US Pat. No. 10,798,115

APPARATUS AND METHOD FOR DETECTING MALICIOUS DEVICE BASED ON SWARM INTELLIGENCE

ELECTRONICS AND TELECOMMU...

1. A method for detecting a malicious device based on swarm intelligence, the method being performed using an apparatus for detecting a malicious device based on swarm intelligence, the method comprising:detecting a malicious device by causing at least one exploration ant to access a device swarm along movement routes in which pheromone trail values are taken into consideration, wherein the at least one exploration ant is generated in response to a detection request received from a security management server;
when the at least one exploration ant detects a suspicious device that is suspected to be a malicious device, causing the exploration ant to return along the movement routes in reverse order, and returning pheromone trail values generated by devices on the return movement routes to the malicious device detection apparatus; and
identifying whether the suspicious device is the malicious device by calculating an optimal solution based on a local information set that is generated by aggregating the pheromone trail values returned for respective movement routes,
wherein detecting the malicious device is configured to generate pheromone trail values for the movement routes using the pheromone update weights determined depending on the types of the exploration ants.

US Pat. No. 10,798,114

SYSTEM AND METHOD FOR CONSISTENCY BASED ANOMALY DETECTION IN AN IN-VEHICLE COMMUNICATION NETWORK

Argus Cyber Security Ltd....

1. A system including a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform security operations, the operations comprising:monitoring traffic on a first network portion of an in-vehicle communication network;
monitoring traffic on a second, different network portion of the in-vehicle communication network;
receiving a first message from the first network portion;
if a specific, second message was not received, from the second network portion, during a time interval that precedes a reception time of the first message or
if a specific, second message is not received, from the second network portion, during a time interval that follows the reception time of the first message, then determining that the first message is anomalous; and
if it is determined that the first message is anomalous, then performing at least one action.

US Pat. No. 10,798,113

INTERACTIVE GEOGRAPHIC REPRESENTATION OF NETWORK SECURITY THREATS

SPLUNK INC., San Francis...

1. A computerized method comprising:receiving event data associated with an organization's network, wherein the event data is comprised of machine data;
identifying one or more anomalies automatically determined from the event data;
identifying one or more threats to the organization's network, wherein threats are identified from and associated with one or more of the identified anomalies, and each threat is classified as being of a type from a set of types and is associated with a device participating in the threat, and wherein the device is associated with a geographical location;
causing display, in a graphical user interface, of identified threats on a geographical map, wherein each threat is depicted at a geographical location on the map corresponding to the location of the associated device; and
in response to receiving at least one user input associated with a depicted threat on the map via the graphical user interface, causing display of an identification of the classification of the type of the depicted threat and an identification of each anomaly associated with the depicted threat.

US Pat. No. 10,798,112

ATTRIBUTE-CONTROLLED MALWARE DETECTION

FireEye, Inc., Milpitas,...

1. A computerized method for authenticating access to a subscription-based service that detects a potential cyber-attack, the method comprising:receiving, by a cloud broker, service policy level information that includes at least an identifier of a sensor, the sensor being configured to (i) obtain one or more objects, (ii) perform a preliminary analysis on the one or more objects, and (iii) determine whether further analyses of the one or more objects is to be conducted in response to the sensor, during the preliminary analysis, determining that the one or more objects correspond to one or more suspicious objects associated with a potential cyber-attack;
receiving, by the cloud broker, information based on operational metadata, the operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service; and
using, by a cloud broker, both the service policy level information and the information based on the operational metadata in (i) selecting a cluster from the plurality of clusters to analyze the one or more objects submitted by the sensor and (ii) establishing a communication session between the sensor and the cluster via the cloud broker to transmit the one or more objects from the sensor to the cluster.

US Pat. No. 10,798,111

DETECTING INTRUSION ATTEMPTS IN DATA TRANSMISSION SESSIONS

International Business Ma...

1. A computer-implemented method comprising:identifying a data transmission session, said data transmission session associated with a display-oriented data transmission scheme, wherein said display-oriented data transmission scheme is block-oriented, transmitting said display-oriented data in blocks of data;
identifying one or more outbound data streams associated with said display oriented data transmission scheme of said data transmission session;
determining one or more transmission session characteristics associated with each of said one or more outbound data streams, wherein the one or more transmission session characteristics include geometric properties mapping presentation of said outbound data stream to a display screen;
determining one or more protected fields within said one or more outbound data streams, based on said one or more geometric properties associated with each of said one or more outbound data streams;
identifying an inbound data stream directed to said display-oriented data transmission scheme of said data transmission session;
simultaneously monitoring attempts to write to the one or more protected fields with determining new protected fields by monitoring outbound data streams;
determining whether said inbound data stream attempts to write to at least one of said one or more protected fields; and
in response to determining that said inbound data stream attempts to write to at least one of said one or more protected fields, determining an intrusion detection report, which includes identification of a source of said inbound data stream, wherein said intrusion detection report comprises:
one or more intrusion notifications;
one or more intruding client identifications;
one or more intruding inbound data stream identifications; and
one or more outbound data stream identifications.

US Pat. No. 10,798,110

METHOD AND SYSTEM FOR IDENTIFYING NETWORK LOOPS

Alibaba Group Holding Lim...

1. A method, comprising:determining that a first data packet has a time to live (TTL) that at least meets a first condition, the first data packet having a destination internet protocol (IP) address, comprising:
comparing the TTL of the first data packet with a first preset threshold value; and
in response to a comparison result that the TTL of the first data packet does not exceed the first preset threshold value, determining that the first data packet has a TTL that at least meets the first condition;
within a time period after the determining of the first data packet having a TTL that at least meets the first condition, identifying a plurality of second data packets that are to be transmitted to the same destination IP address as the first data packet; and
determining whether a network loop exists for the destination IP address based on TTLs of the plurality of second data packets, comprising:
determining whether a TTL of a second data packet at least meets a second condition, comprising:
comparing the TTL of the second data packet with a second preset threshold value, wherein the second preset threshold value is lower than the first preset threshold value; and
in response to a comparison result that the TTL of the second data packet does not exceed the second preset threshold value, determining that the TTL of the second data packet at least meets the second condition; and
in response to a determination that the TTL of the second data packet at least meets the second condition, determining that the network loop exists for the destination IP address, comprising:
determining whether a first sequence number of the second data packet matches a second sequence number of another second data packet; and
in response to determination that the first sequence number matches the second sequence number, omitting a determination that the network loop exists; and
in response to a determination that the network loop exists for the destination IP address:
recording the destination IP address in a loop diversion blacklist; and
stopping diversion of data packets in the network traffic that are to be transmitted to the destination IP address.

US Pat. No. 10,798,109

ADAPTIVE TRUST PROFILE REFERENCE ARCHITECTURE

Forcepoint LLC, Austin, ...

1. A computer-implementable method for generating and managing an adaptive trust profile, comprising:monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;
converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity;
generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system, the adaptive trust profile comprising a collection of information describing an identity of the entity and an associated behavior of the entity, the adaptive trust profile system executing on a hardware processor of an information handling system;
determining, via the adaptive trust profile system, whether an event of the plurality of events enacted by the entity is of analytic utility, the event being of analytic utility indicating an entity behavior associated with the event represents a security risk;
generating, via the adaptive trust profile system, contextual information about the event based upon an entity profile, the contextual information comprising information relating to a particular entity behavior;
deriving, via the adaptive trust profile system, a meaning from the contextual information associated with the event, the meaning including an inference of an intent of the entity associated with the event; and,
updating, via the adaptive trust profile system, the adaptive trust profile of the entity based upon the contextual information about the event and the intent of the entity associated with the event.

US Pat. No. 10,798,108

APPARATUS AND METHOD FOR A MULTI-ENTITY SECURE SOFTWARE TRANSFER

Marvell Asia Pte, Ltd., ...

1. A method for a multi-entity secure software transfer, comprising:configuring a first communication interface controller at a first hardware entity and a second communication interface controller at a second hardware entity to disallow all external access to the respective first hardware entity and the second hardware entity except a communication link configuration access;
establishing a communication link between the first hardware entity and the second hardware entity subsequent to the configuring;
receiving the secure software at the first hardware entity from the second hardware entity via the communication link;
writing the secure software to a temporary storage at the first hardware entity;
copying the secure software from the temporary storage to a secure storage at the first hardware entity;
retrieving from a non-volatile storage at the first hardware entity a public key; and
authenticating the secure software in the secure storage using the public key.

US Pat. No. 10,798,107

APPLICATION PLATFORM WITH FLEXIBLE PERMISSIONING

PayPal, Inc., San Jose, ...

1. A system, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
receiving an application programming interface (API) call from an application server, wherein the API call is associated with a transaction request being processed through the application server for an end-user;
accessing a plurality of transactions processed through the application server based on one or more API calls to the system;
determining, from a plurality of access levels, an access level for the API call based on the plurality of transactions; and
processing the API call for the application server according to the determined access level.

US Pat. No. 10,798,106

SYSTEM FOR PROVIDING LAYERED SECURITY

1. A first system, comprising:a memory that stores instructions;
a processor that executes the instructions to perform operations, the operations comprising:
enabling a device ecosystem to access a first portion of a second system based on a confidence score of the device ecosystem satisfying a first threshold for a specific level of access for accessing the first portion of the second system;
determining if the confidence score satisfies a second threshold for accessing a second portion of the second system, wherein the second threshold is different from the first threshold;
preventing the device ecosystem from accessing the second portion of the second system if the confidence score does not satisfy the second threshold;
providing the device ecosystem with access to the second portion of the second system if the confidence score does satisfy the second threshold;
adjusting a validation requirement for accessing the second portion of the second system in response to a different device ecosystem attempting to access the second system, wherein the validation requirement is adjusted based on types of devices in the different device ecosystem;
determining, if the confidence score does not meet the first threshold, if a third device is in proximity with a first device and a second device of the device ecosystem; and
adjusting the confidence score if the third device is in proximity with the first device and the second device.

US Pat. No. 10,798,105

ACCESS CONTROL VALUE SYSTEMS

Bank of America Corporati...

1. An access control system, comprising:a first network node comprising:
a memory comprising context rules linking content with access control tag values for access control tag arrays; and
a tagging engine implemented by a first processor operably coupled to the memory, configured to:
obtain a data element;
link the data element with an access control tag array comprising a plurality of access control tags, wherein:
each access control tag is linked with an end user group; and
each access control tag comprises a baseline access control tag value;
identify the content of the data element;
apply the context rules to the access control tag array based on the identified content, wherein applying the context rules changes the access control tag value for one or more of the access control tags in the access control tag array linked with the data element; and
send the data element with the access control tag array to a target network node within an end user group;
and
a second network node comprising:
a routing engine implemented by a second processor, configured to:
intercept the data element and the access control tag array;
identify the end user group associated with the target network node;
determine an access control level associated with the end user group;
identify an access control tag value in the access control tag array corresponding with the end user group;
determine whether the identified access control value is greater than or equal to the access control level associated with the end user group;
forward the data element to the target network node in response to determining that the access control value is greater than or equal to the access control level associated with the end user group; and
block transmission of the data element to the target network node in response to determining that the access control value is less than the access control level associated with the end user group.

US Pat. No. 10,798,104

NETWORKED COMMUNICATIONS CONTROL FOR VEHICLES

Ford Global Technologies,...

1. A vehicle comprising:a read only filter arranged between a lower security network (LSN) and a higher security network (HSN), wherein the read only filter receives communication requests from the LSN and sends a corresponding instruction to the HSN, the corresponding instruction including a predetermined set of instructions based on the communication requests from the LSN, wherein the read only filter strips a payload from the communication requests on the LSN and repackages the payload with a HSN protocol in the predetermined set of instructions;
a monodirectional path arranged parallel to the read only filter and configured to exclusively pass data from the HSN to the LSN, wherein the read only filter includes mask read only memory (ROM); and
a gateway controller configured to
monitor an amount of data traffic at the HSN,
in response to the amount of data traffic at the HSN exceeding a predefined amount of traffic, alter a duty cycle associated with the read only filter according to utilization of the HSN to alter a data rate through the filter but not through the monodirectional path.

US Pat. No. 10,798,103

ADAPTIVE DEVICE ENROLLMENT

VWware, Inc., Palo Alto,...

1. A method for dynamically determining enrollment requirements and enrolling a user device into a management system, comprising:receiving user credentials at an application installed on the user device, the application not being an agent application dedicated to perform device enrollment;
receiving, at the application, an access token based on the user credentials;
receiving, at the application, an identification of an organizational group to which the user belongs;
receiving a determination that the user device is not able to directly enroll with the management system through the application based, at least in part, on one or more attributes associated with the user or the user device;
pausing a UI of the application and redirecting the user to download the agent application;
installing the agent application;
passing the user credentials from the application to the agent application;
enrolling, by the agent application, the user device with the management server;
unpausing the UI of the application;
displaying, at the user device, a prompt for the user to select one or more managed applications to install on the user device; and
downloading the managed applications selected by the user.

US Pat. No. 10,798,102

PROTECTING DATA AT AN OBJECT LEVEL

International Business Ma...

1. A computer-implemented method, comprising:identifying an object within a system;
extracting metadata associated with the object by identifying one or more characteristics of the object;
providing as input, to an artificial neural network (ANN), the metadata associated with the object;
receiving as output, from the ANN, a logical protection level for the object;
identifying a predetermined mapping between the logical protection level and a physical protection level;
identifying the physical protection level for the object within the system, based on the predetermined mapping; and
implementing, via data storage techniques including a hardware level of protection and a software level of protection, the physical protection level for the object within the system, based on the logical protection level for the object.

US Pat. No. 10,798,101

MANAGING SECURITY GROUPS FOR DATA INSTANCES

Amazon Technologies, Inc....

1. A system, comprising:at least one processor; and
a memory, storing program instructions that when executed by the at least one processor cause the at least one processor to implement a data storage service, wherein the data storage service is configured to:
receive, via a control plane interface, a request to add or update a control security group for a data instance in the data storage service that is associated with a native security group for the data instance, wherein the control plane interface provides a management interface for managing the data instance separate from a data plane interface for accessing data of the data instance;
create or update the control security group for the data instance with a permission in the control security group that determines an access level of each member of the control security group without modifying the native security group;
store the permission in the control security group created or updated according to the request for use in determining subsequent access to the data instance by a member of the control security group; and
control access to the data instance via the data plane interface based, at least in part, on the control security group.

US Pat. No. 10,798,100

MANAGING MEMBERSHIP IN A PRIVATE DATA EXCHANGE

Snowflake Inc., San Mate...

1. A method comprising:adding a new member to a data exchange, wherein the data exchange comprises a set of listings stored on one or more virtual warehouses, each listing comprising data from one or more datasets stored on a cloud computing service and the set of listing made available to members of the data exchange via the one or more virtual warehouses;
assigning an account type to the new member, the account type comprising at least one of a consumer type, provider type, or exchange administrator type, wherein each of the consumer type, the provider type, and the exchange administrator type is associated with one or more rights with respect to the set of listings, such that the new member has a set of rights based on the account type; and
modifying, by a processing device, the set of rights of the new member with respect to a listing from the set of listings based on a set of visibility and access rules for the listing, wherein the new member queries a reference database having a portion of the data of the listing that is filtered based on the set of visibility and access rules for the listing.

US Pat. No. 10,798,099

ENHANCED VALUE COMPONENT PREDICTIONS USING CONTEXTUAL MACHINE-LEARNING MODELS

Live Nation Entertainment...

1. A computer-implemented method, comprising:collecting, at a primary load management system, a data set from a plurality of user devices, the data set including one or more attributes associated with an interaction between a user device of the plurality of user devices and the primary load management system;
receiving, at a secondary load management system, a communication from an access-right requestor device, the communication enabling the access-right requestor device to request reassignment of access rights to resources using the secondary load management system, and the access-right requestor device being operated by an access-right requestor;
displaying, at the access-right requestor device, an interface that enables the access-right requestor device to generate a query for one or more databases storing a set of assigned access rights to one or more resources, and each assigned access right of the set of assigned access rights having been assigned to an access-right holder and being available for reassignment to other users;
receiving, at the interface, a constraint for querying the one or more databases, the constraint being received from the access-right requestor device;
querying the one or more databases using the constraint, the querying causing one or more assigned access rights of the set of assigned access rights to be identified, each assigned access right of the one or more assigned access rights satisfying the constraint;
displaying, at the interface, the one or more assigned access rights that satisfy the constraint;
receiving a signal from the access-right requestor device, the signal requesting that a particular assigned access right of the one or more assigned access rights be reassigned to the access-right requestor, the particular assigned access right having been assigned to a particular access-right holder and granting access to the particular access-right holder to access a particular resource;
in response to receiving the signal from the access-right requestor device, generating a context vector associated with the access-right requestor, the context vector being generated based on one or more features associated with the access-right requestor, the access-right requestor device, or the particular assigned access right;
evaluating the context vector using a trained contextual machine-learning model, the trained contextual machine-learning model having been trained using the collected data set, the evaluation of the context vector using the trained contextual machine-learning model resulting in generating an output corresponding to a prediction of a value to use as a value component of a reassignment value condition specific to the particular assigned access right, the reassignment value condition being defined by combining one or more value components, and the reassignment value condition, once satisfied, enabling the reassignment of the particular assigned access right; and
displaying, at the interface, the reassignment value condition of the particular assigned access right, the reassignment value condition being determined based on a combination of the one or more value components including the predicted value used as the value component, and the reassignment value condition, once satisfied, enabling the particular assigned access right to be reassigned from the particular access-right holder to the access-right requestor.

US Pat. No. 10,798,098

ACCESS CONTROL FOR ENTERPRISE KNOWLEDGE

Google LLC, Mountain Vie...

1. A method implemented in a data processing apparatus, comprising:accessing documents of an enterprise that are accessible to a member of the enterprise, the documents including data describing entities related to the enterprise and relationships among the entities, and enterprise information specific to the member;
identifying entity facts of the entities from the documents, each entity fact describing at least one feature of the entity, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein identifying the entity facts comprises selecting each document from the documents, and for the selected document:
determining a first entity identified within the document;
determining a second entity identified within the document;
determining a relationship between the first entity and the second entity that is described within the document; and
generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document;
wherein multiple entity facts are derived from a selected document;
determining, for each entity fact, from the respective access control list of each resource from which the entity fact is derived, an entity fact access control list, wherein:
each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and
at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified;
determining, by a computer-implemented assistant and based on the entity fact data and the entity fact access control lists, only the entity facts that are accessible to the member according to the entity fact access control lists and enterprise actions to perform for the member, wherein an enterprise action is an action specific to the member's enterprise-related responsibilities; and
for each enterprise action determined to be performed, causing a user device of the member to present a notification describing the enterprise action to the member.

US Pat. No. 10,798,097

INTELLIGENT REDIRECTION OF AUTHENTICATION DEVICES

Dell Products L.P., Roun...

1. A method, implemented by an agent that executes on a server in a virtual desktop infrastructure environment, for intelligently redirecting an authentication device, the method comprising:in conjunction with redirecting an authentication device from a client device to the server to allow the authentication device to be accessed by applications executing within a remote session on the server, registering with an operating system on the server to receive notifications of state changes of the remote session;
receiving, from the operating system, a notification that the remote session has been locked;
in response to the notification that the remote session has been locked, instructing a client-side proxy to cause the authentication device to no longer be redirected to the server but to be connected locally at the client device to thereby allow the authentication device to be used on the client device to unlock the remote session; and
in response to the remote session being unlocked, causing the authentication device to again be redirected from the client device to the server.

US Pat. No. 10,798,096

METHODS TO AUTHORIZING SECONDARY USER DEVICES FOR NETWORK SERVICES AND RELATED USER DEVICES AND BACK-END SYSTEMS

Telefonaktiebolaget LM Er...

1. A method of authorizing a secondary user device for a network service provided over a network, the method comprising:responsive to receiving a request from a primary user device, transmitting a voucher over the network to the primary user device, wherein the voucher is exchanged for an authorization waiver, for the network service, that does not require entering user credentials via the secondary user device, wherein the authorization waiver includes a session cookie, and wherein the voucher is exchanged from the primary user device to the secondary user device directly via short-range communication;
receiving a request for the authorization waiver from the secondary user device over the network, wherein the request for the authorization waiver includes the voucher that was transmitted to the primary user device;
responsive to receiving the request from the secondary user device including the voucher, transmitting an authorization waiver to the secondary user device; and
invalidating the voucher responsive to receiving the request for the authorization waiver.

US Pat. No. 10,798,095

AUTHENTICATION METHOD, DEVICE AND AUTHENTICATION CLIENT

Alibaba Group Holding Lim...

1. An authentication method, performed by a browser, comprising:receiving information to be authenticated from user input;
sending an authentication request to an authentication client, wherein the authentication request comprises the information to be authenticated and a jump parameter for implementing a jump operation between the authentication client and the browser, and the jump parameter corresponds to identification information of the browser;
determining a first time when the authentication request is sent to the authentication client and a second time when a jump operation from the browser to the authentication client is completed;
when a time difference between the first time and the second time is greater than a threshold, sending an authentication result request to the authentication client;
receiving a page jump request from the authentication client for jumping from the authentication client to the browser according to the identification information, the page jump request comprising an authentication result of the information to be authenticated; and
displaying the authentication result according to the identification information.

US Pat. No. 10,798,094

BLOCKCHAIN-BASED ACCOUNT MANAGEMENT

Alibaba Group Holding Lim...

1. A computer-implemented method for account management, the method comprising:verifying an identity of an administrator of an enterprise account registered with a service system;
in response to verifying the identity of the administrator, determining a digital certificate for proving authenticity of the administrator and an enterprise associated with the enterprise account;
sending the digital certificate to a second client installed on a second end-user device of the administrator;
after sending the digital certificate to the second client:
obtaining personal information of a current user from the second client based on authorization management information, wherein the personal information of the current user is input by the administrator;
obtaining identity information of the administrator from the second client;
performing identity verification on the administrator based on the identity information of the administrator to verify the identity of the administrator;
in response to verifying the identity of the administrator, obtaining signature information for digest information from the second client, wherein the digest information is generated based on at least operation permission information of the current user for the enterprise account and the personal information of the current user, and the signature information is generated by the second client based on the digital certificate;
generating proxy permission information comprising at least the operation permission information, the personal information of the current user, the digest information, and the signature information; and
uploading the proxy permission information to a blockchain;
receiving a permission query message from the service system, wherein the service system sends the permission query message to query operation permission of the current user for the enterprise account in response to the current user performing a service operation based on the enterprise account;
obtaining verification information from a first client based on the permission query message, wherein the first client is installed on a first end-user device of the current user, and the verification information is associated with an identity of the current user;
determining that the verification information is valid;
in response to determining that the verification information is valid, obtaining, from the blockchain, proxy permission information for the current user, wherein the proxy permission information for the current user, and wherein operation permission indicated by the operation permission information is specified by the administrator of the enterprise account; and
sending the proxy permission information to the service system, the proxy permission information configured to be usable by the service system to determine whether to authorize the current user to perform an operation on the enterprise account.

US Pat. No. 10,798,093

GTLD DOMAIN NAME REGISTRIES RDAP ARCHITECTURE

VERISIGN, INC., Reston, ...

