US Pat. No. 10,116,810

IMAGE-OUTPUTTING APPARATUS FOR OUTPUTTING NOTIFICATION IMAGE SENT FROM SERVER

Brother Kogyo Kabushiki K...

1. A server comprising;a network interface configured to communicate with an image-outputting apparatus, the image-outputting apparatus being configured to receive user operations including a login operation, the login operation being performed by a user to which an account is assigned, the image-outputting apparatus being configured to determine whether or not the login operation is accepted, the image-outputting apparatus being configured to determine what type of machine operation is permitted for the logged user on the basis of the account used for the accepted login operation, the image-outputting apparatus being configured to transmit query information and device information to the server, the query information being for querying the server whether notification data to be transmitted to the image-outputting apparatus exists, the device information including a login information indicating the account used by the user logged in to the image-outputting apparatus;
a storage capable of storing the notification data for transmission to the image-outputting apparatus; and
a controller configured to:
receive the query information via the network interface;
in response to receiving the query information, (a) determine whether or not the notification data is stored in the storage;
in response to determining in (a) that the notification data is stored in the storage, receive the device information via the network interface;
(b) determine whether or not the login information included in the device information indicates a specific account, the specific account being assigned to an authorized user; and
in response to determining in (b) that the login information included in the device information indicates the specific account, (c) transmit an output instruction to the image-outputting apparatus via the network interface, the output instruction being for controlling the image-outputting apparatus to output a notification image represented by the notification data.

US Pat. No. 10,116,809

IMAGE PROCESSING APPARATUS, CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM, WHICH OBTAINS CALIBRATION IMAGE INFORMATION WITH WHICH TO CORRECT IMAGE DATA

Canon Kabushiki Kaisha, ...

1. An image processing apparatus comprising:an image capturing unit configured to capture an image of a document placed on a document board;
a processor; and
a memory storing instructions, when executed by the processor, causing the apparatus to function as:
a determination unit configured to determine a correction parameter for correcting a first image of the document placed on the document board, the first image being captured by the image capturing unit, using a value corresponding to each pixel in a second image that is captured by imaging the document board by the image capturing unit; and
a correction unit configured to correct the first image of the document placed on the document board, the first image being captured by the image capturing unit, using the correction parameter determined by the determination unit,
wherein the determination unit modifies the parameter by modifying a value corresponding to each pixel in a first region containing an edge portion extracted based on an edge extraction filter from the second image of the document board using a value corresponding to each pixel surrounding the first region,
wherein in a case where the first region surrounding the edge portion is larger than a predetermined size, the determination unit is configured to change a coefficient of the edge extraction filter, extract the edge portion from the second image of the document board, and determine, as a second region, a region surrounding an edge portion extracted using the changed coefficient.

US Pat. No. 10,116,808

MOVING AMOUNT DETECTOR AND IMAGE FORMING APPARATUS INCLUDING THE SAME

KONICA MINOLTA, INC., Ch...

1. A moving amount detector that sets a movable member included in a device or an object conveyed by the device as a detection target and detects a moving amount of the detection target, the moving amount detector comprising:an imaging unit that repeatedly captures a series of images of the detection target at a constant sampling period while the detection target moves; and
a hardware processor configured to function as a moving amount calculating unit that selects every Nth image of the series of images and compares each pair of adjacent selected images with each other from among the series of images of the detection target captured by the imaging unit;
wherein N is determined based on an intended moving speed of the detection target; and
the moving amount calculating unit calculates a moving amount of the detection target based on a movement of the detection target during a time period between when the two compared images were taken.

US Pat. No. 10,116,807

METHOD AND APPARATUS FOR MANAGING SUBSCRIPTION TO POLICY COUNTERS

Telefonaktiebolaget LM Er...

1. A method, performed in a Policy and Charging Rules Function (PCRF), for managing subscription to policy counters maintained at an Online Charging System (OCS), wherein the PCRF is operable to communicate with the OCS over an Sy reference point, the method comprising:receiving a Multiple Users subscription trigger from a network operator, the Multiple Users subscription trigger identifying a reference network policy and a subject network policy; and
sending a Spending Limit Request (SLR) command to the OCS, the SLR command specifying an identifier of a subject policy counter for the subject network policy and specifying application of the SLR command with respect to the subject policy counter to all ongoing Sy sessions between the PCRF and the OCS which already include a subscription to a policy counter for the reference network policy.

US Pat. No. 10,116,806

BANDWIDTH AWARE NETWORK STATISTICS COLLECTION

QUALCOMM Innovation Cente...

1. A method of controlling data usage statistics in a computing device, comprising:suppressing, via a minimum window component of the computing device, triggering data usage stats collection during a minimum window;
performing, via a network status component of the computing device, at least one instance of data usage stats collection after termination of the minimum window;
incrementally decreasing, via a minimum window adjustment function of the minimum window component, the minimum window as data usage approaches a warning limit:
wherein the minimum window is a function of (1) a communications channel link speed, and (2) a proximity of data usage to the warning limit;
wherein the triggering is caused by either expiration of a timer or data usage that meets a buffer threshold, and wherein a length of the timer and a size of the buffer threshold are based on the communication channel link speed; and
wherein the buffer threshold is a function of the proximity of the data usage to the warning limit.

US Pat. No. 10,116,805

APPARATUSES AND METHODS FOR DETERMINING USAGE OF A WIRELESS COMMUNICATION SERVICE

10. A method comprising:receiving user input at a user interface displayed by a wireless device, the wireless device configured to access a communication service, wherein the user input designates a user profile; and
after receiving the user input, receiving a selection at the wireless device to initiate a session of the communication service, and responsive to the selection:
generating, at the wireless device, a message associated with the session of the communication service, wherein the message includes a particular identifier of the user profile, wherein the particular identifier indicates that the session is to be billed to a first billing account of a plurality of billing accounts associated with the wireless device, each billing account of the plurality of billing accounts associated with a respective identifier; and
transmitting the message from the wireless device via a wireless network to a network element, wherein the messages is configured to instruct the network element to initiate the session and to cause the session to be billed to the first billing account based on the particular identifier in the message.

US Pat. No. 10,116,804

SYSTEMS AND METHODS FOR POSITIONING A USER OF A HANDS-FREE INTERCOMMUNICATION

Elwha LLC, Bellevue, WA ...

1. A hands-free intercommunication system for automatically connecting a user to an entity of interest, the system comprising:a user-tracking sensor that determines a location of the user;
a directional microphone that measures vocal emissions by the user, wherein the measured vocal emissions include identifying the entity of interest with which the user would like to communicate;
a communication interface that communicatively couples the directional microphone and a directional sound emitter to a communication device of the entity of interest, wherein the communication interface determines whether to couple the communication device of the entity of interest to the user based on the location of the user; and
a directional sound emitter that delivers audio received at the communication device of the entity of interest to the user, wherein the directional sound emitter emits audio received the entity of interest using a plurality of inaudible ultrasonic sound waves that frequency convert to produce audible audio corresponding to the received audio the entity of interest for the user at the location of the user.

US Pat. No. 10,116,803

SYSTEM AND METHOD OF REROUTING A TOLL FREE TELEPHONY CALL IN THE EVENT OF THE FAILURE TO CONNECT TO THE TARGET TELEPHONY STATION

1. A method of re-routing a toll free telephony call by a telephony service provider computing machine (Provider Machine) comprising:populating a first routing database with a plurality of target station identifiers, each associated with a target telephony station, and at least one carrier identification code (CIC) routing code associated with each said target station identifier;
populating an auxiliary routing database with one or a plurality of said target station identifiers that match at least one or more said target station identifiers in said first routing database and further populating said auxiliary routing database with one or plurality of alternative routing codes per said target station identifier, where at least one of said alternative routing codes is an alternative routing code different from said CIC routing code in said first routing database;
receiving at said Provider Machine said toll free telephony call containing a called target station identifier;
having said Provider Machine automatically access from said first routing database one or a plurality of said CIC routing codes associated with said called target station identifier;
having said Provider Machine automatically access from said auxiliary routing database one or a plurality of said routing codes associated with said called target station identifier;
using one said CIC routing code accessed from said first routing database as a primary routing code to automatically route said toll free telephony call from said Provider Machine to an electronic routing machine associated with said primary routing code;
routing said toll free telephony call from said electronic routing machine to said target telephony station associated with said called target station identifier;
receiving a call completion status indicator at said Provider Machine from said electronic routing machine; and
using as an alternate routing code at least one said routing code differing from said primary routing code to automatically re-route said toll free telephony call from said Provider Machine to an alternate electronic routing machine associated with said alternate routing code in the event said call completion status indicator reveals to the Provider Machine said toll free telephony call did not successfully connect to said target telephony station.

US Pat. No. 10,116,802

IP CARRIER PEERING

1. A system to interconnect carrier communication systems, the system comprises:a communication client, the communication client configured to:
receive a request, including an e.164 number, to connect an IP (Internet protocol) call from equipment of a first carrier to equipment of a second carrier;
modify a query to a private ENUM (tElephone NUmber Mapping) to include an intercarrier ENUM apex-based domain with an associated DNS (domain name server) forwarding zone, wherein the associated DNS forwarding zone includes a primary internet address of a tier 2 ENUM of the second carrier;
automatically forward the modified query to the equipment of the second carrier to retrieve a routing record from the second carrier; and
route the IP call to the equipment of the second carrier using the routing record.

US Pat. No. 10,116,801

CONFERENCE CALL PLATFORM CAPABLE OF GENERATING ENGAGEMENT SCORES

Shoutpoint, Inc., Newpor...

1. A conference call management system, comprising:a call processing system comprising one or more computing devices, said call processing system comprising telecommunication hardware configured to initiate and process telephonic calls, including conference calls, and comprising a processor and a memory, said call processing system programmed with at least:
a conference call management module that provides functionality for initiating a conference call and for enabling conference call participants to interactively participate on the conference call, said conference call management module configured to monitor, and maintain participant-specific records of, the interactive participation by the participants;
a scoring module configured to use at least the participant-specific records of interactive participation to generate participant-specific engagement scores reflective of levels of engagement of the participants on the conference call; and
a ranking module configured to rank participant-submitted requests for consideration based on the participant specific engagement scores.

US Pat. No. 10,116,800

TECHNIQUES FOR BEHAVIORAL PAIRING IN A CONTACT CENTER SYSTEM

Afiniti Europe Technologi...

1. A method for behavioral pairing in a contact center system comprising:determining, by at least one computer processor communicatively coupled to and configured to perform behavioral pairing operations in the contact center system, a plurality of agents available for connection to a contact;
determining, by the at least one computer processor, a plurality of preferred contact-agent pairings among possible pairings between the contact and the plurality of agents;
selecting, by the at least one computer processor, one of the plurality of preferred contact-agent pairings according to a probabilistic network flow model that is constrained by agent skills and contact skill needs, wherein the probabilistic network flow model is adjusted to minimize agent utilization imbalance according to the constraints of the agent skills and the contact skill needs and to optimize performance of the contact center system, wherein the optimized performance of the contact center system is attributable to the probabilistic network flow model; and
outputting, by the at least one computer processor, the selected one of the plurality of preferred contact-agent pairings for connection in the contact center system.

US Pat. No. 10,116,799

ENHANCING WORK FORCE MANAGEMENT WITH SPEECH ANALYTICS

1. A method for generating an agent work schedule, the method comprising:performing, by a speech or text analytics module hosted on a processor, analytics on a plurality of recorded interactions with a plurality of contact center agents;
detecting, based on the analytics, specific utterances in the recorded interactions;
classifying, on the processor, the recorded interactions into a first plurality of interaction reasons and a first plurality of interaction resolution statuses, wherein the classifying is based on the detected specific utterances;
computing, on the processor, based on the classifying of the recorded interactions, a first agent effectiveness of a first agent and a second agent effectiveness of a second agent of the plurality of agents, wherein the first agent effectiveness and the second agent effectiveness correspond to an interaction reason of the first interaction reasons, the first agent effectiveness being higher than the second agent effectiveness;
forecasting, on the processor, a demand of the contact center agents for a first time period for handling interactions classified with the interaction reason;
generating, on the processor, the agent work schedule for the first time period based on the forecasted demand and the first agent effectiveness and the second agent effectiveness, wherein the agent work schedule includes a first number of agents scheduled to work during the first time period that is larger than a second number of agents scheduled to work during the first time period, the first number of agents including the first agent with the first agent effectiveness, and the second number of agents including the second agent with the second agent effectiveness;
detecting an interaction having the interaction reason during the first time period;
routing, by an electronic switch, the detected interaction to a particular agent selected from the first and second number of agents;
analyzing, on the processor, a second plurality of recorded interactions, the analyzing including classifying the second plurality of recorded interactions into a second plurality of interaction reasons and a second plurality of interaction resolution statuses; and
forecasting, on the processor, a demand of the contact center agents for a second time period for handling the second interaction reasons without forecasting a demand for handling an obsolete interaction reason included in the first plurality of interactions reasons, the second time period being different from the first time period.

US Pat. No. 10,116,798

QUEUEING COMMUNICATIONS FOR A CONTACT CENTER

Noble Systems Corporation...

1. A method for routing a communication in a contact center comprising:deriving a communication value distribution by a computer processor from communication values for a set of communications that was applied a treatment, the treatment being from a plurality of treatments supported by the contact center in which each treatment in the plurality of treatments (1) is applicable to at least one of a reason and an opportunity for conducting a communication with a remote party and (2) comprises a plurality of sub-queues;
deriving a value range for each sub-queue of the plurality of sub-queues for the treatment by the computer processor based on the communication value distribution and a percentage of communication volume to be handled by the sub-queue; and
assigning a number of agents to at least one sub-queue of the plurality of sub-queues for the treatment by the computer processor to handle communications placed in the at least one sub-queue, the number of agents is based on the percentage of communication volume to be handled by the at least one sub-queue and a service level requirement identifying a level of service that is to be maintained by the number of agents, wherein the communication is placed in the at least one sub-queue and connected to an agent in the number of agents based on a communication value determined for the communication falling within the value range derived for the at least one sub-queue.

US Pat. No. 10,116,797

TECHNIQUES FOR BENCHMARKING PAIRING STRATEGIES IN A CONTACT CENTER SYSTEM

Afiniti Europe Technologi...

1. A method for benchmarking pairing strategies in a contact center system comprising:cycling, by at least one computer processor communicatively coupled to and configured to operate in the contact center system, among at least two pairing strategies, wherein the cycling comprises establishing, by a routing engine of the contact center system, a connection between communication equipment of a contact and communication equipment of an agent based upon at least one pairing strategy of the at least two pairing strategies;
determining, by the at least one computer processor, a differential value attributable to the at least one pairing strategy of the at least two pairing strategies;
determining, by the at least one computer processor, a difference in performance between the at least two pairing strategies, wherein the difference in performance provides an indication that pairing contacts and agents using a first pairing strategy of the at least two pairing strategies results in a performance gain for the contact center system attributable to the first pairing strategy, wherein the difference in performance also provides an indication that optimizing performance of the contact center system is realized using the first pairing strategy instead of another of the at least two pairing strategies; and
outputting, by the at least one computer processor, the difference in performance between the at least two pairing strategies for benchmarking the at least two pairing strategies.

US Pat. No. 10,116,795

TECHNIQUES FOR ESTIMATING EXPECTED PERFORMANCE IN A TASK ASSIGNMENT SYSTEM

Afiniti Europe Technologi...

1. A method comprising:receiving, by at least one computer processor communicatively coupled to and configured to perform task assignment operations in a task assignment system, a first plurality of historical agent-task assignments;
determining, by the at least one computer processor, a closeness of fit for each of the first plurality of historical agent-task assignments to a preferred task assignment strategy for validating the preferred task assignment strategy;
determining, by the at least one computer processor, a threshold closeness of fit for each of the first plurality of historical agent-task assignments to the preferred task assignment strategy;
determining, by the at least one computer processor, an expected performance of the task assignment system using the preferred task assignment strategy based on a subset of the first plurality of historical agent-task assignments that are within the threshold closeness of fit;
outputting, by the at least one computer processor, the expected performance for use in pairing agents with tasks in the task assignment system based upon the preferred task assignment strategy; and
establishing, by the at least one computer processor, in a switch of the task assignment system, a connection between an agent and a task based upon the expected performance to realize a first amount of performance gain for the task assignment system attributable to the preferred task assignment strategy, wherein actual performance of the task assignment system is optimized by using the validated preferred task assignment strategy based on the expected performance.

US Pat. No. 10,116,794

DETERMINING AN ACTIVE STATION BASED ON MOVEMENT DATA

1. A method for determining an active contact center station for an agent in a contact center system, wherein the contact center system comprises a plurality of contact center stations, based on sensor data, the method comprising the steps of:receiving, by a processor of the contact center system, movement data from a mobile device associated with the agent;
matching, by the processor of the contact center system, the movement data from the mobile device associated with the agent with a previously stored pattern of movement associated with one of the plurality of contact center stations associated with the agent; and
automatically updating, by the processor of the contact center system, one of the plurality of contact center stations to active, wherein the update is based on the movement data and matched pattern of movement, and wherein the agent is not logged into the contact center system.

US Pat. No. 10,116,793

METHOD AND SYSTEM FOR LEARNING CALL ANALYSIS

1. A method for communication learning in a telecommunication system, wherein the telecommunication system comprises at least an automated dialer, a telephony service module, a database, and a media server operatively coupled over a network for exchange of data there between, the method comprising the steps of:a. selecting, by the automated dialer, a contact from the database, the contact being associated with a telephone number and one or more acoustic fingerprints;
b. retrieving, by the telephony service module, from the database, the one or more acoustic fingerprints and the telephone number associated with the contact;
c. initiating, by the automated dialer, a communication with the contact based on the telephone number, the communication generating audio;
d. analyzing, by the media server, the audio for matches to any of the one or more of the acoustic fingerprints, wherein matches are not identified;
e. routing, via an electronic routing device by the telephony service module, the communication to an agent device associated with an agent for determining whether or not the communication comprises a speech recording;
f. receiving, from the agent device, a signal indicating the communication comprises a speech recording;
g. requesting, by the automated dialer, new acoustic fingerprints from the media server for the speech recording and associating the new acoustic fingerprints with the contact in the database; and
h. disconnecting the communication with the contact after receiving the signal indicating the communication comprises the speech recording.

