversion of additional resource placement requests with respect to the distributed system.

US Pat. No. 10,193,820

SYSTEM AND METHOD FOR OPTIMIZING RESOURCE UTILIZATION IN A CLUSTERED OR CLOUD ENVIRONMENT

MessageOne, Inc., Austin...

1. A method comprising:on a computer cluster comprising a plurality of computers:
calculating first resource apportionments from a current set of consumable resources for each of a plurality of reservations;
wherein each reservation corresponds to one of a plurality of customers;
wherein each customer's aggregate resource apportionment comprises a sum of the calculated first resource apportionments for the customer's reservations;
running an apportionment process relative to the plurality of reservations, the running comprising attempting to apportion to each reservation its first resource apportionment;
wherein the running yields an actual first resource apportionment for each reservation;
wherein each customer's actual first resource apportionment comprises a sum of the actual first resource apportionments for the customer's reservations;
creating a set of unfulfilled reservations, the set comprising reservations that have not yet attained at least one of the first resource apportionments and grossed-up first resource apportionments;
responsive to an indication of unapportioned resources following the running, performing a first optimization to increase resource utilization by at least one needy customer;
wherein each needy customer represents one of the customers with an unfulfilled reservation, and an unfulfilled reservation represents a reservation whose actual first resource apportionment is less than its calculated first resource apportionment;
identifying one or more provisions of the current set of consumable resources that has remaining available resources;
wherein each provision comprises resources of the current set of consumable resources that provide a same set of resource profiles;
wherein each resource profile represents properties that define, at least in part, which resources a customer reservation can consume and/or serve;
for each provision of the one or more provisions:
generating a set of available resource profiles for the provision;
acquiring at least one set of a plurality of profile entries;
filtering the at least one set of profile entries by the available resource profiles to yield at least one filtered set of the plurality of the profile entries;
placing each unfulfilled reservation of the set of reservations into a profile set based on the reservation's resource profile; and
computing a smallest total resource need for each profile set;
for each profile entry of the at least one filtered set:
fetching the profile entry;
fetching a profile set corresponding to the fetched profile entry;
computing a resource quantity to apply to each unfulfilled reservation of the profile set; and
apportioning the resource quantity to each unfulfilled reservation of the profile set.

US Pat. No. 10,193,819

ADAPTIVE THROTTLING FOR SHARED RESOURCES

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:providing a requestor with a determined number of work units, the determined number of work units enabling the requestor to obtain an amount of work from a resource in a multi-tenant environment;
receiving a request from the requestor to perform an input/output (I/O) operation with respect to the resource, the I/O operation requiring at least one work unit in excess of the determined number of work units;
determining a multi-tenant environment performance criterion;
providing the requestor a sufficient number of borrowed work units to complete the I/O operation based at least in part upon an analysis of the multi-tenant environment performance criterion; and
associating a negative work unit value with the requestor based at least in part on the sufficient number of borrowed work units, the negative work unit value representing a time period to restore a normal operating state, wherein a maximum number of work units available for work requesting parties is required to be reattained by the requestor before the requestor is allowed to request additional work units.

US Pat. No. 10,193,818

METHOD AND APPARATUS FOR ALLOCATING BANDWIDTHS, AND COMPUTER STORAGE MEDIUM

1. A method for allocating bandwidths, comprising:establishing a database storing use records of application services used by a user, compiling statistics on attributes and use frequencies of the application services according to the use records, by a network access device;
extracting features from the application services so as to generate, for each of the application services, a feature vector that uniquely identifies the each of the application services;
classifying the application services according to the attributes, the use frequencies and the features of the application services, and allocating bandwidths to each of the application services based on the classified classes,
wherein compiling statistics on attributes and use frequencies of the application services comprises:
determining a period;
compiling statistics on attributes and use frequencies of the application services used by the user within the period;
sorting each of the application services in accordance with the use frequencies, and
outputting a use frequency-based sorted table;
wherein the use frequency is

 wherein T2 represents a time when one of the application services is terminated to be used, T1 represents a time when the application service is started to be used, C represents times that the application service has been used within the period, and T represents a total time of the period.

US Pat. No. 10,193,817

METHOD, AND NETWORK SYSTEM

FUJITSU LIMITED, Kawasak...

1. A method executed in a network system including a plurality of relay devices and an analyzer device, each of the plurality of relay devices including a first memory, the analyzer device including a second memory configured to store one or more of connection information, the method comprising:receiving, by any of the plurality of relay devices, a packet for establishing a connection, the received packet including the connection information related to the connection;
storing, by the any of the plurality of relay devices, the connection information included in the received packet into the first memory of the any of the plurality of relay devices;
generating, by the any of the plurality of relay devices, a copied packet by copying the received packet;
transmitting, by the any of the plurality of relay devices, the generated copied packet to the analyzer device;
receiving, by the analyzer device, a plurality of copied packets including the generated copied packet from the any of the plurality of relay devices, the plurality of received copied packets respectively including the connection information;
determining, by the analyzer device, for each of the plurality of copied packets, whether the connection information included in the received copied packet matches with any of the one or more of connection information stored in the second memory of the analyzer device;
when it is determined that the connection information included in the received copied packet does not match with any of the one or more of connection information stored in the second memory, considering a source relay device from which the received copied packet is received as a first relay device, and storing the connection information of the received copied packet in association with identifier of the first relay device into the second memory of the analyzer device;
when it is determined that the connection information included in the received copied packet matches with any of the one or more of connection information stored in the second memory, considering the source relay device as a second relay device, and transmitting, from the analyzer device to the second relay device, instruction information for instructing not to transmit the copied packet associated with the connection information included in the received copied packet; and
in response to reception of the instruction information, deleting, by the second relay device, the connection information indicated by the instruction information from the first memory of the second relay device.

US Pat. No. 10,193,816

METHOD FOR OPERATING AN INFORMATION-CENTRIC NETWORK AND NETWORK

NEC CORPORATION, Tokyo (...

1. A method for operating an information-centric network (ICN) in which at least a first named data object (NDO) is addressable, the method comprising:implementing, in the ICN, software-defined networking (SDN) with an SDN controller; and
performing, by the SDN controller, network-wide request aggregation in the ICN by:
detecting an initial request for the first NDO received at a first ingress node of the ICN,
detecting one or more additional requests for the first NDO received at one or more additional ingress nodes of the ICN, and
aggregating the initial request for the first NDO received at the first ingress node and the one or more additional requests for the first NDO received at the one or more additional ingress nodes.

US Pat. No. 10,193,815

MOBILE NETWORK HANDLING OF UNATTENDED TRAFFIC

Telefonaktiebolaget LM Er...

1. A method for handling unattended data traffic differently than attended data traffic, the method comprising: detecting unattended data traffic of an application service;retrieving a dedicated policy on how to handle unattended data traffic, wherein handling the unattended data traffic comprises underestimating a buffer size for the unattended data traffic in a buffer status report; and
handling the unattended data traffic of the application service according to the dedicated policy.

US Pat. No. 10,193,814

METHOD AND APPARATUS FOR CATEGORIZING A DOWNLOAD OF A RESOURCE

Openwave Mobility Inc., ...

1. A method for categorizing a downloading of a resource to a user device from a resource server in a data network, the method comprising:receiving, at an intermediate network device in the data network, data of one or more requests from the user device, wherein each of the one or more requests is a request for a different portion of, or the whole of, the resource to be downloaded to the user device;
forwarding the data of each of the one or more requests from the intermediate network device to the resource server;
receiving, at the intermediate network device, data of one or more responses from the resource server, each response corresponding to a respective one of the requests;
determining, at the intermediate network device, a size of, or an estimate of the size of, each of the one or more responses;
categorizing, at the intermediate network device, the downloading of the resource to the client device as being one of one or more pre-defined download categories, wherein the categorizing is based on a count of the one or more responses and the determined sizes or estimated sizes of the one or more responses, and on the count of the one or more responses reaching a predetermined threshold value and the determined size of, or the determined estimate of the size of, each of the one or more responses each being within a pre-defined data range.