1. A method for providing an Registration Data Access Protocol (“RDAP”) response, the method comprising:obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user;
providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with a plurality of thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one thick RDAP answer is encrypted by at least one of the plurality of thick RDAP servers using a first symmetric key or asymmetric key provided by a key management service and associated with the cryptographic credential of the RDAP client;
obtaining, at the RDAP client, a consolidated thick and encrypted RDAP answer to the RDAP query from the RDAP server;
decrypting, by the RDAP client, the consolidated thick and encrypted RDAP answer using a second symmetric key or asymmetric key associated with the cryptographic credential to produce a decrypted thick RDAP answer, wherein the second symmetric key or asymmetric key corresponds to the first symmetric key or asymmetric key; and
providing, by the RDAP client, the decrypted thick RDAP answer to the user.

US Pat. No. 10,798,092

DOMAIN JOINED VIRTUAL NAMES ON DOMAINLESS SERVERS

Microsoft Technology Lice...

1. An apparatus in an authenticating operating environment, the apparatus comprising:at least one processor;
at least one memory in operable communication with at least one processor;
an authentication subsystem which includes software executable by at least one processor using at least one memory to (a) obtain a first set of security domain credentials for a first security domain, (b) obtain a first virtual name for a first computer account, the first virtual name distinct from any other virtual name for the authenticating operating environment which is recognized by the authenticating operating environment, the first virtual name also distinct from any computer name for the authenticating operating environment which is recognized by the authenticating operating environment, (c) obtain a first secret corresponding to the first virtual name, and (d) authenticate the apparatus to the first security domain as the computer account using the first set of security domain credentials, the first virtual name, and a proof of knowledge of the first secret; and
wherein the apparatus is not joined with the first security domain in at least one of the following ways:
an operating system of the apparatus is not joined with the first security domain;
logon sessions local to the apparatus do not use first security domain credentials without impersonating a first security domain member; or
logon sessions local to the apparatus do not use first security domain credentials without using the authentication subsystem.

US Pat. No. 10,798,091

MULTI-STEP AUTHENTICATION USING OBJECTIVE AND SUBJECTIVE CREDENTIALS

International Business Ma...

1. A method for multi-step authentication using objective and subjective credentials,the method comprising a setting-up procedure and an authentication procedure,
where the setting-up procedure comprises:
receiving from a user, by a user-authentication system, a selection of an objective log-in credential;
recognizing, by the user authentication system,
an identification by the user of a first subjective challenge; and
further receiving from the user, by the user-authentication system, a first subjective description of an emotional response of the user to the first subjective challenge, where the first subjective description consists of a natural-language description entered by the user in response to an interactive request for such a response made by the user-authentication system; and
where the authentication procedure comprises:
identifying, by the user-authentication system, a request from the user to log onto a secured system;
accepting from the user, by the user-authentication system, the objective log-in credential;
communicating to the user, by the user-authentication system, a second subjective challenge that is different from the first subjective challenge, where the second subjective challenge is correlated with the first subjective challenge;
further accepting from the user, by the user-authentication system, a second subjective description of a user's emotional response to the second subjective challenge;
confirming, by the user authentication system, that the second subjective description is consistent with the first subjective description and,
where the confirming comprises inferring, by the user-authentication system, that the first subjective challenge and the first subjective description share identical objective characteristics with the second subjective challenge and the second subjective description; and
where the first subjective description is associated with the first subjective challenge and the second subjective description is associated with the second subjective challenge; and
granting the user, by the user-authentication system, access to the secured system in response to the confirming.

US Pat. No. 10,798,090

USER AUTHENTICATION METHOD, SYSTEM FOR IMPLEMENTING THE SAME, AND INFORMATION COMMUNICATION TERMINAL USED IN THE SAME

Passlogy Co., Ltd., Toky...

1. An authentication system for performing authentication for a user who uses a usage target system, by way of using an information communication terminal that is provided for the user on a client side, comprising:an authentication database configured to manage, for each user, user account information including a token ID for identifying a security token of the user; and
a synchronization server configured to generate a first token code in accordance with the token ID included in the user account information,
wherein the information communication terminal performs to:
store a password derivation pattern constituted by specific elements selected from among elements forming a geometrical pattern in a memory;
acquire a second token code directly from a security token arranged at the user without receiving the first token code from the synchronization server at the time when authentication determination is performed, the second token code being in synchronization with the first token code generated by the synchronization server, wherein the security token is at least one of a software token installed in the information communication terminal that is an application program implementing a security function and a hardware token that is a physical device;
generate a code table by assigning the second token code to the specific elements constituting the password derivation pattern in the geometrical pattern and assigning an arbitrary code to the remaining elements in the geometrical pattern;
display an entry screen for to-be-authenticated information on a user interface, the entry screen including the generated code table; and
transmit to the authentication system a user authentication request including a password entered to the entry screen, and
the authentication system performs to:
receive the user authentication request transmitted by the information communication terminal;
identify a token ID corresponding to the user authentication request by referring to the authentication database and perform authentication determination by comparing the first token code generated by the synchronization server in accordance with the identified token ID with a password included in the received user authentication request; and
transmit a result of the authentication determination to the usage target system.

US Pat. No. 10,798,089

SYSTEM AND METHOD FOR CAPTURING INFORMATION

Capital One Services, LLC...

1. A computer-implemented method for capturing webpage information, comprising:sending, by a client device including a processor, an indication from a web browser application executing on the client device to a server that a user desires to complete an online application;
executing, by the client device, the web browser application and instructions for a web browser extension for the web browser application;
receiving, by the client device, a credential for associating a user with a profile stored on a server;
providing, by the client device, a webpage for display to the user using the web browser application;
receiving, by the client device, an indication that the user has made a selection using the web browser extension while the webpage is displayed to the user;
capturing, by the client device, at least one of a hypertext markup language (HTML) file or a cascading style sheet (CSS) file from the webpage based on the indication;
sending, by the client device, the captured file to a server over a network for storage in association with the profile;
sending, by the client device to the server over the network, a universal resource locator (URL) of the webpage from which the file was captured;
receiving, by the client device over the network from the server, the online application completed with information extracted from the captured file by a rule or algorithm associated with the URL, the rule or algorithm being configured to identify at least one of a keyword, a tag, or an attribute from the captured file; and
sending, by the client device to the server over the network, feedback associated with the extracted information, wherein the feedback is used to redefine or retrain the rule or algorithm.

US Pat. No. 10,798,088

SERVICE OBJECT ALLOCATION

Alibaba Group Holding Lim...

1. A computer-implemented method, comprising:receiving, at a server and from a first software client, a request to obtain at least one electronic credential, wherein the first software client is associated with a first user, wherein the server stores a plurality of electronic credentials,
wherein the plurality of electronic credentials stored at the server are divided into a plurality of types of electronic credential, and wherein the plurality of types of electronic credential are divided into a rare set of types of electronic credential and a common set of types of electronic credential;
determining an activeness of the first user, the activeness based on a social connectivity of the first user in a software application;
determining that the activeness of the first user is greater than or equal to a predetermined threshold;
in response to determining that the activeness of the first user is greater than or equal to the predetermined threshold, transmitting, from the server, an electronic credential having a type in the rare set of types to the first software client based on a predetermined rule;
receiving, at the server and from the first software client, an allocation request to extract a service object, wherein the allocation request comprises a second plurality of electronic credentials selected from electronic credentials obtained by the first software client;
determining, at the server, that a number of types of electronic credential included in the second plurality of electronic credentials is greater than or equal to a predetermined number; and
allocating the service object to the first software client based on a predetermined allocation rule, wherein the service object is selected from a service object set.

US Pat. No. 10,798,087

APPARATUS AND METHOD FOR IMPLEMENTING COMPOSITE AUTHENTICATORS

Nok Nok Labs, Inc., San ...

1. A client device comprising:one or more authenticators for authenticating a user of the client device with a relying party, each authenticator comprising a plurality of authentication components including at least one hardware authentication component, each of the authentication components within the client device performing a different function within a context of the authenticator within which it is used; and
component authentication logic on the client device to attest to a model or integrity of at least one of the plurality of authentication components to one or more of the other authentication components prior to allowing the authentication components to be combined on the client device to form the authenticator, wherein different combinations of authentication components are combined to form different authenticators, at least some of the authentication components are shared between authenticators, and each of the different authentication components is identified by the relying party using a unique authenticator attestation ID (AAID) code.

US Pat. No. 10,798,086

IMPLICIT CERTIFICATES USING RING LEARNING WITH ERRORS

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:acquiring a set of domain parameters, the domain parameters including parameters that describe a ring of integers, a hash function, and a domain polynomial;
acquiring, from a requesting entity, a certificate request and information that identifies the requesting entity, the certificate request based at least in part on a first sample from the ring of integers, the first sample selected by the requesting entity;
acquiring a second sample from the ring of integers; determining a public contribution value based at least in part on the certificate request, the second sample, and the domain polynomial;
generating an implicit certificate from the public contribution value and the information that identifies the requesting entity;
generating a requester-specific contribution value associated with the requester based at least in part on a private key of a public/private key pair associated with a certificate authority, a hash of the implicit certificate determined in accordance with the hash function, and the second sample; and
transmitting, to the requester, the implicit certificate;
wherein the certificate request is based at least in part on a first error term associated with the first sample;
the public contribution value is based at least in part on a second error term associated with the second sample; and
the requester-specific contribution value associated with the requester is based at least in part on a third error term associated with the private key.

US Pat. No. 10,798,085

UPDATING OF A DIGITAL DEVICE CERTIFICATE OF AN AUTOMATION DEVICE

Siemens Aktiengesellschaf...

1. A method for updating a digital device certificate of an automation device in an automation system, the method comprising:authenticating the automation device with respect to an authentication partner using at least one device certificate, the at least one device certificate being associated with device-specific configuration data relating to the automation device, the authenticating comprising automatically determining, by the automation device, in the event of or after a change in a configuration of the automation device, an updated device certificate having device-specific configuration data corresponding to the changed configuration of the automation device, and using the updated device certificate for authentication,
wherein the automation device comprises a plurality of predefined device certificates for determining the updated device certificate, the plurality of predefined device certificates having different device-specific configuration data corresponding to a respective plurality of changed configurations of the automation device, the plurality of predefined device certificates being predefined and stored on the automation device prior to any change in the configuration of the automation device, wherein determining the updated device certificate comprises selecting a device certificate having device-specific configuration data corresponding to the changed configuration of the automation device from the plurality of predefined device certificates having different device-specific configuration data.

US Pat. No. 10,798,084

SYSTEM AND METHOD FOR IDENTITY MANAGEMENT OF CLOUD BASED COMPUTING SERVICES IN IDENTITY MANAGEMENT ARTIFICIAL INTELLIGENCE SYSTEMS

SAILPOINT TECHNOLOGIES, I...

1. An identity management system for identity management for cloud based computing services in a distributed network computer environment, comprising:a hardware processor;
a non-transitory, computer-readable storage medium, including computer instructions executable by the hardware processor for:
obtaining identity management data from one or more source systems associated with a distributed enterprise computing environment, the identity management data comprising data on a set of identity management artifacts utilized in identity management for the distributed enterprise computing environment, wherein the source systems include a federated access provider and a cloud service provider;
evaluating the identity management data to determine a set of identities and a set of entitlements associated with the set of identities, including:
determining, from the identity management data, an Identity and Access Management (IAM) entity entitlement representing a first access right for an IAM entity of the cloud service provider, the IAM entity associated with an enterprise associated with the distributed computing environment, and
determining, from the identity management data, a cloud access entitlement associated with the federated access provider, wherein the cloud access entitlement represents a second access right for the IAM entity of the cloud service provider through the federated access provider such that the federated access provider allows a user to access the cloud service provider utilized by the enterprise;
receiving a synthetic role definition comprising a mapping between the IAM entity entitlement and the cloud access entitlement;
creating a synthetic role at the identity management system based on the received synthetic role definition, wherein the created synthetic role associates the IAM entity entitlement and the cloud access entitlement;
assigning the created synthetic role to a first identity, whereby assigning the created synthetic role to the first identity causes the first identity at the identity management system to be associated with the IAM entity, the cloud access entitlement and the mapping between the IAM entity entitlement and the cloud access entitlement; and
based on the assignment of the created synthetic role to the first identity, interacting with the federated service provider of the enterprise to provision a native account at the federated service provider associated with the first identity with the cloud access entitlement.

US Pat. No. 10,798,083

SYNCHRONIZATION OF MULTIPLE INDEPENDENT IDENTITY PROVIDERS IN RELATION TO SINGLE SIGN-ON MANAGEMENT

RED HAT, INC., Raleigh, ...

1. A method of synchronizing sessions, comprising:with a computing system associated with a local identity provider of a plurality of local identity providers, receiving an authentication request from a web application of a user device, the web application running in a browser;
with the computing system, establishing a local single sign-on session between the local identity provider and the browser;
with the computing system, determining that a master identity provider associated with the plurality of local identity providers is unavailable;
in response to determining that the master identity provider is unavailable, marking the local single sign-on session as unsynchronized with the master identity provider; and
after marking the local single sign-on session as unsynchronized with the master identity provider:
determining that the master identity provider is available;
after determining that the master identity provider is available, synchronizing the local single sign-on session with a master single sign-on session that is available to the plurality of local identity providers; and
marking the local single sign-on session as synchronized with the master identity provider.

US Pat. No. 10,798,082

NETWORK AUTHENTICATION TRIGGERING METHOD AND RELATED DEVICE

HUAWEI TECHNOLOGIES CO., ...

1. A system for triggering authentication, wherein the system comprises:a first network device configured to:
receive a first message from a terminal, wherein the first message carries first identity information, identifier information, and routing information, wherein the first identity information comprises identity information of the terminal encrypted based on a public key, wherein the identifier information indicates an encryption manner of the first identity information, wherein the routing information comprises a first routing information and a second routing information, and wherein the second routing information comprises an identifier of a device used for decrypting the first identity information;
determine a first security function entity within a home network of the terminal according to the first routing information;
send a second message to the first security function entity, wherein the second message carries the first identity information, the identifier information, and the second routing information;
receive an authentication vector from the first security function entity;
perform authentication for the terminal based on the authentication vector;
send an authentication acknowledgement to the first security function entity when the authentication for the terminal succeeds; and
receive a second identity information, wherein the second identity information comprises decrypted identity information; and
the first security function entity configured to:
receive the second message from the first network device;
determine a second network device according to the second routing information;
send the first identity information and the identifier information to the second network device;
receive the second identity information and the authentication vector from the second network device;
transmit the authentication vector to the first network device;
receive the authentication acknowledgement; and
send the second identity information to the first network device in response to the authentication acknowledgement.

US Pat. No. 10,798,081

METHOD, APPARATUS, AND SYSTEM FOR PROVIDING A SECURITY CHECK

Alibaba Group Holding Lim...

1. A method, comprising:receiving, by a server, a security verification request sent from a terminal, the security verification request comprising an identifier associated with a user;
obtaining, by the server, an identifier associated with the terminal based at least in part on the identifier associated with the user, wherein the identifier associated with the terminal is obtained in connection with the receiving of the security verification request;
obtaining, by the server, first verification element information based at least in part on the security verification request, or the identifier associated with the terminal or the user of the terminal;
generating, by the server, a digital object identifier based at least in part on the first verification element information;
sending, by the server, the digital object identifier to the terminal;
receiving, by the server, second verification element information from the terminal, wherein the second verification element information is determined by the terminal based at least in part on information extracted by the terminal from the digital object identifier; and
authenticating the terminal in response to a determination that the first verification element information and the second verification element information match, and a determination that a second timestamp included in the second verification element information is within a predefined time limit of a security check associated with the security verification request.

US Pat. No. 10,798,080

USER AUTHENTICATION IN COMMUNICATION SYSTEMS

SWISSCOM AG, Bern (CH)

1. A method for authenticating users in a communication network, the method comprising:generating an identification token in response to a user terminal loading a web page from a web server, wherein:
the identification token comprises a network address associated with a time stamp indicating when the network address is used by the user terminal; and
generating the identification token is triggered by the web server, wherein the triggering is in response to a request from the user terminal to load the web page;
obtaining user authentication information associated with the network address and the time stamp, wherein the user authentication information comprises a unique communication network user identifier; and
sending the user authentication information to the user terminal or to the web server for authenticating the user of the communication network.

US Pat. No. 10,798,079

VEHICLE WITH MOBILE TO VEHICLE AUTOMATED NETWORK PROVISIONING

Ford Global Technologies,...

1. A vehicle, comprising:a controller coupled to a wireless transceiver, and configured to:
in response to receiving a network hardware query from a mobile device in communication with the transceiver via a first wireless link,
communicate a configuration for in-vehicle network hardware to the mobile device via the first wireless link,
receive a wireless network credential from the mobile device via the first wireless link based on a user of the mobile device consenting to transfer the wireless network credential,
detect a wireless network identified by the wireless network credential that is stored in the vehicle,
adjust the wireless network credential to enable compatibility between the received wireless network credential and the in-vehicle network hardware by at least one of: inserting a time delay, redacting predefined parameters, supplementing predefined parameters, or converting a network address format,
authenticate and enable an automated connection between the in-vehicle network hardware and respective wireless network and provision the in-vehicle network hardware with wireless network credential as adjusted to prepare to connect to the mobile device via the respective wireless network, and
communicate a provisioning and connection status including a message that describes in-vehicle success and/or error to the mobile device in response to the hardware provisioning via the first wireless link.

US Pat. No. 10,798,078

SYSTEM FOR USING LOGIN INFORMATION AND HISTORICAL DATA TO DETERMINE PROCESSING FOR DATA RECEIVED FROM VARIOUS DATA SOURCES

RICOH COMPANY, LTD., Tok...

1. An apparatus comprising:one or more processors; and
one or more memories storing instructions which, when processed by the one or more processors, cause:
an electronic image processing and categorization (IPC) processor executing on the apparatus to receive a request and digital data from a data source;
the electronic IPC processor executing on the apparatus to analyze the digital data received from the data source to identify a particular user that sent the digital data;
retrieving, from a knowledge database, a particular association record stored for the particular user;
wherein the particular association record comprises a name of a particular agreement and a name of a particular service provider who provides services to the particular user, and indicates an application prior usage history of services provided by the particular service provider to the particular user;
the electronic IPC processor executing on an apparatus to automatically select, based on (1) the digital data received from the data source, (2) the application prior usage history of services provided for the particular user, and (3) the particular agreement, a particular processing application for processing the digital data from a plurality of processing applications that are capable of processing the digital data;
the electronic IPC processor executing on the apparatus to generate text data by converting the digital data into the text data;
the electronic IPC processor executing on the apparatus to extract particular information from the text data that is required by the particular processing application;
the electronic IPC processor executing on the apparatus to initiate execution of the particular processing application to cause the particular processing application to:
determine whether the particular information extracted from the text data includes all items for completing the request;
in response to determining that the particular information extracted from the text data includes all items for completing the request, complete the request; and
in response to determining that the particular information extracted from the text data does not include all items for completing the request, send a notification indicating that the request is incomplete.

US Pat. No. 10,798,077

SECURELY AUTHENTICATING UNTRUSTED OPERATING ENVIRONMENTS

Hewlett-Packard Developme...

1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for securely authenticating untrusted operating environments, which when executed by one or more processors, causes:a first operating environment executing on a physical machine, to send to a service or resource provider implemented by software executing upon physical hardware, a request for a service or resource provided by said service or resource provider;
a software module intercepting a message which requires said first operating environment to authenticate itself to said service or resource provider, in response to the request for the service or resource;
wherein said message, intercepted by said software module, was sent from said service or resource provider directly to said first operating environment;
wherein said software module executes outside of said first operating environment, wherein the first operating environment lacks access to an authentication mechanism necessary to successfully authenticate to the service or resource provider, and wherein said first operating environment is a first virtual machine;
the software module notifying a second operating environment, different than said first operating environment, of said message, wherein said second operating environment is a second virtual machine;
upon the second operating environment determining that said first operating environment should be permitted to authenticate to said service or resource provider, the second operating environment obtaining authentication data generated using said authentication mechanism; and
after the second operating environment obtains said authentication data, the second operating environment providing said authentication data to said first operating environment to allow said first operating environment to authenticate itself to said service or resource provider.

US Pat. No. 10,798,076

SECURELY AUTHORIZING ACCESS TO REMOTE RESOURCES

AirWatch, LLC, Atlanta, ...

1. A method for authorizing access to a cloud-based content repository, comprising:receiving a management identifier that indicates a mobile device is being managed by a management service;
transmitting an access request including the management identifier to the content repository;
determining whether the mobile device can access the resource identifier based on validity of the management identifier and whether the mobile device is in compliance with a configuration profile from the management service, wherein the compliance is checked at the time of receiving the access request; and
denying access to the content repository based on a determination that the mobile device is non-compliant with the configuration profile.

US Pat. No. 10,798,075

INTERFACE LAYER OBFUSCATION AND USAGE THEREOF

International Business Ma...

1. A method comprising:obtaining a key for a device, wherein the device is an instance of a single device, whereby different keys are obtained for different instances of the single device, wherein the device is configured to execute a computer program product, wherein the device is configured to execute two components, wherein at least one of the two components is part of the computer program product, wherein the two components are configured to interact with each other via an interface layer;
obfuscating the interface layer using the key, whereby producing an obfuscated interface layer;
providing, directly or indirectly, the two components with the key to allow the two components to utilize the obfuscated interface layer to interact with each other, instead of the interface layer;
obtaining a second key for a second device, wherein the second device is an instance of the single device, wherein the first key is different than the second key, wherein the device is configured to communicate with the second device via a second interface layer;
obfuscating the second interface layer using the second key, whereby producing a second obfuscated interface layer of the second device; and
modifying a component of the second device to utilize the second obfuscated interface layer of the second device instead of the second interface layer, whereby obtaining a modified component.

US Pat. No. 10,798,074

SYSTEM AND METHOD FOR PREVENTING WELL BEHAVING CLIENTS FROM CAUSING ACCOUNT LOCKOUTS IN A GROUP

Dell Products L.P., Roun...

1. A method for preventing account lockouts in a distributed computing node group, comprising:sending a message to a group to identify a master of the group;
receiving a response to the message, the response received from the master to identify the master of the group;
sending a first key-exchange message to the master, the first key-exchange message comprising:
a first timestamp;
a value computed based on a shared group passcode;
receiving a second key-exchange message from the master in response to the first key-exchange message, the second key-exchange message comprising:
a first secret based on the shared group passcode;
a second timestamp;
sending a third key-exchange message to the master, the third key-exchange message comprising:
a second secret generated after a validation of the first secret;
receiving a fourth key-exchange message from the master in response to the third key-exchange message, the fourth key-exchange message encrypted with an encryption key corresponding to the second secret;
decrypting the fourth key-exchange message using the encryption key to obtain a group session transport encryption key;
deriving a message key based on the group session transport encryption key and a seed; and
sending an encrypted message to the master, the encrypted message encrypted with the message key.

US Pat. No. 10,798,073

SECURE KEY MANAGEMENT PROTOCOL FOR DISTRIBUTED NETWORK ENCRYPTION

NICIRA, INC., Palo Alto,...