US Pat. No. 10,116,791

METHODS AND APPARATUS FOR TRANSMITTING DATA

Samsung Electronics Co., ...

1. A method of transmitting data performed by an apparatus, the method comprising:receiving a request for a call signal, from a sender device to a receiver device, including sender information and receiver information associated with the call signal, from the sender device;
confirming a relationship between the sender and the receiver that exists in at least one external server, based on the received sender information and the receiver information;
requesting content associated with the sender which is uploaded on the at least one external server to which the sender is subscribed based on the relationship between the sender and the receiver, to the at least one external server;
receiving the requested content from the at least one external server; and
transmitting the call signal together with the received content, to the receiver device,
wherein the content is displayed on the receiver device while the call signal is being output on the receiver device, and
wherein the sender and the receiver are filtered based on an order of call frequency.

US Pat. No. 10,116,790

METHOD, SYSTEM AND APPARATUS FOR COMMUNICATING DATA ASSOCIATED WITH A USER OF A VOICE COMMUNICATION DEVICE

BCE INC., Verdun (CA)

1. A method executable by a server within a communication system, the method comprising:receiving a first identifier associated with a first communication device further to a connection request by the first communication device;
determining a second identifier of a second communication device based on the first identifier;
establishing a connection with the second communication device using the second identifier;
receiving data from the second communication device over the established connection;
identifying a profile for a user of the first communication device based on the received data; and
authenticating the user of the first communication device based on comparison of additional information obtained from the first communication device provided from the user to information contained in the identified profile,
wherein the connection request is for an outbound call, wherein the method further comprises authorizing the outbound call based on at least one of the received data associated and destination information,
wherein the received data comprises a user identifier and the destination information comprises a destination telephone number associated with a destination device; and wherein authorizing the outbound call comprises accessing a database comprising a list of user identifiers with one or more allowed destination telephone numbers corresponding to each user identifier; and confirming that the user of the first device is authorized to place the outbound call to the destination device.

US Pat. No. 10,116,787

ELECTRONIC DEVICE, CONTROL METHOD, AND NON-TRANSITORY STORAGE MEDIUM

Kyocera Corporation, Kyo...

1. An electronic device comprising:a display;
a user interface;
a motion sensor; and
at least one controller that is configured to,
display a lock screen on the display;
detect a user touch operation on the user interface to cancel limitation of operations of the electronic device;
when the detected user touch is a registered finger touch, then display a first screen on the display in place of the lock screen; and
when the detected user touch is a registered thumb touch, then
determine a state of the electronic device based on an output of the motion sensor; and
when the determined state is a state of being held, then display a second screen, which is different from the first screen, in place of the lock screen.

US Pat. No. 10,116,786

APPARATUS FOR CONTROLLING A MULTIMEDIA MESSAGE IN A USER EQUIPMENT OF A WIRELESS COMMUNICATION SYSTEM AND METHOD THEREOF

LG ELECTRONICS INC., Seo...

1. A mobile terminal for controlling at least two message interfaces, comprising:a touchscreen: and
a controller configured to:
cause the touchscreen to display a first message interface displaying messages transmitted from the mobile terminal to a first device and displaying messages received at the mobile terminal from the first device, wherein the messages of the first message interface are enumerated in a chat format in accordance with a time sequence;
cause the touchscreen to display a second message interface displaying messages transmitted from the mobile terminal to a second device and displaying messages received at the mobile terminal from the second device wherein each of the first and second message interfaces is each of individual message windows;
cause the touchscreen to display in a queue region a first item representative of content associated with a selected message displayed in the first message interface; and
cause the touchscreen to display in the queue region a second item representative of content associated with a selected message displayed in the second message interface,
wherein the queue region is displayed to be adjacent to the first and second message interfaces,
wherein the first and second message interfaces are each independently scrollable in first and second opposing directions,
wherein the first and second items in the queue region are displayed chronologically according to when they are copied from a respective one of the first or second message interface to the queue region, regardless of which of the first or second message interface they are copied from,
wherein the first item displayed in the queue region includes a text of the selected message of the first message interface, and
wherein the second item displayed in the queue region includes a text of the selected message of the second message interface.

US Pat. No. 10,116,784

CAMERA CAPABLE OF COMMUNICATING WITH OTHER COMMUNICATION DEVICE

NIKON CORPORATION, Tokyo...

1. A cellular phone capable of telephone-calling with an external device, the cellular phone comprising:an antenna by which the cellular phone communicates with the external device;
a lens;
an image sensor that outputs an image signal from an image formed on the image sensor by the lens;
a display;
a loudspeaker; and
a processer electrically connected to the antenna, the image sensor, the display and the loudspeaker, wherein:
the processor controls the display to display an announcement of an incoming call from the external device after receiving a calling signal via the antenna, and
in a case that the calling signal is received during operation of the image sensor, the processor permits communication between the cellular phone and the external device via the antenna and using the loudspeaker and a microphone of the cellular phone after the announcement of the incoming call is displayed by the display and after the processor receives an instruction from an input device of the cellular phone to allow starting of the telephone-calling with the external device.

US Pat. No. 10,116,783

PROVIDING AND USING A MEDIA CONTROL PROFILE TO MANIPULATE VARIOUS FUNCTIONALITY OF A MOBILE COMMUNICATION DEVICE

1. A mobile communication device comprising:a processor; and
a memory storing instructions that, when executed by the processor, cause the processor to perform operations comprising
sending, to a network node via a communications network, a query for a media control profile associated with the mobile communication device,
in response to the query, receiving, from the network node via the communications network, the media control profile associated with the mobile communication device, wherein the media control profile comprises a first audible volume setting assigned to a first calling party and a second audible volume setting assigned to a second calling party, and wherein the first audible volume setting is different from the second audible volume setting,
changing a functionality of the mobile communication device to comply with the media control profile,
in response to receiving an incoming call from the first calling party, altering, in compliance with the media control profile, a volume of a media file playing on the mobile communication device to be in accordance with the first audible volume setting assigned to the first calling party as set forth in the media control profile while playing an audible notification of the incoming call from the first calling party, and
in response to receiving an incoming call from the second calling party, altering, in compliance with the media control profile, the volume of the media file playing on the mobile communication device to be in accordance with the second audible volume setting assigned to the second calling party as set forth in the media control profile while playing an audible notification of the incoming call from the second calling party.

US Pat. No. 10,116,782

TELEPHONE DEVICE AND MOBILE-PHONE LINKING METHOD

PANASONIC INTELLECTUAL PR...

1. A telephone device, comprising:a landline telephone line interface unit;
a master-device control unit that controls the telephone device;
a short-distance wireless communication control unit that controls short-distance wireless communication of data with a mobile-phone;
an audio speaker; and
an audio processing unit, which, in operation, receives audio data from the mobile-phone using the short-distance wireless communication and causes the audio speaker to perform music playback by outputting the audio data from the mobile phone,
wherein, when the master-device control unit detects a caller operation of placing a call to a mobile-phone network by the telephone device during output of the audio data from the audio speaker, the master-device control unit notifies the short-distance wireless communication control unit of information on the caller operation of placing the call to the mobile phone network, and in response to the short-distance wireless communication control unit receiving the notification on the caller operation of placing the call to the mobile phone network, the short-distance wireless communication control unit starts processing that releases a radio resource for communicating the audio data, used for the music playback, from the mobile phone to the telephone device and sets, for the call, a radio resource for an audio path between the mobile phone and the telephone device.

US Pat. No. 10,116,781

METHOD, DEVICE AND COMPUTER-READABLE MEDIUM FOR CONTROLLING A DEVICE

XIAOMI INC., Beijing (CN...

1. A method for controlling a device, applied to a control device, the method comprising:receiving an identifier display instruction, the identifier displaying instruction being generated when a lock screen of the control device is touched along a predetermined path;
acquiring a device identifier of a corresponding controlled device according to log-in status of a user account on the control device, wherein acquiring a device identifier of a corresponding controlled device according to log-in status of a user account on the control device comprises:
transmitting a first request for acquiring an identifier to a router connected to the control device, the first request for acquiring an identifier being used to trigger the router to feed back a device identifier of each controlled device connected to the router;
receiving the device identifier fed back by the router;
transmitting a second request for acquiring an identifier to a cloud server if the user account has logged-in on the control device, the second request for acquiring an identifier being used to trigger the cloud server to feed back a device identifier of each controlled device bound to the user account; and
receiving the device identifier fed back by the cloud server;
performing a duplication removing operation to the device identifier fed back by the router and the device identifier fed back by the cloud server;
displaying, after the duplication removing operation, the acquired device identifier of each controlled device on the lock screen; and
transmitting a control instruction to a controlled device corresponding to a selected device identifier after the selected device identifier is determined.

US Pat. No. 10,116,780

QUICK COMMUNICATION METHOD AND DEVICE, AND STORAGE MEDIUM

TENCENT TECHNOLOGY (SHENZ...

1. A quick communication method, comprising:displaying a quick communication key on a lock screen interface of a terminal;
invoking a shortcut panel according to an operation triggered by a user on the quick communication key, wherein the shortcut panel includes contact information of a part or all of contact objects from a contact list in the terminal, and the contact objects included in the shortcut panel are selected from the contact list of the terminal according to contact frequencies of contact objects in the contact list;
receiving a contact object selected by the user;
communicating with the contact object, a type of a communication between the user and the contact object being one of a calling type and a messaging type; and
after communicating with the contact object selected by the user, according to a pre-stored correspondence relationship between the type of the communication and an increment frequency value, increasing the contact frequency of the contact object selected by the user by the increment frequency value corresponding to the type of the communication;
wherein,
a shortcut list is further included in the terminal, and the shortcut list stores, separately from the contact list, identifiers and contact information of the contact objects included in the shortcut panel, the contact information comprising at least one of a phone number or a contact name;
invoking a shortcut panel comprises:
loading the shortcut list in the terminal to the shortcut panel;
obtaining an identifier and contact information corresponding to a portrait of the contact object from the shortcut list of the terminal;
obtaining the portrait of the contact object corresponding to the identifier from the contact list in the terminal according to the identifier corresponding to the portrait of the contact object; and
binding the portrait of the contact object with the contact information of the contact object, and loading the portrait of the contact object to the shortcut panel; and
the shortcut panel displaying portraits of the contact objects is invoked by a single triggering action from the lock screen interface,
wherein the method further comprises:
receiving a message informing a change to contact information of a contact object in the contact list, wherein the message carries an identifier corresponding to the changed contact object;
determining whether the changed contact object is included in the shortcut list according to the identifier carried in the message; and
in response to determining that the changed contact object is included in the shortcut list, updating contact information of the changed contact object in the shortcut list using the contact information of the changed contact object in the contact list.

US Pat. No. 10,116,779

APPARATUS AND METHOD FOR PROVIDING INCOMING AND OUTGOING CALL INFORMATION IN A MOBILE COMMUNICATION TERMINAL

Samsung Electronics Co., ...

1. An electronic device, comprising:a display;
a memory storing instructions; and
a processor configured to execute the stored instructions to at least:
control the display to display a plurality of call entries including incoming call entries and outgoing call entries corresponding to a plurality of phone numbers; and
based on receiving a selection of one of the plurality of call entries that corresponds to a phone number:
control the display to display: (i) a first option for modifying prestored information associated with the phone number corresponding to the one of the plurality of call entries, without displaying a second option for adding the phone number to an address book, and (ii) a third option for unblocking a call from the phone number, when the phone number is in the address book and registered for blocking the call from the phone number, wherein the prestored information associated with the phone number corresponding to the one of the plurality of call entries includes a name for the phone number,
control the display to display: (i) the second option, without displaying the first option, and (ii) the third option, when the phone number is not in the address book and is registered for blocking the call from the phone number,
control the display to display: (i) the first option, without displaying the second option, and (ii) a fourth option for blocking a call from the phone number, when the phone number is in the address book and is not registered for blocking the call from the phone number, and
control the display to display: (i) the second option, without displaying the first option, and (ii) the fourth option, when the phone number is not in the address book and is not registered for blocking the call from the phone number.

US Pat. No. 10,116,778

MOBILE TERMINALS AND COMBINED TERMINAL EQUIPMENT

ZHEJIANG GEELY HOLDING GR...

1. A mobile terminal for splicing a plurality of said mobile terminals into a combined terminal device, said mobile terminal comprising:a display screen;
a first side surface and a second side surface located at two opposing sides of the display screen;
a first conductive contact arranged at said first side surface;
a second conductive contact arranged at said second side surface, wherein said first and second side surfaces are planes parallel to each other;
a first magnetic adsorbing element arranged at said first side surface and a second magnetic adsorbing element arranged at said second side surface, wherein the positions of said first and second magnetic adsorbing elements are arranged such that: when the other one of said mobile terminals and a current one of said mobile terminals are spliced, said first magnetic adsorbing element at said first side surface of the current one of said mobile terminals and said second magnetic adsorbing element at said second side surface of the other one of said mobile terminals can attract each other, so that said first side surface of the current one of said mobile terminals and said second side surface of the other one of said mobile terminals are bonded in alignment with each other,
wherein the positions of the first and second conductive contacts are arranged such that: when said first side surface of the current one of said mobile terminals and said second side surface of the other one of said mobile terminals are bonded in alignment with each other, said first conductive contact at said first side surface of the current one of said mobile terminals and said second conductive contact at said second side surface of the other one of said mobile terminals can make electrical contact with each other,
wherein at least one of said first conductive contact and said second conductive contact is made of an elastic material or biased by a spring so as to be able to move in a direction perpendicular to the side surface where it is located, said first conductive contact is composed of a plurality of bow-shaped metal sheets, said second conductive contact is recessed into said second side surface; and
said first conductive contact of the current one of said mobile terminals and said second conductive contact of the other one of said mobile terminals abut each other, so that said second side surface of the other one of said mobile terminals and said first side surface of the current one of said mobile terminals are bonded in alignment with each other by deforming said first conductive contact in the direction perpendicular to the side surface where it is located.

US Pat. No. 10,116,777

MOBILE TERMINAL

LG Electronics Inc., Seo...

1. A mobile terminal comprising:a frame including a front surface in which a display device is provided;
a window disposed on a surface of the display device; and
a front case configured to cover a predetermined area of the window,
wherein the window includes:
a first window layer having a front surface and a rear surface, the front surface being exposed to outside of the mobile terminal;
a second window layer, larger than the first window layer, and the second window layer having a front surface and a rear surface, wherein the front surface of the second window layer includes a first area disposed to face the rear surface of the first window layer and a second area, the front case to cover the second area of the front surface of the second window layer around the first area, and the rear surface of the second window layer to face a surface of the display device; and
an optical clear adhesive (OCA) provided between the first window layer and the second window layer;
wherein a thickness of the first window layer is approximately twice a thickness of the second window layer.

US Pat. No. 10,116,776

MODULAR DIGITAL CAMERA AND CELLULAR PHONE

RED.COM, LLC, Irvine, CA...

1. A modular cellular phone with multiple cameras, comprising:a phone module comprising:
a phone module housing having first and second substantially planar sides spaced by a thickness of the phone module housing;
a battery within the phone module housing;
phone electronics configured to provide wireless voice and data communication functionality;
a first camera comprising a first image sensor;
one or more memory devices configured to store digital image data derived from light incident on the first image sensor;
a phone module electrical interface having a first plurality of electrical connectors electrically connected to the phone electronics and positioned on the first side of the phone module housing; and
a touch screen display on the second side of the phone module housing;
a camera module attachable to the phone module, comprising:
a camera module housing having a first side and a second side, the first side of the camera module housing having an aperture through which light enters the camera module housing, the second side being substantially planar;
a second camera comprising:
a lens mount on the first side of the camera module housing and comprising a lock ring defining an opening, the opening dimensioned to receive a lens, the lock ring rotatable to lock the lens in place within the lens mount over the aperture; and
a second image sensor configured to digitize light incident on the second image sensor after the light passes through the lens and the aperture;
a camera module electrical interface comprising a second plurality of electrical connectors positioned on the second side of the camera module housing; and
magnets configured to provide for magnetic attachment of the phone module to the camera module, mating the first side of the phone module housing with the second side of the camera module housing;
wherein video data acquired with the camera module is transmitted to the phone module across a system bus formed by the electrical connections between the phone electrical connector and the camera electrical connector.

US Pat. No. 10,116,774

HARDWARE PROTOCOL STACK WITH USER-DEFINED PROTOCOL APPLIED THERETO AND METHOD FOR APPLYING USER-DEFINED PROTOCOL TO HARDWARE PROTOCOL STACK

LSIS CO., LTD., Anyang-s...

1. A hardware protocol stack to which a user-defined protocol is applied, comprising:a register unit in which header information is stored;
a comparison unit configured to compare header information of a received frame with the header information stored in the register unit to determine whether the header information is matched to the other;
an interface logic unit configured to determine a process of the received frame on the basis of a comparison result of the comparison unit; and
a logic process unit configured to process data of the received frame based on a logic according to the header information when the frame process method, which is determined in the interface logic according to the header information stored in the register unit and being matched to the header information of the received frame, is a processing of a frame,
wherein the logic according to the header information includes a unit designation of the data according to the header information;
wherein the unit designation of the data is performed such that the logic process unit sets a basic offset and a size unit of the data when receiving a request for writing payload data in a specific region of the data and then stores payload in the basic offset by expanding the payload to be corresponded to the set size unit of the data.

US Pat. No. 10,116,773

PACKET PROCESSING METHOD AND RELATED DEVICE THAT ARE APPLIED TO NETWORK DEVICE

HUAWEI TECHNOLOGIES CO., ...