US Pat. No. 10,193,812

MULTICAST LOAD BALANCING IN MULTIHOMING EVPN NETWORKS

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a provider edge (PE) router of a plurality of PE routers configured with an Ethernet Virtual Private Network (EVPN) instance reachable by an Ethernet segment connecting the plurality of PE devices to a customer edge (CE) router that is multi-homed to the plurality of PE routers over the Ethernet segment, an Internet Group Management Protocol (IGMP) join report for a multicast group;
sending, by the PE router and to the plurality of PE routers, one or more Border Gateway Protocol (BGP) join synch routes used to synchronize the IGMP join report for the multicast group across the Ethernet segment;
deterministically determining, by the PE router, whether the PE router is configured to be an elected multicast forwarder for at least one of a plurality of multicast groups;
in response to determining that the PE router is configured to be the elected multicast forwarder for the one of the plurality of multicast groups, configuring, by the PE router, a forwarding state of the PE router to forward multicast traffic for the one of the plurality of multicast groups into the Ethernet segment and to ignore a designated forwarder election for the Ethernet segment;
receiving, by the PE router, multicast traffic from an ingress PE router of the plurality of PE routers; and
forwarding, by the PE router, the multicast traffic into the Ethernet segment for the one of the plurality of multicast groups.

US Pat. No. 10,193,811

FLOW DISTRIBUTION USING TELEMETRY AND MACHINE LEARNING TECHNIQUES

Juniper Networks, Inc., ...

1. A network device, comprising:one or more memories; and
one or more processors to:
receive information that permits the network device to identify a set of expected bandwidth values associated with a first set of flows,
the information that permits the network device to identify the set of expected bandwidth values having been generated using a machine learning technique on telemetry information, associated with a second set of flows, from a set of network devices;
receive network traffic associated with a flow of the first set of flows;
identify an expected bandwidth value, of the set of expected bandwidth values, associated with the flow using the information that permits the network device to identify the set of expected bandwidth values;
identify a set of bandwidth values of a set of links;
compare the expected bandwidth value and the set of bandwidth values;
select a link, of the set of links, to use when providing the network traffic associated with the flow based on comparing the expected bandwidth value and the set of bandwidth values of the set of links; and
provide the network traffic on the link.

US Pat. No. 10,193,809

LOAD BALANCING METHODS BASED ON TRANSPORT LAYER PORT NUMBERS FOR A NETWORK SWITCH

Cisco Technology, Inc., ...

1. A method comprising:receiving, at a network element that performs network traffic bridging, load balancing criteria comprising an indication of at least one transport layer port number and an indication of a plurality of network nodes;
creating a plurality of forwarding entries based on the load balancing criteria, a forwarding entry specifying the at least one transport layer port number and a network node of the plurality of network nodes;
constructing, based on the plurality of forwarding entries and network traffic, a key representing the at least one transport layer port number;
determining whether the network traffic is to be load balanced, wherein when the network element uses a destination port based load balancing scheme, the network traffic is load balanced when a source port of the network traffic matches a predetermined list of source ports;
when the network traffic is to be load balanced:
using the key, performing, by the network element, a lookup to identify a matching forwarding entry from the plurality of forwarding entries, wherein when the network element uses the destination port based load balancing scheme, the matching forwarding entry specifies that an egress port of the network traffic is based on a destination port of the network traffic, and when the network element uses a source port based load balancing scheme, the matching forwarding entry specifies that an egress port of the network traffic is based on the source port of the network traffic; and
using the matching forwarding entry to load balance, among the plurality of network nodes, the network traffic used to construct the key.

US Pat. No. 10,193,807

PENALTY-BOX POLICERS FOR NETWORK DEVICE CONTROL PLANE PROTECTION

Juniper Networks, Inc., ...

1. A method comprising:executing, by a host process executing by a control unit of a network device of a network, a protocol to exchange packets with other network devices of the network to perform control plane functions of the network device;
configuring, by the control unit, a line card of the network device with a goal weight for the protocol that determines respective packet limits for a plurality of packet flows associated with the protocol, wherein each of the plurality of packet flows is destined for the network device, wherein the goal weight defines a share of host-bound path resources available to the protocol for a host-bound path from the line card to the control unit;
computing, by the line card based at least on the goal weight for the protocol, the respective packet limits for the plurality of packet flows;
policing, by the line card in response to detecting congestion of the host-bound path caused at least in part by forwarding the packet flows from the line card to the control unit, based on the packet limit for a first packet flow from the plurality of packet flows, the first packet flow to constrain a rate at which the line card sends packets of the first packet flow to the control unit;
policing, by the line card in response to detecting the congestion, based on the packet limit for a second packet flow from the plurality of packet flows, the second packet flow to constrain a rate at which the line card sends packets of the second packet flow to the control unit; and
processing, by the host process executing by the control unit, the packets of the first packet flow and packets of the second packet flow.

US Pat. No. 10,193,805

USER ORIENTED IOT DATA DISCOVERY AND RETRIEVAL IN ICN NETWORKS

Futurewei Technologies, I...

1. A method for accessing content in a network, comprising:receiving an interest message including semantics information to be matched to the content in the network, the semantics information excluding a name of the content;
accessing a memory to identify the content requested in the interest message using the semantics information, the memory including at least one of a content store (CS) caching the content and a forwarding information base (FIB) storing routing entries, the routing entries including content names with corresponding semantics information, forwarding faces and hop count;
aggregating the routing entries in the FIB having the same content name, the semantics information, forwarding faces and hop count to form an aggregated FIB; and
sending a FIB propagation message to neighboring network nodes, the FIB propagation message including at least changes made to the existing routing entries in the FIB.

US Pat. No. 10,193,804

METHOD OF FORWARDING DATA PACKETS, METHOD OF CREATING MERGED FIB KEY ENTRY AND METHOD OF CREATING A SEARCH KEY

HUAWEI TECHNOLOGIES CO., ...

1. A method of creating a key entry of a merged forwarding information base (FIB) for at least two routing instances (RI) on a network node, each RI having a corresponding RI FIB with corresponding RI FIB key entries and a corresponding routing instance identifier (RII), the method comprising:inserting a corresponding RII after at least a portion of a corresponding RI FIB key entry;
identifying a common root in a plurality of the RI FIB entries, wherein the merged FIB key entries have the corresponding RII immediately after the common root of the corresponding RI FIB key entries.

US Pat. No. 10,193,802

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR PROCESSING MESSAGES USING STATEFUL AND STATELESS DECODE STRATEGIES

ORACLE INTERNATIONAL CORP...

1. A method for processing a message containing type-length-value (TLV) elements, the method comprising:at a processing node including at least one message processor, wherein the processing node shares validation information about an ingress message among decode algorithms:
receiving the ingress message containing a plurality of TLV elements;
determining, using at least one message related attribute, whether the ingress message is to be processed using a stateless decode algorithm;
in response to determining that the ingress message is to be processed using the stateless decode algorithm, processing the ingress message using the stateless decode algorithm, wherein the stateless decode algorithm uses pointer arithmetic and length values associated with the plurality of TLV elements to decode the ingress message;
determining, using the stateless decode algorithm, whether the ingress message includes at least one TLV element indicating that the ingress message is to be further processed using a stateful decode algorithm; and
in response to determining that the ingress message includes the at least one TLV element indicating that the ingress message is to be further processed using the stateful decode algorithm, processing the ingress message using the stateful decode algorithm.

US Pat. No. 10,193,800

SERVICE LABEL ROUTING IN A NETWORK

Level 3 Communications, L...