1. A method of providing encryption services in a system comprising a plurality of host computers, the method comprising:at a particular host computer executing (i) virtualization software and (ii) a plurality of compute nodes (CNs),
receiving, from a server that is external to the particular host computer and provides a set of encryption rules for encrypting messages on the particular host computer, a key voucher generated by the server based on a key policy defined by a manager computer that manages the plurality of host computers, the key voucher comprising a set of identifiers for identifying (i) the particular host computer and (ii) a particular encryption key associated with the particular host computer, wherein the key voucher is only generated for the particular host computer if the key policy applies to the virtualization software executed by the particular host computer;
sending a request for the particular encryption key to a key manager that is external to the particular host computer and separate from the server, said request comprising the key voucher, wherein the key manager uses the identifiers of the key voucher to authenticate the particular host computer as an authorized key requestor and retrieve the particular encryption key;
in response to the request for the particular encryption key, receiving the particular encryption key from the key manager; and
using the particular encryption key to encrypt a message sent by a compute node in the plurality of compute nodes executing on the particular host computer.

US Pat. No. 10,798,072

PASSWORD MANAGEMENT SYSTEM AND PROCESS

MASTERCARD INTERNATIONAL ...

1. A process for managing passwords of an entity application, the process comprising:receiving, at a password management device, functional account data representing a plurality of different functional accounts associated with the same entity application for use by a user, and corresponding password data of each functional account;
storing, into a repository, the functional account data; and
updating the password data of first and second functional accounts of the plurality of functional accounts associated with the entity, application by performing, at the password management device, the steps of:
i) retrieving, from the repository, the stored functional account data of the first and second functional accounts;
ii) processing the retrieved functional account data to generate new password data representing new passwords of the first and second functional accounts;
iii) storing, into the repository, the new password data; and
iv) transmitting the new password data for the first functional account to a first service device of the entity application and transmitting the new password data for the second functional account to a second service device of the entity application to synchronize the first and second service devices with the password management device, wherein the updating of the password data is performed based, at least in part, on the functional account data and corresponding scheduling data, the scheduling data representing criteria for updating the password of, at least, the first and second functional accounts.

US Pat. No. 10,798,071

IPSEC ANTI-RELAY WINDOW WITH QUALITY OF SERVICE

CISCO TECHNOLOGY, INC., ...

1. A method to provide an Internet protocol security (IPsec) anti-replay window with quality of service (QoS) at a first network endpoint, the method comprising:configuring a plurality of anti-replay windows, each of the plurality of anti-replay windows including a left edge and a right edge, the left edge being a lowest sequence number and the right edge being a highest sequence number;
generating a first security association (SA), the first SA including a first plurality of security parameter indexes (SPIs), each of the first plurality of SPIs being assigned to a specific QoS level, each of the first plurality of SPIs being assigned to one of the plurality of anti-replay windows;
establishing the first SA with a second network endpoint by assigning the first SA to a first encryption key and providing the first encryption key to the second network endpoint;
generating a second SA; and
establishing the second SA with the second network endpoint.

US Pat. No. 10,798,070

AUTHENTICATING CREDENTIALS FOR MOBILE PLATFORMS

Comcast Cable Communicati...

1. A method comprising:generating, by a demographic data collection service,
a plurality of identifiers,
wherein each identifier of the plurality of identifiers represents a unique consumer of content, and
wherein each identifier of the plurality of identifiers is anonymous to a content consumption data collection service and transparent to the demographic data collection service;
transmitting, by the demographic data collection service to the content consumption data collection service, the plurality of identifiers;
receiving, by the demographic data collection service,
content delivery data indicative of one or more events associated with content delivered to one or more of a plurality of mobile devices, wherein each of the plurality of mobile devices is associated with one of the unique consumers of content, and
one or more corresponding identifiers of the plurality of identifiers associated with the content delivery data;
associating demographic data with each identifier of the one or more corresponding identifiers of the plurality of identifiers; and
transmitting, by the demographic data collection service to the content consumption data collection service, the demographic data associated with each of the one or more corresponding identifiers of the plurality of identifiers.

US Pat. No. 10,798,069

SECURE VIRTUAL PERSONALIZED NETWORK

Neone, Inc., Austin, TX ...

1. A computer, comprising:an interface circuit configured to communicate with a group of electronic devices, wherein the group of electronic devices includes at least a first electronic device and a second electronic device;
memory configured to store program instructions; and
a processor, coupled to the interface circuit and the memory, configured to execute the program instructions, wherein, when executed by the processor, the program instructions cause the computer to perform one or more operations comprising:
receiving a set-up request associated with a first user of a first electronic device;
establishing an instance of a virtual machine that provides a container for a secure, virtual personalized network (SVPN) of the first user, wherein the SVPN facilitates secure communication between at least the first electronic device and the second electronic device;
receiving, via the interface circuit, an invitation message associated with the first electronic device, which specifies an address associated with a second user of the second electronic device;
providing, via the interface circuit, a guest message intended for the address, wherein the guest message comprises a link or information specifying the link to join the SVPN of the first user;
receiving, via the interface circuit, information that indicates activation of the link; and
providing, via the interface circuit, a second instance of an application intended for the second electronic device and associated with the SVPN, which, when installed and executed by the second electronic device, facilitates the secure communication.

US Pat. No. 10,798,068

WIRELESS INFORMATION PASSING AND AUTHENTICATION

NetIQ Corporation, Provo...

1. A method, comprising:receiving, by a secure server, a successful logon from a first device for access to a second device;
sending, by the secure server, a message to the second device;
obtaining, by the secure server, a response message from the first device based on a line-of-sight and light-based communication that is communicated by the second device to the first device and that provides an encrypted version of the message through the line-of-sight and light-based communication to a camera of the first device, wherein the first device decrypts the encrypted version of the message and provides back to the secure server as the response message;
authenticating, by the secure server, the response message received from the first device based at least in part on the message originally sent to the second device; and
instructing, by the secure server, the first device to allow the second device to establish a connection with the first device and access a resource of the first device based on the authenticating.

US Pat. No. 10,798,067

RECORDING ENCRYPTED MEDIA SESSION

Cisco Technology, Inc., ...

1. A method comprising:establishing a media call stream, wherein the media call stream is a voice over internet protocol call or video conference call and includes at least one parameter;receiving a request to record the media call stream;receiving, in response to receiving the request to record the media call stream, at least one stream key associated with the media call stream and the at least one parameter for the voice over internet protocol call or video conference call, wherein the media call stream is encrypted with the at least one stream key to produce an encrypted media call stream;
accessing, in response to receiving the request to record the media call stream, a master key;
encrypting, in response to receiving the request to record the media call stream, with a processor, the at least one stream key with the master key to produce an encrypted at least one stream key;
generating metadata for the media call stream;
encrypting, with the processor, the metadata with the master key; and
storing, in response to receiving the request to record the media call stream, the encrypted at least one stream key in association with the encrypted media call stream.

US Pat. No. 10,798,066

SYSTEM FOR RETRIEVING PRIVACY-FILTERED INFORMATION FROM TRANSACTION DATA

1. A computing system for obtaining a privacy-filtered response to a query of a system user, the computing system comprising:a server, the server comprising a server processor, tangible non-volatile server memory, server program code present on said server memory to instruct said server processor;
a computer-readable medium, the computer-readable medium comprising a database, said database comprising privacy settings comprising a privacy threshold; and
a device, said device comprising a device processor, tangible non-volatile device memory, and device program code present on said device memory to instruct said device processor;
wherein said server is configured to receive raw transaction data from an external source including a raw transaction database or a raw transaction feed, said raw transaction data comprising a plurality of raw transactions associated with a plurality of users, wherein said server is configured to receive said query of said system user via said device;
said computing system configured to obtain said privacy-filtered response to said query of said system user, said query relating to a company comprising one or more stores, said company relating to a plurality of products or services offered to one or more users via said one or more stores, at least one of said plurality of products or services relating to one or more brands, said query comprising query-related information including a store name or a brand name, said system further configured to:
receive said query from said system user via said device, said query relating to at least one of said stores at least one of said brands;
query said raw transaction data based on said query, obtaining raw query results;
process said raw query results, obtaining a response; and
return said response to said system user via said device;
wherein said database comprises business data, said business data comprising at least one of user information company information; wherein said response concerns said privacy-filtered response; and wherein said system is configured to process said raw query results by:
extending said raw query results with extension data based at least on said business data and, optionally, based on said query-related information, obtaining enriched transaction data; and
filtering said enriched transaction data based at least on said privacy threshold, obtaining said privacy-filtered response, wherein said system is configured to filter the enriched transaction data by:
(i) tokenizing said enriched transaction data with a token, obtaining aggregation-ready transaction data;
(ii) aggregating said aggregation-ready transaction data, obtaining aggregated transaction data, whereby each portion of said aggregated transaction data belongs to at least one provisional aggregate;
(iii) performing a threshold test for each of said provisional aggregates and discarding a portion of the aggregated transaction data belonging to said provisional aggregates for which a number of unique users is below a threshold parameter, obtaining threshold-tested transaction data, whereby each portion of said threshold-tested transaction data belongs to at least one threshold-tested aggregate;
(iv) performing an anonymity test for each of said threshold-tested aggregates and obtaining anonymity-tested transaction data, moving to step (v) in response to the anonymity test being negative and, otherwise, jumping to step (vi);
(v) reducing a level of detail of said anonymity-tested transaction data and obtaining said aggregation-ready transaction data, jumping to step (ii);
(vi) categorizing said anonymity-tested transaction data using a rule, obtaining categorized transaction data; and
(vii) deriving tailored transaction data from said categorized transaction data;
whereby said enriched transaction data and said privacy-filtered response are organized in fields and entries; and whereby said filtering the enriched transaction data comprises a generalization of at least one entry of said enriched transaction data for preventing identification of a user relating to said entry.

US Pat. No. 10,798,065

RANDOMIZED BILATERAL TRUST (RABIT): TRUST BUILDING CONNECTIVITY FOR CYBER SPACE

1. A computer-implemented method comprising a computer communication network, where parties A, B, and C are active nodes, and where parties A and B are mutual strangers, having no prior exchange of information, and where the method enables party A and party B to establish a shared secret using only bilateral network messages, the contents of which is exposed to party C who wishes to prevent parties A and B from establishing a shared secret, anda publicly exposed set S comprising s mathematical entities where each entity has p properties, where each property i (i=1, 2, . . . p) has a range of r possible values vi1, vi2, . . . vir
and where (i) party A randomly and secretly selects n elements in S: a1, a2, . . . an, designated as “Party A Candidates”, and party B randomly and secretly selects n elements in S: b1, b2, . . . bn, designated as “Party B Candidates”, then (ii)
party A selects a property i (i=1, 2, . . . p) and communicates to party B the values of property i within the Party A Candidates: a1i, a2i, . . . ani, referred to as “Property i list of Party A”, then (iii)
party B eliminates from Party B candidates all the entities for which the value of property i is not listed in Property i list of Party A, then (iv)
party B selects a property j (j=1, 2, . . . (i?1), (i+1), . . . p) and communicates to party A the values of property j within the Party B Candidates: b1j, b2j, . . . bn?j, referred to as “Property j list of Party B”, and where n??n is the number of party B candidates after step (iii), then (v)
party A eliminates from Party A candidates all the elements for which the value of property j is not listed in Property j list of party B,
and where (vi) parties A and B repeat steps (ii)-(v) with other properties k, l, m . . . where (k, l, m=1, 2, . . . p) until either:
(?) party A or party B are left with no candidates, in which case party A and party B repeat steps (i) to (vi), or
(?) party A is left with one candidate, and party B is left with the same candidate, which is used as a shared secret encryption key by either party A, or party B to pass a digital coin or any token to the other party, for secure decryption of the coin or token.

US Pat. No. 10,798,064

PROXY COMPUTER SYSTEM TO PROVIDE ENCRYPTION AS A SERVICE

StratoKey Pty Ltd., (AU)...

1. A server system comprising:a memory resource to store:
a set of instructions;
one or more processors to access the set of instructions from the memory resource to:
provide a proxy service for a client computer to utilize when accessing a third-party network service;
wherein in providing the proxy service, the one or more processors:
receive a content submission from the client computer intended for the third-party network service;
analyze the content submission to identify one or more sensitive data elements within the content submission, wherein a remainder of the content submission is not recognized as being sensitive;
perform an encryption operation on the sensitive data elements;
store a decryption key associated with the sensitive data elements with the server system;
transmit the content submission to the third-party network service to store the content submission with the sensitive data elements in an encrypted form;
receive a request, independent of the client computer, identifying the sensitive data elements in the encrypted form; and
provide a response to the request using the decryption key, the response enabling the sensitive data elements to be used in a decrypted form.

US Pat. No. 10,798,063

ENTERPRISE GRADE SECURITY FOR INTEGRATING MULTIPLE DOMAINS WITH A PUBLIC CLOUD

NEBBIOLO TECHNOLOGIES, IN...

1. A system, comprising:a fognode comprising at least one foglet executing with the fognode, the foglet comprising:
a data bus that provides domain-to-domain messaging between:
a first domain comprising:
operational technology (OT) virtual machines providing applications and services to operational technology infrastructure devices; and
one or more operational technology switches;
a second domain comprising:
informational technology (IT) virtual machines providing applications and services to informational technology infrastructure devices; and
one or more informational technology switches; and
a host that manages one or more communication paths between operational technology switch, the operational technology virtual machines, and the operational technology infrastructure devices, and the informational technology switches, the informational technology, and the informational technology infrastructure devices; and wherein the operational technology switch utilizes I/O virtualization to isolate at least a portion of the operational technology infrastructure devices from the operational technology switch while being exposed to the host.

US Pat. No. 10,798,062

APPARATUS, SYSTEM, AND METHOD FOR APPLYING FIREWALL RULES ON PACKETS IN KERNEL SPACE ON NETWORK DEVICES

Juniper Networks, Inc, S...

1. A method comprising:intercepting, via a socket-intercept layer in kernel space on a routing device of a network device, a packet that is destined for a remote device;
in response to intercepting the packet in kernel space on the routing device:
identifying an egress interface index that specifies an egress interface that:
is external to kernel space; and
is capable of forwarding the packet from the network device to the remote device; and
applying, on the packet in kernel space, at least one firewall rule based at least in part on the egress interface index before the packet egresses from the routing device, wherein applying the firewall rule on the packet comprises preventing the packet from egressing from the network device via the egress interface;
receiving, via a packet forwarding device of the network device, an additional packet that is destined for an application running in user space on the routing device;
in response to receiving the additional packet via the packet forwarding device:
identifying an ingress interface through which the additional packet arrived at the packet forwarding device;
storing an ingress interface index that specifies the ingress interface as metadata of the additional packet; and
pushing the additional packet from the packet forwarding device to kernel space on the routing device; and
applying, on the additional packet in kernel space on the routing device, at least one additional firewall rule based at least in part on the ingress interface index before the additional packet reaches user space on the routing device.

US Pat. No. 10,798,061

AUTOMATED LEARNING OF EXTERNALLY DEFINED NETWORK ASSETS BY A NETWORK SECURITY DEVICE

Fortinet, Inc., Sunnyval...

1. A method comprising:receiving, by a network security device associated with a private network, updated information associated with a network asset associated with the private network from an external asset management device associated with the private network, wherein the updated information includes a change in a definition or an attribute of the network asset;
determining, by the network security device, existence of a current definition and attribute information for the network asset; and
without disrupting on-going application of a plurality of security policy rules, including one or more security policy rules defined for the network asset and relating to network traffic directed to or originated by the network asset, by the network security device, dynamically updating, by the network security device, the current definition and attribute information within a run-time representation of the one or more security policy rules within a kernel of a network security operating system of the network security device based on the updated information.

US Pat. No. 10,798,060

NETWORK ATTACK DEFENSE POLICY SENDING METHOD AND APPARATUS, AND NETWORK ATTACK DEFENDING METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

17. A communications system comprising:a defense policy sending apparatus configured to:
receive attack information comprising a target Internet Protocol (IP) address and a source IP address of a network attack packet whose destination address is the target IP address, wherein the attack information indicates that the network attack packet exists in a first network, and wherein the attack information and the network attack packet are different,
obtain the source IP address from the attack information,
determine that the network attack packet has entered the first network through a first edge network device based on a correspondence between the source IP address and the first edge network device, wherein the first edge network device is an edge device in the first network, and
send a defense policy instructing the first edge network device to process, according to the defense policy, a packet whose destination address is the target IP address, and
the first edge network device configured to:
receive the defense policy, and
process, according to the defense policy, a packet whose destination address is the target IP address.

US Pat. No. 10,798,059

APPARATUS, SYSTEM, AND METHOD FOR APPLYING FIREWALL RULES AT DYNAMIC OFFSETS WITHIN PACKETS IN KERNEL SPACE

Juniper Networks, Inc, S...

1. A method comprising:receiving a packet at a tunnel driver in kernel space on a routing engine of a network device;
identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, wherein the metadata of the packet comprises an Internet Protocol (IP) header of the packet;
intercepting the packet via a socket-intercept layer in kernel space on the routing engine of the network device;
querying, by the socket-intercept layer, a routing daemon in user space on the routing engine for offset information that identifies an offset of the IP header within the packet;
in response to querying the routing daemon:
obtaining the offset information from the routing daemon; and
recording the offset information as metadata of the packet;
determining, based at least in part on the offset information recorded as metadata of the packet, that the IP header of the packet is offset beyond a certain threshold;
determining, based at least in part on the IP header of the packet being offset beyond the certain threshold, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver; and
in response to determining that the firewall filter had not been correctly applied to the packet, invoking at least one firewall filter hook that applies at least one firewall rule on the packet in kernel space on the routing engine before the packet is allowed to exit kernel space on the routing engine.

US Pat. No. 10,798,058

DISTRIBUTED IDENTITY-BASED FIREWALLS

NICIRA, INC., Palo Alto,...

1. For a virtual machine (VM) executing on a host computer, a method for providing a firewall service on the host computer, the method comprising:on the host computer, outside of the VM,
after a process of the VM requests a network connection to send a packet flow, receiving, from a guest driver module of the VM, identity information comprising a set of header values of the packet flow and an identifier associated with the process and related to the requested network connection;
in response to the received identity information, generating and storing a record associating the set of header values with the identifier;
for a packet of the flow sent by the VM, identifying the record as matching the sent packet by using a set of header values of the sent packet;
using the identifier stored in the record to identify a firewall rule that is applicable to the sent packet from a plurality of firewall rules; and
performing a firewall operation on the sent packet based on the identified firewall rule.

US Pat. No. 10,798,057

METHOD AND APPARATUS FOR PROVIDING SECURE INTERNAL DIRECTORY SERVICE FOR HOSTED SERVICES

CENTRIFY CORPORATION, Sa...

1. A method for providing secure access to an organization's internal directory service from external hosted services comprising:a) accepting directory service queries from a remote directory service interface for internal directory services from an application running on said hosted services, wherein said queries are for directory services which are offered by said internal directory service and said internal directory services are provided within a firewall of said organization, and wherein said accepting includes a validation protocol from said application, said validation protocol provided by said directory service proxy server;
b) passing said queries to a directory service proxy server inside said firewall of said organization via a secure connection service, wherein said directory service proxy server communicates directly with said internal directory service to obtain query responses to said passed queries from said internal directory service; and
c) returning said query responses from the directory service proxy server via said secure connection service and said remote directory service interface to said application, wherein said accepting, passing and returning enable said application to interact with said internal directory services through said secure connection service and said remote directory service interface.

US Pat. No. 10,798,056

METHOD AND DEVICE FOR PROCESSING SHORT LINK, AND SHORT LINK SERVER

Alibaba Group Holding Lim...

1. A computer-implemented method executed by one or more processors, the method comprising:receiving, by the one or more processors, a first short link uniform resource locator (URL) from a service requester, the first short link URL comprising a domain identifier;
processing, by the one or more processors, the first short link URL to extract the domain identifier, a simplified short link and an address code, wherein the simplified short link is stored in a database during a validity period;
determining, by the one or more processors, based on an expiration of the validity period that the simplified short link is inaccessible based on a missing association between the simplified short link and a long link URL representing an address of a webpage;
in response to determining that the simplified short link is inaccessible, processing, by the one or more processors, the domain identifier and the address code to determine a common long link URL associated with the first short link URL, wherein the common long link URL is different from both the simplified short link and is different from the long link URL; and
providing, by the one or more processors, the common long link URL associated with the address code to the service requester.

US Pat. No. 10,798,055

DETECTING RELAYED COMMUNICATIONS

PAYPAL ISRAEL LTD., Tel ...

1. A system, comprising:one or more processors, one or more computer-readable memories, with program instructions stored on the one or more computer-readable memories, the one or more processors configured to execute the program instructions to cause the system to perform operations comprising:
receiving a communication from a device, the communication including first device information for the device and second device information for a source device of the communication;
determining that the first device information and the second device information are incompatible;
in response to the determining that the first device information and the second device information are incompatible, determining a first latency of a first communication for the device based on the first device information;
determining a second latency of a second communication for the source device based on the second device information;
determining a maximum communication rate of the device and the source device based at least on the first communication and the second communication; and
determining that the device is a relay device based at least on the determining that the first device information and the second device information are incompatible, the first and second latencies, and the maximum communication rate.

US Pat. No. 10,798,054

IP ADDRESS ALLOCATION METHOD IN D2D COMMUNICATION AND USER EQUIPMENT

Huawei Technologies Co., ...

1. A method for device-to-device (D2D) communication connection establishment, the method comprising:sending, by a first user equipment, a request to a second user equipment requesting that the second user equipment establish a D2D communication connection with the first user equipment, wherein the request comprises a first IP address pre-configured in the first user equipment and indication information, wherein the indication information indicates that, for the D2D communication connection, the first user equipment will use the first IP address pre-configured in the first user equipment and that the second user equipment is to use a second IP address pre-configured in the second user equipment; and
receiving, by the first user equipment, a response from the second user equipment, wherein the response comprises the second IP address pre-configured in the second user equipment, and the response indicates successful establishment of the D2D communication connection.

US Pat. No. 10,798,053

ALIAS-BASED TIME-LIMITED LEASE ADDRESSING FOR INTERNET OF THINGS DEVICES

Intel Corporation, Santa...

1. An apparatus for addressing a plurality of Internet of Things (IoT) devices, comprising:storage to store instructions; and
a processor to execute the stored instructions to:
initialize an IoT device alias addressing space;
assign an alias address to each of a plurality of the IoT devices, where the alias addresses are time-limited, and where a length of the alias addresses is based on a maximum number of IoT devices; and
handle packet transactions using the assigned alias addresses.

US Pat. No. 10,798,052

SWITCH AND METHOD FOR PROVIDING A NAME SERVICE WITHIN AN INDUSTRIAL AUTOMATION SYSTEM BY DISTRIBUTING SUPPLEMENTED ROUTER ADVERTISEMENT MESSAGES

SIEMENS AKTIENGESELLSCHAF...

17. A switch for a cell of an industrial automation system, comprising:a plurality of communication connections for connection to automation devices contained in the cell and for connection to a router;
a plurality of transmission and reception units each assigned to a communication connection;
a coupling element which is utilized to connect the transmission and reception units to one another in a switchable manner;
a distributor unit for router advertisement messages;
wherein the switch is configured to determine its IPv6 address based on an IPv6 prefix contained in a received router advertisement message and to forward received router advertisement messages to the distributor unit;
wherein the distributor unit is configured to supplement received router advertisement messages with information relating to a name service server assigned to the cell; and
wherein the switch is configured to distribute the router advertisement messages, supplemented by the distributor unit, to the automation devices in the cell and configured to transmit name resolution queries from the automation devices contained in the cell to the name service server assigned to the cell.