1. A packet processing method applied to a network device, wherein K classifiers and S network service processors are loaded into a memory of the network device, wherein the K classifiers comprise a classifier x and a classifier y, wherein K and S are integers greater than 1, and wherein the method comprises:acquiring, by the classifier x, P packet identifiers from a queue area a corresponding to the classifier x and is in a network adapter receiving queue;
acquiring, by the classifier x and based on the P packet identifiers, P packets corresponding to the P packet identifiers;
determining, by the classifier x and based on the P packets, flow queue identifiers corresponding to the P packets;
distributing, by the classifier x, packet description information corresponding to the P packets to flow queues corresponding to the determined flow queue identifiers corresponding to the P packets, wherein packet description information corresponding to a packet i in the P packets is distributed to a flow queue corresponding to a determined flow queue identifier corresponding to the packet i, wherein the packet i is any one packet in the P packets, and wherein the packet description information corresponding to the packet i comprises a packet identifier of the packet i;
processing, by Si network service processors in the S network service processors and based on the packet description information corresponding to the P packets and is distributed to the flow queues, the P packets;
sending the P processed packets;
acquiring, by the classifier y, Q packet identifiers from a queue area b corresponding to the classifier y and is in the network adapter receiving queue;
acquiring, by the classifier y and based on the Q packet identifiers, Q packets corresponding to the Q packet identifiers;
determining, by the classifier y and based on the Q packets, flow queue identifiers corresponding to the Q packets;
distributing, by the classifier y after the classifier x distributes the packet description information corresponding to the P packets to the flow queues corresponding to the determined flow queue identifiers corresponding to the P packets, packet description information corresponding to the Q packets to flow queues corresponding to the determined flow queue identifiers corresponding to the Q packets, wherein packet description information corresponding to a packet m in the Q packet is distributed to a flow queue corresponding to a determined flow queue identifier corresponding to the packet m, wherein the packet m is any one packet in the Q packets, wherein the packet description information corresponding to the packet m comprises a packet identifier of the packet m, wherein Q and P are positive integers, and wherein a time at which the Q packets are enqueued to the queue area b in the network adapter receiving queue is later than a time at which the P packets are enqueued to the queue area a in the network adapter receiving queue;
processing, by Sj network service processors in the S network service processors and based on the packet description information corresponding to the Q packets and is distributed to the flow queues, the Q packets; and
sending the Q processed packets, wherein an intersection set between the Si network service processors and the Sj network service processors is a null set or a non-null set.

US Pat. No. 10,116,772

NETWORK SWITCHING WITH CO-RESIDENT DATA-PLANE AND NETWORK INTERFACE CONTROLLERS

Cavium, Inc., San Jose, ...

1. A network interface apparatus, comprising:a semiconductor chip comprising a packet input processor, a packet output processor, and a network interface controller; wherein
a network facing inbound interface of the network interface controller is communicatively coupled to a network facing interface of the packet output processor via a first hardware loopback entity;
a network facing outgoing interface of the network interface controller is communicatively coupled to a network facing interface of the packet input processor via a second hardware loopback entity; and
at least one medium access controller, communicatively coupled to network facing inbound and outgoing interfaces of the network interface controller, the network facing interface of the packet output processor, and the network facing interface of the packet input processor.

US Pat. No. 10,116,771

DATA TRANSMISSION VIA FRAME RECONFIGURATION

Sprint Spectrum L.P., Ov...

1. A method for transmitting data via frame reconfiguration, the method comprising:mapping, by a source node, a plurality of data bits to a corresponding plurality of frame configurations, each of the plurality of frame configurations comprising a sequence of uplink and downlink subframes;
generating, by the source node, a pattern of frame configurations based on a data string to be transmitted to a target node, the pattern comprising one or more frame configurations of the plurality of frame configurations corresponding to bits within the data string; and
broadcasting, from the source node, the pattern of frame configurations,
wherein the target node is configured to identify the pattern of frame configurations and decode the data string.

US Pat. No. 10,116,769

COMMERCE ORIENTED UNIFORM RESOURCE LOCATER (URL) SHORTENER

PAYPAL, INC., San Jose, ...

1. A system comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
identifying a graphical token indicator;
identifying a token associated with the graphical token indicator;
selecting a template associated with the graphical token indicator, comprising selecting a template with a token indicator type matching that of the identified graphical token indicator and a token type matching that of the identified token; and
generating a uniform resource locator (URL) in a computer-readable form based on the template, wherein the graphical token indicator indicates the start of the token.

US Pat. No. 10,116,768

CONTROL SYSTEM, CONTROL METHOD, AND COMMUNICATION DEVICE

FUJITSU LIMITED, Kawasak...

1. A control system comprising:a server including a first processor and a first memory; and
a plurality of communication devices including a second processor, respectively,
wherein
the first memory is configured to store first mode information for each user,
the first mode information is associated with a mode of an application, the first mode information being selected from among a plurality pieces of mode information of the mode for distinguishing a function executed by same operation from another function for the application,
the first processor is configured to transmit a respective first mode information of a user to the plurality of communication devices operated by the user, and
the second processor is configured to:
receive the first mode information,
obtain second mode information set to the mode of the application installed to a communication device among the plurality of communication devices,
record an operation content related to mode information change performed on the communication device, and
determine whether the second mode information set to the mode of the application is switched to the first mode information, based on the operation content, the first mode information, and the second mode information.

US Pat. No. 10,116,767

SCALING CLOUD RENDEZVOUS POINTS IN A HIERARCHICAL AND DISTRIBUTED MANNER

Furturewei Technologies, ...

1. A service provider (SP) cloud rendezvous point (CRP-SP) in a fixed cloud rendezvous point (CRP) hierarchy, the CRP-SP comprising:a memory comprising a cloudcasting information base (CCIB);
a receiver configured to receive a Register request from a first site CRP (CRP Site) in an SP network, the Register request indicating a first portion of a virtual extensible network (VXN) is reachable by the SP network at the first CRP Site;
a processor coupled to the receiver and the memory, the processor configured to query the CCIB to determine that a second portion of the VXN is reachable by the SP network at a second CRP Site; and
a transmitter coupled to the processor and configured to transmit Report messages to both the first CRP Site and the second CRP Site, the Report messages indicating the VXN is reachable at both the first CRP Site and the second CRP Site.

US Pat. No. 10,116,766

ASYNCHRONOUS AND IDEMPOTENT DISTRIBUTED LOCK INTERFACES

Amazon Technologies, Inc....

1. A system, comprising:one or more hardware processors and memory configured to:
receive a queue-for lock request from a client, wherein the queue-for-lock request comprises an indication of an element to be locked;
in response to receiving the queue-for-lock request, provide, to the client, a reference to a first asynchronous operation, wherein the first asynchronous operation is asynchronous to processes executing on the client;
perform, after providing the reference to the first asynchronous operation, the first asynchronous operation comprising insertion of a lock request on behalf of the client into a queue of waiters for a lock on the element;
receive a request from the client for a result of the first asynchronous operation, the request including the reference to the first asynchronous operation;
in response to receiving the request for the result of the first asynchronous operation, transmit to the client a notification of insertion of the lock request into the queue of waiters, wherein the notification comprises a reference to a second asynchronous operation comprising granting of a lock on the element to the client, wherein the second asynchronous operation is distinct from the first asynchronous operation and asynchronous to processes executing on the client; and
perform the second asynchronous operation comprising granting the lock on the element to the client.

US Pat. No. 10,116,765

NEEDS-MATCHING NAVIGATOR SYSTEM

1. A Matching Navigator System (MNS), said system including:a computer server including a memory storing a user profile, said user profile including:
a user-specific wellbeing criteria database, wherein said wellbeing criteria database includes a plurality of data elements representing predetermined wellbeing attributes, as well as data elements representing user-specific weightings for said predetermined wellbeing attributes,
wherein said MNS monitors data from searches and site visits made using said MNS, compares said data from searches and site visits to said user-specific weighting for said wellbeing attributes, and adjusts said user-specific weighting for said wellbeing attributes based on said data from searches and site visits made using said MNS;
a user-specific wellbeing orientation database, wherein said wellbeing orientation database includes a plurality of data elements representing predetermined wellbeing preference data and user-specific weightings for said predetermined wellbeing preference data,
wherein said user-specific weightings for said predetermined wellbeing preference data are determined using an initial electronic survey presented to a user by said MNS for self-quantification by said user; and
a user-specific reading level data, wherein said MNS monitors data from searches and site visits made using said MNS, wherein said MNS determines a user-specific reading level associated with said data from said searches and site visits and records said reading level as said user-specific reading level data;
a solution database, stored in memory on a computer server, wherein said solution database includes a solution data set corresponding to a predetermined potential user search query and a solution-specific electronic survey,
wherein said solution data set includes a plurality of data elements representing predetermined solution attributes,
wherein said data elements represent third-party quantified solution attributes that are quantified based on a plurality of third party user ratings collected from solution-specific electronic survey information received from a plurality of third parties in response to said solution-specific electronic survey,
wherein said data elements representing third-party quantified solution attributes are determined by averaging said plurality of third party user ratings for said predetermined solution attributes;
a computerized user interface, said computerized user interface receiving a search query from said user,
wherein, when said search query from said user is determined by said MNS to correspond to said solution data set, said MNS retrieves said solution-specific electronic survey and transmits said solution-specific electronic survey to said computerized user interface for display to said user,
wherein said computerized user interface receives user-specific weightings from said user for said solution attributes included in said solution-specific electronic survey;
wherein said MNS:
retrieves said plurality of data elements representing predetermined wellbeing attributes, as well as data elements representing user-specific weightings for said predetermined wellbeing attributes from said user-specific wellbeing criteria database;
retrieves said plurality of data elements representing predetermined wellbeing preference data and said user-specific weightings for said predetermined wellbeing preference data from said user-specific wellbeing orientation database; and
adjusts said user-specific weightings based on the data elements retrieved to determine user-specific adjusted weighting data for said solution attributes,
wherein said MNS:
generates a series of link selections based at least in part on matching said user-specific adjusted weighting data for said solution attributes with said data elements representing third-party quantified solution attributes , and
said user-specific reading level; and
a Graphical Link Organizer (GLO) representing a user interface displaying a plurality of user-activatable links to organized search results, wherein said GLO includes:
a first row of links, wherein said first row of links includes links to search results that have been determined to be at the user-specific reading level of said user based on said user-specific reading level data;
a second row of links, wherein said second row of links includes links to search results that have been determined to be above the user-specific reading level of said user based on said user-specific reading level data;
a third row of links, wherein said third row of links includes links to search results that have been determined to be below the user-specific reading level of said user based on said user-specific reading level data;
a first column intersecting said first row of links, said second row of links, and said third row of links, wherein said first column displays links determined using said plurality of data elements representing predetermined wellbeing attributes, as well as data elements representing user-specific weightings for said predetermined wellbeing attributes, wherein said links of said first column are also categorized into said first row of links, said second row of links, and said third row of links; and
a second column intersecting said first row of links, said second row of links, and said third row of links, wherein said second column displays links determined using said plurality of data elements representing predetermined wellbeing preference data and user-specific weightings for said predetermined wellbeing preference data, wherein said links of said second column are also categorized into said first row of links, said second row of links, and said third row of links.

US Pat. No. 10,116,764

METHOD FOR STATE BASED SNAPSHOT DIFFERENCE WITH RESTART CAPABILITY

EMC IP Holding Company LL...

1. A data management device, comprising:a buffer; and
a processor programmed to:
select an unprocessed full key,
generate a buffer entry based on a difference between an entry of a local snapshot specified by the unprocessed full key and an entry of a previous local snapshot specified by the unprocessed full key,
make a first determination that a lookup key entry associated with the unprocessed full key is different than a lookup key entry associated with a processed full key, and
in response to the first determination, add the generated buffer entry to the buffer after processing the buffer.

US Pat. No. 10,116,763

METHOD FOR OPERATING A CACHE ARRANGED ALONG A TRANSMISSION PATH BETWEEN CLIENT TERMINALS AND AT LEAST ONE SERVER, AND CORRESPONDING CACHE

Thomson Licensing, Issy-...

1. A method for operating a cache arranged between client terminals and at least one server, said cache being configured to receive requests from client terminals for at least a first representation of a segment of a multimedia content available in a plurality of representations, wherein the method comprises:receiving, in a first period of time, a plurality of requests for a given segment from client terminals, each request specifying one first representation and at least one alternative representation of said given segment, said given segment being not stored yet in said cache;
determining a score of relevancy for each representation of said given segment specified in the plurality of requests received during the first period of time, the score of relevancy associated with a requested representation of said given segment corresponding to a number of times said requested representation is specified in the plurality of requests received by the cache, wherein, each representation of a received request having a priority level, the number of times a representation is requested is weighted by a first factor depending on the priority level of said representation;
selecting, as a main relevant representation of said given segment, a representation with a highest score of relevancy amongst the determined scores of relevancy, wherein the main relevant representation is the representation with the highest score;
requesting, by said cache, said main relevant representation of the given segment from a remote server.

US Pat. No. 10,116,762

SYSTEM AND METHOD FOR STORING AND PROCESSING WEB SERVICE REQUESTS

WALMART APOLLO, LLC, Ben...

1. A system for processing web service requests, the system comprising:a server configured to receive and process web service requests, the server comprising a plurality of components comprising:
a plurality of virtual computer systems that service received web service requests from one or more client systems, wherein each of the plurality of virtual computer systems is operable in both an active/standby mode or an active/active mode;
a logical storage system coupled to the plurality of virtual computer systems, wherein each of the plurality of virtual computer systems shares a common storage that stores the received web service requests;
a request handler element that distributes a web service request to at least one of the plurality of virtual computer systems for processing; and
an internal port coupling at least two of the plurality of virtual computer systems, wherein the received web service requests are replicated between the at least two of the plurality of virtual computer systems across the internal port, and wherein the internal port is not available to the one or more client systems;
an entity that monitors an expiration of a database record associated with at least one web service request; and
corresponding entities that execute among at least two of the plurality of virtual computer systems, wherein the entities compare timestamps associated with the database record associated with the at least one web service request;
wherein the entity deletes the database record associated with the at least one web service request when the compared timestamps stored by at least two of the corresponding entities have expired.

US Pat. No. 10,116,761

MULTI-DELIVERY-METHOD POLICY-CONTROLLED CLIENT PROXY

1. A system, comprising:a memory that stores instructions;
a processor that executes the instructions to perform operations, the operations comprising:
detecting, based on a request for a network service, a client proxy associated with a client, wherein the client proxy is detected based on a port at which the client proxy executes on a device that is executing the client;
providing, to the client, a data object including information indicating that the client proxy is a primary source for content requested by the client;
redirecting, based on the data object, a request for the content from the client to the client proxy;
obtaining, via the client proxy, the content by utilizing a delivery method that is selected based on a policy; and
providing, via the client proxy, the content to the client.

US Pat. No. 10,116,760

ACTIVE DATA PUSH SYSTEM AND ACTIVE DATA PUSH METHOD

DELTA ELECTRONICS, INC., ...

1. An active data push system comprising:a plurality of human-detection devices respectively detecting a plurality of zones, and sending a trigger signal when detecting entrance of a human user of a mobile device into one of the zones; and
a management system connected to the human-detection devices and comprising a processing device, the processing device comprising a status-detection module and an alarm module connected to the status-detection module,
wherein
the management system recognizes the zone corresponding to the trigger signal when receiving the trigger signal, the management system retrieves a plurality of basic data of a plurality of electronic devices installed in the recognized zone, and transmits the retrieved basic data to the mobile device via a network,
the status-detection module detects whether the electronic devices are abnormal, and
the alarm module determines whether the zone corresponding to the trigger signal is consistent with the zone in which the abnormal electronic device is installed, and transmits an alarm message to the mobile device when determining that the zone corresponding to the trigger signal is consistent with the zone in which the abnormal electronic device is installed.

US Pat. No. 10,116,759

METHOD, APPARATUS AND COMPUTER FOR IDENTIFYING STATE OF USER OF SOCIAL NETWORK

HUAWEI TECHNOLOGIES CO., ...

1. A method for identifying a state of a user of a social network, the social network comprising an activated user, a non-activated user, and a silent user, a state of the silent user being unstable, the silent user finally becoming the activated user or the non-activated user, and the identification method comprising:acquiring a user-event similarity of the user regarding a new event;
identifying whether the user is the silent user or the non-activated user according to the user-event similarity; and
determining whether the silent user or the non-activated user on the social network is finally in an activated state or a non-activated state by:
determining a state of an associated user of the silent user or the non-activated user in a previous iteration, the associated user referring to a user that has a follow relationship with the user;
determining, according to the state of the associated user in the previous iteration, a probability that the silent user or the non-activated user changes to the activated state;
determining a total quantity of associated users of the silent user that are currently in the activated state; and
determining whether the silent user is finally in the activated state or the non-activated state according to the total quantity and a threshold of the silent user, the threshold being a real number existing for the silent user and ranging between zero and one, the threshold being related to a difficulty level at which the user is activated, determining whether the silent user is finally in the activated state or the non-activated state according to the total quantity and the threshold comprising comparing the total quantity with the threshold, the silent user being finally in the activated state when the total quantity is greater than or equal to the threshold, the silent user being finally in the non-activated state when the total quantity is less than the threshold, and behavior of the user in the social network being analyzed based on the determination whether the user is finally in the activated state or the non-activated state.

US Pat. No. 10,116,758

DELIVERING NOTIFICATIONS BASED ON PREDICTION OF USER ACTIVITY

Facebook, Inc., Menlo Pa...

1. A method comprising:storing, by an online system, activity data describing activity performed on the online system by a user of the online system;
receiving one or more content items from users of the online system;
identifying a future time interval associated with the user for delivery of notifications associated with the received content items;
extracting, from the activity data, features associated with the future time interval for the user, wherein extracting the features comprises:
identifying a preceding time period comprising one or more sub-intervals;
for each of the one or more sub-intervals, determining whether the user was active during the sub-interval at least once;
generating an activity metric representing a count of sub-intervals during which the user was active at least once; and
providing the extracted features as input to a model generated based on machine learning;
obtaining, as an output from the model, a score indicative of a likelihood that the user will be active on the online system at least once during the future time interval;
responsive to the score exceeding a threshold value, selecting one or more notifications, the selection comprising:
identifying a plurality of candidate notifications, each candidate notification associated with a content object;
for each of the plurality of candidate notifications generating an interaction score, the generating comprising:
determining a base score using the number of user actions performed with the content object, and
decaying the base score based on time elapsed since the content object was added to the online system; and
identifying the one or more candidate notifications based on the interaction scores;
during a delay period following the selection and prior to the future time interval, withholding a selected notification associated with a content object and monitoring whether the user has viewed the content object; and
responsive to determining that the user did not view the content object during the delay period, delivering the selected notification to the user prior to the future time interval, wherein the delivering of the selected notification is initiated at the online system.