6. A telecommunications network, comprising:a service edge device in communication with a customer device to receive a request from the customer device to add a telecommunication service for a customer, wherein the telecommunication service comprises one of Firewall services or distributed denial of service (DDOS) protection;
metro edge devices in communication with the service edge device wherein an intermediate metro edge device of the metro edge devices on the telecommunication network is intermediate to two of the metro edge devices; and
a network management computing device comprising a processor configured to:
instantiate the telecommunication service on the service edge device and the metro edge devices, wherein instantiating the telecommunication service comprises associating a unique service label identifier to the requested telecommunication service; and
configure the service edge device and the metro edge devices to route information associated with the telecommunication service;
generate a segment label identifier associated with the service edge device and the metro edge devices;
wherein the service edge device and the metro edge devices route at least one data packet associated with the telecommunication service on the telecommunications network to the customer based at least on the unique service label identifier associated with the data packet, the at least one data packet comprising at least one of the unique service label identifier, the segment label identifier, and a frame associated with the instantiated telecommunication service;
wherein the intermediate metro edge device modifies the unique service label identifier based on network changes, and
wherein the service edge device and the metro edge devices comprise at least a portion of a Multiprotocol Label Switching (MPLS) network.

US Pat. No. 10,193,799

IN-ORDER MESSAGE DELIVERY IN A DISTRIBUTED STORE-AND-FORWARD SYSTEM

QUALCOMM Incorporated, S...

1. A method of operating an intermediate node in a distributed store-and-forward system, the method comprising:establishing, by the intermediate node, a first communication link with a destination node, wherein the first communication link comprises a first Open Systems Interconnection (OSI) model layer;
while the first communication link with the destination node is established, sending a request from the intermediate node to an origination node, wherein:
the request is for information to provide to the destination node, and
the request is sent via a second communication link comprising a second OSI model layer different from the first OSI model layer;
receiving, by the intermediate node via the second communication link, a message to provide to the destination node; and
sending the message from the intermediate node to the destination node via the first communication link while the first communication link is established.

US Pat. No. 10,193,798

METHODS AND MODULES FOR MANAGING PACKETS IN A SOFTWARE DEFINED NETWORK

Telefonaktiebolaget LM Er...

1. A method, performed by an entry module, for managing packets in a communication system based on Software Defined Networking, wherein the communication system comprises the entry module, a radio network node, a mobile device, a forwarding module, a service module, a peer device and a management module for managing the forwarding module, the service module and the entry module, wherein a data plane of the communication system comprises the forwarding module, the service module and the entry module and a control plane of the communication system comprises the management module, wherein the mobile device is attached to the radio network node, wherein the method comprises:receiving an Internet Protocol (IP) packet from the peer device, wherein the IP packet includes a destination IP address associated with the mobile device;
obtaining, from the management module, a location value specifying the radio network node associated with the destination IP address;
associating the location value with the IP packet, wherein the location value is related to a location tag name, indicating the radio network node that serves the mobile device, thereby obtaining a packet; and
sending the packet, via the forwarding module, towards the radio network node as indicated by the location value of the location tag name.

US Pat. No. 10,193,797

TRIGGERED-ACTIONS NETWORK PROCESSOR

ORACLE INTERNATIONAL CORP...

1. A network processor, comprising:an input network stack configured to receive messages from an inbound network link;
a format decoder, coupled to the network stack, configured to: extract one or more fields from a given message; provide the one or more fields to application logic; determine a context for the given message; provide the given message and the context to a data handler, wherein the context is based on a message type and an identifier of the network connection on which the given message was received; determine a message status for the given message; and provide the message status to the data handler, wherein the message status includes a length of the given message and information specifying any error conditions associated with the given message;
the application logic, coupled to the format decoder, configured to: determine one or more trigger values based on the one or more fields and one or more trigger expressions; and provide the one or more trigger values to the data handler, wherein the one or more trigger expressions include checks on information in a payload of the given message; and
the data handler, coupled to the format decoder and the application logic, configured to determine one or more actions to be taken for the given message based on the context and the one or more trigger values, wherein the one or more actions to be taken include whether the given message is forwarded and one or more forwarding destinations, wherein the data handler is further configured to determine the one or more actions to be taken based on the information specifying any error conditions associated with the given message.

US Pat. No. 10,193,795

ROBUST DATA ROUTING IN WIRELESS NETWORKS WITH DIRECTIONAL TRANSMISSIONS

SONY CORPORATION, Tokyo ...

1. A wireless communication apparatus, comprising:(a) a wireless communication circuit configured for wirelessly communicating with other wireless communication stations;
(b) a computer processor coupled to said wireless communication circuit;
(c) a non-transitory computer-readable memory storing instructions executable by the computer processor; and
(d) wherein said instructions, when executed by the computer processor, perform steps comprising:
(i) communicating with the other wireless communication stations utilizing a routing protocol;
(ii) performing primary and secondary path discovery in establishing communications with a destination wireless communication station, through intermediate wireless communication stations;
(iii) determined by the processor that intermediate station of the primary and secondary path to be selected such that the antenna pattern for the primary and secondary path are spatially uncorrelated, using beamforming (BF) training information toward candidate intermediate stations;
(iv) transmitting data on the primary and the same data on the secondary path, for receipt by the destination wireless communication station toward overcoming link blockages of the primary path in response to data received on the secondary path; and
(v) wherein said instructions when executed by the computer are configured to provide reception at a destination station which is selected from the group of reception types consisting of: uncoordinated reception, coordinated reception by combining received signal powers, or coordinated reception with conditional reception from the secondary routing path.

US Pat. No. 10,193,794

MULTIPARTY CALL METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A multiparty call method, applied in a process in which a transmit end makes a multiparty call with at least two receive ends, wherein the transmit end and the at least two receive ends are user equipment, wherein the method comprises:acquiring, by the transmit end, one piece of communications data to be transmitted to the at least two receive ends and identifiers of each of the at least two receive ends, wherein the identifiers of each of the at least two receive ends comprise internet protocol (IP) addresses of the at least two receive ends and port numbers for the at least two receive ends: and
sending, by the transmit end, the one piece of communications data and the identifiers of each of the at least two receive ends to a network side device.

US Pat. No. 10,193,793

BROWSER APPARATUS, RECORDING MEDIUM, SERVER APPARATUS, AND INFORMATION PROCESSING METHOD

SONY CORPORATION, Tokyo ...

1. A browser apparatus comprising:circuitry configured to
implement a web browser application including a first communication function section that sends a request to a web site and receives web content from the web site using a unicast protocol, and a second communication function section that receives web content multicast-distributed using a multicast protocol,
control, in response to an external input, the first communication function section of the web browser application to send a request to a web site and receive web content from the web site using the unicast protocol, wherein
the second communication function section receives a plurality of web content items,
the circuitry is configured to record only a web content item of the plurality of web content items, which has a particular URL address, on a recording medium, and
the circuitry is configured to control, when the web content received by the second communication function section has an error, the first communication function section to request the web content from the web site.

US Pat. No. 10,193,792

DATA PACKET SENDING METHOD, MOBILE ROUTER, AND NETWORK DEVICE

HUAWEI TECHNOLOGIES CO., ...

1. A method comprising:receiving a routing control request, wherein the routing control request comprises routing control policy information;
obtaining, from a mobile node (MN), a first data packet associated with a first home address;
determining whether to enable routing control for the first data packet, according to indication information indicating whether routing control is enabled, and according to home address status information, wherein the indication information and the home address status information are comprised by the routing control policy information;
establishing a tunnel with a designated routing node according to the home address status information in the routing control policy information carried in the routing control request in response to the indication information in the routing control policy information carried in the routing control request indicating that routing control is enabled and after receiving the routing control request;
sending the first data packet to the designated routing node through the tunnel with the designated routing node according to the home address status information in the routing control policy information, in response to determining to enable routing control for the first data packet;
obtaining a first processed data packet returned by the designated routing node; and
sending the first processed data packet to a destination node via a current mobile router of the destination node, wherein the current mobile router of the destination node sends the first processed data packet to the destination node, and wherein the first processed data packet is obtained by the designated routing node by processing the first data packet.