US Pat. No. 10,798,051

FILTERING AND ORGANIZING PROCESS FOR DOMAIN NAME SYSTEM QUERY COLLECTION

1. A method comprising:receiving, by a processing system in a communications network, a first domain name system query from a first endpoint device connected to the communications network;
identifying, by the processing system, a first network address of the first endpoint device from the first domain name system query;
classifying, by the processing system, the first domain name system query into a first class of a plurality of classes, wherein each class of the plurality of classes is associated with one predefined numerical range of a plurality of predefined numerical ranges, and wherein a target address unit of the first network address falls into a first predefined numerical range of the plurality of predefined numerical ranges that is associated with the first class; and
forwarding, by the processing system, the first domain name system query to a first collection server of a plurality of collection servers, wherein the first collection server is dedicated for collecting domain name system queries that are classified into the first class.

US Pat. No. 10,798,050

METHOD AND APPARATUS FOR EXPEDITED DOMAIN NAME SYSTEM QUERY RESOLUTION

1. A method comprising:receiving, via a processor, a domain name system query that specifies a domain name of a destination residing in a private network space;
routing, via the processor, the domain name system query to a top-level domain name system server associated with the private network space, without routing the domain name system query to a server in a public Internet space, wherein the top-level domain name system server resides in a highest level of a hierarchy of domain name system servers belonging to the private network space;
receiving, via the processor, a response from the top-level domain name system server, wherein the response identifies an internet protocol address associated with a second domain name system server that resides in a lower level of the hierarchy relative to the top-level domain name system server; and
routing, via the processor, the domain name system query to the second domain name system server, using the internet protocol address specified in the response from the top-level domain name system server.

US Pat. No. 10,798,049

OBSCURED ROUTING

RIPPLE LABS INC., San Fr...

1. A computer-implemented method comprising:sending, by a first node computing device, a separate forward stack of identifiers to each of one or more neighbor node computing devices of the first node computing device in a network, wherein each separate forward stack of identifiers comprises a unique identifier for the neighbor node computing device to which the forward stack of identifiers is sent;
sending, by the first node computing device to each of the one or more neighbor node computing devices along with the forward stacks of identifiers, a notification comprising an indication of a destination node computing device in the network;
receiving, by the first node computing device, forward stacks of identifiers from at least one of the one or more neighbor node computing devices, each of the received forward stacks of identifiers comprising a completed route to the destination node computing device, wherein each completed route is specified by unique identifiers added to the forward stack of identifiers by one or more node computing devices in the network, and wherein at least one unique identifier in each of the forward stacks of identifiers is not resolvable to an address by the first node computing device; and
sending, by the first node computing device, a message to one of the one or more neighbor node computing devices based on a first unique identifier in a chosen one of the received forward stacks of identifiers, further comprising resolving, by the first node computing device, a first unique identifier from the chosen one of the received forward stacks of identifiers to an address in the network of the one of the one or more neighbor nodes.

US Pat. No. 10,798,048

ADDRESS RESOLUTION PROTOCOL SUPPRESSION USING A FLOW-BASED FORWARDING ELEMENT

NICIRA, INC., Palo Alto,...

1. For a forwarding element operating on a physical host, a method for suppressing address resolution request (ARP) packets in a logical network comprising a set of data compute nodes (DCNs) that each have an assigned network address, the method comprising:at the forwarding element,
receiving an ARP request packet sent by a first DCN of the logical network that operates on the same physical host as the forwarding element, the ARP request packet identifying a network address of a second DCN of the logical network, and wherein the ARP request packet comprises an ARP request operation code;
searching an address-mapping table of the forwarding element to determine a corresponding hardware address for the identified network address without broadcasting the ARP request packet to any DCNs of the logical network, wherein the address-mapping table maps the network address of each of a plurality of DCNs in the logical network to a corresponding hardware address;
modifying a set of fields in the ARP request packet to convert the ARP request packet directly into an ARP reply packet by replacing the ARP request operation code with an ARP reply operation code, the ARP reply packet comprising the ARP reply operation code and the determined hardware address as a resolution of the ARP request; and
sending the converted ARP reply packet to the first DCN.

US Pat. No. 10,798,047

SYSTEMS, DEVICES AND METHODS FOR TEXT MESSAGE COMMUNICATION

PPL CONNECT INC., Montre...

1. A system for transmitting a text message, comprising:a user device provided with a first processing unit, a first communication unit, a first storing unit, a display unit, and an input unit, the first storing unit having a first database of text messages stored thereon, the first processing unit being configured for allowing a user to at least one of receive, read, write, and send text messages; and
a server provided with a second processing unit, a second communication unit, a second storing unit, the second storing unit having a second database of text messages stored thereon;
wherein the first processing unit is configured to determine whether a first type of data connection is currently available to the user device;
wherein a given one of the first processing unit and the second processing unit is adapted to synchronize the first and second databases in response to a determination that the first type of data connection is currently available to the user device so that the text message contained in a given one of the first and second databases be copied in the other one the first and second databases in order to transmit the text message from the given one of the first and second databases to the other one the first and second databases; and
wherein the first processing unit is configured to transmit an outgoing text message to a recipient user device over a second type of data connection in response to a determination that the first type of data connection is not currently available to the user device.

US Pat. No. 10,798,046

SYSTEM FOR INTEGRATING OFFSITE DATA RECORDS WITH ONLINE DATA RECORDS

1. A network system comprising:a first computer system comprising a microprocessor, a digital memory device, and a communication circuit;
a plurality of user computers comprising a microprocessor, a digital memory device, and a communication circuit, the user computer being networked to digitally communicate with the first computer system;
a second computer system comprising a microprocessor, a digital memory device, and a communication circuit, the second computer system being networked to digitally communicate with the first computer system;
an external computer system comprising a microprocessor, a digital memory device, and a communication circuit, the external computer system being networked to digitally communicate with each user computer of the plurality of user computers, the external computer system being networked to digitally communicate with the first and second computer systems;
wherein, in operation:
the external computer system hosts at least one website, accessed by at least one of the plurality of user computers;
the first computer system stores and maintains a first database of records in the first computer digital memory device, each record in the first database of records corresponds to an access of a website hosted by the external computer system made by a respective user computer of the plurality of user computers, each record identified by an identifier;
the second computer system stores and maintains a second database of records, each record of the second database of records containing user related information, wherein at least one record in the second database of records is created containing information obtained from an event initiated by a respective user computer of the plurality of user computers,
wherein the event is initiated by a user while accessing a respective website of the at least one website;
wherein the at least one record of the second database of records in the second computer system and resulting from the event, contains the identifier associated with the website access associated with the event, and
wherein the first computer system is configured to use the identifier to associate at least one record from the second computer system with at least one record, associated with the same identifier, from the first computer system.

US Pat. No. 10,798,045

SOCIAL MEDIA INTEGRATION FOR TRANSPORT ARRANGEMENT SERVICE

Uber Technologies, inc., ...

1. A system comprising:a network communication interface to communicate, over one or more networks, with computing devices of users of a transport service;
one or more processors; and
one or more memory resources storing instructions that, when executed by the one or more processors, cause the system to:
receive, over the one or more networks, a pick-up request from a computing device of a requesting user, the pick-up request including a carpool service preference to select carpool riders that have at least one common link with the requesting user;
transmit, over the one or more networks, a transport invitation to a computing device of a proximate driver of a carpool vehicle to service the pick-up request;
access, over the one or more networks, user data of the requesting user and a plurality of potential carpool riders;
based on accessing the user data, determine whether one or more common links exists between the requesting user and each of one or more carpool riders of the plurality of potential carpool riders;
select the one or more carpool riders to ride with the requesting user in the carpool vehicle; and
when either (i) the requesting user is picked up by the proximate driver when the one or more carpool riders are in the carpool vehicle, or (ii) the requesting user is in the carpool vehicle and the one or more carpool riders are picked up, generate and transmit, over the one or more networks, a notification to the computing device of the requesting user when the one or more common links exist between the requesting user and the one or more carpool riders, the notification indicating the one or more common links between the requesting user and the one or more carpool riders.

US Pat. No. 10,798,044

METHOD FOR ENHANCING TEXT MESSAGES WITH PRE-RECORDED AUDIO CLIPS

NUFBEE LLC, Westborough,...

25. A method for messaging between a plurality of users, the method comprising:storing in a data store a library of pre-recorded speech clips,
displaying to a local user a menu of at least a subset of said speech clips,
detecting a selection by said local user of a speech clip from said local user's menu, and
transmitting said local user's selection to a remote user of said messaging system.

US Pat. No. 10,798,043

INDICATING LIVE VIDEOS FOR TRENDING TOPICS ON ONLINE SOCIAL NETWORKS

Facebook, Inc., Menlo Pa...

1. A method, comprising:sending, to a first client system of a first user for display, a first trending module that includes references to a first set of trending topics that have one or more topics associated with an increase in recent user activity, each of the one or more topics being associated with one or more content objects by a topic tagging-algorithm, wherein a reference to a first trending topic of the first set of trending topics does not include a live badge;
generating, responsive to receiving an indication that the first user has selected the first trending topic from the first trending module, a trending-topic interface corresponding to the first trending topic and which includes a live module containing at least one live video associated with the first trending topic;
storing a reference to the live module with a news-event object corresponding to the first trending topic;
receiving, after storing the reference, a request for a second trending module from a second client system of a second user;
accessing, responsive to receiving the request, the news-event object corresponding to the first trending topic;
determining, after accessing the news-event object and based on the news-event object containing the reference to the live module associated with the first trending topic, that the live module is associated with the first trending topic;
generating, responsive to determining that the live module is associated with the first trending topic, a live badge within the second trending module for the first trending topic, the live badge indicating the first trending topic is associated with the live module;
sending, to the second client system for display, the second trending module comprising references to a second set of trending topics that includes the first trending topic, and wherein a reference to the first trending topic includes the live badge; and
removing, responsive to one or more engagement metrics falling below a threshold metric, a live video in the one or more live videos from the live module.

US Pat. No. 10,798,042

INFORMATION SENDING METHOD AND APPARATUS

Alibaba Group Holding Lim...

1. A computer-implemented method performed by one or more processors comprising:identifying, by the one or more processors, particular data for network transmission to a device;
determining, by the one or more processors, a waiting period for the particular data based on a content of the particular data;
transmitting, by the one or more processors, the particular data to the device using a first transmission method, wherein the first transmission method includes a mechanism to determine whether the particular data was received by the device;
in response to transmitting the particular data using the first transmission method, determining, by the one or more processors, whether the particular data transmitted using the first transmission method was received by the device;
regardless of whether or not the particular data transmitted using the first transmission method was received by the device, transmitting, by the one or more processors, the particular data and a predetermined answer response identifier to the device using a second transmission method, wherein the second transmission method does not include a mechanism to determine that the particular data was received by the device without receiving an acknowledgement response including the predetermined answer response identifier,
wherein each of the first transmission method and the second transmission method is a non-mobile communication method;
in response to transmitting the particular data using the second transmission method, determining, by the one or more processors, whether the particular data transmitted using the second transmission method was received by the device based on whether the acknowledgement response including the predetermined answer response identifier has been received; and
in response to determining that the particular data was received by the device within the waiting period when transmitted using at least one of the first transmission method or the second transmission method, transmitting, by the one or more processors, additional data to the device using the at least one of the first transmission method or the second transmission method, or
determining, by the one or more processors, that the particular data transmitted using the first transmission method was not received by the device within the waiting period,
determining, based on the acknowledgement response including the predetermined answer response identifier not being received, that the particular data transmitted using the second transmission method was not received by the device within the waiting period; and
in response to determining that the particular data was not received by the device within the waiting period when transmitted using the first transmission method and the second transmission method, transmitting, by the one or more processors, the particular data to the device using an information sending method via a mobile communications network.

US Pat. No. 10,798,041

SYSTEMS AND METHODS FOR CLASSIFICATION AND/OR TRANSMISSION OF MESSAGES

Verizon Patent and Licens...

1. A method, comprising:receiving, by a device, a message from a source,
wherein the message includes at least one of:
source information that identifies the source of the message, or
destination information that identifies a destination of the message;
sending, by the device and to a server device, a request for classification information that identifies a classification of the message after receiving the message,
wherein the request includes the at least one of the source information or the destination information included in the message,
wherein the classification is based on the at least one of the source information or the destination information included in the message, and
wherein the classification is one of:
an application-to-person (A2P) message classification,
a person-to-application (P2A) message classification, or
a person-to-person (P2P) message classification;
receiving, by the device, a response message to the request for the classification information after sending the request,
wherein the response message includes the classification information identifying the classification;
dynamically providing, by the device, the message to a channel, of a plurality of channels, based on the classification identified by the classification information after receiving the response message,
wherein the channel is associated with the classification, and
wherein the plurality of channels includes:
an A2P channel for A2P messages,
a P2A channel for P2A messages, and
a P2P channel for P2P messages; and
monitoring one or more messages of the A2P channel, the P2A channel, and the P2P channel,
wherein Rich Communication Services (RCS) are applied to the one or more messages.

US Pat. No. 10,798,040

PUBLISH/SUBSCRIBE MASHUPS FOR SOCIAL NETWORKS

Microsoft Technology Lice...

1. A system comprising:one or more processors;
one or more memories storing instructions executable by the one or more processors, wherein the instructions program the one or more processors to perform acts comprising:
receiving, at a first time, an incoming stream of a plurality of streams comprising social network data from at least one publisher;
correlating a first data item from the incoming stream with at least one second data item of a second stream of the plurality of streams different than the incoming stream;
determining a second time later than the first time and based on the correlating the first data item with the at least one second data item, the second time associated with a publication of the first data item and the at least one second data;
generating an output stream mprising the first data item and the at least one second data item; and
serving the output stream at the second time.

US Pat. No. 10,798,039

INTELLIGENT REAL-TIME SMTP ROUTING

salesforce.com, inc., Sa...

1. A method of routing an email comprising receiving, from an email server with an email relay, an email message envelope in accord with an industry-standard simple mail transport protocol (SMTP),selecting, with a decision engine that is in communications coupling with the email relay, a mail transfer agent (MTA) from a plurality of mail transfer agents (MTAs) that are in at least intermittent coupling with the email relay based on a respective status of the plurality of MTAs, wherein MTAs having the status of unavailable or warming up are bypassed, with the decision engine making the selection as a function of a value of a routing rate in a header statement provided in accord with the SMTP protocol in the email message envelope, wherein the routing rate is a rate at which prior email message envelopes have been sent to the MTA,
transferring, from the email relay to the selected MTA, the email message envelope in accord with the SMTP protocol, and
transferring the email message envelope from the selected MTA to a network that transfers the envelope any of directly and indirectly to a recipient identified in a header statement of the email message in accord with the SMTP protocol.

US Pat. No. 10,798,038

COMMUNICATION CONTROL METHOD AND INFORMATION PROCESSING APPARATUS

LINE CORPORATION, Tokyo ...

1. A method comprising:receiving, using at least one processor of an information processing apparatus, a message over a messaging service from a first terminal of a message source to a second terminal of a message recipient, the message source being a first user of the messaging service, and the message recipient being a second user of the messaging service;
determining, using the at least one processor, at least one servicing user associated with the message recipient, the at least one servicing user including at least a third user of the messaging service, based on correspondence relationships associated with the first user and the second user set in a database including the first user, the second user, and the third user;
determining, using the at least one processor, a current availability of the at least one servicing user on the messaging service using the database;
changing, using the at least one processor, the message source of the received message based on results of the determining the current availability of the at least one servicing user; and
sending, using the at least one processor, the message received from the first terminal of the first user as a message from the message source which is changed from the first user to the third user based on the current availability of the at least one servicing user, to the second terminal of the second user over the messaging service.

US Pat. No. 10,798,037

MEDIA CONTENT MAPPING

International Business Ma...

1. A media content mapping method comprising:detecting, by a processor of a first electronic device of a first user, first media content being presented via said first electronic device;
comparing, by said processor, said first media content to second media content of a second electronic device of a second user;
determining, by said processor, similarities between said first media content and said second media content;
automatically pairing, by said processor in response to said determining said similarities, said first electronic device to said second electronic device;
detecting, by said processor, input content being inputted into and presented by a graphical user interface (GUI) of said first electronic device;
executing, by said processor, a contextual analysis of said input content;
comparing, by said processor based on results of said executing, audio, video, and image data being presented via said second electronic device to said input content;
determining, by said processor, a correlation between said input content and a portion of said audio, video, and image data;
extracting, by said processor, said portion of said audio, video, and image data from said audio, video, and image data;
embedding, by said processor, said portion of said audio, video, and image data into a specified area of said GUI of said first electronic device; andpresenting, by said processor to said first user, said portion within said specified area of said GUI.

US Pat. No. 10,798,036

METHOD FOR EXCHANGING MULTIMEDIA MESSAGES

Orange, Paris (FR)

1. A method for exchanging Multimedia Message Service type multimedia messages between a first mobile terminal and a second mobile terminal connected to a communication network, the method comprising the implementation, by a data processor of the first terminal, of a process comprising:receiving from the network a first multimedia message of Multimedia Message Service type as defined by 3GPP emitted by the second terminal, the first multimedia message comprising at least one content, wherein at least one content is an image;
rendering the at least one content on the first terminal;
modification of the at least one content in a user interface on the first terminal according to the actions of a user to generate modified content; and
sending of a second multimedia message of Multimedia Message Service type as defined by 3GPP comprising the modified content to the second terminal,
wherein the user interface allows the display of the images included in the multimedia messages exchanged between the first and second terminals.

US Pat. No. 10,798,035

SYSTEM AND INTERFACE THAT FACILITATE SELECTING VIDEOS TO SHARE IN A MESSAGING APPLICATION

Google LLC, Mountain Vie...

1. A method comprising:receiving a selection of a messaging application executing on a computing device, wherein a first user and a second user are participating in a messaging session using the messaging application and wherein at least one of the first user and the second user has shared a video content item;
in response to receiving the selection of an option to add media in the messaging application, generating a media sharing keyboard interface associated with the messaging application, wherein the media sharing keyboard interface includes (i) a first plurality of selectable icons each representing an item that was selected based on relevance to a context of the messaging session that includes the shared video content item and (ii) a second plurality of selectable icons that includes a first functional option to add text to the messaging session and a second functional option to select a new user to include in the messaging session, wherein the first plurality of selectable icons and the second plurality of selectable icons are concurrently displayed in the media sharing keyboard interface; and
causing the media sharing keyboard interface to be presented via a display screen of the computing device.

US Pat. No. 10,798,034

VIRTUAL CHAT ROOMS

Oath Inc., New York, NY ...

1. A method, comprising:identifying computing devices of users accessing video interfaces rendering a video on displays of the computing devices and chat room interfaces associated with a chat room for the video, wherein electronic transmissions of data of the video and the chat room are received by the computing devices over a computer network;
evaluating signals associated with the users to identify user properties of the users;
sharding the chat room into a set of virtual chat rooms;
assigning the users to virtual chat rooms of the set of virtual chat rooms based upon the user properties, wherein the assigning comprises assigning one or more users to a virtual chat room based upon a percentage of active participants and a percentage of passive participants of the virtual chat room; and
responsive to a user being assigned to the virtual chat room, providing a computing device of the user with access to the virtual chat room through a chat room interface accessed by the computing device of the user over the computer network, wherein the chat room interface is rendered on a display of the computing device.

US Pat. No. 10,798,033

PROCESSING MESSAGES FOR AN APPLICATION RUNNING ON A COMPUTER EXTERNAL TO A COMMUNICATIONS MANAGEMENT UNIT (CMU)

Honeywell International I...

1. A method for processing Aircraft Communications Addressing and Reporting System (ACARS) downlink and uplink messages at a Communications Management Unit (CMU) on an aircraft independent of a computer running Aircraft Operations Communication (AOC) applications, the method comprising:for the ACARS downlink message:
receiving the ACARS downlink message at a message processing application executing on the CMU from the AOC application on the computer external to the CMU onboard the aircraft;
reading, by the message processing application, a field in the ACARS downlink message that indicates a message type for the application which originated the ACARS downlink message;
determining, by the message processing application, an ACARS label associated with the message type, wherein the determined ACARS label is one of a predetermined standard label designated for a message type for each type of AOC applications running on one or more external computers to the CMU;
using the determined ACARS label instead of an industry standard ACARS label/sublabel associated with the AOC application external to the CMU, wherein the determined ACARS label makes the ACARS downlink message appear to have originated at the CMU; and
sending, by the message processing application, the ACARS downlink message modified with the determined ACARS label to a ground system to be delivered to an appropriate peer ground application without having to track which configuration of AOC applications is on each of the aircraft,
wherein the industry standard ACARS label/sublabel identifies a computer that originated the ACARS downlink message rather than the AOC application that originated the ACARS downlink message and the predetermined standard labels identifies a type of the AOC application that originated the ACARS downlink message.

US Pat. No. 10,798,032

METHOD, SYSTEM AND RECORDING MEDIUM FOR MESSENGER SERVICE PROVIDING OUTPUT EFFECT

Line Corporation, Tokyo ...

1. A non-transitory computer readable recording medium storing a computer program, which when executed by at least one processor of an electronic apparatus, causes the at least one processor to execute a messenger service method comprising:extracting input time information associated with a plurality of input units included in a message transmitted from a message sender to a message receiver from input data included in the message, the input time information including input time unit information related to a time taken by the message sender to input each input unit of the plurality of input units of the message;
calculating output time information associated with each output unit of a plurality of output units of the message based on the input time information, the calculating the output time information including comparing a number of the input units of the plurality of input units with a number of output units of the plurality of output units; and
generating output data corresponding to the message for display on a display device of the message receiver, the output data generated based on the output time information and the plurality of output units of the message, wherein the calculating the output time information includes,
in response to the number of the plurality of input units being less than the number of the plurality of output units, dividing the time taken to input one input unit from among the plurality of input units of the message by the number of output units corresponding to the one input unit to calculate an average output time of the corresponding output units as the output time information for each of the corresponding output units.

US Pat. No. 10,798,031

GENERIC DISAMBIGUATION

MOVEWORKS, INC., Mountai...

1. A method, comprising:instantiating an automated agent on a computing device;
receiving, by the automated agent, a first message from a client device of a user;
determining, by the automated agent, an intent of the first message;
determining, by the automated agent, a set of candidate responses based on the intent of the first message, wherein each of the candidate responses from the set is associated with a utility value, the utility value specifying a utility of the candidate response to the user;
for each of the candidate responses from the set, determining, by the automated agent, a relevance probability of the candidate response, wherein the relevance probability is a probability that the candidate response is relevant to the user's needs as specified in the first message;
generating, by the automated agent, a plurality of candidate dialogs, wherein for each of the candidate dialogs, a subset of the set of candidate responses is included in the candidate dialog, and for each candidate response within the subset, the candidate response (i) is presented in the candidate dialog in accordance with a presentation format, and (ii) is associated with a discoverability probability;
for each of the candidate dialogs, computing, by the automated agent, a joint metric for the candidate dialog based on a function of the relevance probability, the utility value, and the discoverability probability associated with each of the one or more candidate responses included within the candidate dialog;
selecting, by the automated agent, the candidate dialog from the plurality of candidate dialogs with the highest joint metric as a disambiguation dialog to present to the user; and
transmitting, by the computing device, the disambiguation dialog to the client device of the user.

US Pat. No. 10,798,030

PRE-CHAT INTENT PREDICTION FOR DIALOGUE GENERATION

Capital One Services, LLC...