US Pat. No. 10,116,757

LOCATION-BASED OPEN SOCIAL NETWORKS

1. An apparatus having stored executable instructions, comprising:1) at least one computing system being operable to implement a social networking system, said social networking system arranged to implement a plurality of social networks;
2) said plurality of social networks each arranged to be associated with a location and accessible without registration requirements;
3) said social networking system arranged to select one or more of said plurality of social networks after receiving info that a given program is in operation and it is determined that the one or more social networks each have a predetermined geographic area which covers a location of a user; and
4) said social networking system arranged to send to said user information about the one or more social networks, wherein said information includes one or more post quantities which correspond to the one or more social networks, each of the one or more post quantities represents a number of posts which are posted in one of the one or more social networks in a given time period.

US Pat. No. 10,116,756

TECHNIQUES TO FACILITATE RECOMMENDATIONS FOR NON-MEMBER CONNECTIONS

Microsoft Technology Lice...

1. A method for providing recommended social networking connections, the method comprising:on a computer-based social networking service, executing computer program instructions which cause one or more computer processors to perform the operations of:
determining a set of connection candidates based upon information gathered about a member of the social networking service, the connection candidates in the set of connection candidates are not already members of the social networking service, the information gathered about the member including at least one of: information from email accounts of the member, blog posts of the member, electronic calendar entries of the member, associated websites of the member, social networking profiles of the member on a second social networking service;
executing a machine learning algorithm to determine a relevance score for each particular connection candidate in the set of connection candidates based upon a plurality of signals gathered by the social networking service, the plurality of signals identifying with a subscore a likelihood that the member knows the particular connection candidate, wherein the subscore is based on points automatically assigned to similarities between the member and the particular connection candidate; and
presenting, on a display, to the member the set of connection candidates ordered based upon relevance scores.

US Pat. No. 10,116,754

DYNAMIC CONFIGURATION OF INTERFACE IDENTIFIERS

Comcast Cable Communicati...

1. A method comprising:maintaining a plurality of identifiers for a first interface and a second interface of a computing device based on the first interface and the second interface being connected to a network;
assigning, by the computing device and to the first interface, a first identifier of the plurality of identifiers;
causing transmission, via the first interface, of a first request to access a device on the network, the first request comprising the first identifier;
receiving, by the computing device and from the network and after the causing transmission of the first request, a code;
determining, based on a comparison of the received code to a first predetermined code associated with the first interface, that the first interface uses a protocol not supported by the device on the network;
re-assigning, based on the determining that the first interface uses a protocol not supported by the device on the network, the first identifier to the second interface;
causing transmission, via the second interface and based on the determining that the first interface uses a protocol not supported by the device on the network, of a second request to access the device on the network;
determining, after the causing transmission of the second request, that the second interface is not connected to the network; and
removing the first identifier from being assigned to the second interface.

US Pat. No. 10,116,752

SYSTEM AND METHOD FOR BRIDGING DIVERGENT INFORMATION NETWORKS

KAROS HEALTH INCORPORATED...

1. A computer network implemented system for managing network communication in a health information exchange environment comprising:one or more computers that include at least one memory and at least one processor, the one or more computers implementing one or more bridge utilities, the one or more bridge utilities creating and maintaining a network overlay including at least one network layer layered over communication protocols of divergent network infrastructures in the health information exchange environment, each bridge utility, executed by the at least one processor, comprising:
a first anchor component connected behind a firewall of a first health information communication network of a first healthcare enterprise, the first anchor component providing an outbound proxy for devices on the first health information communication network; and
a second anchor component connected behind a second firewall of a second health information communication network of a second healthcare enterprise, the second anchor component providing an outbound proxy for devices on the second health information communication network;
the first anchor component and the second anchor component configured for network communication with each other though their respective firewalls and via at least one span utility;
the first anchor component configured to:
detect clinical devices on the first health information communication network;
maintain, in a first device registry, a first set of clinical device communication protocol parameters for the detected clinical devices on the first health information communication network; and
communicate, to the at least one span utility, device identifiers identifying the detected clinical devices on the first health information communication network;
the second anchor component configured to:
detect clinical devices on the second health information communication network;
maintain, in a second device registry, a second set of clinical device communication protocol parameters for the detected clinical devices on the second health information communication network; and
communicate, to the at least one span utility, device identifiers identifying the detected clinical devices on the second health information communication network;
the first and second anchor components and the at least one span utility configured to: send and receive signaling communications between them for configuring anchor to anchor connections and for sharing the device identifiers for the detected devices on the first and second health information communication networks; and
the second anchor component configured to:
upon receiving a data connection request from a first clinical device on the first health information communication network via the first anchor component, the data connection request including a device identifier associated with a second clinical device detected on the second health information communication network, establishing a first data connection with the first anchor component; and
bridging the first data connection to the second clinical device using the second set of clinical device communication protocol parameters in the second device registry;
wherein the signaling communications between the first and second anchor components for sharing the device identifiers and for configuring the anchor to anchor connections are routed via a connection management layer via the at least one span utility; and
wherein the first data connection enables transmission of data between the second anchor component and the first anchor component outside the connection management layer, and wherein the data transmitted over the first data connection is not routed via the at least one span utility.

US Pat. No. 10,116,751

CONTEXT AWARE TRANSACTIONS PERFORMED ON INTEGRATED SERVICE PLATFORMS

West Corporation, Omaha,...

1. A method, comprising:receiving, via a receiver device, user input information to access an application, the user input information including at least one action request provided by a user device;
wherein the user input information is a part of a contextual history information identifying a first session;
creating a second session responsive to receiving a user inquiry;
generating a response message to the at least one action request based on the contextual history information and the user inquiry;
forwarding the response message to the user device via a transmitter device via the second session; and
generating at least one additional response based on a third party application, the at least one additional response comprising a reminder that is derived from previous user transactions and the contextual history information.

US Pat. No. 10,116,750

MECHANISM FOR HIGHLY AVAILABLE RACK MANAGEMENT IN RACK SCALE ENVIRONMENT

Intel Corporation, Santa...

1. A method for managing rack resources in a data center rack, comprising:employing first and second Rack Management Modules (RMMs) to manage power and thermal zones in a rack including a plurality of pooled system drawers, each pooled system drawer associated with a respective power zone including one or more power sensors and one or more power control devices and a respective thermal zone including one or more thermal sensors and one or more thermal devices;
implementing one of the first and second RMM as an initial master RMM and the other RMM as an initial slave RMM;
when an RMM is being implemented as a master RMM,
monitoring the power and thermal zones in the rack by,
receiving power data from one or more power sensors for each power zone;
receiving thermal data from one or more thermal sensors for each thermal zone; and
communicating with at least one of,
one or more power control devices for each of one or more power zones to control power in that power zone; and
one or more thermal devices for each of one or more thermal zones to control operation of the one or more thermal devices;
maintaining power and thermal zone state information for each pooled system drawer; and
periodically synchronizing power zone and thermal zone state information between the master RMM and the slave RMM;
detecting a fail-over condition for the master RMM, and in response thereto,
implementing the initial slave RMM as a new master RMM;
resetting the initial master RMM; and
implementing the initial master RMM as a new slave RMM.

US Pat. No. 10,116,748

VEHICLE-BASED MULTI-MODAL INTERFACE

Microsoft Technology Lice...

1. A computer-implemented method comprising:establishing a connection between a mobile device and an in-vehicle information/entertainment system;
receiving a communication from the mobile device, the communication being associated with an input of a first modality type comprising a voice communication that was received by the mobile device, the input comprising a query and associated with accomplishing a task of playing music;
listing a plurality of songs meeting the query;
receiving input of a second modality type that is different from the first modality type, the input of the second modality type selecting a song from the plurality of songs meeting the query and being associated with performing the task of playing music;
performing the task of playing music, wherein the task comprises playing the song;
during performance of the task, interrupting the task and presenting a user interface comprising an option selectable via a third modality type comprising touch that is different from the first and second modality types on the in-vehicle information/entertainment system associated with a different task; and
responsive to receiving selection of the option via the third modality type comprising touch, performing the different task;
wherein three different input modalities are used to engage the in-vehicle information/entertainment system by way of the mobile device: the first modality type comprising the voice communication, the second modality type, and the third modality type comprising touch and different from the first and second modality types.

US Pat. No. 10,116,747

ELECTRICITY PROVIDER CONTENT PLATFORM

TXU ENERGY RETAIL COMPANY...

1. A system for providing access to a content platform of an electricity provider, comprising:an interface operable to:
receive a request to access content of a content platform of an electricity provider from a communication device;
receive a proposed change in electricity consumption of an appliance from the communication device;
one or more processors communicatively coupled to the interface, the one or more processors operable to:
determine, based on the received request, a display format for the communication device from a plurality of display formats;
convert content from the content platform in the determined display format of the communication device;
determine a predicted change in electricity charges based on the proposed change; and
the interface further operable to:
communicate the content in the determined display format to the communication device; and
communicate the predicted change in electricity charges to the communication device.

US Pat. No. 10,116,746

DATA STORAGE METHOD AND NETWORK INTERFACE CARD

HUAWEI TECHNOLOGIES CO., ...

1. A data storage method, comprising:acquiring, by a network interface card, unsolicited data;
buffering, in a direct memory access (DMA) manner, the unsolicited data into a double data rate (DDR) synchronous dynamic random access memory (SDRAM) of the network interface card, the unsolicited data being to-be-stored data, for which a corresponding destination address is not acquired, among data received by the network interface card;
acquiring, by the network interface card, a destination address corresponding to the unsolicited data; and
writing, in the DMA manner, the unsolicited data into storage space that corresponds to the destination address corresponding to the unsolicited data.

US Pat. No. 10,116,744

SYSTEM AND METHOD FOR PROVIDING MANAGEMENT NETWORK COMMUNICATION AND CONTROL IN A DATA CENTER

DELL PRODUCTS, LP, Round...

1. An information handling system, comprising:a host processing complex to instantiate a hosted processing environment;
a first managed element; and
a baseboard management controller to manage the managed element out of band from the hosted processing environment, wherein the baseboard management controller:
stores console information for a plurality of management consoles, wherein the console information includes a mapping to each of the management consoles, and wherein a first one of the management consoles directs the baseboard management controller to manage the first managed element;
provides the console information to a mobile management device;
receives a first direction from the mobile management device based upon the console information in response to providing the console information to the mobile management device;
provides the first direction to the first management console;
receives first management information from the first management console to direct the baseboard management controller to manage the first managed element based upon the first management information; and
stores the console information in an entry of a console table.

US Pat. No. 10,116,743

STORAGE CAPACITY FORECASTING BY CAPABILITY SETS

INTERNATIONAL BUSINESS MA...

1. A method, comprising:defining multiple storage capabilities for a set of storage resources, the storage resources comprising storage space;
defining a plurality of storage services, each of the storage services comprising one or more of the storage capabilities for a subset of the storage resources;
configuring a software defined storage (SDS) system comprising the defined storage services;
receiving, by the SDS system, a request to forecast an amount of the storage space comprising one or more of the storage capabilities that will be available at a specified future time; wherein receiving the request comprises receiving an input from a user indicating the specified future time and the one or more of the storage capabilities that will be available at the specified future time;
identifying one or more of the storage services comprising the one or more storage capabilities; and
computing, for the identified one or more storage services, a predicted amount of the storage space at the specified future time.

US Pat. No. 10,116,742

SCALABLE APPROACH TO MANAGE STORAGE VOLUMES ACROSS HETEROGENOUS CLOUD SYSTEMS

International Business Ma...

1. A method for managing heterogeneous cloud data storage systems, the method comprising:defining rules that govern storing of data in one or more of a plurality of heterogeneous cloud data storage systems;
receiving first-type data and second-type data from one or more user computers;
determining a respective priority for each of the first-type data and the second-type data, the priority of the first-type data is different than the priority of the second-type data;
sending the first-type data to a first queue for storage thereat and the second-type data to a second queue for storage thereat according to the determined priority; and sending the first-type data and the second-type data from the first or second queue according to the defined rules for storage into the plurality of heterogeneous cloud data storage systems;
applying different rules of the defined rules to the heterogeneous cloud data storage systems;
splitting at least one of the first-type data and the second-type data by applying defined rule; and encrypting the split data before storing the split data at the plurality of heterogeneous cloud data storage systems,
and storing the split data at a cloud storage system whose resource usage to store the split data is lowest among the plurality of heterogeneous cloud data storage systems;
exchanging the applied different rules between the heterogeneous cloud data storage systems; and
updating rules corresponding to the heterogeneous cloud data storage systems with the exchanged rules,
wherein a processor connected to a memory is being configured to perform: the defining rules, the receiving first-type data and second type data, the determining a respective priority, the sending the first-type data to a first queue, and the sending the first-type data and the second-type data,
wherein an amount of data processing time assigned to the first queue for storing and sending the first-type data is different than an amount of data processing time assigned to the second queue for storing and sending the second-type data.

US Pat. No. 10,116,741

PEER-TO-PEER NETWORK IMAGE DISTRIBUTION HIERARCHY

CISCO TECHNOLOGY, INC., ...

1. A method for upgrading first and second sets of network devices with an upgrade defined by a set of files, the first and second sets of devices at least partially overlapping, the method comprising:allocating the set of files of the upgrade into a plurality of sub-portions of the upgrade, including a first portion with a first file of the set of files and a second portion with a second file of the set of files;
receiving, at a file server, identification of a first network device as a root device within a first hierarchal order of the first set of network devices, and identification of a second network device as a root device within a second hierarchal order of the set of network devices;
first assigning the first file from the set of files to the first network device for distribution to the first set of network device;
second assigning the second file from the set of files to the second network device for distribution to the second set of devices;
first transmitting, by a file server, the first file but not the second file from the set of files to the first network device, wherein transmitting the first file to the first network device causes the first file to be distributed to each network device in the first set of network devices according to the first hierarchical ordering; and
second transmitting, by the file server, the second file but not the first file from the set of files to the second network device, wherein transmitting the second file to the second network device causes the second file to be distributed to each network device in the set of network devices according to the second hierarchical ordering;
wherein a third network device within both the first and second sets of network devices will receive the first file as relayed from the first network device and the second file as relayed from the second network device;
wherein the first and second transmitting individually transmit sub-portions of the upgrade, such that the third network device receives the upgrade in separate pieces from different hierarchical orders.

US Pat. No. 10,116,740

PEER-TO-PEER NETWORK PRIORITIZING PROPAGATION OF OBJECTS THROUGH THE NETWORK

MICROSOFT TECHNOLOGY LICE...

1. A method for transferring digital content items in a peer-to-peer network in which a plurality of nodes participate, comprising:receiving requests for receipt of one or more digital content items from a plurality of requesting nodes belonging to the peer-to-peer network;
assessing a capacity of the requesting nodes to upload data;
allocating network resources available to the peer-to-peer network for delivering the digital content items or chunks thereof to the requesting nodes, the network resources including a specified number of simultaneous connections, between a sending node and the plurality of requesting nodes, that are available to the sending node for uploading the digital content items or chunks thereof to the plurality of requesting nodes, and an amount of total bandwidth available to the sending node; and
sending the digital content items or chunks thereof from the sending node to the requesting nodes over the peer-to-peer network in accordance with the network resources that are allocated to each of the requesting nodes;
receiving an additional request from an additional requesting node other than the plurality of requesting nodes for the digital content items or chunks thereof such that a number of requesting nodes requesting the digital content items or chunks thereof from the sending node exceeds the specified number of simultaneous connections available to the sending node;
in response to receiving the additional request:
determining respective connection speeds of the plurality of requesting nodes and the other requesting node;
selecting a number of requesting nodes having fastest network connection speeds for uploading data from the plurality of requesting nodes and the additional requesting node, the selected number of the requesting nodes less than or equal to the specified number of simultaneous connections until the total maximum bandwidth available to the sending node is reached;
allocating network resources to the number of requesting nodes selected from the plurality of requesting nodes and the additional requesting node; and
deallocating the network resources to a remainder of requesting nodes from the plurality of requesting nodes and the additional requesting node that are not included in the selected number of requesting nodes.

US Pat. No. 10,116,739

METHOD FOR ENABLING POINT-TO-POINT TRANSMISSION AND NETWORK CONNECTING DEVICE

THROUGHTEK TECHNOLOGY (SH...

1. A method for enabling a host device to perform point-to-point transmission, comprising:storing a device identification representing an external device in the external device, wherein the external device is connected to the host device;
providing a point-to-point program instruction to be installed on the host device; and
providing a server that is remote from the host device and the external device, wherein when the host device is connected to the external device and installed with the point-to-point instruction, the host device sends the device identification to the server, the server derives a unique identification by calculating the device identification with a function, and the server sends the unique identification to the host device, wherein the host device informs the server with connection data and the unique identification,
the unique identification being used to identify the host device in a point-to-point transmission network; and
wherein the server provides the connection data of the host device to a point-to-point device so that the point-to-point device is connected to the host device with a point-to-point connection,
wherein the external device is a wireless router for establishing a wireless network for the point-to-point device and queried by the point-to-point device to establish the point-to-point connection according to the point-to-point instruction.

US Pat. No. 10,116,738

DETECTING ANOMALOUS CONDITIONS IN A NAME SERVER NETWORK

Level 3 Communications, L...

1. A method comprising:receiving from a subscriber, via a web-based graphical user interface, one or more policies for distribution of service requests to one or more servers in a subscriber server network;
monitoring an operational status of at least some of a plurality of name servers in a name server network that provides hostname resolution services for the one or more servers in the subscriber server network;
based on said monitoring, when an error or anomalous condition is detected at a particular name server of the name server network, creating a policy to indicate the status of the particular name server, wherein the policy is taken into account when resolving hostnames using the name server network; and
sending an alert regarding the error or anomalous condition detected at a particular name server to the subscriber via the web-based graphical user interface.