US Pat. No. 10,193,791

METHOD OF ALLOCATING WAVELENGTH AND WAVELENGTH ALLOCATION DEVICE

FUJITSU LIMITED, Kawasak...

1. A method of allocating a wavelength, the method comprising:first deciding whether a wavelength bandwidth of an optimum route for a demand has a free bandwidth to which the demand is able to be allocated;
allocating the demand to a bypass route other than the optimum route when the wavelength bandwidth of the optimum route does not have the free bandwidth;
acquiring a degree of influence of a section on the optimum route that is decided not to have the free bandwidth, by accumulating a difference in a route cost between the optimum route and the bypass route, the degree of influence being indicative of powerful influence on the bypass route when the demand is accommodated in the bypass route;
second deciding whether the acquired degree of influence becomes a predetermined value or more;
third deciding whether there is the wavelength link that can be added to the section in which the acquired degree of influence becomes a predetermined value or more;
adding an unused wavelength link to the wavelength bandwidth of the section in which there is the wavelength link that can be added to the section, to activate a laser of a transmitter of the section, and set a filter of a receiver of the section to filter the wavelength in the added wavelength link;
re-calculating the optimum route for the demand being allocated to the bypass route, after adding the unused wavelength link to the wavelength bandwidth of the section; and
allocating the demand to the optimum route obtained by the re-calculation in the case that the wavelength bandwidth of the optimum route obtained by the re-calculation has the free bandwidth, and a type of the demand is a momentary interruption toleration type that permits the momentary interruption of data.

US Pat. No. 10,193,790

SYSTEMS AND METHODS FOR AN INTELLIGENT, DISTRIBUTED, AUTONOMOUS, AND SCALABLE RESOURCE DISCOVERY, MANAGEMENT, AND STITCHING

DELL PRODUCTS LP, Round ...

1. A method for an originating node to facilitate using a resource at a fulfilling node in a decentralized network of nodes, the method comprising:sending to a node in the decentralized network a request message for the resource for use by or on behalf of the originating node, the request message comprising:
a description of the resource requested by the originating node, the node being communicatively coupled to the originating node; and
one or more intelligent distribution instructions determined by the originating node using an analytics module to determine, at least in part, the one or more intelligent distribution instructions for propagating the request message, the one or more intelligent distribution instructions setting forth: (1) one or more conditions regarding propagation of the request message by a receiving node that receives the request message, including a timeout period such that the request message times out and is dropped after a predetermined amount of time has passed, and (2) one or more conditions for responding to the request message, one or more conditions for handling receipt of one or more responses from nodes that received the request message and have the resource requested by the originating node available for use by or on behalf of the originating node, or both;
receiving a reply message from a neighbor node, the reply message comprising:
a message that the fulfilling node can satisfy the request message;
network identifier information from the fulfilling node; and
network identifier information indicating a path between the originating node and the fulfilling node; and
stitching the path from the originating node to the fulfilling node using the network identifier information received with the reply message.

US Pat. No. 10,193,789

HANDLING PORT IDENTIFIER OVERFLOW IN SPANNING TREE PROTOCOL

ARRIS Enterprises LLC, S...

1. A method comprising:receiving, by a network device, a spanning tree protocol (STP) bridge protocol data unit (BPDU);
extracting, by the network device, a port identifier value from the BPDU;
determining, by the network device, a fourteen-bit port number associated with the BPDU by decoding the least significant fourteen bits of the port identifier value; and
determining, by the network device, an eight-bit port priority associated with the BPDU by:
decoding the most significant two bits of the port identifier value; and
converting the most significant two bits of the port identifier value into the eight-bit port priority, the converting comprising padding the least significant six bits of the eight-bit port priority with zeroes.

US Pat. No. 10,193,788

SYSTEMS AND METHODS IMPLEMENTING AN AUTONOMOUS NETWORK ARCHITECTURE AND PROTOCOL

1. A computing node device comprising:a communication interface to communicate with other devices in a communications network; and
a networking interface to:
identify a plurality of computing nodes in the communications network, respective computing nodes of the plurality of computing nodes capable of being assigned a parent node of the computing node device;
verify an identity of a particular computing node of the plurality of computing nodes, the particular node capable of requesting to join the communications network;
transmit an identity of the computing node device to the particular computing node to enable the particular computing node to verify the identity of the computing node device;
when the identify of the particular computing node has been verified, transmit, using the communications interface, a message, to the particular computing node;
receive a response from the particular computing node, the response including metadata identifying a current load of the particular computing node;
based on the metadata identifying the current load of the particular computing node, identify the particular computing node as the parent node of the computing node device;
transmit, to the parent node, a request to register as part of the communications network.

US Pat. No. 10,193,787

METHOD OF NOTIFYING FUNCTION IDENTIFICATION INFORMATION AND COMMUNICATION SYSTEM

KABUSHIKI KAISHA TOSHIBA,...

1. A communication apparatus, comprising:a receiver configured to receive a probe request frame comprising a first SSID (Service Set Identifier) field from a first communication apparatus, wherein the first SSID field comprises first characters indicating a wireless communication function, the first SSID field of the probe request frame is defined in IEEE802.11 specification, and the wireless communication function is defined in a first specification different from the IEEE802.11 specification; and
a transmitter configured to transmit a probe response frame comprising a second SSID field to the first communication apparatus after a reception of the probe request frame, wherein the second SSID field comprises the first characters, and the second SSID field of the probe response frame is defined in the IEEE802.11 specification, the first SSID field and the second SSID field are defined as a field comprising an identifier of a service set in the IEEE802.11 specification.

US Pat. No. 10,193,786

WIRELESS ROUTERS UNDER TEST

Contec, LLC, Schenectady...

1. A universal tester for testing a plurality of wireless routers, comprising:a plurality of test slots, each test slot of the plurality of test slots configured to host a wireless router of a plurality of wireless routers; and
a plurality of sets of test connections, each set of test connections of the plurality of sets of test connections being associated with one test slot of the plurality of test slots,
wherein each set of test connections of the plurality of sets of test connections comprises:
a wireless networking test connection configured to test a corresponding wireless networking interface on a wireless router of the plurality of wireless routers,
an Ethernet test connection configured to test a corresponding Ethernet interface on a wireless router of the plurality of wireless routers, and
a MoCA test connection configured to test a corresponding MoCA interface on a wireless router of the plurality of wireless routers.

US Pat. No. 10,193,785

METHODS AND APPARATUS TO PREDICT END OF STREAMING MEDIA USING A PREDICTION MODEL

The Nielsen Company, LLC,...

1. An apparatus comprising:a predictor to determine a bandwidth rate associated with presentation of streaming media based on monitored traffic between a user device and a streaming media distributor;
a modeler to generate a prediction model based on characteristics of the bandwidth rate, the characteristics of the bandwidth rate including an amplitude of the bandwidth rate, a mean value of the bandwidth rate, and a standard deviation of the bandwidth rate; and
a forecaster to determine that a time when an output of the prediction model is below a minimum bandwidth threshold is a session end time for a streaming media session, the session end time corresponding to when the user device stops receiving the streaming media.

US Pat. No. 10,193,784

TRACKING VIRTUAL IP CONNECTION CHANGES

Cisco Technology, Inc., ...