1. A method comprising:providing, by one or more processors, user activity information associated with a user as input to a prediction model to obtain predicted intents of the user, wherein the predicted intents comprise a first subset of the predicted intents and a second subset of the predicted intents;
assigning the predicted intents to different subsets of the predicted intents based on probability categories associated with the predicted intents such that:
the first subset of the predicted intents comprises at least one predicted intent associated with a probability in a first category and at least one predicted intent associated with a probability in a second category different from the first category; and
the second subset of the predicted intents comprises at least another predicted intent associated with a probability in the first category and at least another predicted intent associated with a probability in the second category;
upon initiation of a chat session with the user, causing, by one or more processors, questions to be presented on a chat interface based on the predicted intents of the user;
obtaining, by one or more processors, via the chat interface, a user selection of a first question of the questions, the first question matching a first intent of the predicted intents;
causing, by one or more processors, based on the user selection of the first question, a response to the first question to be presented on the chat interface; and
using, by one or more processors, based on the user selection of the first question, the first intent to update one or more configurations of the prediction model.

US Pat. No. 10,798,028

BOT INTERACTION

Google LLC, Mountain Vie...

1. A computer-executed method, comprising:detecting, at a messaging application on a first computing device associated with a first user, a user request to determine if a second user is available at a predetermined time;
determining that the first user invoked a first assistive agent by using a special character followed by a name of the first assistive agent;
programmatically determining that an operation in response to the user request requires sharing of data associated with the first user;
causing a permission interface to be rendered in the messaging application on the first computing device, the permission interface enabling the first user to approve or prohibit sharing of the data associated with the first user;
upon receiving user input from the first user indicating approval of the sharing of the data associated with the first user, accessing the data associated with the first user and sharing the data associated with the first user with the first assistive agent in response to the user request;
performing, by the first assistive agent, a task based on the data associated with the first user, wherein the task includes scheduling an event for the first user by contacting the second user or a second assistive agent to determine that the second user is available at the predetermined time.

US Pat. No. 10,798,027

PERSONALIZED COMMUNICATIONS USING SEMANTIC MEMORY

1. A system comprising: a processing device; anda memory coupled to the processing device and storing instructions that, when executed by the processing device, cause the system to perform operations comprising:
receiving from a first application a first communication from a user;
semantically processing the first communication to identify a first content element and a second content element within the communication;
associating the first content element with the second content element within a content repository in accordance with an ontology model;
receiving a subsequent communication from the user including a third content element;
receiving from a second application a second communication from the user, the second communication comprising the first content element;
based on an association between the first content element and the second content element within the content repository and a context inferred from the third content element, generating a third communication, the third communication comprising the second content element and the third content element;
providing the third communication to the user in response to the second communication;
receiving a selection from the user in response to the third communication; and
based on the selection, adjusting, by either increasing or decreasing, a weight associated with the first content element within the content repository.

US Pat. No. 10,798,026

BUFFERBLOAT RECOVERY AND AVOIDANCE SYSTEMS AND METHODS

Citrix Systems, Inc., Fo...

1. A method for compressing a portion of a buffer, the method comprising:storing, by a device, a plurality of packets received by the device to a buffer, the buffer configured with a minimum threshold and a maximum threshold;
detecting, by the device, that a size of the buffer has reached at least the maximum threshold; and
compressing, by the device, one or more packets of the plurality of packets stored between the minimum threshold and the maximum threshold by a predetermined ratio, while transmitting, during the compressing, at least a portion of one or more packets of the plurality of packets stored in the buffer below the minimum threshold;
wherein the predetermined ratio corresponds to a difference between the maximum threshold and the minimum threshold and a difference between the minimum threshold and a compression time.

US Pat. No. 10,798,025

TRANSMITTING MULTI-DESTINATION PACKETS IN OVERLAY NETWORKS

International Business Ma...

1. A method comprising:obtaining, by one or more processors of a hardware network adapter, tunneling endpoint information for each virtual switch of a plurality of virtual switches of a multi-destination group;
encapsulating, by one or more processors of the network adapter, each of a plurality of replicated multi-destination packets corresponding to respective virtual switches of the plurality of virtual switches with a header specific to a respective tunneling protocol identified in the tunneling endpoint information obtained for the respective virtual switch; and
transmitting, by one or more processors of the network adapter, each encapsulated multi-destination packet to a respective receiver hosted on the respective virtual switch corresponding to the encapsulated multi-destination packet, wherein the respective virtual switch determines a destination port for the encapsulated multi-destination packet on the respective virtual switch by identifying the multi-destination group, determined from the encapsulated multi-destination packet, in a port list on the respective virtual switch.

US Pat. No. 10,798,024

COMMUNICATING CONTROL PLANE DATA AND CONFIGURATION DATA FOR NETWORK DEVICES WITH MULTIPLE SWITCH CARDS

Arista Networks, Inc., S...

1. A switch card, comprising:a set of switch chips configured to communicate data with a plurality of line cards, wherein:
the plurality of line cards is coupled to a second switch card; and
the second switch card comprises a second set of switch chips; and
a communication component coupled to the set of switch chips, the communication component configured to:
determine whether the switch card should operate in a master mode or a slave mode;
in response to determining that the switch card should operate in the master mode, receive control plane data from a supervisor card; and
communicate the control plane data to one or more switch chips of the set of switch chips and the second set of switch chips.

US Pat. No. 10,798,023

EDGE DATAPATH USING USER-KERNEL TRANSPORTS

NICIRA, INC., Palo Alto,...

1. A method for implementing a gateway datapath for a logical network, wherein the logical network comprises a plurality of logical forwarding elements connected by logical ports, the method comprising:receiving a packet at the gateway datapath, wherein the gateway datapath executes at a computing device to process packets through sets of pipeline stages corresponding to the logical forwarding elements;
executing a set of the pipeline stages to process the received packet through a set of the logical forwarding elements and logical ports to determine a destination for the packet; and
upon processing the packet through a particular one of the pipeline stages identified by the gateway datapath as an observation point for the logical network, replicating a copy of the packet from the gateway datapath to a network stack of the computing device while continuing to process the received packet through the pipeline stages subsequent to the observation point, wherein the network stack enables a separate process executing on the computing device to access the packet copy.

US Pat. No. 10,798,022

SWITCH PROXY CONTROLLER FOR SWITCH VIRTUALIZATION

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving, by a switch proxy controller, a first request from a first switch fabric, where the first request indicates a first identifier that identifies the first request from other requests from the first switch fabric;
generating, by the switch proxy controller, a second request that indicates a second identifier that identifies the second request from other requests sent from the switch proxy controller to a switch;
providing, by the switch proxy controller, the second request to the switch;
receiving, by the switch proxy controller in response to the second request, a first reply that indicates the second identifier indicated in the second request;
determining, by the switch proxy controller, that information in the first reply corresponds to a rule programmed by a second switch fabric;
generating, by the switch proxy controller and based on the second identifier indicated in the first reply, a second reply that indicates the first identifier and that does not include the information in the first reply determined to correspond to the rule programmed by the second switch fabric;
selecting, by the switch proxy controller, the first switch fabric to receive the second reply based on the second identifier; and
providing, by the switch proxy controller, the second reply to the first switch fabric.

US Pat. No. 10,798,021

ROUTER FABRIC FOR SWITCHING REAL TIME BROADCAST VIDEO SIGNALS IN A MEDIA PROCESSING NETWORK

GRASS VALLEY CANADA, Mon...

1. A routing system for routing media streams in a media distribution network comprising:routing means for receiving a media stream from an input source, determining whether a data packet in the media stream is aligned with a time frame of a system clock, and routing the received media stream to an output component of a media distribution network when the data packet in the received media stream is aligned with the time frame of the system clock;
wherein the routing means comprises a media processing node that includes a gateway that is configured to relay the media stream to a switching means for switching the data packet in the media stream within the media distribution network in an unaltered IP format;
wherein the routing means is configured to determine whether the data packet in the media stream is aligned with the time frame of the system clock by unwrapping the data packet from media stream, locating a frame marker, and comparing a packet payload period to a system clock frame interval;
wherein the routing means is configured to determine whether the data packet in the media stream is aligned with the time frame of the system clock when a packet payload does not occur across two system clock frames; and
wherein the routing means is configured to determine whether the data packet in the media stream is aligned with the time frame of the system clock when a phase offset between a packet payload period and the time frame of the system clock exists.

US Pat. No. 10,798,020

DATA SHARING EVENTS

Citrix Systems, Inc., Fo...

1. A method comprising:determining a plurality of services subscribed to data sharing events;
determining a data polling rate corresponding to a data source;
determining a data transmission rate corresponding to the data sharing events;
retrieving, by iterating through the data source at the data polling rate, data from the data source; and
transmitting, based on the data transmission rate and to each service of the plurality of services, the data sharing events comprising the data from the data source.

US Pat. No. 10,798,019

CONTEXT INFORMATION PROCESSOR, PROFILE DISTRIBUTION UNIT AND METHOD FOR A COMMUNICATION NETWORK

Huawei Technologies Co., ...

1. A context information apparatus for a communication network, comprising:a processor; and
a non-transitory computer-readable storage medium storing a program to be executed by the processor, wherein
the program, when executed in the processor, is configured to cause the processor to:
determine a context information of a user, and
evaluate whether the context information of the user complies with an active behavior profile of the user,
update a consistency index of the user in response to determining that the context information complies with the active behavior profile; wherein updating the consistency index comprises increasing the consistency index, the consistency index being implemented as a counter capturing a number of times that the user is compliant to its predicted behavior, and
cause a transmitter to transmit the context information and the consistency index to a content extraction engine, in response to determining, based on the evaluating, that the context information does not comply with the active behavior profile.

US Pat. No. 10,798,018

METHOD FOR OPERATING A VIRTUAL NETWORK INFRASTRUCTURE

NEC CORPORATION, Tokyo (...

16. A system for operating a virtual network infrastructure, the system comprising:a processor; and
a non-transitory computer readable medium storing instructions, that when executed by the processor, cause the system to perform steps comprising:
monitoring utilization levels of one or more resource units of the physical infrastructure resources for virtual resources requesting the resource units;
calculating average absolute resource utilization values based on the utilization levels for each virtual resource;
calculating a reference resource affinity score (RRAS) for each resource unit, wherein the RRAS indicates an impact of utilization of a first reference resource unit on the utilization of additional resource units on one or more additional physical infrastructure resources, using the average absolute resource utilization values, wherein calculating a reference resource affinity score (RRAS) is performed only for specific physical infrastructure resources and/or resource units;
generating a RRAS report including the utilization levels of the resource units on the respective physical infrastructure resource for one or more virtual resources;
storing a history of generated RRAS reports; and
assigning resources by a virtual infrastructure controller (VIC) and/or a VIC-agent on a resource, based on the at least one of the RRAS for the virtual resources and the history of generated RRAS reports.

US Pat. No. 10,798,017

METHOD AND SYSTEM FOR RECLAIMING UNUSED RESOURCES IN A NETWORKED APPLICATION ENVIRONMENT

NETFLIX, INC., Los Gatos...

1. A computer-implemented method, comprising:generating, by a first device, a notification that a resource within a distributed computing environment is to be reclaimed when an expiration period ends, wherein the reclaimed resource is eligible for use by any processing device included in a set of devices within the distributed computing environment;
determining, by the first device, whether the resource is claimed for use by a first processing device included in the set of devices; and
performing, by the first device, an operation to reclaim the resource when the resource is unclaimed by the first processing device at the end of the expiration period.

US Pat. No. 10,798,016

POLICY-BASED SCALING OF NETWORK RESOURCES

Hewlett Packard Enterpris...

1. A cloud management device comprising:a processor; and
a memory storing machine-readable instructions executed by the processor to cause the cloud management device to:
create a dependency data set defining dependencies between each application component of a set of application components and cloud network resources within a cloud network, wherein the dependency data comprises a tiered hierarchy of information, wherein the tiered hierarchy of information comprises a plurality of levels, wherein each level of the plurality of levels includes a subset of application components of the set of application components; and
perform scaling of the cloud network resources, by applying, for each level of the plurality of levels of the tiered hierarchy of information, a respective scaling policy of a set of tier-based scaling policies to each application component of the subset of application components of the level.

US Pat. No. 10,798,015

DISCOVERY OF MIDDLEBOXES USING TRAFFIC FLOW STITCHING

CISCO TECHNOLOGY, INC., ...

1. A method comprising:collecting flow records of traffic flow segments at both a first middlebox and a second middlebox in a network environment corresponding to one or more traffic flows passing through either or both the first middlebox and the second middlebox, the flow records including one or more transaction identifiers assigned to the traffic flows;
identifying sources and destinations of the traffic flow segments in the network environment with respect to either or both the first middlebox or the second middlebox using the flow records;
stitching together a subset of the traffic flow segments to form a first stitched traffic flow about the first middlebox in the network environment based on the one or more transaction identifiers assigned to the traffic flow segments and the sources and destinations of the traffic flow segments in the network environment with respect to the first middlebox;
stitching together another subset of the traffic flow segments to form a second stitched traffic flow about the second middlebox in the network environment based on the one or more transaction identifiers assigned to the traffic flow segments and the sources and destinations of the traffic flow segments in the network environment with respect to the second middlebox;
stitching together the first stitched traffic flow formed about the first middlebox and the second stitched traffic flow formed about the second middlebox based on directions of at least a portion of the first stitched traffic flow with respect to the first middlebox and the second middlebox and directions of at least a portion of the stitched traffic flow with respect to the first middlebox and the second middlebox to form a cross-middlebox stitched traffic flow across the first middlebox and the second middlebox; and
incorporating the cross-middlebox stitched traffic flow as part of network traffic data for the network environment.

US Pat. No. 10,798,014

EGRESS MAXIMUM TRANSMISSION UNIT (MTU) ENFORCEMENT

Arista Networks, Inc., S...

1. A method for egress maximum transmission unit (MTU) enforcement, the method comprising:receiving a protocol packet at an ingress interface of a network device;
make a first determination of a protocol packet payload length;
performing an ingress MTU identifier lookup in an ingress MTU identifier table using the protocol packet payload length to obtain an ingress MTU identifier;
performing a packet propagation lookup to obtain an egress MTU identifier;
performing an MTU enforcement lookup in an MTU enforcement table using the ingress MTU identifier and the egress MTU identifier to obtain an egress action; and
performing the egress action.

US Pat. No. 10,798,013

METHOD OF DATA CACHING IN DELAY TOLERANT NETWORK BASED ON INFORMATION CENTRIC NETWORK, COMPUTER READABLE MEDIUM AND DEVICE FOR PERFORMING THE METHOD

Foundation of Soongsil Un...

1. A method of data caching in a delay tolerant network based on an information centric network, the method comprising:checking whether data is received from a first node;
checking a remaining buffer amount and a buffer usage amount of a second node;
caching the data received from the first node in the second node according to a data caching policy, when the data is received from the first node and the remaining buffer amount of the second node is greater than a preset remaining buffer amount threshold;
deleting data cached in the second node from the second node according to a data deletion policy, when the data is not received from the first node and the buffer usage amount of the second node is less than a preset buffer usage amount threshold; and
setting an initial Time-to-Live (TTL) value of the data received from the first node or updating a TTL of the data cached in the second node using information of the data received from the first node or information of the second node,
wherein the caching of the data comprises:
comparing data information including the number of requester nodes of the data received from the first node or node information including delivery predictability of the data received from the first node to a requester node with a preset data caching threshold; and
setting a remaining delivery frequency of the data received from the first node according to a result of the comparison between the data information or the node information and the preset data caching threshold, and caching the data received from the first node in the second node.

US Pat. No. 10,798,012

JITTER ELIMINATION AND LATENCY COMPENSATION AT DETNET TRANSPORT EGRESS

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving, by a transport layer executed by a processor circuit in an apparatus, an identifiable grouping of data;
storing, by the transport layer, the data as transport layer packets in a buffer circuit in the apparatus, the storing including inserting into each transport layer packet a grouping identifier that identifies the transport layer packets as belonging to the identifiable grouping; and
causing, by the transport layer, a plurality of transmitting deterministic network interface circuits to deterministically retrieve the transport layer packets from the buffer circuit for deterministic transmission across respective deterministic links, the grouping identifier enabling receiving deterministic network interface circuits to group the received transport layer packets, regardless of deterministic link, into a single processing group for a next receiving transport layer.

US Pat. No. 10,798,011

METHOD AND SYSTEM FOR DATA STREAM PROCESSING

ABB Schweiz AG, Baden (C...

1. A method for processing a flow of data from a plurality of devices, the method comprising the following steps:receiving data packages from a plurality of devices at a data balancer;
distributing the received data packages to a data service;
detecting whether said data package relates to an active device or a non-active device;
generating, through said data service a live data stream, consisting of data from active devices, said live data stream being delivered to a data processing facility;
generating, through said data service an offline data stream, consisting of data from non-active devices, which is delivered to the raw-data archive and stored therein; and
when a non-active device is switched to the active status, retrieving in the background data packages relating to said switched device from the raw-data archive, introducing the retrieved data in the live data stream, and delivering said retrieved data to the data processing facility.

US Pat. No. 10,798,010

QUALITY OF SERVICE IN PACKET NETWORKS

Comcast Cable Communicati...

1. A method comprising:receiving, by a first node of a plurality of nodes managed by a first service provider and from a second service provider, a data packet comprising a header that comprises:
a quality of service data field, populated by a source node of the data packet, that indicates a quality of service for the data packet, wherein the quality of service data field comprises a first series of bits; and
a traffic class data field that indicates a first traffic class, wherein the traffic class data field is populated, based on the quality of service, by the source node, and wherein the traffic class data field comprises a second series of bits;
determining that the first series of bits is configured to not be changed during transmission via the plurality of nodes;
based on a determination that the data packet was received from the second service provider and that the second series of bits is associated with the second service provider, updating, based on the quality of service, the traffic class data field with a second traffic class, wherein the updated traffic class data field comprises a third series of bits that indicate the quality of service for the data packet, and wherein the third series of bits is different from the first series of bits and the second series of bits; and
sending, based on the updated traffic class data field, the data packet to a next node of the plurality of nodes.

US Pat. No. 10,798,009

NETWORK LATENCY OPTIMIZATION

Comcast Cable Communicati...

1. A system comprising:a first computing device; and
a second computing device;
wherein the first computing device comprises:
one or more first processors; and
a first memory storing computer readable first instructions, that when executed by the one or more first processors, cause the first computing device to:
determine, based on a difference between a requested maximum network latency value and a value indicative of a measured network latency of a network communications path between a first device and a second device:
a network latency requirement for the first device, and
a network latency requirement for the second device;
adjust, based on the network latency requirement for the first device, a first queue associated with the first device; and
adjust, based on the network latency requirement for the second device and a device type of the first device, a second queue associated with the second device; and
and wherein the second computing device comprises:
one or more second processors; and
a second memory storing computer readable second instructions, that when executed by the one or more second processors, cause the second device to:
transmit, to the first computing device, the requested maximum network latency value.

US Pat. No. 10,798,008

COMMUNICATIONS NETWORK

BRITISH TELECOMMUNICATION...

1. A method of operating a communications network, the method comprising the steps of:determining a plurality of performance models for offering, each of the performance models comprising a first vector representing the average value of one or more transmission parameters and a second vector representing the variation of the average value of the one or more transmission parameters;
for each entry in a training dataset, assigning the closest of the plurality of performance models to that entry, the training dataset comprising transmission performance data relating to a plurality of data transmissions that were carried by the communications network in a predetermined time period;
for each one of a plurality of routes through the communications network, assigning one or more of the plurality of performance models to that route based on the assignment of the performance models to entries in the training dataset; and
accepting a request for a communication session using the communications network in accordance with a class of service indicated by the one or more performance models assigned to one or more of the plurality of routes through the communications network.

US Pat. No. 10,798,007

DATA TRANSFER, OVER SESSION OR CONNECTION, AND BETWEEN COMPUTING DEVICE AND SERVER ASSOCIATED WITH A ROUTING NETWORK FOR MODIFYING ONE OR MORE PARAMETERS OF THE ROUTING NETWORK

Bank of America Corporati...

1. A system comprising:a user device of a user configured to transmit, to a computing device, data indicative of a first routing network and data indicative of a second routing network;
the computing device comprising:
a processor; and
memory storing computer-executable instructions that, when executed by the processor, cause the computing device to:
receive, from the user device, the data indicative of the first routing network and the data indicative of the second routing network;
determine, based on the data indicative of the first routing network, a plurality of parameters for the first routing network;
determine, based on the data indicative of the second routing network, a plurality of parameters for the second routing network;
generate a secure session connection between the computing device and a server associated with the second routing network;
receive, from the server and via the secure session connection between the computing device and the server associated with the second routing network, a modification to one or more parameters of the plurality of parameters for the second routing network;
determine priorities for the first routing network and the second routing network based on first and second baseline rewards, respectively, and prevent first and second servers associated with the first and second routing networks from increasing the first and second baseline rewards, respectively;
store, at a database, the priorities for the first routing network and the second routing network;
receive a user parameter, wherein the user parameter is indicative of a desired benefit for the user;
when an activity is detected, retrieve the priorities from the database;
when the first routing network, via a first server, increases the first baseline reward, send a notification to the second routing network, via a second server, about the increased first baseline reward;
determine whether the second server returns a response to the notification, wherein the response provides an increased second baseline reward exceeding the increased first baseline reward; and
identify, based on the user parameter, one of the first routing network and the second routing network that optimizes the activity for the desired benefit to the user based on the user parameter.

US Pat. No. 10,798,006

OVERLOAD PROTECTION FOR DATA SINKS IN A DISTRIBUTED COMPUTING SYSTEM

Akamai Technologies, Inc....

1. A system comprising one or more computers having circuitry forming one or more processors and memory storing computer program instructions for execution on the one or more processors to operate the system, the system comprising:a plurality of source devices generating reporting data, the reporting data comprising a plurality of messages arriving over time, each message having one or more data fields;
a data collection system that receives the reporting data from the source devices for delivery to first and second data sinks;
an overload protection subsystem of the data collection system that protects data sinks from overload by controlling the volume of reporting data sent thereto, wherein said overload protection is performed at least in part by, with the overload protection subsystem:
(i) receiving first and second policies for first and second data sinks, respectively, the first policy being defined by an owner of the first data sink to specify how and when overload protection will be applied for the first data sink and the second policy being defined by an owner of the second data sink to specify how and when overload protection will be applied for the second data sink;
(ii) monitoring reporting data over time to determine that, at a particular time, a first condition defined in the first policy has been met by the reporting data, the first condition being a trigger for applying said overload protection for the first data sink;
(iii) based on said determination in (ii), applying said overload protection by applying a traffic shaping action defined by the first policy to reporting data, so as to create a first data stream for the first data sink, the traffic shaping action comprising any of: (a) reducing a size of one or more messages in the reporting data by removing a subset of one or more data fields from each of the one or more messages, and (b) dropping a subset of one or more messages in the reporting data;
(iv) monitoring reporting data over time to determine that, at a particular time, a second condition defined by the second policy has been met by the reporting data, the second condition being a trigger for applying said overload protection for the second data sink;
(v) based on said determination in (iv), applying said overload protection by applying a traffic shaping action defined by the second policy to reporting data, so as to create a second data stream for the second data sink, the traffic shaping action comprising any of: (a) reducing a size of one or more messages in the reporting data by removing a subset of one or more data fields from each of the one or more messages, and (b) dropping a subset of one or more messages in the reporting data;
the overload protection subsystem configured to instruct the data collection system to send the first data stream to the first data sink, and send the second data stream to the second data sink.