US Pat. No. 10,116,737

OPTIMIZED CONSISTENT REQUEST DISTRIBUTION FOR BALANCED LOAD DISTRIBUTION IN A CONTENT DELIVERY NETWORK

Verizon Digital Media Ser...

1. A method comprising:receiving a plurality of requests over the Internet at a load distribution server allocating the plurality of requests across a plurality of distribution servers, the plurality of requests comprising a first set of requests directed to a first content type and a second set of requests directed to at least a different second content type, the load distribution server comprising a processor and memory storing an identifier identifying each server of the plurality of distribution servers, the processor:
producing a hash result for each server of the plurality of distribution servers, wherein said producing comprises hashing the identifier identifying each server of the plurality of distribution servers;
selecting a first load factor value for the first set of requests based on the first content type of the first set of requests, and a different second load factor value for the second set of requests based on the second content type of the second set of requests;
distributing the first set of requests across a first set of the plurality of distribution servers by adjusting the hash result produced for each server of the first set of distribution servers with the first load factor value and by selecting a server from the first set of distribution servers to receive each request from the first set of requests based on the hash result of each server of the first set of distribution servers as adjusted by the first load factor value, the first load factor value increasing selection precedence of any server of the first set of distribution servers over a different second set of the plurality of distribution servers; and
distributing the second set of requests across the second set of distribution servers by adjusting the hash result produced for the second set of distribution servers with the second load factor value and by selecting a server from the second set of distribution servers to receive each request from the second set of requests based on the hash result of each server of the second set of distribution servers as adjusted by the second load factor value, the second load factor value increasing selection precedence of any server of the second set of distribution servers over the first set of distribution servers.

US Pat. No. 10,116,736

SYSTEM FOR DYNAMICALLY VARYING TRAFFIC ROUTING MODES IN A DISTRIBUTED CLUSTER AND METHOD THEREFOR

WALMART APOLLO, LLC, Ben...

1. A system comprising:a load balancer;
a database partitioned into at least a first shard of the database and a second shard of the database, the first shard of the database and the second shard of the database having been split from a partition of the database, and the partition of the database having been split from the database;
a first plurality of database servers coupled to the load balancer, each database server in the first plurality of database servers hosting a copy of the first shard of the database; and
a second plurality of database servers coupled to the load balancer, each database server in the second plurality of database servers hosting a copy of the second shard of the database; and
a centralized data store configured to maintain a list of (1) each database server in the first plurality of database servers and (2) each database server in the second plurality of database servers;
wherein:
the load balancer is configured to:
send incoming instructions to a database server selected from the first plurality of database servers or the second plurality of database servers, using load balancing techniques;
receive a first incoming instruction from a user, wherein the first incoming instruction comprises first queries of the first shard and second queries of the second shard;
process the first incoming instruction to extract the first queries of the first shard and the second queries of the second shard from the first incoming instruction;
forward the first queries of the first shard to the first plurality of database servers;
forward the second queries of the second shard to the second plurality of database servers;
receive a first query result from one database server of the first plurality of database servers;
receive a second query result from one database server of the second plurality of database servers;
aggregate the first query result and the second query result into an aggregated query result; and
present the aggregated query result to a requestor;
each database server in the first plurality of database servers is configured to send the first queries of the first shard of the database to a database server in the first plurality of database servers such that consecutive queries of the first queries of the first shard of the database are sent to different database servers of the first plurality of database servers; and
each database server in the second plurality of database servers is configured to send the second queries of the second shard of the database to a database server in the second plurality of database servers such that consecutive queries of the second queries of the second shard of the database are sent to different database servers of the second plurality of database servers.

US Pat. No. 10,116,734

DATA PURGE DISTRIBUTION AND COHERENCY

Fastly, Inc., San Franci...

1. A method of operating a content delivery network, wherein the content delivery network comprises a plurality of content delivery nodes that cache content, the method comprising:in a first content delivery node of the content delivery network, receiving a content request from a second content delivery node of the content delivery network, wherein the content request comprises a request for second content to replace first content and a revision indicator of the first content;
in the first content delivery node and when the revision indicator of the first content indicates an earlier revision than third content stored in the first content delivery node, then transferring the third content as the second content for delivery to the second content delivery node;
in the first content delivery node and when the revision indicator of the first content indicates a same revision or a later revision as the third content stored in the second content delivery node, then requesting fourth data from a data node and transferring fourth data as the second data for delivery to the second content delivery node;
in the second content delivery node, receiving a purge instruction to purge the first content stored in the second content delivery node and responsively purging the first content;
in the second content delivery node and in response to the purge instruction, transferring the content request for delivery to the first content delivery node of the content delivery network; and
responsive to the content request, in the second content delivery node, receiving the second content for storage in the second content delivery node.

US Pat. No. 10,116,733

SYSTEM AND METHOD FOR COLLECTING FEEDBACK IN A MULTI-TENANT COMMUNICATION PLATFORM

Twilio, Inc., San Franci...

1. A method comprising:a first external application server system receiving first user-provided communication quality feedback from a first telephony communication endpoint system and providing the first user-provided communication quality feedback to a multi-tenant telephony communication platform system;
at the multi-tenant telephony communication platform system:
receiving the first user-provided communication quality feedback from the first external application server system, wherein the first user-provided communication quality feedback relates to a first communication route of a first telephony communication initiated on behalf of a first platform account that is associated with the first external application server system;
storing the first user-provided communication quality feedback in association with information that indicates the first communication route and an account identifier of the first platform account;
receiving second user-provided communication quality feedback from the first external application server system, wherein the second user-provided communication quality feedback relates to a second communication route of a second telephony communication initiated on behalf of the first platform account;
storing the second user-provided communication quality feedback in association with information that indicates the second communication route and the account identifier of the first platform account;
receiving from the first external application server system a RESTful first feedback application programming interface (API) call;
responsive to the RESTful first feedback API call, the platform system providing the first external application server system with feedback information that includes the first user-provided communication quality feedback and the second user-provided communication quality feedback,
wherein the first platform account is one of a plurality of platform accounts of the platform system.

US Pat. No. 10,116,732

AUTOMATED MANAGEMENT OF RESOURCE ATTRIBUTES ACROSS NETWORK-BASED SERVICES

Amazon Technologies, Inc....

1. A system, comprising:a plurality of compute nodes comprising one or more respective hardware processors and memory and implementing a plurality of different network-based services of a provider network, wherein a plurality of respective resources are implemented at the plurality of different network-based services for a plurality of clients of the provider network;
a provider network interface for the provider network, wherein the interface is implemented by one or more computers comprising respective hardware processors and memory;
a resource tag service of the plurality of different network-based services, wherein the resource tag service is implemented by one or more hardware processors and memory of one or more of the plurality of compute nodes and configured to:
receive, from a client of the plurality of clients via the provider network interface, a request to add at least one resource tag to select resources of the respective plurality of resources implemented for the client at the provider network according to resource metadata selection criteria specified in the request to add the at least one resource tag to the select resources;
in response to the receipt of the request to add the at least one resource tag to the select resources:
evaluate resource metadata maintained for the respective plurality of resources implemented at the plurality of different network-based services according to the resource metadata selection criteria in order to identify one or more resources of the respective plurality of resources as the select resources based at least in part on the one or more resources satisfying the resource metadata selection criteria; and
apply the at least one resource tag to the identified one or more resources of the plurality of resources to be maintained as part of the resource metadata for the plurality of resources implemented at the plurality of different network-based services;
receive an indication of a new resource implemented at one of the plurality of different network-based services;
determine that resource metadata maintained for the new resource satisfies the resource metadata selection criteria; and
in response to the determination that the resource metadata maintained for the new resource satisfies the selection criteria, apply the at least one resource tag to the new resource to be maintained as part of the resource metadata for the new resource.

US Pat. No. 10,116,731

METHOD AND SYSTEMS FOR PROVIDING DATA TO A REMOTE SITE

ONCAM GLOBAL, INC., Bill...

5. A method for providing requested data, the method comprising: sending, from a second server, to a first server a request for data; the second server not being a router; the request for data specifying a gateway; the request for data originating at a remote system; the request for data provided by the remote system to the second server; the second server providing the request for data directly to the first server; the request for data being a request for data from data-producing devices; the data-producing devices comprising at least one component selected from a camera, a binary switch, a multi-level switch, a binary sensor, thermostat controls, an access control device, a siren, chimes, a voice output device, a stepper motor controller, or a PWM speed controller; the gateway operatively connected over a network to the first server; the request for data comprising a predetermined port number at the second server; wherein the first server sends the request for data to the gateway and wherein the data is retrieved by the gateway; the gateway being operatively connected over the network to the second server; the gateway also being directly connected to the data-producing devices; and receiving at the second server and over the network, the data at the predetermined port number; the data being provided by the gateway; the second server providing the data, over the network, to the remote system; wherein the first server receives, from the gateway, component data characterizing a component operatively connected to the gateway; and wherein the first server obtains a virtual representation of said component; the virtual representation comprising a virtual control interface; the virtual control interface enabling providing commands/instructions to the component; wherein the second server comprises a data-rate-measuring component; and wherein the method further comprises: sending, over the network, an initiation signal, from the second server to the gateway, in order to initiate a data-rate-measuring test to measure data rates between the second server and the gateway; wherein, after initiation of the data-rate-measuring test, test data is provided by the gateway to the second server; determining, using the data-rate-measuring component, a data rate between the second server and the gateway; and providing, from the second server, the data rate to the gateway; wherein a data block size is calculated at the gateway in order to ensure a substantially predetermined block rate.

US Pat. No. 10,116,730

PROCESSING METHOD, COMPUTER DEVICES, COMPUTER SYSTEM INCLUDING SUCH DEVICES, AND RELATED COMPUTER PROGRAM

Myriad Group AG, Zurich ...

1. A processing method in a system comprising a first device and a plurality of second devices arranged to be connected with the first device via a data link, each second device being a user terminal and arranged to receive batches of data from an associated user to be sorted into N categories, the method comprising:performing an algorithm determination operation at said first device to build a sorting algorithm for sorting batches of data received by each second device into N categories, wherein said algorithm determination operation is performed according to the following (i) and (ii):
(i) generating a data sample for each of the N categories; and
(ii) according to data received by the first device for the data sample, determining within the first device the sorting algorithm according to consecutive iterations of a definition algorithm executed in the first device;
downloading, from the first device, the sorting algorithm for storage in each of the second devices;
executing, within each second device, the sorting algorithm in order to determine a respective category from among the N categories for each batch of data received by the second device; and
selectively triggering an action according to the category determined for said received batch of data,
wherein the sorting algorithm comprises sorting rules, each sorting rule being associated with one from among the N categories, each sorting rule including at least one logic sequence aiming to selectively associate at least one determined key element with a given category,
wherein the first device is a server, the plurality of second devices are user terminals connected to a platform of services through a telecommunications network, and the batches of data received by each user terminal are data entered on that user terminals and transmitted on the network to the platform of services, wherein:
the sorting algorithm determines, for each user terminal, a respective category from among the N categories, according to the data entered on the user terminal and transmitted on the network to the platform of services, and
during the step (i), the data sample is a sample of user terminals formed for each of the N categories, the data entered on the user terminals and transmitted on the network by the user terminal to the platform of services further being transmitted to the server.

US Pat. No. 10,116,729

DYNAMIC MEDIA TRANSFORMATION SERVICE IN A CDN

VERIZON DIGITAL MEDIA SER...

1. A method, comprising:configuring a network device in a content delivery network (CDN) with a plurality of visual presentation transformations the network device selectively applies during distribution of customer media, with application of each visual presentation transformation of the plurality visual presentation transformations changing presentation of the customer media on a display by changing a different visual property of the customer media;
receiving, at the network device from the customer, data associated with original customer media, wherein rendering the original customer media produces a first presentation on the display;
receiving, at the network device from the customer originating the original customer media, selection of a subset of visual presentation transformations from the plurality of media transformations that are to be applied to the original customer media prior to delivery;
receiving, at the network device from a client browser, a request for the original customer media;
applying, at the network device responsive to receipt of the request for the original customer media from the client browser, the subset of visual presentation transformations to the original customer media based on the selection of the subset of visual presentation transformations by the customer, wherein said applying generates modified customer media producing a second presentation on the display that is different than the first presentation of the original customer media; and
sending, from the network device to the client browser, the modified customer media in response to said request for the original customer media.

US Pat. No. 10,116,728

SYSTEM AND METHOD FOR TRANSFERRING DATA USING A DIRECTIONAL TOUCH GESTURE

Dell Products, LP, Round...

1. A method comprising:receiving, at an information handling system, a selection of a file;
requesting, by the information handling system, nearby information handling systems in response to the selection of the file;
receiving coordinate information and contact information for the nearby information handling systems from a server, wherein the nearby information handling systems are limited to information handling systems located within a same room of a building as the information handling system based on X, Y coordinates of the room creating a virtual backstop to prevent a file from being passed beyond the X, Y coordinates of the room, and the coordinate information includes X, Y coordinates of the nearby information handling systems within the room, wherein the nearby information handling systems include first, second, and third information handling systems, wherein the server includes a processor to store a map of the building in a memory of the server, to map locations of rooms within the building using a coordinate system and the map of the building, and to store the locations of the rooms on the map in the memory;
dividing the room into a plurality of sectors based on the coordinate information for each of the first, second, and third information handling systems and information about the information handling system, wherein a size of each of the sectors of the room is equal to a size of the other sectors of the room, wherein a first sector is defined to include the first information handling system, a second sector is defined to include the second information handling system, and a third sector is defined to include the third information handling system;
receiving a pass file indicator including a flick action; and
in response to the pass file indicator being aligned with the first sector, sending the file to the first information handling system of the first sector.

US Pat. No. 10,116,727

EMBEDDABLE WEB ANALYTICS TRACKING VIA MOCK ENVIRONMENT

SAP SE, Walldorf (DE)

1. A method implemented at least in part by a computer, the method comprising:receiving an indication of navigation to a locally-hosted web page at a client system, wherein the locally-hosted web page has one or more webpage properties;
staging a mock environment in the client system, wherein the mock environment comprises a set of properties that mimic visitation to the locally-hosted web page, wherein one or more properties of the set of properties are altered to be different from the webpage properties of the locally-hosted web page;
embedding an analytics snippet into the mock environment instead of the locally-hosted web page, wherein the analytics snippet is isolated within the mock environment; and
executing the analytics snippet embedded in the mock environment, wherein executing causes the analytics snippet to report, to an analytics server, analytics of a visitation to the locally-hosted web page based on the properties of the mock environment instead of the webpage properties of the locally-hosted web page, and wherein the analytics snippet reporting includes the altered properties under the mock environment.

US Pat. No. 10,116,726

METHODS FOR BUNDLING IMAGES AND DEVICES THEREOF

USABLENET INC., New York...

1. A method for bundling images, the method comprising:obtaining, by a web server, a web page requested by a client device, the web page comprising a plurality of image elements;
determining, by the web server, when at least a first image element and a second image element of the plurality of image elements each include a HyperText Markup Language (HTML) source attribute value, wherein each of the HTML source attribute values identify an image directory and an image file name; and
when the determination indicates that at least the first image element and the second image element of the plurality of image elements each include the HTML source attribute value:
inserting, by the web server, and prior to sending the requested web page to the client device, a first data attribute bundle into the first image element and a second data attribute bundle into the second image element, wherein the first data attribute bundle comprises the image directory and the image file name of the HTML source attribute value associated with the first image element and the second data attribute bundle comprises the image directory and the image file name of the HTML source attribute value associated with the second image element;
replacing, by the web server, at least each of the HTML source attribute values of the first image element and the second image element of the plurality of image elements with a default data uniform resource indicator (URI) of a spacer graphic interchange format (GIF) transparent image, wherein the default data URI of the spacer GIF transparent image does not enable rendering of any of one or more images identified by the image directory and image file name associated with each of the HTML source attribute values;
inserting, by the web server, a reference to a JavaScript executable file into the requested web page, sending the requested web page to the client device, and receiving a request from the client device for the executable file; and
sending, by the web server, the JavaScript executable file to the client device in response to the request, the JavaScript executable file configured when executed to replace each of the HTML source attribute values associated with the first image element and the second image element of the plurality of image elements with a data URI with a base 64 encoding of a corresponding one of the images identified by the image directory and image file name in the respective first data attribute bundle and the second data attribute bundle.

US Pat. No. 10,116,725

PROCESSING DATA RETRIEVAL REQUESTS IN A GRAPH PROJECTION OF AN APPLICATION PROGRAMMING INTERFACES (API)

INTUIT INC., Mountain Vi...

1. A method for processing read requests to retrieve data from a plurality of data sources, the method comprising:determining a navigable path of nodes accessed to satisfy a read request based on a graph projection of an application programming interface (API);
generating a plurality of subqueries, each of the plurality of subqueries being associated with a node in the navigable path;
while traversing the nodes according to the navigable path to satisfy the read request:
identifying data associated with lower level nodes in the hierarchy that is cached at a data source associated with a current node,
replacing one or more subqueries directed to data stored at the current node and the identified data with a single subquery executed against the data source associated with the current node, and
executing the single subquery at the current node; and
returning data accessed during traversal of the navigable path.

US Pat. No. 10,116,724

MANAGING MULTIPLE DYNAMIC MEDIA STREAMS

Microsoft Technology Lice...

1. A computer-implemented method for monitoring multiple dynamic media streams playing concurrently on a client computer system having a processor, the method comprising:receiving, by the processor, media information that describes multiple multi-bitrate streams, wherein each of the multiple multi-bitrate streams is encoded at multiple bitrates;
receiving, by the processor, a priority indication for at least a first multi-bitrate stream of the multi-bitrate streams, the priority indication indicating a greater priority of the first multi-bitrate stream of the multi-bitrate streams relative to other multi-bitrate streams;
receiving, by the processor, at least two of the multi-bitrate streams described by the received media information and performing concurrent playback of the at least two multi-bitrate streams in the client computer system, wherein the at least two of the multi-bitrate streams includes the first multi-bitrate stream and a second multi-bitrate stream having a lower priority to the first multi-bitrate stream;
monitoring, by the processor, the at least two multi-bitrate streams during playback; and
upon detecting over utilization of client resources in the client computer system during playback of the first and second multi-bitrate streams, reducing, by the processor, a bitrate of playback of the second multi-bitrate stream such that the first multi-bitrate stream can use at least some of the client resources concurrently consumed by the second multi-bitrate stream.