1. A network device comprising:a memory; and
a processor, wherein the processor is configured to:
increment a sequence number associated with a virtual IP connection at the network device in response to a change of a status of the virtual IP connection, wherein the network device is a primary device configured to probe the virtual IP connection, wherein the network device is part of a mesh comprising a plurality of network devices, wherein the mesh comprises a standby network device configured to probe the virtual IP connection, and wherein the sequence number is attached to data corresponding to the status and is stored at the network device;
send, in response to a pull request from one of the plurality of network devices of the mesh, the data corresponding to the status of the virtual IP connection in response to the incremented sequence number of the virtual IP connection being greater than a requested sequence number, wherein the plurality of network devices are configured to pull incremental answer statuses at a configurable frequency; and
send, in response to the network device rebooting, the data corresponding to the status of the virtual IP connection to the standby network device with a request to overwrite all previously stored statuses.

US Pat. No. 10,193,783

SYSTEM FOR AGGREGATING STATISTICS ASSOCIATED WITH INTERFACES

NICIRA, INC., Palo Alto,...

1. A method of aggregating statistics for a set of interfaces associated with a logical forwarding element (LFE), the method comprising:for each particular interface in the set of interfaces associated with the LFE, defining at least one flow entry comprising (i) a set of matching fields that store flow-identifying parameters for matching with attributes of packets and (ii) a tag identifier that identifies the particular interface and that is not part of a matching field to match with packet attributes;
sending the flow entries to a plurality of physical forwarding elements (PFEs) that implement the LFE, at least a subset of the PFEs executing on host computers along with data compute nodes associated with the LFE;
receiving, from the plurality of PFEs, statistics generated by each PFE for each flow entry that has a tag identifier; and
aggregating the received statistics to produce overall statistics relating to each interface associated with the LFE.

US Pat. No. 10,193,782

LAYER 4 SWITCHING FOR PERSISTENT CONNECTIONS

Akamai Technologies, Inc....

1. A method of improving operations of an overlay network using transport layer (Layer 4) switching, the overlay network comprising a plurality of overlay nodes organized as edge nodes, parent nodes and other Internet Protocol (IP)-addressable nodes, the overlay network nodes being positioned between requesting client devices and content provider origin servers that utilize the overlay network nodes to thereby provide content and application delivery to the requesting client devices, comprising:organizing a set of switches into an interface, wherein each switch in the set of switches provides a group of ports that are dedicated to providing out-bound connections to given destinations persistently;
selectively positioning the interface between one of: the IP-addressable nodes and edge nodes, the edge nodes and the parent nodes, and the parent nodes and the content provider origin servers; and
controlling routing across the interface such that, as requesting client devices interact with content provider origin servers, a given persistent connection to a destination in a particular switch is used by first and second in-bound connections;
wherein providing the interface with out-bound persistent connections improves overlay network performance by reducing connection establishment overhead with respect to communications between the requesting client devices and content provider origin servers that traverse the overlay network.

US Pat. No. 10,193,781

FACILITATION OF MULTIPATH TRANSMISSION CONTROL PROTOCOLS

1. A method, comprising:receiving, by a network device comprising a processor, web site request data related to a request for a web site made by a mobile device;
receiving, by the network device, preference data associated with sending web site data related to the web site request data via a Wi-Fi connection of the network device or via a cellular network connection of the network device, wherein the preference data comprises benefit data related to a number of bytes that are deliverable via the Wi-Fi connection of the mobile device and the cellular network connection of the mobile device;
receiving, by the network device, resource data associated with the sending the web site data via the Wi-Fi connection of the network device or via the cellular network connection of the network device;
analyzing, by the network device, the preference data and the resource data, resulting in analyzed data; and
in response to a condition associated with the analyzed data being determined to have been satisfied, sending, by the network device, the web site data.

US Pat. No. 10,193,780

SYSTEM AND METHOD FOR ANOMALY ROOT CAUSE ANALYSIS

Futurewei Technologies, I...

1. A method comprising:receiving, by a processor from a radio network controller (RNC) of a network, one of a first anomaly data point, a second anomaly data point, and a third anomaly data point, the first, second, and third anomaly data points being related to a plurality of variables;
classifying, by the processor in response to receiving the first anomaly data point, the first anomaly data point as a relationship type anomaly, upon determining that the first anomaly data point is inside a magnitude bounding box and outside a principal component analysis (PCA) bounding box, wherein the PCA bounding box excludes all of a plurality of anomaly data points of a data set, and limits of the PCA bounding box are orthogonal to eigenvectors of the data set;
classifying, by the processor in response to receiving the second anomaly data point, the second anomaly data point as a joint magnitude anomaly, upon determining that the second anomaly data point is outside the magnitude bounding box, outside the PCA bounding box, and between major limits of the PCA bounding box;
classifying, by the processor in response to receiving the third anomaly data point, the third anomaly data point as both the relationship type anomaly and the joint magnitude anomaly, upon determining that the third anomaly data point is outside the magnitude bounding box, outside the PCA bounding box, and not between the major limits of the PCA bounding box;
determining, in response to classifying the first anomaly data point as the relationship type anomaly, at least a first subset of the variables related to the classified first anomaly data point;
performing, by the processor based on classifying the first anomaly data point as the relationship type anomaly, corrective action on the network in accordance with the classified first anomaly data point and the at least a first subset of the variables related to the classified first anomaly data point;
determining, in response to classifying the second anomaly data point as the joint magnitude anomaly, at least a second subset of the variables related to the classified second anomaly data point;
performing, by the processor based on classifying the second anomaly data point as the joint magnitude anomaly, corrective action on the network in accordance with the classified second anomaly data point and the at least a second subset of the variables related to the classified second anomaly data point;
determining, in response to classifying the third anomaly data point as both the relationship type anomaly and the joint magnitude anomaly, at least a third subset of the variables related to the classified third anomaly data point; and
performing, by the processor based on classifying the third anomaly data point as both the relationship type anomaly and the joint magnitude anomaly, corrective action on the network in accordance with the classified third anomaly data point and the at least a third subset of the variables related to the classified third anomaly data point.

US Pat. No. 10,193,779

APPARATUS AND METHOD FOR CONTROLLING DOWNLINK THROUGHPUT IN COMMUNICATION SYSTEM

Samsung Electronics Co., ...

1. A method of a server in a communication system, the method comprising:determining a buffering delay of a terminal for a data packet based on at least one of a time when the terminal inputs the data packet into a buffer of the terminal, a time when the server receives the data packet from the terminal, or a time when the terminal transmits the data packet to the server; and
transmitting, to the terminal, control information for controlling a transmission rate of the terminal based on whether the buffering delay of the terminal for the data packet is larger than a buffering delay of the terminal for another data packet.

US Pat. No. 10,193,778

SYSTEM, METHOD AND PROGRAM FOR DETECTING ANOMALOUS EVENTS IN A NETWORK

ITRON NETWORKED SOLUTIONS...

1. A network communication device configured to monitor operating events occurring in a network, the communication device comprising:a memory unit having historical operating information and situational information recorded therein, the historical operating information including data indicative of historical operation of nodes in the network based on respective feature information that is uniquely defined for each of the nodes in the network, such that there is historical operating information for each node in the network based on the unique feature information for that node, and the situational information including data indicative of operation data expected to be received from nodes in the network during a predetermined time period based on at least one of a condition and an event that is occurring during the predetermined time period;
a communication unit configured to receive respective operation data from nodes in the network;
a control unit configured to compare the operation data received from a node in the network with (i) the historical operating information for the node from which the operation data was received and (ii) the situational information for the predetermined period in which the operation data is received, and to associate the received operation data with the historical operating information and the situational information in the memory unit based on the comparison of the received operation data with (i) the historical operating information for the node and (ii) the situational information.