US Pat. No. 10,798,005

OPTIMIZING APPLICATION THROUGHPUT

International Business Ma...

1. A computer-implemented method of optimizing application throughput, the method comprising the steps of:generating, by one or more processors, an initial network design of a computer network that includes (i) an original network path to a backup server computer that includes a first set of links which are active links and (ii) a second set of links to the backup server computer that are inactive and redundant to the first set of links, the initial network design being based on a spanning tree protocol provided by processing in layer 2 that blocks the second set of links or an Internet Protocol (IP) route selection protocol provided by processing in layer 3 that shadows the second set of links, and the layer 2 and the layer 3 being layers in an Open Systems Interconnection model;
collecting, by the one or more processors, data about traffic flow in the computer network from one or more switches and one or more routers in the computer network;
identifying, by the one or more processors, the backup server computer as a hot spot destination in the computer network by performing analytics on the collected data about the traffic flow, the analytics indicating that the traffic flow matches a historical traffic pattern that indicates that (i) data is backed up from applications to the backup server computer and (ii) the applications from which the data is backed up are executed in a first pod of hosts;
in response to the backup server computer being identified as the hot spot destination, creating, by the one or more processors, an application-optimized software-defined networking (SDN) path that specifies a first path to the backup server computer and a second path to the backup server computer, the first and second paths utilizing the first set of links and the second set of links for new flows to backup data to the backup server computer in a subsequent network design of the computer network;
detecting, by the one or more processors, that (i) a first new flow is backing up first data from a first application to the backup server computer and (ii) the first application is being executed by a first host in the first pod;
detecting, by the one or more processors, that (i) a second new flow is backing up second data from a second application to the backup server computer and (ii) the second application is being executed by a second host in the first pod;
in response to the detecting that the first and second new flows are backing up the first and second data, respectively, to the backup server computer which is the hot spot destination and that the first and second applications are being executed in the first pod, replacing, by the one or more processors, the initial network design with the subsequent network design and activating, by the one or more processors, the second set of links in the subsequent network design;
forwarding, by the one or more processors, the first and second new flows to the application-optimized SDN path so that the first new flow is forwarded to the backup server computer via the first set of links and the second new flow is forwarded to the backup server computer via the second set of links that are active but were inactive prior to the initial network design being replaced with the subsequent network design; and
in response to the replacing the initial network design with the subsequent network design and the forwarding the first and second new flows, bypassing the processing in layer 2 that blocks the second set of links, bypassing the processing in layer 3 that shadows the second set of links, and providing a throughput of the backing up of the first and second data by the first and second applications using the first and second set of links according to the subsequent network design, so that the throughput is improved over another throughput of a backup of the first and second data by the first and second applications using the first set of links but not the second set of links according to the initial network design.

US Pat. No. 10,798,004

NETWORK TRAFFIC APPLIANCE FOR TRIGGERING AUGMENTED DATA COLLECTION ON A NETWORK BASED ON TRAFFIC PATTERNS

Exinda Networks PTY, Ltd....

1. A method of adjusting network data management in a network traffic appliance coupled to devices in a network, the method comprising:receiving data traffic via a network interface of the network traffic appliance;
passing data traffic to the devices in the network;
collecting network traffic data via a network interface of the network traffic appliance from a first set of data sources based on the data traffic passing through the network appliance at a normal level;
determining whether the network traffic data indicates an abnormal condition via a traffic analysis performance engine in the network traffic appliance;
when an abnormal condition is determined, collecting network data from a second set of data sources and increasing the collection of network traffic data through collection of network data from the second set of data sources and through the network traffic appliance, wherein the first set of data sources is different than the second set of data sources; and
storing the network traffic data from the increased collection in a memory device.

US Pat. No. 10,798,003

METHOD AND SYSTEM FOR TRIGGERING AUGMENTED DATA COLLECTION ON A NETWORK DEVICE BASED ON TRAFFIC PATTERNS

Exinda Networks PTY, Ltd....

1. A method of augmenting collection by a first network device of data between computing devices in a network, the method comprising:collecting network traffic data based on the data traffic passing through the first network device at a normal level from a first set of data sources via a data collection engine coupled to the network;
monitoring the network traffic data from the data collection engine;
determining whether the network traffic data indicates an abnormal condition via a central management device;
running an application on one of the computing devices to collect network data from a second set of data sources and to increase the collection of the network traffic data when an abnormal condition is determined, wherein the first set of data sources is different than the second set of data sources; and
storing the network traffic data from the increased collection in a memory device.

US Pat. No. 10,798,002

DISTRIBUTED ANTENNA SYSTEM, FRAME PROCESSING METHOD THEREFOR, AND CONGESTION AVOIDING METHOD THEREFOR

SOLiD, INC., Seongnam-si...

10. A distributed antenna system (DAS) comprising:a system unit configured to drop or transmit frames based on a quality of service (QoS) tag of each of the frames, and to generate event information associated with congestion based on information accumulated by dropping or transmitting the frames, wherein the system unit is any one of a headend, a hUB and a radio unit (RU); and
a DAS management system configured to generate a request message for processing a new call access denial or an existing call disconnection according to the event information.

US Pat. No. 10,798,001

SOFTWARE DEFINED NETWORKING (SDN) CONTROLLER ORCHESTRATION AND NETWORK VIRTUALIZATION FOR DATA CENTER INTERCONNECTION

Futurewei Technologies, I...

1. A network provider controller (NPC), comprising:a processor;
a memory coupled to the processor and storing instructions for execution by the processor, wherein the processor is configured to execute the instructions to:
receive a virtual network service (VNS) request from a client controller managing a first client end point and a second client end point, wherein the first client end point and the second client end point is connected by a network managed by the NPC, wherein the VNS request comprises an identifier of the first client end point and an identifier of the second client end point;
obtain an identifier of a first node corresponding to the identifier of the first client end point and an identifier of a second node corresponding to the identifier of the second client end point, wherein the first node is in the network and connects to the first client end point, the wherein second node is in the network and connects to the second client end point;
compute a virtual network that comprises a network path according to the identifier of the first node and the identifier of the second node, wherein the network path traverses the network between the first client end point and the second client end point;
send a VNS response message comprising the virtual network to the client controller; and
wherein the virtual network is computed according to a granularity of the virtual network, the granularity of the virtual network is expressed of virtual network elements and virtual links.

US Pat. No. 10,798,000

METHOD AND APPARATUS OF COMPRESSING NETWORK FORWARDING ENTRY INFORMATION

Arista Networks, Inc., S...

13. A network element that determines a match for a compressed address using an exact match table, the network element comprising:a receiving network physical interface coupled to a network, that receives a data packet including a destination address;
memory storing a set of instructions, coupled to the receiving network physical interface, wherein in response to determining that the data packet is of a first type of a plurality of types, the set of instructions compresses the destination address to give a compressed address and performs an address lookup using the compressed address in an exact match table concurrently with a longest prefix match address lookup using the uncompressed host address, wherein the compressed address includes a compressed subnet and an uncompressed host address, and the compressed subnet is compressed using a hash function, the exact match table is a hash table that stores a plurality of compressed address with each of the plurality of compressed addresses stored including a compressed subnet and an uncompressed host address, and a transmitting interface of the network element is derived from a match in the address lookup;
the transmitting network physical interface, coupled to the memory and the network, that forwards the data packet using the transmitting interface if there is a match; and
in response to determining that the data packet is of a first type of a plurality of types, the set of instructions, in response to determining that the data packet is of a second type of the plurality of types, forwards the data packet using a transmitting interface derived without compressing the destination address.

US Pat. No. 10,797,999

MULTICHANNEL INPUT/OUTPUT VIRTUALIZATION

AVAGO TECHNOLOGIES INTERN...

1. A network device, comprising:circuitry; and
a memory coupled with and readable by the circuitry, wherein the memory is configured to include a first portion of physical memory used by a host process for Input/Output (I/O) operations, wherein the host process is executing on the network device;
wherein the circuitry is configured to:
include a first channel used by the host process for transmission or receipt of packets and a second channel used by a virtual machine for transmission or receipt of packets, wherein the virtual machine is executing on the network device; and
allocate a first portion of an address map for the host process, the first portion of the address map including a first set of mappings that map a first set of virtual addresses to a set of addresses in the first portion of physical memory, wherein the host process uses the first portion of the address map to transmit or receive packets using the first channel; and
allocate a second portion of the address map for the virtual machine, wherein the virtual machine uses the second portion of the address map to transmit or receive packets using the second channel.

US Pat. No. 10,797,998

ROUTE SERVER FOR DISTRIBUTED ROUTERS USING HIERARCHICAL ROUTING PROTOCOL

VMWARE, INC., Palo Alto,...

1. For a computing device that implements a centralized logical routing component of a logical network that handles data traffic between the logical network and an external physical network, a method comprising:receiving a first link state advertisement (LSA) message from a machine that implements a route server for a distributed logical routing component of the logical network, the distributed logical routing component implemented across a plurality of physical forwarding elements, the first LSA message comprising (i) a parameter identifying the machine as a route server and (ii) a set of logical network addresses;
receiving a second LSA message from the route server that specifies a next hop address for the set of logical network addresses, wherein the next hop address corresponds to the distributed logical routing component; and
adding a route specifying the next hop address corresponding to the distributed logical routing component as the next hop address for the set of logical network addresses to a routing table of the centralized logical routing component, wherein the added route has a higher priority than routes received from the external physical network.

US Pat. No. 10,797,997

NETWORK DEVICE WITH SERVICE SOFTWARE INSTANCES DEPLOYMENT INFORMATION DISTRIBUTION

AVAGO TECHNOLOGIES INTERN...

1. A network device comprising:at least one processor core and associated memory;
a memory coupled to said at least one processor core and storing a table containing the service software instance deployment to network devices which execute the service software instances, each software service instance performing a network service; and
management tool software executing on said at least one processor core and stored in said associated memory and coupled to said memory storing the table containing the service software instance deployment to network devices which execute the service software instances, said management tool software causing said at least one processor core to provide information to network devices that add a services tag to packets provided to the network and to network devices that route packets to service software instances based on a services tag in packets received from the network to store network services tables to allow such services tag addition and packet routing, the services tag specifying network services to be performed on the packet.

US Pat. No. 10,797,996

SERVER-BASED LOCAL ADDRESS ASSIGNMENT PROTOCOL

Futurewei Technologies, I...

1. An endpoint client comprising:a memory;
a processor coupled to the memory and configured to:
perform a random number generation;
generate a host identifier (HID) based on the random number generation and independent of router input or server input, the HID is substantially unique within a local network; and
generate, using the HID, an initial message requesting a media access control (MAC) address for a local address; and
a transmitter coupled to the processor and configured to transmit the initial message towards at least one server.

US Pat. No. 10,797,995

REQUEST ROUTING BASED ON CLASS

Amazon Technologies, Inc....

1. A computer-implemented method comprising:obtaining a first Domain Name System (DNS) query from a client computing device at a first DNS server of a content delivery network (CDN) service, wherein the first DNS query is associated with a requested resource;
determining a class of the client computing device associated with the first DNS query;
determining an alternative resource identifier based on routing information for the class, wherein the alternative resource identifier includes information for causing a second DNS query to resolve to a domain of the CDN service; and
causing transmission of the alternative resource identifier to the client computing device in response to the first DNS query.

US Pat. No. 10,797,994

DECENTRALIZED SYSTEM FOR DISTRIBUTING DIGITAL CONTENT

Eluvio, Inc., Berkeley, ...

1. A decentralized system for distributing digital content in an overlay network of nodes, the system comprising:a memory device; and
one or more processors in communication with the memory device, the one or more processors configured to execute a software stack to provide one or more of a plurality of fabric nodes of an overlay network implemented in an application layer differentiated from an internet protocol (IP) layer, the overlay network configured to:
obtain, for a fabric node:
a node identifier (ID) identifying the fabric node, and
one or more network-wide parameters;
determine, using the one or more network-wide parameters, a set of partition identifiers (IDs) for the node ID, the partition IDs comprising:
a first partition ID identifying a first partition to be managed by the fabric node, and
a second one or more partition IDs identifying a second one or more partitions to be managed by the fabric node;
provide the first partition and the second one or more partitions to be managed by the fabric node; and
distribute at least a portion of the digital content in the overlay network using at least the first partition ID, the distributing of at least the portion of digital content in the overlay network comprising:
computing a partition for a content object part,
computing an exclusive or (XOR) distance between the content object part partition and the first partition,
comparing the XOR distance with a number of partitions per fabric node in the overlay network, the number of partitions per fabric node in the overlay network being a network-wide parameter, and
determining an assignment for the content object part with respect to the fabric node based on the comparison of the XOR distance with the number of partitions per fabric node in the overlay network.

US Pat. No. 10,797,993

OVERLAY NETWORK IDENTITY-BASED RELAY

Tempered Networks, Inc., ...

1. A method for managing communication over a network using a plurality of network computers, wherein execution of instructions by one or more network computers performs the method comprising:determining a connection route for one or more received packets based on a source identifier corresponding to a source network computer and a target identifier associated with a target network computer, wherein the connection route is associated with both the source identifier and the target identifier, and wherein each identifier is separate from a network address of the source network computer or the target network computer, and wherein the source network computer and the target network computer provide one or more of security, access control, or routing for the one or more packets; and
forwarding the one or more packets provided by the source network computer to the target network computer based on network address information associated with the target network computer.

US Pat. No. 10,797,992

INTELLIGENT WIDE AREA NETWORK (IWAN)

Cisco Technology, Inc., ...

1. A method comprising:maintaining, by an electronic device, one or more tunnel-based overlays for a communication network for each application of a plurality of applications, wherein the communication network comprises two or more physical provider networks;
maintaining, by the device, a mapping between a particular application of a plurality applications and the one or more overlays for the communication network, wherein the mapping between the particular application and the overlay for the communication network comprises an enterprise network address associated with the particular application that is within an enterprise address space, and routing information for the enterprise network address that comprises one or more addresses that are within the address spaces of the physical provider networks;
adjusting, by the device, the mapping between the particular application and the one or more overlays for the communication network, wherein adjusting the mapping between the particular application and the overlay for the communication network comprises:
receiving, at the device, an indication that an endpoint for the particular application is migrating from a first network domain to a second network domain, wherein the second network domain is a different network than the first network domain; and
dynamically adjusting, in response to receiving the indication, the routing information for the enterprise network address associated with the particular application to cause the traffic for the particular application to be routed to the second network domain;
causing, by the device, one or more routers in the communication network to route traffic for the particular application according to the adjusted mapping between the application and the one or more overlays for the communication network; and
causing, by the device, a particular router of the one or more routers to maintain 1) a global virtual routing and forwarding (VRF) instance for user traffic routing and 2) one or more separate VRF instances corresponding to each interface of the physical provider networks for tunnel establishment.

US Pat. No. 10,797,991

SETTING LINK AGGREGATION GROUP

NEW H3C TECHNOLOGIES CO.,...

1. A method of setting a link aggregation group, the method being applied to a controlling bridge, the controlling bridge and a port extender forming an extended bridge, wherein the method comprises:setting a link aggregation group;
associating an aggregation port of the link aggregation group with a plurality of extended ports of the same port extender, wherein the plurality of extended ports is connected to a same terminal and has different extended port identifiers;
assigning an aggregation port identifier to the aggregation port;
associating a respective extended port identifier for each of the plurality of extended ports and a cascaded port connecting to the port extender with the aggregation port so that an ingress port through which an upstream packet received by any of the plurality of extended ports enters the extended bridge is identified as the aggregation port based on any extended port identifier carried in the upstream packet; and
associating the aggregation port with the aggregation port identifier and the cascaded port to determine to add the aggregation port identifier into a downstream unicast packet of which an egress port for exiting the extended bridge is the aggregation port and to determine to send the downstream unicast packet added with the aggregation port identifier via the cascaded port.

US Pat. No. 10,797,990

SERVER REDUNDANT NETWORK PATHS

Microsoft Technology Lice...

1. A method for routing data at a rack comprising a plurality of servers and at least two lowest level top-of-rack switches connected to the plurality of servers, the method comprising:on each of the plurality of servers, duplicating data signals on two network interfaces of a network interface card, each of the network interfaces communicatively coupled to a different one of the two top-of-rack switches via a physical or media layer switch;
activating a control signal to indicate an active communication path from one of the switches to one or more of the servers, the active communication path corresponding to a first of the two network interfaces;
in response to detecting a failure of the active communication path, modifying, by at least one of the switches or one of the servers, the control signal to indicate a switch to the second of the two network interfaces, the second network interface corresponding to an alternate communication path, wherein the active and alternate communication paths are pre-provisioned to forward current session traffic addressed to one of the plurality of servers using short path labels; and
diverting data signals of the current session traffic via the alternate communication path using the short path labels.

US Pat. No. 10,797,989

SCALABLE VIRTUAL TRAFFIC HUB INTERCONNECTING ISOLATED NETWORKS

Amazon Technologies, Inc....

1. A system, comprising:one or more computing devices of a packet processing service of a provider network;
wherein the one or more computing devices include instructions that upon execution on a processor cause the one or more computing devices to:
in response to a programmatic request to configure a first virtual traffic hub as an intermediary for network traffic between a plurality of isolated networks, store metadata indicating (a) at least a first action implementation node assigned to the first virtual traffic hub, and (b) at least a first routing decision master node assigned to the first virtual traffic hub;
propagate, to the first routing decision master node, respective sets of state information entries for a first isolated network;
obtain, at the first action implementation node, a first executable action from the first routing decision master node, wherein the first executable action is to be implemented for one or more packets of a first network flow, wherein the first executable action is generated at the first routing decision master node based at least in part on the respective sets of state information entries, and wherein an indication of semantics of the first executable action is not provided to the first action implementation node;
store, in a flow-indexed cache of the first action implementation node, the first executable action;
cause, based at least in part on implementing the first executable action at the first routing action implementation node, contents of one or more data packets of the first network flow to be transmitted to a second isolated network.

US Pat. No. 10,797,988

METHOD AND APPARATUS FOR CONTROLLING AND MANAGING A FIELD DEVICE USING AN INDUSTRY INTERNET OPERATING SYSTEM

KYLAND TECHNOLOGY CO., LT...

1. A method for controlling and managing a field device using an industry Internet operating system comprising at least an industry cloud server and industry field devices, the method comprising:receiving, by each industry field device, a device identifier configuration strategy issued by the industry cloud server, establishing a communication connection with the other industry field device according to the device identifier configuration strategy, and further generating a list of device information; and
sending, by the industry field device, the list of device information to the industry cloud server on its own initiative, so that the industry cloud server controls the industry field devices according to the list of device information;
wherein the industry field devices comprise a master device and multiple slave devices;
wherein sending, by the industry field device, the list of device information to the industry cloud server, so that the industry cloud server controls the industry field devices according to the list of device information comprises:
receiving, by the master device, an upgrade command sent by the industry cloud server for the multiple slave devices; wherein the upgrade command comprises a device type, and an upgraded version number;
determining, by the master device, at least one slave device to be upgraded according to the upgrade command and the list of device information;
sending, by the master device, the upgrade command to the at least one slave device to be upgraded, so that the at least one slave device to be upgraded upgrades in response to the upgrade command; and
updating, by the master device, the list of device information of the at least one slave device to be upgraded;
wherein the device type in the list of device information of the at least one slave device to be upgraded, is same as the device type in the upgrade command; and
wherein the upgraded version number in the list of device information of the at least one slave device to be upgraded, is not the same as the upgraded version number in the upgrade command.

US Pat. No. 10,797,987

SYSTEMS AND METHODS FOR SWITCH STACK EMULATION, MONITORING, AND CONTROL

1. A system to facilitate adaptive switch stack interaction, the system comprising:one or more network interfaces;
memory configured to store computer-executable instructions; and
one or more processing devices communicatively coupled with the one or more network interfaces and the memory, the one or more processing devices configured to execute the computer-executable instructions to perform operations comprising:
performing discovery with respect to a plurality of switches, which are communicatively coupled with the system, at least partially by:
communicating with the plurality of switches via a network, where each switch of the plurality of switches:
corresponds to a switch stack; and
comprises a plurality of ports, where one or more ports of the plurality of ports are communicatively coupled to one or more endpoint devices and/or one or more access points;
processing switch data transmitted from the plurality of switches via the network;
using items of the switch data to develop models of the switches; and
storing the models of the switches, each model comprising switch specifications for a particular switch of the plurality of switches;
using a particular model of the models to emulate the particular switch corresponding to the particular model, the emulating comprising:
creating emulation data that is based at least in part on the particular model to facilitate a graphical representation, where the graphical representation is formatted to represent the particular switch; and
causing transmission of the emulation data to at least one endpoint device to facilitate an emulation interface that is accessible by the at least one endpoint device, where:
the emulation interface corresponds to a graphical representation of a port-by-port layout of the particular switch that visually represents a physical layout of ports of the particular switch and that allows access to at least a subset of the switch data via one or more interface elements that are user-selectable,
the subset of the switch data is mapped to the particular switch, and
portions of the subset of the switch data are mapped to one or more ports of the particular switch.

US Pat. No. 10,797,986

LINK DISCOVERY METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A link discovery method, comprising:sending, by a control plane device, a first flow entry to a plurality of forwarding plane devices, wherein the first flow entry instructs the plurality of forwarding plane devices to forward a received topology discovery packet to the control plane device, wherein no time out time is set for the first flow entry; or a first timeout time that is set for the first flow entry is greater than a preset threshold;
sending, by the control plane device, a first message to the plurality of forwarding plane devices, wherein the first message instructs each forwarding plane device receiving the first message to send a topology discovery packet at all available ports of the respective forwarding plane device, wherein the control plane device sends the first flow entry to the plurality of forwarding plane devices before the control plane device sends the first message to the plurality of forwarding plane devices;
receiving, by the control plane device, second messages respectively sent by the plurality of forwarding plane devices, wherein one of the second messages is generated by a second forwarding plane device sending the one of the second messages according to a first topology discovery packet received at a second port of the second forwarding plane device, the first topology discovery packet is a topology discovery packet sent by a first forwarding plane device in the plurality of forwarding plane devices at a first port, the first topology discovery packet carries identification information of the first forwarding plane device and identification information of the first port, and the one of the second messages carries the identification information of the first forwarding plane device, the identification information of the first port, identification information of the second forwarding plane device, and identification information of the second port; and
determining, by the control plane device, topology connections between the plurality of forwarding plane devices according to the second messages sent by the plurality of forwarding plane devices, wherein a first topology connection determined according to the one of the second messages comprises a topology connection from the first port of the first forwarding plane device to the second port of the second forwarding plane device.

US Pat. No. 10,797,962

METHODS AND APPARATUS FOR PROVIDING ADAPTIVE PRIVATE NETWORK CENTRALIZED MANAGEMENT SYSTEM DATA VISUALIZATION PROCESSES

Talari Networks Incorpora...