US Pat. No. 10,116,723

CAMPUS CONTENT DISTRIBUTION SYSTEMS AND METHODS

The DIRECTV Group, Inc., ...

1. A method of streaming content to electronic devices, the method comprising:receiving, using one or more antennas, radio frequency (RF) signals including content broadcast via satellite;
using a plurality of tuner modules, tuning to predetermined channels of the RF signals to produce a plurality of tuned signals from the RF signals, each of the tuned signals corresponding to content of one of the predetermined channels;
demodulating the tuned signals to form demodulated signals, respectively;
decoding the demodulated signals to form decoded signals, respectively;
encoding the decoded signals to produce sets of transcoded signals for each of the predetermined channels, respectively, each of the sets of transcoded signals including (i) at least one signal having a first bit rate that is less than a second bit rate of the one of the tuned signals of the respective one of the predetermined channels having first content and (ii) at least one other signal corresponding to the first content for displaying the first content of the respective one of the channels;
using a server, packetizing the sets of transcoded signals for the predetermined channels according to Internet Protocol (IP) to produce packetized signals, respectively; and
transmitting, using the server, a computer network, and a plurality of access points, selected ones of the packetized signals to electronic devices using multicast Internet Protocol.

US Pat. No. 10,116,722

APPARATUS, SYSTEM, AND METHOD FOR MULTI-BITRATE CONTENT STREAMING

DISH TECHNOLOGIES LLC, E...

1. An apparatus including a microprocessor and a memory, for multi-bitrate content streaming, the apparatus comprising:a timeline module configured to receive a broadcaster defined programming lineup of media content available over a network, the broadcaster defined programming lineup defining a time each of the media content is available over the network, the media content comprising a plurality of streamlets representative of a portion of the media content, each of the plurality of streamlets of the media content having a substantially similar duration of time, and each of the plurality of streamlets of the media content contains an encoded representation of content encoded and compressed to varying bitrates, wherein the encoded content include two or multi-pass encoding, the timeline nodule configured to periodically request updates to the broadcaster defined programming lineup at least one data module configured to maintain multi-bitrate streamlet information for the plurality of streamlets;
a capture module configured to receive the media content from a publisher, decompressing the media content when arrives having been encoded and converts the media content into raw audio and/or video; and
a client module configured to request streamlets for playback of media content based upon the time each of the plurality of streamlets is available over the network according to the broadcaster defined programming lineup at one of the plurality of bitrates based upon a current read ahead margin, a minimum safety margin, and a performance ratio across a plurality of received streamlets, the performance ratio based upon time intervals between successive receive times for the plurality of received streamlets, wherein the client module is configured to request replacement for at least a portion of the media content based upon instructions within the broadcaster defined programming lineup.

US Pat. No. 10,116,721

REDUNDANCY CONTROL IN STREAMING CONTENT ENCODER POOLS

Amazon Technologies, Inc....

1. A system to manage video content encoding, the system comprising:a plurality of virtual machines forming a pool of encoders, wherein individual virtual machines of the pool of encoders are configured to obtain an input video stream and generate an encoded output video stream, and wherein at least one of the plurality of virtual machines is configured to generate a redundant output video stream in addition to the encoded output video stream;
at least one content packager device configured to package the encoded output video stream into a packaged content stream and transmit the packaged content stream to a set of content output devices; and
a pool manager implemented by one or more processors and configured with computer-executable instructions to:
obtain information associating demand information for the packaged content stream to desired numbers of virtual machines within the pool of encoders;
obtain monitoring information regarding transmission of the packaged content stream to the set of content output devices;
determine a demand for the packaged content stream based at least in part on the monitoring information;
identify, based on the demand for the packaged content stream and the demand information for the packaged content stream to desired numbers of virtual machines within the pool of encoders, an appropriate number of virtual machines within the pool of encoders; and
transmit instructions to the pool of encoders to modify a number of virtual machines within the pool to match the appropriate number of virtual machines.

US Pat. No. 10,116,720

REDIRECTS DURING MANIFEST FILE CONFIGURATION AND SERVING OF VIDEO SEGMENT FILES

DLVR, INC., Phoenix, AZ ...

1. A system for configuring and providing manifest files for adaptive streaming video, the system comprising:a manifest file serving system including one or more computer servers, each said computer server in the manifest file serving system comprising:
a processing unit including one or more processors; and
memory coupled with and readable by the processing unit and storing therein a set of instructions which, when executed by the processing unit, causes the one or more computer servers of the manifest file serving system to:
receive a request for a manifest file corresponding to an adaptive streaming video from a requesting device;
select multiple different content delivery networks to serve different portions of the requested adaptive streaming video, including a first content delivery network corresponding to a first domain and a second content delivery network corresponding to a second domain;
determine an interspersing pattern of universal resource locators (URLs) for the manifest file, the determined interspersing pattern of URLs specifying that a first subset of URLs corresponding to a first subset of video segment files to be served by the first content delivery network, are to be interspersed among a second subset of URLs corresponding to a second subset of video segment files to be served by the second content delivery network;
determine that at least the second content delivery network is to be accessed indirectly via redirect messages from an external computer system outside of the second content delivery network;
configure a manifest file corresponding to the requested adaptive streaming video, wherein the configured manifest file includes (a) the first subset of uniform resource locators (URLs) directed to the first domain to be served by the first content delivery network, and (b) the second subset of URLs, wherein the second subset of URLs is directed to a computer system configured to respond to requests from requestors for a plurality of the second subset of URLs with redirect messages instructing the requestors to request a different corresponding URL within the second domain to be served by the second content delivery network, and wherein the first subset of URLs are interspersed in the manifest file among the second subset of URLs; and
transmit the configured manifest file comprising the interspersed first and second subsets of URLs to the requesting device.

US Pat. No. 10,116,719

CUSTOMIZED DASH MANIFEST

Amazon Technologies, Inc....

1. A method, comprising:obtaining, at one or more servers, manifest data representing playback options of media content at a plurality of quality levels, each of the playback options being associated with a corresponding plurality of media fragments;
ascertaining, by the servers from the manifest data, locations of initialization fragments of media content files corresponding to the playback options;
retrieving, by the servers, the initialization fragments of the media content files corresponding to the playback options at the corresponding locations;
parsing, by the servers, the initialization fragments of the media content files corresponding to the playback options to obtain initialization metadata;
generating, by the servers, a Dynamic Adaptive Streaming over HTTP (DASH) manifest file that includes the initialization metadata, at least a portion of the manifest data, and per-fragment metadata for the plurality of media fragments of the media content, the DASH manifest file being configured to enable a client device to initiate playback of the media content without downloading the initialization fragments, the per-fragment metadata including a quality value associated with a first byte range for a corresponding media fragment of the plurality of media fragments;
receiving, by the servers, an indication that a client device has requested the media content; and
providing, by the servers, the DASH manifest file.

US Pat. No. 10,116,718

DIGITAL CONTENT STREAMING TO LOSS INTOLERANT STREAMING CLIENTS

Adobe Systems Incorporate...

1. In a digital medium environment to stream digital content, a system comprising:a repair module implemented at least partially in hardware of a client device to repair an error in the stream of digital content using heuristics, the stream of digital content having a plurality of packets configured according to a loss tolerant format;
a segment formation module implemented at least partially in hardware of the client device to form the repaired stream of digital content into a plurality of segments in a media presentation consumable by a loss intolerant hypertext transfer protocol (HTTP) streaming client implemented at least partially in hardware of the client device;
a manifest module implemented at least partially in hardware of the client device to configure a manifest file mapping time periods to respective segments of the plurality of segments within the media presentation; and
a streaming server implemented at least partially in hardware of the client device to provide the manifest file to the hypertext transfer protocol (HTTP) streaming client and form a response to a request executed by the HTTP streaming client, the request including at least one of the plurality of segments based on the manifest file.

US Pat. No. 10,116,717

PLAYLIST COMPILATION SYSTEM AND METHOD

Intel Corporation, Santa...

1. A cellular client electronic device that is capable, when the cellular client electronic device is in operation, of communicating with a remote server system via at least one network, the at least one network comprising at least one Internet network, the cellular client electronic device comprising:a display for use, at least in part, in displaying media-related information;
at least one processor; and
storage capable of storing, at least in part, client application instructions that are capable of being executed, at least in part, by the at least one processor, the client application instructions, when executed, at least in part, by the at least one processor resulting, at least in part, in the cellular client electronic device being capable of performing operations comprising:
receiving, at least in part, via a user interface of the cellular client electronic device, at least one user input that requests, at least in part, accessing of at least one server-suggested media playlist generated, at least in part, by the remote server system based, at least in part, upon user media preference data and user media history data, the user media preference data to be provided, at least in part, by a user of the cellular client electronic device, the at least one server-suggested media playlist being capable of being stored, at least in part, in the cellular client electronic device and/or in the remote server system, the at least one server-suggested media playlist being capable of comprising at least one listing that indicates, at least in part, media data items that are to be played in a sequence defined, at least in part, by the at least one media playlist, the media data items being capable of comprising at least one media data item and at least one other media data item; and
receiving, at least in part, via the user interface, at least one additional user input that requests playing, at least in part, of the at least one server-suggested media playlist, the playing, at least in part, of the at least one server-suggested media playlist being capable of being based, at least in part, upon at least one media stream to be received, at least in part, from the remote server system via the at least one network, for use in the playing of the at least one server-suggested media playlist;
wherein:
the at least one media stream is to be provided, at least in part, by the remote server system to the cellular client electronic device based, at least in part, upon whether the user of the cellular client electronic device is a subscriber of at least one subscription-based service associated, at least in part, with the remote server system, the remote server system being capable of providing at least one relatively reduced service, relative to the at least one subscription-based service, for a non-subscriber of the at least one subscription-based service;
the cellular client electronic device is capable, when the cellular client electronic device is in the operation, of downloading, at least in part, from the remote server system for storing, at least in part, in the storage, the at least one media data item and/or the at least one other media data item, the at least one media data item and the at least one other media data item when stored in the storage being usable by the user only so long as the user remains subscribed to the at least one subscription-based service;
the remote server system is capable of providing the at least one server-suggested media playlist to another client electronic device associated with the user;
the at least one server-suggested media playlist is capable of being modified, at least in part, based upon at least one further user input provided via the user interface, to generate at least one modified media playlist; and
the remote server system is also capable of synchronizing, at least in part, across the cellular client electronic device and the another client electronic device, the at least one modified media playlist.

US Pat. No. 10,116,716

REAL TIME OPTIMIZED CONTENT DELIVERY FRAMEWORK

INTERNATIONAL BUSINESS MA...

1. A method, comprising:storing by a content delivery system a video comprising a plurality of original segments and a plurality of replacement segments, wherein each replacement segment in the plurality of replacement segments is associated with an original segment in the plurality of original segments;
replacing by the content delivery system a first original segment in the plurality of original segments with a first associated replacement segment in the plurality of replacement segments based on a characteristic of the first original segment, a characteristic of the first associated replacement segment and a characteristic of a first viewer;
replacing by the content delivery system a second original segment in the plurality of original segments with a second associated replacement segment in the plurality of replacement segments based on a characteristic of the second original segment, a characteristic of the second associated replacement segment and a characteristic of a second viewer, wherein the second viewer is different from the first viewer;
streaming by the content delivery system the plurality of original segments with the first original segment replaced by the first associated replacement segment and the second original segment replaced by the second associated replacement segment to a first device configured to be viewed by the first viewer and the second viewer;
receiving by the content delivery system from the first viewer a viewing preference for the second viewer; and
replacing by the content delivery system a third original segment in the plurality of original segments with a third associated replacement segment in the plurality of replacement segments based on the viewing preference for the second viewer so that the third associated replacement segment is streamed to the device configured to be viewed by the viewers instead of the third original segment.

US Pat. No. 10,116,715

ADAPTING ENCODED BANDWIDTH

Microsoft Technology Lice...

1. A method of determining an encoding rate, comprising:determining a plurality of bandwidth measurements of a network path between a first device and a second device based on data communication over the path;
determining a maximum bandwidth of the network path based on the plurality of bandwidth measurements;
setting a bandwidth cap based on a first percentage of the maximum bandwidth in response to the maximum bandwidth meeting a first criterion, and setting the bandwidth cap based on a second different percentage of the maximum bandwidth in response to the maximum bandwidth meeting a second criterion;
determining a minimum bandwidth of the network path based at least in part on the plurality of bandwidth measurements;
determining an encoding rate of an encoder to be between the bandwidth cap and the minimum bandwidth;
encoding data based on the determined rate; and
transmitting the encoded data over the network path.

US Pat. No. 10,116,714

APPARATUS AND METHOD FOR ON-DEMAND MULTI-DEVICE SOCIAL NETWORK EXPERIENCE SHARING

1. A method, comprising:receiving, by a processor of a service provider of a communication network that provides a communication service, a request from a mobile endpoint device of a user to share a video of a live event at a commercial venue that the user is capturing;
establishing, by the processor, a first video session with the mobile endpoint device of the user, the first video session containing the video of the live event at the commercial venue that the user is capturing, wherein the establishing is performed in response to determining that the mobile endpoint device has rights for sharing the video of the live event at the commercial venue;
receiving, by the processor, at least one social media connection of the user for receiving the video;
sending, by the processor, a notification to each social media connection of the at least one social media connection that the video is available;
receiving, by the processor, a request from at least one of the at least one social media connection to access the video; and
establishing, by the processor, a second video session with an endpoint device of the at least one of the at least one social media connection to provide the video.

US Pat. No. 10,116,713

SYSTEM AND METHODS FOR CONTENT STREAMING WITH A CONTENT BUFFER

JAMDEO CANADA, LTD., Ont...

1. A method for content streaming with an intermediate content buffer, the method comprising:detecting, by a content buffer of a device, a request for network content from a player, wherein the request is a network communication detected by the content buffer and the request for network content is directed to a server, wherein the request includes a data range;
creating, by the content buffer of the device, a playlist and virtual segments for the network content in response to the request;
requesting, by the content buffer, a first virtual segment of the playlist for the network content from the server based on the data range;
identifying, by the content buffer of the device, associated network content, wherein the associated network content is associated with the network content requested by the player;
pre-downloading, by the content buffer of the device, associated network content for the player based on the identifying, wherein the content buffer requests associated network content from the server based on a second virtual segment of the playlist for the associated network content;
and
providing, by the content buffer of the device, the associated network content to the player based on the pre-downloading.

US Pat. No. 10,116,712

QUALITY OF EXPERIENCE BASED QUEUE MANAGEMENT FOR ROUTERS FOR REAL-TIME VIDEO APPLICATIONS

VID SCALE, INC, Wilmingt...

1. A node comprising a processor configured, at least in part, to:receive a first real-time video traffic flow, wherein a state variable is associated with the first real-time video traffic flow at the node, and wherein the first real-time video traffic flow comprises a plurality of packets and each packet comprises a lost packet indicator, wherein the lost packet indicators of the packets of the first real-time video traffic flow indicate whether the first real-time video traffic flow has experienced a packet loss;
receive a second real-time video traffic flow, wherein a state variable is associated with the second real-time video traffic flow at the node, and wherein the second real-time video traffic flow comprises a plurality of packets and each packet comprises a lost packet indicator, wherein the lost packet indicators of the packets of the second real-time video traffic flow indicate whether the second real-time video traffic flow has experienced a packet loss;
drop a first packet in the first real-time video traffic flow;
update the state variable associated with the first real-time video traffic flow at the node to indicate the dropped first packet; and
update the lost packet indicator for a second packet in the first real-time video traffic flow based on the updated state variable that indicates the dropped first packet.

US Pat. No. 10,116,711

DETERMINING AND PROVIDING DATA RELATED TO COLLABORATION EVENT

Lenovo Enterprise Solutio...

1. A method comprising:determining, by a computing device, a collaboration event regarding a plurality of users, regardless of whether an actual collaboration is in fact occurring among the users;
determining, by the computing device, data related to the collaboration event, as data that at least a predetermined percentage of the users have in common, regardless of whether the data is in fact related to the actual collaboration; and
providing, by the computing device, the data related to the collaboration event to at least one of the users participating in the collaboration event,
wherein determining the collaboration event comprises one of:
receiving locations of devices of the users and determining that the locations are identical within a threshold, the computing device determining the collaboration event responsive to determining that the locations are identical within the threshold;
determining that communication devices of the users are currently engaging in a common communication session, the computing device determining the collaboration event responsive to determining that the communication devices are currently engaging in the common communication session.

US Pat. No. 10,116,710

SESSION PARAMETERS IN THE PERIODIC ASSISTANCE DATA DELIVERY

Nokia Technologies Oy, E...

1. A method comprising:receiving, by a device, periodic assistance data associated with periodic assistance data delivery session;
receiving, by the device, modified session parameters in a provide message of the periodic assistance data delivery session, the provide message comprising an information element in which the modified session parameters are received, and an identification that identifies an assistance data stream affected by the modified session parameters, wherein the session parameters comprise at least one of frequency information regarding how often a payload of the assistance data is delivered, and duration information regarding how long the periodic assistance data delivery session will last; and wherein the modified session parameters override previous session parameters received by the device via a previous message with the previous session parameters;
continuing of the receiving, by the device, periodic assistance data of the periodic assistance data delivery session based on the modified session parameters.

US Pat. No. 10,116,709

SYSTEMS AND METHODS FOR OPTIMIZING APPLICATION DATA DELIVERY OVER THIRD PARTY NETWORKS

STAR2STAR COMMUNICATIONS,...