US Pat. No. 10,193,777

WI-FI/BPL DUAL MODE REPEATERS FOR POWER LINE NETWORKS

1. A method for transmitting information, comprising:receiving a message, at a node of a power line network, from a first power line segment of the power line network;
detecting, at the node, an interruption in the power line network;
in response to detecting the interruption in the power line network, comparing, using a processor at the node, a transmission characteristic of a wireless transmission of the message and a transmission characteristic of a wired transmission of the message; and
transmitting the message, from the node, via one of the wireless transmission or the wired transmission, to a second power line segment of the power line network, based on the comparing of the transmission characteristic of the wireless transmission of the message and the transmission characteristic of the wired transmission of the message.

US Pat. No. 10,193,776

ANONYMIZATION OF TRAFFIC PATTERNS OVER COMMUNICATION NETWORKS

International Business Ma...

1. A computer program product for obfuscating communication traffic patterns occurring over a communication infrastructure including a computer server, the computer program product comprising:one or more non-transitory computer-readable storage devices and program instructions stored on at least one of the one or more non-transitory storage devices, the program instructions executable by a processor, the program instructions comprising:
instructions to detect, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol;
instructions to access, at the first communications device, a first traffic pattern based on the data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period;
instructions to access, at the first communications device, a second traffic pattern based on the data communication sessions, the second traffic pattern determining communication occurrences between the first and the second communications devices over a second predefined time period that occurs after the first predefined time period; and
instructions to generate, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device, wherein the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions, wherein the generating of the dummy data communication pattern comprises:
instructions to determine, at the first communications device, a first information content value associated with the first traffic pattern;
instructions to determine, at the first communications device, a second information content value associated with the second traffic pattern;
instructions to compare, at the first communications device, the first and the second information content values; and
instructions to generate a first binary value based on the comparing determining the second information content value to be outside a predefined threshold range of the first information content value.

US Pat. No. 10,193,775

AUTOMATIC EVENT GROUP ACTION INTERFACE

Splunk Inc., San Francis...

1. A method comprising: causing display of an interface enabling a user to indicate information to control the operation of a service monitoring system to automatically identify and update a group of events from among a plurality of events in an event datastore; receiving user input via the interface including: an indication of group membership criteria; an indication of a causable group action; an indication of a precondition related to the causable group action; creating an event group policy definition in computer storage based at least in part on the group membership criteria, the causable group action, and the precondition; wherein one or more events of the plurality of events in the event datastore is each a notable event produced by a correlation search against stored key performance indicator (KPI) values, each KPI value produced by a search query that defines the KPI and that derives the KPI value from machine data associated with one or more entities that perform a service, each entity having an entity definition that identifies machine data associated with the respective entity, and each said entity definition associated with a service definition representing the service; wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment; and wherein the method is performed by one or more processing devices.

US Pat. No. 10,193,771

DETECTING AND HANDLING ELEPHANT FLOWS

NICIRA, INC., Palo Alto,...

1. A non-transitory machine readable medium that stores a program which when executed by at least one processing unit implements a forwarding element, the program comprising sets of instructions for:monitoring data flows associated with a network host to detect an elephant flow for which the forwarding element processes a plurality of packets, wherein the forwarding element encapsulates the packets of the elephant flow with an outer header; and
for at least two packets of the elephant flow, differentiating the two packets by (i) encapsulating a first packet of the elephant flow using a first header field value for a particular header field of the outer header and (ii) encapsulating a second packet of the elephant flow using a second header field value for the particular header field of the outer header,
wherein the different header field values for the particular header field break the elephant flow into at least two different mouse flows such that subsequent forwarding elements, to which the packets are sent from the forwarding element, send the packets of the detected elephant flow along different paths to reach a same destination.

US Pat. No. 10,193,770

SUPPLYING DATA FILES TO REQUESTING STATIONS

PULSE SECURE, LLC, San J...

1. A traffic management system having multiple operational modes, comprising:a first interface to communicate with clients;
a second interface to communicate with at least one server; and
a processing device for:
monitoring response times of the server when responding to requests from the clients;
responsive to determining that a most recent response time of the server is greater than a threshold response time, inserting a first value into a first-in-first-out (FIFO) queue;
responsive to determining that the most recent response time of the server is less than or equal to the threshold response time, inserting a second value into the FIFO queue;
computing a service level based on values stored in the FIFO;
switching the traffic management system from a first operational mode to a second operational mode when (1) the traffic management system is operating in the first operational mode, and (2) the service level is worse than a first service level;
switching the traffic management system from the second operational mode to the first operational mode when (1) the traffic management system is operating in the second operational mode, and (2) the service level is better than a second service level;
processing the requests received from the clients based on an operational mode of the traffic management system, wherein in the first operational mode no measures are taken to improve the service level, and wherein in the second operational mode at least one measure is taken to improve the service level.

US Pat. No. 10,193,769

NETWORK SERVICES API

CenturyLink Intellectual ...

17. A method for invoking virtualized network functions, the method comprising:receiving an authentication indicative of virtualized network functions associated with provisioning a selected service offering, wherein the authentication is sent by virtualized service equipment that is associated with a user and is incorporated in a device associated with the user;
authorizing access to one or more virtualized network functions based on the authentication;
invoking the one or more virtualized network functions needed to provision the selected service offering via at least one application programming interface;
releasing, with a security layer, an authorized subset of virtualized network functions including the at one or more virtualized network functions to provision the service offering, based on an authentication; and
releasing, with the security layer, an authorized subset of application programming interfaces including the application programming interface to access the authorized subset of virtualized network functions.

US Pat. No. 10,193,768

SYSTEM FOR GENERATING A VIRTUALIZED NETWORK FUNCTION

ORANGE, Paris (FR)

6. A system for generating a virtualized network function, the system comprising:a database, arranged to store implementation parameters associated with elementary components of virtualized network functions, the parameters relating to an implementation of the components in at least one virtualized communication network; and
a device for configuring a virtualized network function, wherein the device configured to:
receive a request for configuration of the virtualized network function;
obtain from the database, at least one parameter for implementation in the virtualized communication network of an elementary component of the virtualized network function, the elementary component to be added to a basic virtualized network function; and
compose the virtualized network function from the basic virtualized network function and the elementary component implemented from the at least one obtained parameter.

US Pat. No. 10,193,767

MULTIPLE AVAILABLE WITNESSES

EMC IP Holding Company LL...

1. A method of managing resources that are synchronized between at least two different sites, comprising:providing multiple witnesses, wherein each witness is configured to determine, in an event of a communication failure between two or more of the at least two different sites, which of the two or more different sites will accept writes for the resources during the communication failure;
one of the at least two different sites choosing a particular one of the witnesses;
the one of the at least two different sites confirming that the particular one of the witnesses is available to serve as a witness;
the one of the at least two different sites communicating with other ones of the at least two different sites to determine if the particular one of the witnesses is acceptable to the other ones of the at least two different sites; and
choosing the particular one of the witnesses in response to the particular one of the witnesses being available to serve as a witness and the particular one of the witnesses being acceptable to all of the other ones of the at least two different sites.

US Pat. No. 10,193,766

DYNAMIC CHANGING TIER SERVICE ON TEST DEVICE

TIME WARNER CABLE ENTERPR...

7. A system comprising:a broadband communications network;
a policy enforcement point of said broadband communications network;
a policy server of said broadband communications network; and
a test device located within said broadband communications network, said test device being interconnected with said policy enforcement point of said broadband communications network via a customer premises equipment (CPE) device;
wherein:
said policy server is configured to, responsive to commencement of a test to be conducted with said test device, signal said policy enforcement point to set a bandwidth tier for said test to be conducted with said test device, wherein said setting of said bandwidth tier changes an initially provisioned bandwidth tier set at said policy enforcement point for communications with said CPE device; and
said policy enforcement point and said test device are cooperatively configured to conduct said test in accordance with said bandwidth tier, wherein said test determines a speed of said broadband communication network at said test device in said bandwidth tier.

US Pat. No. 10,193,765

PROTECTION SWITCHING SYSTEMS AND METHODS IN A PACKET NETWORK BASED ON SIGNAL DEGRADE

Ciena Corporation, Hanov...