1. A method for display management of an adaptive private network (APN), the method comprising:installing a database, according to rules that define tables of data, in a first node of a centralized management system including a network control node (NCN) coupled through the APN to a plurality of client nodes, wherein the NCN is separate from each client node including the first node and the NCN administers and controls client nodes within the APN;
sending a plurality of timing messages from the NCN to a client node, wherein each timing message is time stamped with a send time according to a first clock in the NCN;
calibrating a network time in the client node based on an evaluation of an average of send times, an average of arrival times for the plurality of timing messages received at the client node, current time in the client node, and a round trip time between the NCN and the client node, wherein timestamps of data gathered from the NCN and each client node of the plurality of client nodes are correlated to a master time specified by the first node;
polling the NCN and client nodes of the APN for user specified data to be stored in the database in the first node, wherein the data is associated with a user specified period of time of operation of the APN as correlated to the master time and includes statistics regarding operation of the NCN, client nodes, and paths in the APN; and
accessing the user specified data from the database in the first node for display according to a network configuration, a user selected display type, and attributes selected by the user for display of a network map including operating statistics for each path between wide area network (WAN) links.

US Pat. No. 10,797,961

DEVICE SEARCH APPARATUS AND DEVICE SEARCH METHOD

SEIKO EPSON CORPORATION, ...

1. A device search apparatus comprising:a communication device which wirelessly communicates with a device;
an input device to which information is inputted by a user;
a display device which displays information; and
a processing device which, if input information inputted by the user via the input device includes a predetermined keyword:
searches for a device, using the communication device,
extracts a device associated with a device name included in the input information from among devices detected by the search, and
displays a device indication representing each extracted device on the display device, wherein: the input information inputted by the user includes a character string, the character string includes the predetermined keyword, and the processing device initiates the search in response to determining that the character string includes the predetermined keyword, and extracts a device associated with a device name that is included in the character string excluding the predetermined keyword.

US Pat. No. 10,797,960

GUIDED NETWORK MANAGEMENT

1. A guided network management system comprising:a processor; and
memory having instructions stored thereon that, when executed by the processor, cause the processor to perform operations comprising
monitoring traffic traversing a virtualized network, wherein the virtualized network comprises a plurality of virtual network functions that provide, at least in part, a service to a user device,
capturing an event from the traffic, wherein the event involves the user device and at least one virtual network function of the plurality of virtual network functions, and wherein the event negatively affects an operational aspect of the virtualized network in providing the service,
creating a snapshot of the virtualized network, wherein the snapshot represents a network state of the virtualized network during the event, and wherein the snapshot further represents a user device state of the user device during the event,
creating, based upon the snapshot, a shadow network, wherein the shadow network comprises a network emulation of the network state of the virtualized network during the event,
creating, based upon the snapshot, a user device emulation based upon the user device state, and
determining, from the shadow network, a modification to at least a portion of the virtualized network that would at least mitigate the event from negatively affecting the operational aspect of the virtualized network in providing the service, wherein determining, from the shadow network, the modification to at least the portion of the virtualized network comprises performing an A/B test, wherein the shadow network emulating the network state of the virtualized network is compared to the shadow network emulating a modified network state of the virtualized network comprising the network state modified by the modification.

US Pat. No. 10,797,959

LLDP BASED RACK MANAGEMENT CONTROLLER

QUANTA COMPUTER INC., Ta...

1. A method of determining operational data from a network device, the network device coupled to a management controller, the method comprising: connecting the network device to a port of a switch;determining power consumption of the network device by monitoring a power supply of the network device;
determining operational data based on the operation of the network device, wherein the operational data includes the power consumption of the network device;
sending a discovery packet including the operational data to the management controller,
wherein the discovery packet is a layer link discovery protocol (LLDP) packet that comprises a plurality of time length value (TLV) structures containing the operational data; and
embedding an application in a management agent of the network device, the management agent operable to determine operational data of the network device and the embedded application operable to format the discovery packet.

US Pat. No. 10,797,958

ENABLING REAL-TIME OPERATIONAL ENVIRONMENT CONFORMITY WITHIN AN ENTERPRISE ARCHITECTURE MODEL DASHBOARD

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for managing an operational environment of entities that are computing assets, comprising:identifying, using an operational dashboard, an enterprise architecture model that is a static snapshot representing enterprise architecture information that does not include operational data from the operational environment;
receiving real time metrics from the operational environment to establish a dynamic snapshot of operational data;
generating a mapping that maps entities of the enterprise architecture model with elements in the dynamic snapshot of the operational environment;
detecting, within the operational environment, an operational state change of one of the computing assets; and
indicating, within the operational dashboard and using the mapping combined with the operational state change, an operating status of the operational environment.

US Pat. No. 10,797,957

NETWORK MANAGEMENT APPARATUS, NETWORK MANAGEMENT METHOD, NETWORK MANAGEMENT SYSTEM, AND PROGRAM

NEC CORPORATION, Minato-...

1. A network management apparatus, comprising:a determination part that determines, when a set of transmission rates set for a plurality of groups including one or more flows is gradually changed from a start state to an end state, a set(s) of transmission rates used in an intermediate state(s) in such a manner that a constraint(s) on a bandwidth(s) of a link(s) through which a flow(s) passes is satisfied; and
a setting part that gradually changes the set of transmission rates set for the plurality of groups from the start state to the end state while using the determined set(s) of transmission rates in the intermediate state(s),
wherein the determination part determines, as the transmission rates used in the intermediate state(s), the set(s) of transmission rates by allowing a group(s) having a transmission rate(s) in the end state lower than a transmission rate(s) in the start state to have the transmission rate(s) in the end state and allowing a group(s) having a transmission rate(s) in the end state higher than a transmission rate(s) in the start state to have the transmission rate(s) in the start state.

US Pat. No. 10,797,955

SYSTEM AND METHOD FOR OPERATING A NETWORK

NEC CORPORATION, Tokyo (...

1. A method for operating a network, the method comprising:combining modules, which are lower-level service functions of the network, to compose a service, which is a higher-level service function of the network,
wherein at least two modules of the modules interact according to a policy for providing and/or monitoring and/or optimizing the service, and
wherein the at least two modules have an awareness, comprising a location-awareness and/or a proximity-awareness, with respect to at least one other module of the modules for deciding and/or varying an amount and/or kind of interaction between the at least two modules and/or between the at least one other module at runtime depending on the awareness and on the policy.

US Pat. No. 10,797,954

ENFORCING POLICIES IN CLOUD DOMAINS WITH DIFFERENT APPLICATION NOMENCLATURES

Juniper Networks, Inc., ...

1. A device, comprising:one or more memories; and
one or more processors to:
receive policy information indicating a policy to be implemented for an application hosted by a plurality of cloud domains;
receive, from the plurality of cloud domains, different application resource tags and addresses associated with the application,
a first cloud domain, from the plurality of cloud domains, including a first application resource tag and a first address for identifying the application, and
a second cloud domain, from the plurality of cloud domains, including a second application resource tag and a second address for identifying the application;
map the first application resource tag and the second application resource tag to a generic identifier;
associate the policy with the generic identifier and with the first address and the second address associated with the application,
wherein the one or more processors, when associating the policy with the generic identifier and with the first address and the second address associated with the application, are to:
create a policy object that includes:
a source dynamic address group (DAG) identifier associated with source addresses of the first address and the second address associated with the application,
a destination DAG identifier associated with destination addresses of the first address and the second address associated with the application, and
information indicating an action to perform based on the policy;
provide, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the plurality of cloud domains to permit the plurality of cloud domains to implement the policy,
wherein the one or more processors, when providing the policy, are to:
provide the policy object to the plurality of cloud domains to permit the plurality of cloud domains to perform the action; and
process the different application resource tags with one or more artificial intelligence models to determine which of the different application resource tags are to be mapped to the generic identifier.

US Pat. No. 10,797,953

SERVER CONSOLIDATION SYSTEM

INTERNATIONAL BUSINESS MA...

1. A computer program product for a network management device, comprising:a non-transitory computer readable storage medium to store a computer readable program, wherein the computer readable program, when executed on a computer, causes the computer to perform operations for server management in a computer network, the operations comprising:
grouping a plurality of servers in a network into a plurality of clusters;
receiving network usage data for a new server added to the network, the network usage data generated at a network communication device external to the new server, wherein the network communication device is a router;
classifying the new server into a cluster from the plurality of clusters based only on the network usage data received for the new server prior to classifying the new server and on a cluster characterization characterizing resource usage data for the servers in the cluster, without receiving processor usage data for the new server, and without receiving memory usage data for the new server;
predicting processor usage and memory usage for the new server based only on the network usage data for the new server and on the cluster characterization; and
allocating one or more workloads from a plurality of workloads to the new server based on the cluster characterization.

US Pat. No. 10,797,952

INTELLIGENT ROLLBACK ANALYSIS OF CONFIGURATION CHANGES

Hewlett Packard Enterpris...

1. A computer system, comprising:a network communications interface;
a memory; and
one or more processing units, communicatively coupled to the memory and the network communications interface, wherein the memory stores instructions, that when executed by the one or more processing units, cause the one or more processing units to provide a server side component to identify a plurality of different snapshot versions as part of a rollback to a previous configuration for subsets of network infrastructure devices, the server side component to:
identify a plurality of different network device configuration snapshots to select a set of snapshot checkpoints, the set of snapshot checkpoints including a set of related parameter settings for each of the plurality of different network device configuration snapshots, each member of the set of snapshot checkpoints associated with a network device selected from the plurality of different network devices and one or more automated validation capabilities for the network device;
determine at least one rollback version of a snapshot checkpoint relative to the set of snapshot checkpoints and to a first logical grouping of network devices, the first logical grouping including the network device;
automatically initiate the one or more automated validation capabilities to validate a proposed rollback for the first logical grouping to a first version of a snapshot taken subsequent to or equal to a time of the at least one rollback version;
determine a success status of the initiated validation with respect to the network device and the first version,
wherein different logical groupings of multiple devices within a single network are validated against snapshot checkpoints taken at different points in time.

US Pat. No. 10,797,951

DISCOVERING AND GROUPING APPLICATION ENDPOINTS IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method executed by a network element in a network environment, the method comprising:discovering endpoints communicating in a network environment;
calculating affinity between the endpoints;
grouping the endpoints into separate endpoint groups (EPGs) according to the affinity and a predetermined affinity threshold, each one of the EPGs including a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries,
generating, using the EPGs, application profiles to allow for stateless network policy definition and enforcement; and
automatically mapping the network policy onto network hardware based on a workload location.

US Pat. No. 10,797,950

SYSTEMS AND METHODS FOR DYNAMICALLY CONFIGURING A NETWORK SWITCH FOR MONITORING

Unisys Corporation, Blue...

1. A method for dynamically configuring switch monitoring, the method comprising:receiving, by a processor, an Internet Protocol (IP) address associated with a network switch;
probing, by the processor, the network switch based, at least in part, on the received IP address to obtain first information regarding a vendor of the network switch and a model of the network switch;
preparing a request, to be transmitted to the network switch, for second information regarding a firmware version of the network switch based, at least in part, on the first information;
receiving from the network switch the second information comprising the firmware version of the network switch, in response to the request;
configuring, by the processor, the processor to monitor the network switch based on the processing of first information and on processing of the second information;
selecting, based at least in part on the first information and/or the second information, a template file to use to create a configuration file for configuring the processor to monitor the network switch;
creating the configuration file that is specific for the network switch based, at least in part, on the selected template file; and
executing the configuration file, wherein execution of the configuration file configures the processor to monitor the network switch.

US Pat. No. 10,797,949

I/O RECOVERY FOR STORAGE SIDE CABLE MOVEMENT IN FABRIC-ASSIGNED WORLD-WIDE PORT NAME FABRICS

International Business Ma...

8. An apparatus for I/O recovery for storage side cable movement in fabric-assigned world-wide port name (WWPN) fabrics, the apparatus comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:receiving an indication that active logical unit numbers (LUNs) have been disconnected from a fibre channel switch port assigned with a first fabric-assigned WWPN.
pausing I/O activity for active LUNs;
identifying a second fabric-assigned WWPN assigned to a port to which the disconnected LUNs are potentially reconnected;
determining that the paused active LUNs are connected to the second fabric-assigned WWPN;
updating, with the second fabric-assigned WWPN, connection information for the paused active LUNs; and
resuming I/O activity for the paused active LUNs using the updated connection information.

US Pat. No. 10,797,948

DYNAMIC BURN SLOT ALLOCATOR

Dell Products, L.P., Rou...

1. An information handling system, comprising:a hardware processor; and
a memory device storing instructions that when executed cause the hardware processor to perform operations, the operations including:
establishing an Ethernet communication with a device installed in a burn slot;
receiving a media access control address via the Ethernet communication from the device installed in the burn slot;
receiving a hardware identifier via the Ethernet communication from the device installed in the burn slot;
querying an electronic database for both the media access control address and the hardware identifier, the electronic database electronically associating customers to media access control addresses and to hardware identifiers including the media access control address and the hardware identifier from the device installed in the burn slot;
identifying a customer of the customers in the electronic database that is electronically associated with both the media access control address and the hardware identifier from the device installed in the burn slot;
determining a virtual private network that is associated with the customer;
determining an Ethernet switch port in an Ethernet switch that corresponds to the customer;
dynamically assigning the Ethernet switch port that corresponds to the customer to the device installed in the burn slot; and
instructing the Ethernet switch to route packets of data from the virtual private network via the Ethernet switch port to the device installed in the burn slot.

US Pat. No. 10,797,947

INITIALIZATION AND CONFIGURATION OF END POINT DEVICES USING A MOBILE DEVICE

BAE Systems Controls Inc....

1. A computer implemented method for assigning configuration parameters to a plurality of end point devices in a network, comprising:(a) placing a mobile wireless device in close proximity to an end point device of N end point devices, N being a number greater than 1;
(b) establishing a wireless connection between the close proximity end point device and the mobile wireless device;
(c) transmitting an auto-addressing command from the mobile wireless device to the close proximity end point device in response to the wireless connection being established, the auto-addressing command including information to configure the close proximity end point device with a unique network address;
(d) transmitting other initialization information from the mobile device to the close proximity end point device;
(e) disconnecting the wireless connection in response to receiving a signal indicating that the close proximity end point device is configured with the unique network address;
(f) repeating steps (a)-(e) until each of the remaining N?1 end point devices is configured with a respective unique network address;
(g) registering the respective unique network addresses of each of the N end point devices in a network configuration table;
(h) establishing a public/private key encryption protocol in the wireless signal communication between the wireless mobile device and each respective end point device; and
(i) establishing an encryption key unique to a set of the N end point devices located in a single vehicle.

US Pat. No. 10,797,946

PROVISIONING A NETWORK DEVICE

ADTRAN, Inc., Huntsville...

1. A method, comprising:receiving, by a translation device, an OpenFlow message from a controller, wherein the OpenFlow message is formatted according to an OpenFlow communications protocol;
determining, by the translation device, the received OpenFlow message includes data destined for multiple different downstream network devices, wherein the multiple different downstream network devices includes a first downstream network device and a second downstream network device;
determining the first downstream network device among the multiple different downstream network devices is incapable of being provisioned using the OpenFlow communications protocol of the received OpenFlow message, but the second downstream network device is capable of being provisioned using the OpenFlow communications protocol of the received OpenFlow message;
transmitting, by the translation device, the OpenFlow message, as formatted according to the OpenFlow communications protocol, to the second downstream network device based on the determination the second downstream network device is capable of being provisioned using the OpenFlow communications protocol;
translating, by the translation device, data from the received OpenFlow message destined for the first downstream network device from the OpenFlow communications protocol of the received OpenFlow message to a translated message defined in a different protocol required to provision the first downstream network device based on the determination the first downstream network device is incapable of being provisioned using the OpenFlow communications protocol; and
transmitting, by the translation device, the translated message to the first downstream network device according to the different protocol; wherein:
the multiple different downstream network devices include additional downstream OpenFlow network devices, the method further comprising transmitting, by the translation device, the OpenFlow message received from the controller to each downstream OpenFlow network device among the additional downstream OpenFlow network devices without translating the received OpenFlow message to a protocol different than the OpenFlow protocol;
receiving the OpenFlow message from the controller comprises receiving the OpenFlow message from a Software Defined Network (“SDN”) controller;
the translation device presents a northbound Table Type Pattern (TTP) that differs from a southbound TTP presented by the translation device to facilitate communications between the SDN controller and the multiple different downstream network devices;
the northbound TTP is used for communications toward the SDN controller; and
the southbound TTP is used for communications toward the multiple different downstream network devices.

US Pat. No. 10,797,945

METHODS ARE PROVIDED FOR FLIGHT MANAGEMENT SERVICES IN A CLOUD ENVIRONMENT

HONEYWELL INTERNATIONAL I...

1. A method for providing a flight management service at a server in a cloud computing environment, the method comprising:generating a JavaScript Object Notation (JSON) object request from a client application, the JSON object request comprising a data set of flight plan attributes to initialize a cloud management computer at the server for an initial given state;
receiving, at the cloud management computer at the server the JSON object request wherein the JSON object request enables a create cloud management computer JSON object request by the cloud management computer to create a flight plan by executing get data set requests to a cloud data storage wherein the cloud data storage responds with internal cloud management computer data and the internal cloud management computer data stored is synced with cloud management computer data at the cloud data storage for retention;
sending an initial JSON object response to the client application, the initial JSON object request comprising flight plan attribute data and subsequently updating a dataset at the cloud data storage and sending an updated JSON object response to the client application;
processing, by the flight management service hosted by the server, the JSON object request generating a JSON object response comprising a resource identifier and JSON object for a particular flight plan wherein the resource identifier and JSON object comprises: a data set of necessary data for the particular flight plan generated by a JSON API specifying how client object requests are fetched;
storing, by the flight management service, the data set comprising the necessary data for the particular flight plan and the resource identifier as a stateless object in the cloud environment; and
sending, by the server, the JSON object response comprising the resource identifier from the flight management service to a mobile device, for accessing the necessary data set of the stateless object for the particular flight plan.

US Pat. No. 10,797,944

ZIGBEE LIGHT LINK NETWORK COMMISSIONING

SIGNIFY HOLDING B.V., Ei...

1. A commissioning device for joining at least one controller device to a first Zigbee Light Link, ZLL, network having at least one lighting device connected thereto, wherein the commissioning device is part of the ZLL network, the commissioning device comprising:a target module operable to cause the commissioning device to operate in a target mode during a single Touchlink procedure established between at least the controller device and the commissioning device in which the commissioning device is capable of joining the controller device to the first ZLL network in response to the Touchlink procedure being initiated by the controller device;
wherein the commissioning device is arranged for providing the controller device with at least one joining information associated with the first ZLL network wherein, the commissioning device is further arranged for providing the controller device with binding information that is associated with at least one group of lighting devices of the first ZLL network when the commissioning device provides the binding information to the controller device.

US Pat. No. 10,797,943

CONFIGURATION MANAGEMENT IN A STREAM COMPUTING ENVIRONMENT

International Business Ma...

1. A system of configuration management in a stream computing environment to process a stream of tuples using a compiled application bundle, the system comprising:a memory having a set of computer readable computer instructions, and
a processor for executing the set of computer readable instructions, the set of computer readable instructions including:
establishing, separate from the compiled application bundle for utilization with respect to execution of the compiled application bundle, a set of configuration overlay data which includes a set of configuration overlay parameters, wherein the set of configuration overlay parameters includes a plurality of partition co-location instructions;
ascertaining, with respect to the set of configuration overlay data, a set of configuration overlay parameter values for the set of configuration overlay parameters;
determining, based on the set of configuration overlay parameter values for the set of configuration overlay parameters, a stream environment application overlay configuration, wherein determining the stream environment application overlay configuration further comprises:
aggregating the set of configuration overlay parameter values, wherein the configuration overlay parameter values are selected from a group consisting of development-oriented contexts, instance-oriented contexts, and performance-oriented contexts; and
assembling the stream environment application overlay configuration for the compiled application bundle using the aggregation of the set of configuration overlay parameter values;
constructing, based on the stream environment application overlay configuration, a deployment topology model in advance of processing the stream of tuples in the stream computing environment;
modifying, both based on and in response to analyzing the deployment topology model, the stream environment application overlay configuration in advance of processing the stream of tuples in the stream computing environment; and
processing, using the stream environment application overlay configuration when executing the compiled application bundle, the stream of tuples in the stream computing environment.

US Pat. No. 10,797,942

PROVISIONING NETWORK SERVICES FOR CABLE SYSTEMS

NOKIA OF AMERICA CORPORAT...

1. A method for configuring a cable system, the method comprising:receiving a first set of configuration commands for configuring a cable system to provide network services to its subscribers, wherein the cable system employs a packet engine in a cable head end of the cable system for providing the network services and wherein the first set of configuration commands are generalized to the cable system and include syntax referencing the cable system;
generating by an interpreter in the cable head end of the cable system a second set of configuration commands by interpreting the first set of configuration commands including the syntax referencing the cable system based on a plurality of data models that describe the cable system and the network services to be provided, wherein at least one of the plurality of data models comprises a transaction for mapping a normalized parameter to a set of parameters that are specific to a particular device and vendor of the packet engine; and
providing the generated second set of configuration commands to the packet engine for configuring the packet engine in the cable head end of the cable system.

US Pat. No. 10,797,941

DETERMINING NETWORK ELEMENT ANALYTICS AND NETWORKING RECOMMENDATIONS BASED THEREON

CISCO TECHNOLOGY, INC., ...

1. In a network element that includes one or more hardware memory resources of fixed storage capacity for storing data used to configure one or more networking features of the network element, performing a method comprising:obtaining utilization data representing utilization of the one or more hardware memory resources by collecting data related to how the one or more networking features translate into usage of the one or more hardware memory resources;
analyzing the utilization data of the one or more hardware memory resources to produce summarized utilization data by mapping the one or more networking features with a corresponding bank in the one or more hardware memory resources; and
based on the summarized utilization data produced by analyzing, generating information indicating how much utilization efficiency of the one or more hardware memory resources can be obtained by reconfiguring the one or more networking features.

US Pat. No. 10,797,940

METHODS, APPARATUSES AND SYSTEMS FOR CLOUD-BASED DISASTER RECOVERY

Storage Engine, Inc., Ti...

1. A method for cloud-based disaster recovery, comprising:receiving, at a cloud-based computing platform, a failure indication of a client workload;
in response to the failure indication, recreating the failed client workload, including at least all devices, interconnections, and functionality of the failed client workload at the cloud-based computing platform and, based on the recreating, determining an amount of resources of the cloud-based computing platform necessary for implementing the failed client workload within the cloud-based computing platform;
reserving the amount of resources of the cloud-based computing platform based on the recreated client workload;
creating a virtual machine of the recreated client workload in the cloud-based computing platform within the reserved resources; and
enabling the virtual machine for use by a client in place of the failed client workload, wherein the virtual machine is renamed and tagged with identification information of the client.

US Pat. No. 10,797,939

WAN CONTROL FAILOVER BROKER FOR VHGW

Koninklijke KPN N.V., Ro...

1. A node for communication between a first network and a second network and wherein the node is arranged to couple to a controller in the second network via a first communication route for forming a distributed gateway, wherein the controller performs virtualized gateway functions for the node, and wherein:the second network is an internet service provider operating the controller,
the node is arranged to access a second communication route, and
the node is arranged to couple to the controller via the second communication route for forming the distributed gateway upon connection failure of the first communication route.

US Pat. No. 10,797,938

AUTOMATIC MONITORING, CORRELATION, AND RESOLUTION OF NETWORK ALARM CONDITIONS

Accenture Global Solution...