1. A method for optimizing communication sessions through one or more networks comprising a plurality of communication nodes operatively connected to a plurality of network edge devices, comprising the steps of:receiving at a particular network edge device a predetermined list of possible communication nodes in the one or more networks through which communication sessions may be routed, and receiving one or more business rules relating to optimizing communication sessions;
processing the one or more business rules at the particular network edge device to determine one or more actions to be taken by the particular network edge device to obtain information relevant to optimization of communication sessions;
performing the one or more actions dictated by the one or more business rules via the particular network edge device, wherein at least one of the one or more actions comprises classifying each of the possible communication nodes based on communication session type, wherein a communication session type is a particular class of communication traffic of one or more classes of communication traffic that can be routed by each of the possible communication nodes;
receiving information relating to optimization of communication sessions at the particular network edge device as a result of performance of the one or more actions dictated by the one or more business rules, wherein the information relating to optimization of communication sessions includes an indication of at least one communication session type for which each of the possible communication nodes is configured; and
generating a prioritized list of the possible communication nodes based on the information relating to optimization of communication sessions and based on the one or more business rules, wherein the prioritized list of possible communication nodes includes a list of communication nodes classified by at least one communication session type.

US Pat. No. 10,116,708

SIP SIGNALLING

Metaswitch Networks Limit...

1. A SIP call server running software for initialising and managing SIP calls and configured to establish a UDP connection with a client via a firewall in which a UDP pinhole may only be opened by messages sent from the client side of the firewall, the server comprising:a hardware input port for receiving TCP SIP INVITE messages sent in order to establish a call with a call initiator;
a response message generator for generating at least one TCP response message in response to receipt of a TCP SIP INVITE message, the at least one TCP response message specifying UDP as the new transport protocol wherein said at least one TCP response message is one of a SIP 180 message and a SIP 200 message; and
a hardware output port for sending said at least one TCP response message to the call initiator.

US Pat. No. 10,116,707

ELECTRONIC MESSAGING EXCHANGE

1. A method for secure electronic message exchange, comprising:authenticating, by a wireless terminal, an inmate of an institution when the inmate attempts to login to the wireless terminal, wherein the wireless terminal is isolated from an internet;
generating, by the wireless terminal, an electronic message for a user based on input from the inmate, the user being external to the institution;
transmitting, by the wireless terminal, the electronic message to a control platform using a wireless connection, wherein the control platform is located outside the institution, and the wireless terminal is coupled to the control platform;
receiving, by the control platform, the electronic message from the wireless terminal;
performing, by the control platform, an automated security scan of the electronic message;
authenticating, by the control platform, the user by determining whether the user is an approved contact for the inmate;
based on the automated security scan and the authentication of the user, forwarding, by the control platform, the electronic message to a secure platform, and forwarding a notification associated with the electronic message to a device associated with the user;
receiving, by the secure platform, a login request from the device associated with the user in response to receiving the notification associated with the electronic message;
approving the login request from the user;
providing, by the secure platform, secure web-based access to the user upon approval of the login request; and
facilitating, by the secure platform, a subsequent electronic message conversation between the inmate and the user using the secure web-based access, wherein the secure platform is integrated within the control platform.

US Pat. No. 10,116,706

INTER-DOMAIN REPLICATION OF SERVICE INFORMATION

INTERNATIONAL BUSINESS MA...

1. A method, comprising:performing an automated conversion between a local service definition format and a remote service definition format defined respectively within first and second independent enterprise information technology (IT) management domains using a federated gateway within each of the first and second independent enterprise IT management domains that bridges service definition formatting differences between the first and second independent enterprise IT management domains; and
dynamically performing, during transmission of a service request from a service consumer application executing within the first independent enterprise IT management domain to a remote service provider application in the second independent enterprise IT management domain, real-time service call translation from the local service definition format to the remote service definition format using the federated gateway within each of the first and second independent enterprise IT management domains.

US Pat. No. 10,116,705

IMPLEMENTING SECURITY IN A SOCIAL APPLICATION

INTERNATIONAL BUSINESS MA...

1. A system for implementing security in social applications, comprising hardware processing resources communicating with hardware memory resources to implement:an inference engine to infer a closeness level, based on a closeness policy, between a first user having a user's profile on a social application and a second user having an existing connection in the social application to the first user, the inference engine to assign a score to the inferred closeness level; and
a security implementation engine to implement a security level, based on said score, that is individualized to said second user, the security level dictating a corresponding set of security mechanisms to be applied to communications received by the first user from the second user such that the security level applied to the second user corresponds to the inferred closeness level.

US Pat. No. 10,116,704

METHOD AND SYSTEM FOR RAPID ACCREDITATION/RE-ACCREDITATION OF AGILE IT ENVIRONMENTS, FOR EXAMPLE SERVICE ORIENTED ARCHITECTURE (SOA)

Object Security LLC, Pal...

1. A computer-implemented method for managing and analyzing security requirements, the method comprising:reading from a model information source, at least one security implementation model indicating security implementation policy characteristics;
reading from the model information source at least one requirement model indicating requirement policy characteristics;
at least partially automatically relating the read security implementation model and the read requirements model and at least partially automatically determining a correspondence between the security implementation model and the requirements model by analyzing correspondence between security implementation policy characteristics and requirements policy characteristics, the correspondence indicating that a requirement defined in the requirement model match with security policies implemented by controls defined by the security implementation model;
at least partially automatically generating evidence based on the determination of the correspondence between the security implementation model and the requirements model; and
storing, transmitting and/or displaying the generated evidence.

US Pat. No. 10,116,702

SECURITY POLICY UNIFICATION ACROSS DIFFERENT SECURITY PRODUCTS

Cisco Technology, Inc., ...

1. A computer-implemented method comprising:displaying multiple icons, each icon representing an actor or a resource in a networking environment;
defining a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource, wherein the line represents: that abilities between the actor and the resource are allowed or denied when the line has a first characteristic and a second characteristic, respectively; that traffic between the actor and the resource is to be monitored or is not to be monitored when the line has a third characteristic and a fourth characteristic that include respective colors of the line that indicate that the traffic is to be monitored or is not to be monitored, respectively; and a level of security risk when the line has a fifth characteristic that includes a color of the line that represents the level of the security risk;
translating the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices; and
supplying data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.

US Pat. No. 10,116,701

DEVICE-TYPE BASED CONTENT MANAGEMENT

Ent. Services Development...

1. An enterprise content management system comprising:a processor;
a community module coupled to the processor to generate:
a community policy for a community defined for an enterprise, wherein the community policy is enforced on a plurality of user devices registered with the community; and
a device-community policy associated with the community policy, wherein the device-community policy is enforced on a user device, from among the plurality of user devices, based on a device-type associated with the user device, the device-community policy being indicative of a management service to be used to enforce the community policy for the device-type; and
a domain module coupled to the processor to provide a management service agent (MS agent) to the user device, based on the management service, wherein the MS agent manages enterprise content on the user device as defined by the community policy and the device-community policy.

US Pat. No. 10,116,700

INSTALLING CONFIGURATION INFORMATION ON A HOST

SSH Communications Securi...

1. A method of installing configuration information on a host, comprising:initiating provisioning of the host to provide a virtual data processing instance in a virtualized environment, wherein a computing resource can be shared by a plurality of virtual data processing instances;
connecting, by the host, to a management system to initiate enrolling of the virtual data processing instance in the management system based on information received by the host via a communication network from a provisioning system, wherein the host comprises memory and one or more hardware processors;
authenticating, by the host, to the management system using credentials received by the host via the communication network from the provisioning system;
receiving, in response to the host initiated enrolment of the virtual data processing instance in the management system and by the authenticated host via the communication network, configuration information from the management system; and
installing, by the authenticated host, the received configuration information to create the virtual data processing instance in the virtualized environment.

US Pat. No. 10,116,699

SYSTEMS AND METHODS FOR NETWORK SECURITY

United Services Automobil...

1. A computer-implemented method, comprising:obtaining a whitelist of resource access sources that are allowed to use a particular resource access account to access a particular resource on a computer resource;
detecting an access attempt to the particular resource;
identifying a source, from which the access attempt originated, and a resource access account used in the access attempt;
determining, by referencing the whitelist, if the source, from which the access attempt originated, is allowed to use the resource access account used in the access attempt; and
performing one or more mitigation tasks if the source, from which the access attempt originated, is not allowed to use the resource access account used in the access attempt, wherein the one or more mitigation tasks comprises restricting access to the particular resource by the source, from which the access attempt originated, only after a threshold number of access attempts are performed by the source, from which the access attempt originated, using the resource access account.

US Pat. No. 10,116,698

MANAGING NETWORK FIREWALL CONFIGURATION UTILIZING SOURCE LISTS

Amazon Technologies, Inc....

1. A method for managing network-based communications comprising:obtaining a set of network firewall configuration information for configuring a network firewall on behalf of a customer from a plurality of sources, wherein individual network configuration information is provided by a source different from a network point of presence;
parsing the set of network firewall configuration information to identify a list of network address information, the list of network address information associated with one or more source network address ranges;
processing the list of network address information, wherein processing the list of network address information includes prioritizing the list of network address information based on a size of source network address range in the list of network address information and a weight of a source of the network firewall configuration information, wherein the prioritized list is ordered such that a larger source network address range is listed before and has a higher priority relative to a smaller source network address range;
processing the prioritized list of network address information to limit a number of network address ranges in the prioritized list of network address information to be below a maximum threshold;
generating network firewall configuration information for the network firewall on behalf of the customer based on the prioritized list of network address information, wherein the generated network firewall configuration information causes communications from a network address that is included in the prioritized list to be blocked; and
causing the network firewall to be configured based on the generated network firewall configuration information.

US Pat. No. 10,116,697

SYSTEM AND METHOD FOR GEOFENCING

Open Text SA ULC, Halifa...

1. A method, comprising:downloading, by a client device of a server computer, a managed container from a network source, the managed container written in a programming language native to the client device and comprising a managed cache and an application framework with an execution engine that provides a runtime environment for applications associated with backend systems running in an enterprise computing environment;
receiving, over a network by the managed container embodied on a non-transitory computer memory of the client device, an application retrieved from an application repository by the server computer, the application repository and the server computer residing in the enterprise computing environment outside of a firewall, the application hosted or required by a backend system operating in the enterprise computing environment behind the firewall;
storing the application in the managed cache of the managed container on the client device, the storing performed by the managed container;
managing, by the managed container, the application and content stored in the managed container in accordance with one or more rules, the one or more rules including a geolocking or geofencing rule propagated from the backend system through the firewall to the server computer to the managed container on the client device;
displaying an icon for the application in a user interface of the managed container on the client device;
providing, by the managed container on the client device, a secure shell or runtime environment for running the application when the icon for the application is selected or invoked from within the user interface of the managed container;
receiving, by the managed container on the client device, a request for content from the application running in the secure shell or runtime environment provided by the managed container on the client device;
determining, by the managed container on the client device, whether the client device is located within a specified geographical location that is secure for viewing the content;
permitting, by the managed container on the client device to the application running in the secure shell or runtime environment provided by the managed container on the client device, access to the content if the client device is located within the specified geographical location that is secure for viewing the content;
denying or restricting, by the managed container on the client device based at least in part on the geolocking or geofencing rule, access by the application to the content requested by the application if the client device is not located within the specified geographical location that is secure for viewing the content; and
automatically deleting the content from the managed cache if the client device is outside of the specified geographical location for a predetermined amount of time and, after the predetermined amount of time has passed, the client device has not made a connection to the server computer or returned to within the specified geographical location.

US Pat. No. 10,116,696

NETWORK PRIVILEGE MANAGER FOR A DYNAMICALLY PROGRAMMABLE COMPUTER NETWORK

SRI International, Menlo...

1. A method comprising:obtaining, by a computing device on a network, data comprising network activity data and reputation data and role data, wherein the network activity data includes data corresponding to a state of one or more network flows in the network and the reputation data identifies one or more acceptable or unacceptable network flows over the network and the role data identifies a role associated with an endpoint of a network flow on the network and at least some of the data corresponds to real-time activity;
determining a current network context using at least some of the data;
selecting a security policy from one or more security policies by matching a first portion of the current network context to a criterion of the security policy;
adjusting a value of a threshold attribute of the security policy based on the data that corresponds to real-time activity, wherein the value of the attribute identifies one or more of a number and a duration associated with network flows;
in response to a second portion of the current network context matching the adjusted value of the threshold attribute, cause execution of the security policy on the network to control traffic over the network.

US Pat. No. 10,116,695

SYSTEMS AND METHODS FOR VERIFYING THAT OPERATORS ARE HUMAN BASED ON OPERATOR GAZE

Symantec Corporation, Mo...

1. A computer-implemented method for verifying that operators are human based on operator gaze, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:presenting an image to a user of a computing device, who is purporting to be a human, via a display element of the user's computing device;
tracking the user's gaze as the image is presented to the user using a tracking device that:
transmits a light source at one or both eyes of the user;
identifies at least one of a reflection of the light source from the eyes of the user and a change in reflection from the eyes of the user;
analyzes at least one of the reflection and the change in reflection to determine at least one of a direction of the user's gaze and a change in the direction of the user's gaze;
identifying one or more human gaze patterns specific to the image based on at least one of:
gaze patterns exhibited by one or more additional humans to whom the image was previously exhibited;
a policy that predicts human gaze patterns with respect to images;
determining, based on an analysis of the user's gaze, that one or more patterns of the user's gaze are consistent with the human gaze patterns of the one or more additional humans;
classifying the user as a human in response to determining that the one or more patterns of the user's gaze are consistent with the human gaze patterns of the one or more additional humans.

US Pat. No. 10,116,694

NETWORK SIGNALING INTERFACE AND METHOD WITH ENHANCED TRAFFIC MANAGEMENT DURING SIGNALING STORMS

Markport Limited, Dublin...

1. A signaling interface controller (DSC) for a communications network, the signaling Interface controller comprising a processor and a non-transitory computer-readable medium comprising software code that causes said processor to:(a) dynamically manage signaling traffic by real time processing with execution of a self-learning algorithm to make a decision per signaling message as to how to handle each of a plurality of incoming signaling messages during a signaling message storm before attempting to perform tasks for signal delivery to a destination peer, and
(b) dynamically calculate and use per-message values to execute the self-learning algorithm by, for each signaling message of a plurality of signaling messages executing operations of:
calculating a dynamic network user value (Fdu) according to criteria associated with nature of said signaling message;
providing a current network user value (Fcu) by modifying said dynamic network user value (Fdu) according to a base network user value (Fbu);
providing a signal value (Fsig) by modifying the current network user value (Fcu) according to a message base value (Fbsig) identifying importance of said signaling message in relation to others of said plurality of signaling messages;
providing a dynamic average peer value (Fp) for a peer by computing an average of a plurality of signal values (Fsig) addressed to said peer; and
making said decision according to comparison of the signal value (Fsig) and the dynamic average peer value (Fp).

US Pat. No. 10,116,693

SERVER USING PROOF-OF-WORK TECHNIQUE FOR HARDENING AGAINST DENIAL OF SERVICE ATTACKS

EMC IP Holding Company LL...

1. A method of operating a server device in connection with a human interaction service provided to client devices, comprising:generating, by the server device, an array of hash values by iterating first cryptographic hashing operations, each operation generating a respective hash value of the array and taking as input a respective preceding hash value of the array generated by a respective preceding operation;
receiving, by the server device, a client request containing a proof-of-work value, the proof-of-work value reflecting a count of multiple searches of the same array of hash values at the client device until encountering a predetermined stop value in the array;
performing, by the server device, one search of the array beginning with the last-generated hash value, the one search including iterated second cryptographic hashing operations each taking as inputs (1) the proof-of-work value received from the client device, and (2) a respective intermediate value generated in a respective preceding operation;
comparing, by the server device, a last-generated intermediate value of the one search to the predetermined stop value to generate a verification result; and
when the verification result is positive, then performing further processing of the client request by the server device to provide the human interaction service to a client device that provided the client request, and when the verification result is negative, then refraining from the further processing of the client request;
wherein each of the second cryptographic hashing operations includes generating a respective index to be used to select a hash value of the array in a next succeeding operation, the index being generated by masking a predetermined number of bits of a respective hash value retrieved by the operation, the predetermined number corresponding to an address length for the array.

US Pat. No. 10,116,692

SCALABLE DDOS PROTECTION OF SSL-ENCRYPTED SERVICES

Arbor Networks, Inc., Bu...

1. A system for mitigating network attacks within encrypted network traffic, the system comprising:a cloud based Distributed Denial of Service (DDoS) mitigation service having a plurality of attack management devices;
one or more attack mitigation devices communicatively coupled to a protected network and to the cloud based DDoS mitigation service, wherein the one or more attack mitigation devices are configured and operable to decrypt the encrypted network traffic received from the DDoS mitigation service and destined to the protected network to form a plurality of decrypted network packets, analyze the plurality of decrypted network packets to detect one or more attacks by determining which decrypted network packets are associated with network attacks, generate, in response to detecting the one or more attacks, one or more attack signatures corresponding to the one or more detected attacks and send the generated one or more attack signatures to the one or more attack management devices utilizing cloud-signaling network protocols to push the attack signatures to the plurality of cloud based attack management devices wherein the one or more attack mitigation devices are further configured and operable to re-encrypt only decrypted network packets not associated with the one or more detected network attacks and to send the re-encrypted packets to the protected network; and
wherein the one or more attack management devices are configured and operable to block encrypted network traffic matching the one or more attack signatures from reaching the protected network without needing to decrypt incoming encrypted traffic received from one or more external devices.

US Pat. No. 10,116,691

VOIP DENIAL-OF-SERVICE PROTECTION MECHANISMS FROM ATTACK

KODIAK NETWORKS, INC., P...