1. A method of protection switching in a packet network based on signal/service degrade, the method comprising:monitoring a packet network connection;
detecting the packet network connection has a signal/service degrade comprising a condition where the packet network connection is operational, but experiencing errors determined on the packet network connection at a packet layer below a threshold, wherein the signal/service degrade is detected in part through a Frame Error Rate which is inferred from a Bit Error Rate and frame size; and
responsive to detection of the signal/service degrade, performing one or more of notifying nodes in the packet network and performing a protection switch at the packet layer based on the signal/service degrade.

US Pat. No. 10,193,764

METHOD AND SYSTEM FOR OFFERING SUBSCRIBER SERVICE PLANS BY ADAPTIVE CODING AND MODULATION USED

Hughes Network Systems, L...

1. A method for providing service levels in a Radio Frequency (RF) network, the method comprising:associating one or more service levels with each supported symbol rate, modulation and error correction encoded scheme (ModCod);
assigning a subscriber service level for a RF transmitter;
receiving a signal quality of a transmission by the RF transmitter;
selecting a transmit ModCod from the supported ModCods, wherein the signal quality exceeds a threshold signal quality for the transmit ModCod; and
authorizing the RF transmitter to transmit to the receiver when the subscriber service level is included in the one or more service levels associated with the transmit ModCod,
wherein the signal quality adapts to a signal fade;
wherein at least one service level of the service levels is not associated with each of the supported ModCods.

US Pat. No. 10,193,760

HYBRID SDN CONTROLLER

Intel Corporation, Santa...

1. A network interface controller (NIC) to couple to a host computing device, the NIC comprising:a network stack;
a host interface to couple to the host computing device; and
a hybrid software-defined networking (SDN) controller implemented in circuitry of the NIC, the hybrid SDN controller to perform at least one SDN control function to reduce SDN processing load on the host computing device, the hybrid SDN controller including:
a service abstraction layer (SAL) to:
provide a representation of a physical network based at least in part on the network stack; and
in response to a request including a change in configuration of the physical network, provide a simulated representation of the physical network based at least in part on the network stack and the change in configuration included in the request; and
a southbound application programming interface (SB API).

US Pat. No. 10,193,759

CONTROL METHOD IN COMMUNICATIONS NETWORK CENTRALIZED CONTROLLER, AND WIRELESS COMMUNICATIONS NETWORK SYSTEM

Huawei Technologies Co., ...

1. A control method in a communications network, the method comprising:generating, by a centralized controller in a communications network, a to-be-confirmed processing type list according to a service type of a service flow and a data path type template, wherein the data path type template comprises all processing function types and a selection instruction corresponding to each processing function type, the to-be-confirmed processing type list comprises all first processing function types, and the first processing function types are processing function types in the data path template and are optional to the service flow;
filtering, by the centralized controller, the first processing function types according to a selection instruction corresponding to each first processing function type, and generating a processing type list, wherein the processing type list comprises all second processing function types, and the second processing function types are processing function types in the to-be-confirmed processing type list and are mandatory to the service flow, after filtering;
selecting, by the centralized controller, a corresponding processing instance for each second processing function type according to a status of an instance of each function node in a network topology and a service quality of service (QoS) information of the service flow, and sequentially selecting a working policy and a working parameter for each processing instance, wherein the instance of each function node corresponds to one processing instance, and the network topology comprises function types of the instances of all the function nodes, connection relationships between the instances of all the function nodes, and statuses of the instances of all the function nodes;
generating, by the centralized controller, a full path policy, wherein the full path policy comprises all the processing instances that the service flow sequentially flows through and the working policy and the working parameter that correspond to each processing instance; and
sending, by the centralized controller, the full path policy to an instance of each function node according to the network topology.

US Pat. No. 10,193,758

COMMUNICATION VIA A CONNECTION MANAGEMENT MESSAGE THAT USES AN ATTRIBUTE HAVING INFORMATION ON QUEUE PAIR OBJECTS OF A PROXY NODE IN A SWITCHLESS NETWORK

International Business Ma...

1. A method, comprising:receiving a connection management message that uses a proxy attribute, wherein the connection management message includes information on a first proxy queue pair and a second proxy queue pair, wherein the first proxy queue pair provides communication between a proxy node and an initiator node in a switchless network, and wherein the second proxy queue pair provides communication between the proxy node and a target node in the switchless network; and
channeling, via the connection management message that uses the proxy attribute, datagrams received from the initiator node to the target node in the switchless network.

US Pat. No. 10,193,755

POLICY CONFLICT RESOLUTION METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A method comprising:receiving, by a processor, a first control policy;
decomposing the first control policy into m first rules;
receiving, by the processor, a second control policy;
decomposing the second control policy into n second rules, wherein m and n are natural numbers, wherein both the first control policy and the second control policy act on a first forwarding device, and wherein the first rules and the second rules each comprise a matching field and an action;
performing negation on the first rules to obtain first negation rules;
performing negation on the second rules to obtain second negation rules;
generating a corresponding first execution rule using the first negation rules and the second negation rules according to a rule synthesis principle, wherein the rule synthesis principle comprises forming the first execution rule using an intersection between a matching field of a first negotiation rule of the first negotiation rules and a second negotiation rule of the second negotiation rules that are of a same matching field type or a union between a matching field of the first negation rule and a matching field of the second negation rule that are of different matching field types, and an intersection between an action of the first negation rule and an action of the second negation rule;
detecting an invalid rule in response to determining that there is no intersection between the matching field of the first negation rule and the matching field of the second negation rule that are of the same matching field type;
deleting the invalid rule;
using remaining first execution rules as valid first execution rules;
performing negation on the valid first execution rules; and
converting, according to a protocol supported by the first forwarding device, the valid first execution rules on which negation has been performed into a corresponding forwarding entry of the first forwarding device.

US Pat. No. 10,193,754

SYSTEM AND METHOD FOR SUPPORTING CONNECTORS IN A MULTITENANT APPLICATION SERVER ENVIRONMENT

ORACLE INTERNATIONAL CORP...

1. A system for supporting use of connectors in a multitenant application server environment, comprising:one or more computers, including an application server that enables deployment and execution of software applications, wherein the application server is associated with a domain configuration that is used at runtime to define a domain for execution of the software applications, and a plurality of partitions,
wherein each of the plurality of partitions is associated with a partition configuration, and wherein each partition provides a subdivision of the domain and includes one or more resource groups of a plurality of resource groups, wherein the one or more resource groups are defined by one or more resource group templates;
one or more deployed partition-level resource adapters, each of the one or more deployed partition-level resource adapters being deployed in a resource group of a partition of the plurality of partitions;
a connector container, wherein the connector container determines a partition scope of the one or more deployed partition-level resource adapters, wherein the partition scope is used to identify a partition identification (partition ID), based on a component invocation context, of a partition of the plurality of partitions within which a partition-level resource adapter is deployed; and
a partition classloader, the partition classloader deploying the one or more deployed partition-level resource adapters, the one or more deployed partition-level resource adapters being an instantiated version of a deployable resource adapter;
wherein, based upon the identified partition ID of partition of the plurality of partitions within which the partition-level resource adapter is deployed, access to the partition-level resource adapter is restricted to applications and resources within the partition associated with the identified partition ID.

US Pat. No. 10,193,753

AUTOMATED CONFIGURATION AND DEPLOYMENT OF INTERNET OF THINGS PLATFORMS

EMC IP Holding Company LL...