1. A method, comprising:receiving, by a device, first network information associated with a first portion of a network;
receiving, by the device, second network information associated with a second portion of the network that is different than the first portion of the network;
determining, by the device and based on the first network information and the second network information, an alarm condition for the network;
determining, by the device and based on correlation rules, whether the alarm condition relates to a currently handled alarm condition or a previously handled alarm condition;
processing, by the device, the alarm condition, network inventory information, network topology information, and network service information, with a machine learning model and when the alarm condition does not relate to the currently handled alarm condition or the previously handled alarm condition, to correlate the alarm condition with the network inventory information, the network topology information, and the network service information,
wherein correlating the alarm condition, with the network inventory information, the network topology information, and the network service information, generates a correlated alarm condition;
automatically generating, by the device, a resolution for the correlated alarm condition based on correlating the alarm condition with the network inventory information, the network topology information, and the network service information; and
automatically performing, by the device, one or more actions based on the resolution for the correlated alarm condition.

US Pat. No. 10,797,937

METHOD AND APPARATUS FOR PROVIDING TROUBLE ISOLATION VIA A NETWORK

1. A method comprising:monitoring a plurality of sessions for a user group of user endpoint devices, via a processor of an application server of a communications network operated by a network service provider, for detecting an abnormal cause code associated with the user group, wherein the user group is established for the user endpoint devices that are associated with a category;
aggregating, via the processor, the abnormal cause code over a plurality of user groups comprising the user group and other user groups having user endpoint devices that are associated with the category, wherein the aggregating of the abnormal cause code over the plurality of user groups is performed in accordance with at least one criterion, the at least one criterion comprising a submarket;
determining, via the processor, a root cause for the abnormal cause code when a deviation is determined to have occurred for the abnormal cause code in connection with the plurality of user groups, wherein the deviation is determined from a baseline comprising a number of occurrences of the abnormal cause code aggregated over the plurality of user groups within a time period, wherein the root cause identifies either an issue associated with the communications network or an issue associated with the user endpoint devices of the plurality of user groups; and
generating, via the processor, a ticket indicating the root cause.

US Pat. No. 10,797,936

METHODS AND APPARATUSES FOR FACILITATING P-CSCF RESTORATION WHEN A P-CSCF FAILURE HAS OCCURRED

NEC Corporation, Tokyo (...

1. A method, performed by a server for subscription data, the method comprising:receiving support information from a core network node for mobility management to indicate whether the core network node supports restoration of a Proxy Call Session Control Function (P-CSCF);
identifying whether the core network node supports the restoration of the P-CSCF based on the support information;
receiving an indication of a P-CSCF restoration in a case where the P-CSCF has failed; and
indicating the indication of the P-CSCF restoration to the core network node to cause the core network node to release an Internet Protocol (IP) multimedia subsystem (IMS) connection of a corresponding user equipment (UE).

US Pat. No. 10,797,935

METHODS AND APPARATUS FOR ENHANCING NATIVE SERVICE LAYER DEVICE MANAGEMENT FUNCTIONALITY

Convida Wireless, LLC, W...

1. An apparatus, the apparatus providing a common services entity, the apparatus comprising a processor, a memory, and computer-executable instructions stored in the memory which, when executed by the processor, cause the apparatus to:receive a registration message from an application hosted on a device, the registration message indicating management objects supported by the application;
register, based on the registration message, the application by creating an application resource at a service layer of the apparatus;
create, based on the registration message, management object resources for the application at the service layer; and
return, to the application, a response comprising an identifier of the application resource and an identifier of the management object resource.

US Pat. No. 10,797,934

OPEN CONTROL PLANE FUNCTION FOR WIRELESS NETWORKS

NETSIA, INC., Santa Clar...

1. A method of sending one or more signaling messages generated in a mobile network, the mobile network comprising a separate control plane and user plane, the control plane comprising at least one control function, the at least one control function generating the one or more signaling messages, the one or more signaling messages transmitted to an application, the application external to the control plane and operated by a mobile operator or a third-party service provider, the method, as implemented in an Open Control Plane Function (OCPF) comprising the steps of:(a) receiving a first registration message from the at least one control function and, upon receipt of the first registration message, registering the one control function in the OCPF;
(b) receiving a second registration message from the application and, upon receipt of the second registration message, registering the application in the OCPF, the registering allowing the application to receive the one or more signaling messages from the at least one control function, the one or more signaling messages pertaining to a group of users of the mobile network;
(c) receiving the one or more signaling messages pertaining to the group of users from the at least one control function, the one or more signaling messages received at the at least one control function from the group of users prior to being relayed to the OCPF; and
(d) relaying the one or more signaling messages to the application.

US Pat. No. 10,797,933

REMOTELY CONFIGURABLE ROUTERS WITH FAILOVER FEATURES, AND METHODS AND APPARATUS FOR RELIABLE WEB-BASED ADMINISTRATION OF SAME

DATTO, INC., Norwalk, CT...

1. A server for configuring a remotely configurable router on a computer network, the server comprising:a memory to store a plurality of router configuration profiles, the plurality of router configuration profiles comprising a first router configuration profile associated with the remotely configurable router at a first instant in time;
a network interface to receive a request to reconfigure the remotely configurable router via the computer network; and
a processor, operably coupled to the network interface and to the memory, configured to receive instructions such that, when received, the processor provides a second router configuration profile to the remotely configurable router for installation on the remotely configured router and to provide the first router configuration profile to the remotely configurable router in response to an indication that the second router configuration profile was not successfully installed on the remotely configurable router,
wherein the indication that the second router configuration profile was not successfully installed on the remotely configurable router includes a heartbeat signal that represents a router status at a corresponding time and the heartbeat signal includes a plurality of router performance metric values for the remotely configurable router, the plurality of router performance metric values including a throughput value for the remotely configurable router; a latency value for the remotely configurable router; a first bandwidth value representing a first bandwidth consumed by the computer network; a second bandwidth value representing a second bandwidth consumed by at least one device in the computer network; a router downtime value representing a downtime period of impaired connectivity of the remotely configurable router to the Internet; and a signal strength value representing a signal strength of a wireless signal associated with a wireless WAN communication interface of the remotely configurable router.

US Pat. No. 10,797,932

COMMUNICATION DEVICE, LINK-UP METHOD, AND COMMUNICATION SYSTEM

RENESAS ELECTRONICS CORPO...

1. A communication device comprising:a master/slave information storage unit that stores master/slave information, wherein the master/slave information indicates that the communication device is either a master device or a slave device;
a learning signal transmission/reception unit that transmits and receives learning signals for the communication device to link up to and from a communication partner device, wherein the communication partner device is a communication partner of the communication device;
a link-up unit that establishes link by setting an echo and crosstalk canceller using the learning signals transmitted and received by the learning signal transmission/reception unit to and from the communication partner device;
a link-up control unit that allows the link-up unit to set again the echo and crosstalk canceller when link up is not established by the link-up unit when a predetermined first time has elapsed; and
a master/slave determination signal transmission unit that transmits, to the communication partner device, a first master/slave determination signal that identifies one of the communication device and the communication partner device to be the master device,
wherein the master/slave determination signal transmission unit transmits the first master/slave determination signal when link up is not established by the link-up unit when a second time longer than the first time has elapsed as a result that learning is retried by the link-up control unit, and
wherein the first master/slave determination signal that identifies one of the communication device and the communication partner device to be the master device is different from the learning signals that is used by the link-up unit to establish the link up between the communication device and communication partner device.

US Pat. No. 10,797,931

SYSTEMS AND METHODS FOR USING SEEKTABLES TO STREAM MEDIA ITEMS

Spotify AB, Stockholm (S...

1. A method, performed at a first client device with one or more processors and memory storing instructions for execution by the one or more processors, the method comprising:receiving, from a second client device, a request to stream a media item from a first position within the media item;
obtaining, from a server, a seektable that identifies a plurality of segments into which content corresponding to the media item is divided, wherein each segment of the plurality of segments corresponds to multiple samples of the media item;
consulting the seektable to determine a respective segment of the media item to retrieve in response to the request, the respective segment including content at the first position;
consulting metadata, distinct from the seektable, that is associated with a container file to determine the first position of the media item within the respective segment from which to begin playing of content corresponding to the media item in response to the request, wherein:
the seektable provides a first resolution for seeking within the media item;
the metadata provides a second resolution for seeking within the media item; and
the second resolution is finer than the first resolution;
after consulting the seektable, retrieving, from the server, the respective segment of the media item; and
playing the content corresponding to the first position using the respective segment.

US Pat. No. 10,797,930

APPARATUS AND METHOD FOR DETECTION OF RECEIVED SIGNALS

Nokia Technologies Oy, E...

8. A method in a communication system, comprising:storing for a given number of modulation methods, for each modulation symbol, information on neighboring symbols in the symbol constellation of the modulation method,
receiving as an input a Multiple Input Multiple Output signal comprising modulation symbols in two or more layers;
providing hard decisions of the modulation symbols for each layer of the two or more layers;
determining neighbors for the hard decision;
for each hard decision of a layer of the two or more layers, going through at least some of the neighbors, evaluating a cost function and selecting a symbol based on the evaluation and repeating this for each layer of the two or more layers characterized by
utilizing ?(x)=?y?y?2 as the cost function, where y is a received symbol vector, and

where yn is n:th element of vector y, hn,j is j:th element on nth row of channel matrix H, d is a layer of the two or more layers to be processed, xneighbour,d,i is a neighbor of the hard decision symbol of the layer d of the two or more layers and i is the index of the ith neighbor of symbol.

US Pat. No. 10,797,929

GENERATING AN FSK SIGNAL COMPRISED IN AN OFDM SIGNAL

TELEFONAKTIEBOLAGET LM ER...

1. A method of generating a frequency shift keying (FSK) signal comprised in an orthogonal frequency division multiplexing (OFDM) signal comprising a plurality of sub-carriers, the FSK signal comprising FSK symbols wherein each FSK symbol has a corresponding FSK symbol frequency, the method comprising:assigning a set of adjacent sub-carriers to transmission of the FSK signal wherein the set is a sub-set of the plurality of sub-carriers, and associating each FSK symbol frequency with a corresponding sub-carrier in the set of adjacent sub-carriers;
selecting, for each FSK symbol to be transmitted, an FSK symbol phase such that an FSK signal phase at a start of the FSK symbol to be transmitted meets a phase difference criterion in relation to the FSK signal phase at an end of an immediately previous FSK symbol; and
generating the FSK signal comprising the FSK symbol to be transmitted by modulating the sub-carrier corresponding to the FSK symbol frequency based on the selected FSK symbol phase and muting the remaining sub-carriers of the set.

US Pat. No. 10,797,928

FRAME FORMATS FOR DISTRIBUTED MIMO

Avago Technologies Intern...

1. A first access point for a multiple-input multiple-output (MIMO) communication comprising:a transceiver; and
a steering controller, the steering controller configured to:
cause the transceiver to transmit, during a first time period, to a second access point, information for a joint transmission by the first access point and the second access point, the information for the joint transmission allowing the second access point to estimate synchronization information for the joint transmission, and
cause the transceiver to transmit, during a second time period after the first time period, a portion of a steered frame to a station device, while the second access point transmits the portion of the steered frame to the station device according to the synchronization information, the joint transmission of the portion of the steered frame by the first access point and the second access point allowing the station device to receive the portion of the steered frame and decode the portion of the steered frame to obtain content data in the portion of the steered frame,
wherein the steered frame transmitted by the first access point includes a mid-amble, wherein the second access point is configured to bypass a transmission, while the first access point transmits the mid-amble of the steered frame, the mid-amble allowing the second access point to resynchronize for another joint transmission of another portion of the steered frame by the first access point and the second access point, the mid-amble allowing the second access point to transition, during the transmission of the mid-amble by the first access point, from a transmit mode to a receive mode and transition back to the transmit mode for the another joint transmission of the another portion of the steered frame by the first access point and the second access point.

US Pat. No. 10,797,927

METHODS AND APPARATUS FOR SUPPORTING USE OF MULTIPLE BEAMS FOR COMMUNICATIONS PURPOSES

Charter Communications Op...

1. A method of operating a first wireless communications device, the method comprising:receiving first beam prioritization information from a second wireless communications device, said first beam prioritization information including a prioritized beam list which indicates different priorities for different beams in said prioritized beam list;
transmitting to the second wireless communications device using a highest priority beam indicated by the first beam prioritization information;
starting a first beam confirmation timer;
determining if the first beam confirmation timer has expired without receipt of a signal, indicating a transmitter beam to be used for transmission to the second wireless communications device, having been received from the second wireless communications device; and
switching to an alternative beam for transmissions to the second wireless communications device when it is determined that the first beam confirmation timer has expired without receipt of a signal indicating the transmitter beam to be used for transmission to the second wireless communications device.

US Pat. No. 10,797,926

SYSTEMS AND METHODS FOR COMMUNICATING BY MODULATING DATA ON ZEROS

California Institute of T...

1. A communication system, comprising:a transmitter configured to transmit a continuous-time signal, comprising:
a modulator configured to modulate a plurality of information bits to obtain a discrete-time baseband signal, where the plurality of information bits are encoded in a plurality of zeros of the z-transform of the discrete-time baseband signal and at least one of the zeros has a radius that is not equal to one; and
a signal generator configured to generate the continuous-time signal based upon the discrete-time baseband signal;
a receiver, comprising:
a demodulator configured to sample a received continuous-time signal at a given sampling rate;
a decoder configured to decode a plurality of decoded information bits from the samples of the received signal by:
determining a plurality of zeros of a z-transform of a received discrete-time baseband signal based upon samples from the received continuous-time signal;
identifying zeros from the plurality of zeros that encode information bits including at least one zero that has a radius that is not equal to one; and
outputting the plurality of decoded information bits based upon the identified zeros.

US Pat. No. 10,797,925

METHOD FOR DETERMINING RESERVED TONES AND TRANSMITTER FOR PERFORMING PAPR REDUCTION USING TONE RESERVATION

SAMSUNG ELECTRONICS CO., ...


US Pat. No. 10,797,924

METHOD AND APPARATUS FOR SENDING INFORMATION

ZTE CORPORATION, Shenzhe...

1. A method for sending information, comprising:determining uplink information and/or a reference signal to be sent; and
sending the uplink information and/or the reference signal to a communication node via a first sequence,wherein the first sequence is one subset of a set of sequences having a length of M, wherein the set of sequences comprises a plurality of sequences and a cyclic shift of the sequences, and each sequence xi(n) of the set of sequences is represented by a formula:xi(n)=exp(j??(n)/ 4),wherein when M=6, ?(n) comprises at least one of following sequences:Sequence 1: {1, 1, 1, ?1, 3, ?3},
Sequence 2: {1, 1, 1, 3, ?1, ?3},
Sequence 3: {1, 1, 1, ?3, ?1, 3},
Sequence 4: {1, 1, 1, ?3, 3, ?1},
Sequence 5: {1, 1, ?1, ?1, 3, ?1},
Sequence 6: {1, 1, ?1, 3, ?1, ?1},
Sequence 7: {1, 1, ?1, 3, ?3, ?1},
Sequence 8: {1, 1, 3, ?1, 3, 3},
Sequence 9: {1, 1, 3, ?1, ?3, 3},
Sequence 10: {1, 1, 3, 3, ?1, 3},
Sequence 11: {1, 1, ?3, 1, ?1, ?1},
Sequence 12: {1, 1, ?3, 1, 3, 3},
Sequence 13: {1, 1, ?3, 3, 1, 3}, and
Sequence 14: {1, 1, ?3, ?3, 1 ?3}.

US Pat. No. 10,797,923

ENHANCING DATA TRANSFER

Nokia Solutions and Netwo...

1. A method comprising:obtaining, by an apparatus, a first data block, a second data block and a third data block;
generating a first signal, wherein a first part of the first signal is generated based on a data of the first data block, and wherein a second part of the first signal is generated based on a data of the second data block, the second part of the first signal being subsequent in time domain compared with the first part of the first signal;
generating a second signal, wherein a first part of the second signal is generated based on a data of the third data block, wherein a second part of the second signal is generated based on the data of the second data block, the second part of the second signal being subsequent in time domain compared with the first part of the second signal, and wherein the second parts of the first and second signals are generated from the data of the second data block and are fixed-tail signals of said first and second signals, wherein the second data block comprises a data part and a zero part, the zero part comprising at least one substantially zero value and wherein the second parts of the first and second signals are generated so that the zero part is subsequent in time domain compared with the data part, the second parts of the first and second signals comprising the same data and wherein the second parts are repeated for a duration of a subframe; and
transmitting the first and second signals.

US Pat. No. 10,797,922

PREFIXING OF OFDM SYMBOLS TO SUPPORT VARIABLE SUBFRAME LENGTH

TELEFONAKTIEBOLAGET LM ER...

1. A first radio node configured for orthogonal frequency division multiplexing, OFDM, comprising:a receiver;
a transmitter;
a processing circuitry operatively connected to the transmitter and receiver, the processing circuitry being configured to:
transmit a sequence of prefixed OFDM symbols in a first mode of operation with a first subcarrier spacing f1 or in a second mode of operation with a second subcarrier spacing f2;
wherein the first and second subcarrier spacings are related by a non-unit integer factor, f1/f2=p or f1/f2=1/p, with p?1 integer;
wherein the sequence of prefixed OFDM symbols is aligned with a predefined repeating radio frame, which is common to both the first and second modes of operation, or with an integer multiple of the predefined repeating radio frame;
wherein, in a repeating interval in the first and second mode of operation, an initial prefixed OFDM symbol has a longer prefix than any remaining prefixed OFDM symbol(s) in the repeating interval, and the remaining prefixed OFDM symbols in the repeating interval have prefixes of the same length; and
wherein boundaries of one prefixed OFDM symbol according to the first mode of operation are aligned with boundaries of two or more of the prefixed OFDM symbols according to the second mode of operation.

US Pat. No. 10,797,921

THRESHOLD COMPUTATION CIRCUIT FOR S-FSK RECEIVER, INTEGRATED CIRCUIT, AND METHOD ASSOCIATED THEREWITH

Texas Instruments Incorpo...

1. A threshold computation circuit for a spread frequency-shift keying (S-FSK) receiver, the threshold computation circuit comprising:an input circuit, configured to receive a discrete frequency signal from a digital filtering circuit, the discrete frequency signal is based on an S-FSK waveform received by an S-FSK receiver associated with the digital filtering circuit, the discrete frequency signal is representative of digital logic levels in a series of data frames modulated using S-FSK to form the S-FSK waveform, each data frame including an active portion and a zero energy portion, the active portion includes at least one data word and the zero energy portion includes at least one zero energy word, each data word and zero energy word include multiple bit periods;
a maximum filter circuit, configured to dynamically and selectively adjust a maximum amplitude parameter during bit periods of the series of data frames, the adjusting is based on the discrete frequency signal and a predetermined threshold value;
a minimum filter circuit, configured to dynamically and selectively adjust a minimum amplitude parameter during bit periods of the series of data frames, the adjusting is based on the discrete frequency signal and the predetermined threshold value; and
a calculating circuit, configured to adapt the predetermined threshold value for a next data frame based on the maximum amplitude parameter and the minimum amplitude parameter after a current data frame.

US Pat. No. 10,797,920

HIGH-ENTROPY CONTINUOUS PHASE MODULATION DATA TRANSMITTER

Rockwell Collins, Inc., ...

1. A system for generating a signal with a constant envelope and suppressed cyclic features, the system comprising:a transmission security (TRANSEC) function configured to generate a pseudorandom symbol by M-ARY symbol generation,
a spread spectrum chip configured to select a symbol with a signal phase, the selected symbol corresponding to the generated pseudorandom symbol or a phase rotation of the pseudorandom symbol; and
an M-ary continuous phase modulator, the M-ary continuous phase modulator comprising:
a delta-phase mapper configured to map the signal phase based on the selected symbol;
a pulse-shaped filter configured to band limit the spectrum of the mapped signal, the pulse-shaped filter configured to introduce inter-symbol interference from a previous and a subsequent symbol into a current symbol, the inter-symbol interference introduced by the main lobe of the signal phase being contained within a bandwidth of a chip rate of the spread spectrum chip; and
a frequency modulator to modulate the frequency of the generated signal for transmitting information by the generated signal.

US Pat. No. 10,797,919

SYSTEM AND METHODS FOR REALISING ADAPTIVE RADIO ACCESS TECHNOLOGY IN 5G WIRELESS COMMUNICATION SYSTEM

NEC CORPORATION, Minato-...

1. A method for use in an advanced wireless communication system, to provide adaptive radio access using a plurality of configurable orthogonal frequency division multiplex (OFDM)-based waveforms, the method comprising:receiving, at a user equipment (UE) and on a band-specific fixed system subband, one or more synchronisation signals;
determining, at the UE, and according to the synchronisation signals, a base waveform numerology; and
receiving, at the UE and according to the base waveform numerology, system information, wherein the system information defines parameters of a service or services.

US Pat. No. 10,797,918

RESOURCE ALLOCATION FOR DATA TRANSMISSION IN WIRELESS SYSTEMS

Telefonaktiebolaget LM Er...

61. A method, comprising:in a first wireless node, allocating time-frequency resources for use by a second wireless node, wherein said allocating comprises selecting, for use in multicarrier modulation in the allocated time-frequency resources, one of two or more subcarrier spacings that the second wireless node is configured to use for modulating or demodulating of data, wherein the two or more subcarrier spacings coexist in different portions of a frequency band, and sending resource allocation information to the second wireless node, the resource allocation information identifying the allocated time-frequency resources; and
in the second wireless node, receiving resource allocation information identifying the time-frequency resources allocated to the second wireless node and determining, based on the received resource allocation information, one of two or more subcarrier spacings supported by the second wireless node for use in multicarrier modulation on the identified time-frequency resources for modulating or demodulating of data, wherein the two or more subcarrier spacings coexist in different portions of a frequency band.

US Pat. No. 10,797,917

SYSTEMS, METHODS, AND DEVICES FOR ELECTRONIC SPECTRUM MANAGEMENT FOR IDENTIFYING OPEN SPACE

DIGITAL GLOBAL SYSTEMS, I...

1. A system for identifying open space in a wireless communications spectrum comprising:at least one server, wherein the at least one server includes a database and at least one processor;
at least one apparatus, wherein the at least one apparatus is in network-based communication with the at least one server;
wherein the at least one apparatus includes a housing, at least one processor, at least one memory, and at least one sensor;
wherein the at least one apparatus is operable to sense and measure wireless communication signals from at least one signal emitting device, thereby creating signal data;
wherein the at least one apparatus is operable to transmit the signal data to the at least one server; and
wherein the at least one server is operable to analyze the signal data to identify the open space, and to calculate a percent activity associated with identified open space on predetermined frequencies, user-defined frequencies, and/or Industrial, Scientific, and Medical (ISM) bands.

US Pat. No. 10,797,916

EHF RECEIVER ARCHITECTURE WITH DYNAMICALLY ADJUSTABLE DISCRIMINATION THRESHOLD

Keyssa, Inc., Campbell, ...

1. A receiver device comprising:a detector circuit configured to generate a baseband signal using an extremely high frequency (EHF) electromagnetic signal received by the receiver device; and
a voltage slicer circuit connected to the detector circuit, the voltage slicer circuit configured to:
compute an average of the baseband signal using the baseband signal;
generate samples of the average baseband signal, the samples including a first number of samples having a high value responsive to the average baseband signal being greater than a discrimination threshold voltage level and a second number of samples having a low value responsive to the average baseband signal being less than the discrimination threshold voltage level; and
adjust the discrimination threshold voltage level until the first number of samples is equal to the second number of samples.