1. An apparatus comprising:an Internet of Things (IoT) platform configuration and deployment system accessible to a plurality of user devices over at least one network;
wherein the IoT platform configuration and deployment system comprises:
a configuration and deployment controller; and
a multi-tiered adaptive service catalog associated with the controller;
wherein the configuration and deployment controller is configured to receive requirements input for respective ones of a plurality of requested IoT platforms from one or more of the user devices and to determine corresponding sets of resources for implementation of the respective IoT platforms based at least in part on one or more services selected from the multi-tiered adaptive service catalog;
wherein the multi-tiered adaptive service catalog comprises:
a lower tier comprising one or more service deployment frameworks; and
a plurality of higher tiers each comprising a plurality of applications of a particular type, with each of the higher tiers comprising applications of a different type than any other such higher tier;
wherein the IoT platforms are deployed utilizing the respective sets of resources determined by the configuration and deployment controller;
wherein each of the deployed IoT platforms is configured to interact with a different set of IoT devices; and
wherein the IoT platform configuration and deployment system is implemented by one or more processing devices each comprising a processor coupled to a memory.

US Pat. No. 10,193,752

STORAGE SYSTEM UPGRADE

EMC IP Holding Company LL...

1. A method for upgrading an array specific module of a multipath application, the method comprising:checking a status associated with the array specific module, the array specific module being associated with an array independent module of the multipath application, in order to register the status of the array specific module with the array independent module;
on determination the status of the array specific module is an “in-progress” state,
suspending all input/output operations associated with the array specific module; and
upgrading the array specific module without disrupting input/output operations associated with the array specific module.

US Pat. No. 10,193,751

SYSTEM, METHOD AND APPARATUS FOR CONFIGURING A NODE IN A SENSOR NETWORK

Senseware, Inc., Vienna,...

1. A method, comprising:receiving, by a sensor data control system, a request to change a configuration of a wireless node in a wireless sensor network at a monitored location, the wireless node supporting one or more sensors at the monitored location;
transmitting, by the sensor data control system, a configuration message for delivery to the wireless node, the configuration message including configuration information that enables the wireless node to change at least one configuration setting used by the wireless node in controlling a delivery of sensor data from the one or more sensors to the sensor data control system;
generating, by the sensor data control system, a first configuration hash value using a hash function having an input based on the at least one configuration setting identified by the request;
receiving, by the sensor data control system from a gateway device at the monitored location, a status message associated with the wireless node at the monitored location, the status message including a second configuration hash value generated by the wireless node using the hash function and having an input based on current configuration settings of the wireless node;
comparing, by the sensor data control system, the first configuration hash value to the second configuration hash value; and when the comparison indicates that the first configuration hash value is different from the second configuration hash value, retransmitting, by the sensor data control system to the gateway device, the configuration message based on the request to effect a change in the current configuration settings of the wireless node.

US Pat. No. 10,193,750

MANAGING VIRTUAL PORT CHANNEL SWITCH PEERS FROM SOFTWARE-DEFINED NETWORK CONTROLLER

CISCO TECHNOLOGY, INC., ...

1. A computer-implemented method for configuring a virtual port channel (VPC) domain comprising:determining that a first switch and a second switch are connected in a pair of switch peers in the VPC domain via a shared VPC-peerlink;
determining, by the first switch, that the first switch is in a primary role;
determining a first unique identifier for the first switch, a first VPC portchannel number for the first switch, and a first orphan port number for the first switch;
receiving, from the second switch via the VPC-peerlink, a second unique identifier for the second switch, a second VPC portchannel number for the second switch, and a second orphan port number for the second switch;
associating the second VPC portchannel number for the second switch and the first VPC portchannel number for the first switch with a unified VPC portchannel number;
creating a first unique orphan port number for the first switch and a second unique orphan port number for the second switch;
sending, to a controller along with a request for port configuration data, the unified VPC portchannel number and the first unique orphan port number and the second unique orphan port number; and
receiving, by the first switch from the controller, the port configuration data in the form of VLAN address configuration data.

US Pat. No. 10,193,749

MANAGED FORWARDING ELEMENT EXECUTING IN PUBLIC CLOUD DATA COMPUTE NODE WITHOUT OVERLAY NETWORK

NICIRA, INC., Palo Alto,...

1. A method for a network controller that manages a logical network implemented in a public datacenter comprising forwarding elements to which the network controller does not have access, the method comprising:identifying a data compute node, that operates on a host machine in the public datacenter, to attach to the logical network, the data compute node having a network interface with a network address provided by a management system of the public datacenter, wherein the data compute node executes (i) a workload application and (ii) a managed forwarding element comprising a first bridge that connects via an internal port to the workload application and a second bridge that connects to the network interface of the data compute node; and
distributing configuration data for configuring the managed forwarding element, wherein, based on the configuration data, the managed forwarding element receives data packets sent to and from the workload application on the data compute node and performs network security processing on the data packets with the first bridge without performing logical forwarding operations, wherein the data packets sent by the workload application have the provided network address as a source address when received by the managed forwarding element and are not encapsulated by the managed forwarding element before being transmitted from the data compute node.

US Pat. No. 10,193,748

ENABLING CONFIGURATION IN NETWORKS

Extreme Networks, Inc., ...

1. A method comprising:receiving a Link Layer Discovery Protocol (LLDP) message from an edge configuration device, wherein the LLDP message contains shortest path bridging (SPB) configuration information; and
performing, using the SPB configuration information within the LLDP message received from the edge configuration device, an intermediate system-to-intermediate system (IS-IS) configuration in response to receiving the LLDP message.

US Pat. No. 10,193,747

FAULT DETECTION METHOD AND DEVICE

HUAWEI DEVICE CO., LTD., ...

1. A method for fault detection, comprising:receiving, by a terminal device, a touch control operation performed by a user on a preset fault detection key;
determining, by the terminal device, a fault detection instruction according to the touch control operation;
determining, by the terminal device, a service type of a to-be-detected fault according to the fault detection instruction, wherein the to-be-detected fault is a type of fault that the fault detection instruction designates for detection, and the service type of the to-be-detected fault is that of a service that is configured to process information that is of a same type as the type of the to-be-detected fault;
determining, by the terminal device, fault detection content according to the service type, wherein the fault detection content includes operational information associated with successful operation of the service that is configured to process the information that is of the same type as the type of the to-be-detected fault;
analyzing, by the terminal device, the fault detection content including the operational information to obtain a detection result; and
presenting, by the terminal device, the detection result.

US Pat. No. 10,193,746

DEADLOCK AVOIDANCE USING MODIFIED ETHERNET CONNECTIVITY FAULT MANAGEMENT SIGNALING

Juniper Networks, Inc., ...

1. A first maintenance endpoint (MEP) device, comprising:a memory; and
one or more processors to:
identify that a first interface of the first MEP device is associated with a connectivity failure;
provide, to a second MEP device, a first continuity check message (CCM), that includes a MEP identifier of the first MEP device, based on identifying that the first interface of the first MEP device is associated with the connectivity failure,
the first CCM to cause the second MEP device to invoke an action profile,
the second MEP device to designate a second interface of the second MEP device as being offline based on the action profile;
receive, from the second MEP device, a second CCM, that includes the MEP identifier of the first MEP device and information indicating that the second interface of the second MEP device is offline, based on the second MEP device designating the second interface of the second MEP device as being offline; and
execute a rule to avoid a deadlock situation based on the second CCM including the MEP identifier of the first MEP device.

US Pat. No. 10,193,745

RADIO INTERRUPT

Hewlett Packard Enterpris...

1. An apparatus, comprising:a first processing resource connected via an interface to a second processing resource, the first processing resource to execute instructions to:
receive an interrupt generated by a radio coupled to the second processing resource;
increment a counter in response to receiving the interrupt during a configurable time interval;
determine that the counter has not been incremented during a threshold number of configurable time intervals, wherein a duration of a threshold time interval included in the threshold number of configurable time intervals is configurable; and
reboot the first processing resource and the second processing resource in response to the determination that the counter has not been incremented during the threshold number of configurable time intervals.