1. A system for providing communications services in a communications network comprising:servers providing the communications services to mobile units in the communications network, the communications services including an instant two-way half-duplex voice call within a group of the mobile units comprising a Push-to-Talk-over-Cellular (PoC) call session;
wherein at least one of the servers interfaces to an Internet Protocol (IP) network to perform the communications services for the mobile units in the IP network and is configured to:
set up a pre-established session with a mobile unit of the mobile units by reserving a media port for receiving media traffic for the PoC call session from the mobile unit, the pre-established session being established for a media path between the mobile unit and the at least one of the servers prior to setup of a call for the PoC session;
authorize the mobile unit to temporarily communicate authentication messages with the at least one of the servers over the reserved media port in response to setting up the pre-established session, wherein the at least one of the servers is further configured to compare an incoming message to a black-list that identifies known bad addresses:
authenticate with the mobile unit in response to receiving the authentication messages from the mobile unit;
add the mobile unit to a white list in response to authenticating with the mobile unit; and
after adding the mobile unit to the white list, receiving the media traffic from the mobile unit over the reserved media port when the mobile unit is participating in the call for the PoC call session;
wherein the at least one of the servers responsible for handing the media traffic transmitted by the mobile unit reserves the reserved media port for the media traffic and authorizes the media traffic to flow through the reserved media port for a configured duration;
before the configured duration elapses, the at least one of the servers receives authentication credentials from the mobile unit via the reserved media port;
upon successful authentication of the mobile unit the IP address of the mobile unit is associated with the reserved media port, so that only the mobile unit is authorized to transmit media traffic to the at least one of the servers through the reserved media port; and
the IP address of the mobile unit is dis-associated with the reserved media port when a dialog between the at least one of the servers and the mobile unit is terminated by the at least one of the servers or the mobile unit.

US Pat. No. 10,116,690

SYSTEM AND METHOD FOR THE PROTECTION OF COMPUTERS AND COMPUTER NETWORKS AGAINST CYBER THREATS

1. A computing system comprising:an inner core system, including:
an inner core computing system including a processor, used for performing computing tasks, and
inner core system storage used to store data used by the inner core computing system when performing the computing tasks;
protected internet data storage, including:
a protected storage area for downloaded data and software that is downloaded from a network, and
a quarantine block that inspects the downloaded data and software for malware before the downloaded data and software is transferred to the inner core system storage; and,
a cell array interface that interfaces between the network and the inner core system, wherein the cell array interface includes a plurality of cells, each cell in the plurality of cells including:
a processor, and
memory;
wherein, when data or software is downloaded from the network to the computing system, a selected cell from the plurality of cells receives the downloaded data or software and places the downloaded data or software into the protected storage area where the quarantine block inspects the downloaded data and software for malware, the downloaded data or software not being transferred to the inner core system storage unless and until the quarantine block certifies the downloaded data or software as being free from malware;
wherein each cell in the plurality of cells is certified as either clean from malware or potentially infected by malware; and,
wherein the selected cell is selected from among those cells in the plurality of cells that are currently certified as clean from malware.

US Pat. No. 10,116,689

NEUTRALIZING PROPAGATION OF MALICIOUS INFORMATION

International Business Ma...

10. An apparatus, said apparatus comprising:at least one processor; and
a non-transitory computer readable storage medium having computer readable program code embodied therewith and executable by the at least one processor, the computer readable program code comprising:
computer readable program code configured to identify, using a directed acyclic graph, malicious information spreading in an information-exchange network;
computer readable program code configured to classifying at least one topic of the malicious information;
computer readable program code configured to determine a potential sub-network for future spread of the malicious information based on the at least one topic classified, wherein the determining is based on a relationship between the potential sub-network and at least one entity that received the malicious information; and
computer readable program code configured to attenuate a potential future spread of the malicious information via at least one of:
automatically propagating a countervailing message to the potential sub-network; and
prompting manual intervention for propagating the countervailing message to the potential sub-network and, in response to the manual intervention, propagating the countervailing message to the potential sub-network.

US Pat. No. 10,116,687

MANAGEMENT OF ADMINISTRATIVE INCIDENT RESPONSE BASED ON ENVIRONMENTAL CHARACTERISTICS ASSOCIATED WITH A SECURITY INCIDENT

Splunk Inc., San Francis...

1. A method of managing service level agreements (SLAs) for security incidents in a computing environment, the method comprising:identifying a rule set for a security incident of the security incidents wherein the rule set is associated with one or more action recommendations to be taken against the security incident;
identifying a default SLA for the security incident based on the rule set, wherein the default SLA comprises a default hierarchy of administrators for the security incident;
obtaining environmental characteristics related to the security incident, wherein the environmental characteristics comprise at least a severity level of the security incident;
determining a modified SLA for the security incident based on the environmental characteristics, wherein the modified SLA comprises a second hierarchy of administrators for the security incident, and wherein the modified SLA is based on the severity level of the security incident;
providing the one or more action recommendations to administrators based on the second hierarchy of administrators of the modified SLA; and
obtaining input from at least one administrator in the second hierarchy of administrators regarding at least one action recommendation of the one or more action recommendations.

US Pat. No. 10,116,686

SYSTEMS AND METHODS FOR SELECTIVELY INSULATING A PROCESSOR

1. A method for protecting a computer processor system from a harmful communication session from a network linked to the processor system, by interrupting a stream of damaging data from the network, wherein the processor system includes a processor, the method comprising:disconnecting the processor from the network in response to a first event, wherein disconnecting the processor disrupts the continuity of the harmful communication session from the network to the processor, wherein the first event comprises no activity from a human operator interacting with the processor system for a random amount of time and the first event occurs independently of any data available to the processor system; and
resuming communication to the network by connecting the processor to the network in response to a second event, wherein both the first event and the second event are controlled by the processor system independent from the contents of the data received from the network.

US Pat. No. 10,116,685

SECURITY KEY DERIVATION IN DUAL CONNECTIVITY

Sun Patent Trust, New Yo...

1. A secondary base station apparatus, comprising:a transmitter, which, in operation, transmits a change request of a secondary security key to a master base station when a value of a COUNT exceeds a threshold value, wherein the secondary security key is a security key for the secondary base station apparatus;
a receiver, which, in operation, receives from the master base station an updated secondary security key, the updated secondary security key being derived at the master base station using an incremented freshness counter and a currently active security key of the master base station, without refreshing the current active security key of the master base station; and
control circuitry, which, in operation, computes a new encryption key for communication with a mobile terminal using the updated secondary security key.

US Pat. No. 10,116,684

AUTOMATICALLY DETECTING AND CORRECTING MISSING AND MISCONFIGURED SECURITY ATTRIBUTES

VERIZON DIGITAL MEDIA SER...

1. A method comprising:retrieving by a content distribution server, a packet encapsulating content of a particular content provider, wherein the particular content provider offloads said content to the content distribution server for delivery to a plurality of clients;
obtaining, in response to retrieving the packet, one or more of a first set of security options configured as default security options for two or more content providers, and a different second set of security options configured by the particular content provider;
verifying at the content distribution server, security of an original header of said packet based on one or more of the first set of security options and the different second set of security options, wherein a first security option of the second set of security options overrides a different value set for a similar security option in the first set of security options, and a second security option of the second set of security options sets a value for a security option not specified as part of the first set of security options;
modifying said packet with a modified header in response to changing said original header based on the original header violating at least one of the first set of security options and the second set of security options; and
serving the packet with the modified header to a client of the plurality of clients.

US Pat. No. 10,116,683

COMPUTER SECURITY VULNERABILITY ASSESSMENT

OPSWAT, INC., San Franci...

1. A method comprising:receiving, by a computerized system, a binaries-to-vulnerabilities database, formed from a binaries-to-products database and a product-to-vulnerabilities database, that provides a correspondence between binary data and vulnerability data, the binary data including first binary hashes formed from a hash technique using strings of bits extracted from at least a portion of binary-level files of software products;
establishing, by the computerized system, a communication connection to a target device;
receiving, by the computerized system, binary files from the target device;
generating, by the computerized system, second binary hashes formed from the same hash technique using strings of bits extracted from at least a portion of the binary files;
scanning, by the computerized system using the binaries-to-vulnerabilities database, the second binary hashes to find matches between the second binary hashes and the first binary hashes; and
determining, by the computerized system, a known security vulnerability of the target device based on 1) results of the scanning and 2) the correspondence between the binary data and the vulnerability data.

US Pat. No. 10,116,682

SYSTEM AND METHOD FOR EVALUATING AND ENHANCING THE SECURITY LEVEL OF A NETWORK SYSTEM

SPHERIC SECURITY SOLUTION...

1. A method for evaluating a security level of a network system, the method being implemented by one or more processors and comprising:identifying a plurality of security elements of the network system;
determining a security architecture of the network system based on the identified plurality of security elements;
wherein determining the security architecture includes implementing a security model that identifies a plurality of pre-determined relationships as between individual security elements in the plurality of security elements, in connection with possible types of threats to the network system and one or more types of assets that can be exposed as a result of a breach;
evaluating the security architecture to determine an evaluation for the network system, the evaluation identifying a monetary value for a risk to the security network as a result of one or more security elements being breached;
determining a set of recommendations based at least in part on the evaluation, each recommendation in the set of recommendations identifying a new component to add to the security network to improve the evaluation of the security architecture;
wherein determining the set of recommendations includes determining the new component based at least in part on both the cost for implementing the new component on the network system as compared to the monetary value for the breach if the new component is not implemented; and
outputting the evaluation to a user, wherein the output includes the determined set of recommendations.

US Pat. No. 10,116,681

METHOD OF DETECTING SHARED VULNERABLE CODE

Denim Group, Ltd.

1. A method of detecting and analyzing vulnerable code shared between at least two applications comprising the steps of:creating a consolidated vulnerability database populated with at least one vulnerability testing result from each of the at least two applications wherein in each vulnerability result comprises a vulnerability type, filename, line number, and data/control flow elements;
identifying at least one shared vulnerability by:
comparing a first vulnerability testing result with the remaining vulnerability testing results within the consolidated vulnerability database and recording any vulnerability type, filename and line number matches as vulnerability location matches; and
comparing the number of data/control flow elements of the first vulnerability testing result with the remaining vulnerability testing results within the consolidated vulnerability database and recording any matches as data/control flow element matches;
analyzing the at least one shared vulnerability by:
assigning a confidence to the shared vulnerability based on the vulnerability location matches and the data/control flow element matches;
assigning a severity to the shared vulnerability type; and
assigning a criticality to each of the at least two applications from which the shared vulnerability originated from; and
creating a database of shared vulnerabilities wherein each shared vulnerability is risk-ranked and confidence-scored based on the confidence, the severity, and the criticality.

US Pat. No. 10,116,680

SYSTEMS AND METHODS FOR EVALUATING INFECTION RISKS BASED ON PROFILED USER BEHAVIORS

Symantec Corporation, Mo...

1. A computer-implemented method for evaluating infection risks based on profiled user behaviors, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:collecting, by the computing device comprising the at least one hardware processor, a plurality of user-behavior profiles that comprises at least one of:
a plurality of labeled profiles that comprises at least one of:
a plurality of infected profiles, wherein each of the plurality of infected profiles comprises a profile of user behaviors that occurred at an associated infected computing system that is known to have encountered malware; or
a plurality of clean profiles, wherein each of the plurality of clean profiles comprises a profile of user behaviors that occurred at an associated clean computing system that is known to be free of malware; or
a plurality of unlabeled profiles, wherein each of the plurality of unlabeled profiles comprises a profile of user behaviors that occurred at an associated computing system that is not known to have encountered malware and not known to be free of malware;
training, using features and labels of the plurality of user-behavior profiles, a decision tree to distinguish infected profiles from clean profiles by:
determining, at each internal node in the decision tree, whether there are any infected profiles, clean profiles, or unlabeled profiles at the internal node; and
selecting, from a plurality of splitting rules based on whether there are any infected profiles, clean profiles, or unlabeled profiles at the internal node, a suitable splitting rule to apply at the internal node; and
using the decision tree to predict at least one of:
a likelihood that a computing system of a user will become infected based at least in part on a profile of user behaviors of the user; or
a likelihood that a user behavior in the plurality of user-behavior profiles will result in a computing-system infection.

US Pat. No. 10,116,679

PRIVILEGE INFERENCE AND MONITORING BASED ON NETWORK BEHAVIOR

ExtraHop Networks, Inc., ...

1. A method for monitoring network traffic using one or more network computers, wherein execution of instructions by the one or more network computers perform the method comprising:instantiating a monitoring engine to perform actions, including:
monitoring network traffic associated with a plurality of entities in one or more networks to provide one or more metrics, wherein the entities include one or more of a source entity and one or more of a target entity; and
providing a device relation model based on the plurality of entities, the network traffic, and the one or more metrics; and
instantiating an inference engine to perform actions, including:
associating the plurality of entities with one or more privilege levels based on the device relation model and the one or more metrics, wherein a value for each of the one or more privilege levels is based on one or more of an amount of access or an amount of control that the one or more source entities exert over the one or more target entities; and
increasing the one or more privilege levels for a source entity based on one or more metric values that are associated with the one or more target entities that are linked to the source entity; and
instantiating an anomaly engine to perform actions, including:
determine one or more interactions between the one or more source entities and the one or more target entities based on the monitored network traffic;
generating one or more escalation events based on the one or more interactions and the one or more privilege levels associated with the one or more source entities and the one or more target entities, wherein the one or more interactions or the one or more target entities are associated with a privilege level that exceeds the one or more privilege levels associated with the one or more source entities; and
providing the one or more escalation events to one or more users.

US Pat. No. 10,116,678

SYSTEM FOR DETECTING FRAUDULENT ELECTRONIC COMMUNICATIONS IMPERSONATION, INSIDER THREATS AND ATTACKS

Verrafid LLC, Celebratio...

1. An apparatus for characterizing communications going to and from a first domain, the apparatus comprising:a processor; and
a memory containing program instructions that when executed by the processor cause the processor to manage a fraudulent communications detection system and to, for a predetermined time period, obtain each communication going to and from the first domain and, for each obtained communication:
analyze one or more parameters of the obtained communication;
store the analyzed one or more parameters of the obtained communication with respect to a sender of the obtained communication and one or more recipients of the obtained communication;
extrapolate and characterize each of one or more relationships among the sender and the one or more recipients of the obtained communication as a function of the analyzed one or more parameters;
update a store of extrapolated relationships and associated characterizations of communications among the sender and the one or more recipients of the obtained communication; and
associate a direction value with each stored relationship and characterization, wherein the direction value indicates a respective relationship or characterization is directed to or coming from the first domain,
wherein the store of extrapolated relationships and associated characterizations and direction values of communications among the sender and the one or more recipients is operative to improve operation of the fraudulent communications detection system associated with the processor.

US Pat. No. 10,116,677

METHOD AND SYSTEM FOR UNIQUELY IDENTIFYING A USER COMPUTER IN REAL TIME USING A PLURALITY OF PROCESSING PARAMETERS AND SERVERS

THREATMETRIX PTY LTD, Ch...

1. A method for distinguishing a compromised client device from a masquerading device, the method comprising:capturing, by a hardware processor of one or more servers, a plurality of attributes from a network device connecting to a web service, each of the attributes representing a parameter, the plurality of parameters uniquely identifying the network device from a plurality of other networks devices;
maintaining the network device free from any software programs associated with the capturing of the plurality of attributes;
determining, by the hardware processor, a device identifier based on a programmatic transformation of the plurality of attributes captured from the network device;
comparing, by the hardware processor, the device identifier against at least one existing device identifier determined by the hardware processor, wherein the at least one existing device identifier is generated based on a programmatic transformation of a plurality of attributes captured from a respective device; and
determining, by the hardware processor, if the network device is compromised based at least in part the comparison between the device identifier and an existing device identifier.

US Pat. No. 10,116,675

METHODS AND SYSTEMS TO DETECT ANOMALIES IN COMPUTER SYSTEM BEHAVIOR BASED ON LOG-FILE SAMPLING

VMware, Inc., Palo Alto,...

1. A process stored in one or more data-storage devices and executed using one or more processors of a computer system to detect anomalies in behavior of a computer system of a distributed computing system, the method comprising:assigning each event message generated by the computer system to a time interval of a series of time intervals, each event message having a time stamp in the time interval the event message is assigned to; and
when a most recent time interval of the series of time intervals has elapsed,
calculating a difference between a set of event messages with time stamps in the most recent time interval and a set of event messages with time stamps in a previous time interval of the series of time intervals that precede the most recent time interval, and
when the difference is greater than a threshold, generating an alert on an administrative computer console that indicates the computer system exhibits anomalous behavior and migrating one or more virtual machines from the computer system to another computer system within the distributing computing system.

US Pat. No. 10,116,674

FRAMEWORK FOR EXPLAINING ANOMALIES IN ACCESSING WEB APPLICATIONS

Citrix Systems, Inc., Fo...

1. A method for characterizing anomalous network traffic, comprising:receiving, by a device intermediary to a plurality of clients and a plurality of servers, network traffic, the network traffic including an anomaly;
determining, by the device, whether the network traffic satisfies at least one of the rules of a univariate policy based on a respective single independent network traffic feature, a first anomaly explanation associated with satisfying the at least one of the rules of the univariate policy;
determining, by the device, responsive to determining that the network traffic does not satisfy at least one of the rules of the univariate policy, that the network traffic satisfies a multivariate policy including a plurality of anomaly explanation tests, a second anomaly explanation associated with satisfying at least of the plurality of anomaly explanation tests;
selecting, by the device, responsive to determining that the network traffic satisfies the multivariate policy, the second anomaly explanation; and
generating, by the device, an anomaly explanation output including the selected second anomaly explanation.

US Pat. No. 10,116,673

SYSTEM AND METHOD FOR UPLOADING AND VERIFYING A DOCUMENT

STATE FARM MUTUAL AUTOMOB...

1. A computer implemented method comprising:receiving, at a first data server, a file uploaded from a client device, wherein the file is associated with an insurance company event;
determining, by a malware module of the first data server, whether the file contains a computer security threat;
transmitting the file to a second data server when it is determined that the file does not contain a computer security threat;
determining, by a conversion module of the second data server, whether the file is supported;
converting, by the conversion module of the second data server, the file into a converted file when it is determined that the file is not supported, wherein the converted file is supported;
flagging the converted file for association with an insurance company event; and
transmitting, by a hardware processor, the converted file to a permanent storage server.

US Pat. No. 10,116,672

DISTRIBUTED DENIAL-OF-SERVICE ATTACK DETECTION BASED ON SHARED NETWORK FLOW INFORMATION

International Business Ma...

1. A computer-implemented method for detecting distributed denial-of-service (DDoS) attacks, the computer-implemented method comprising:monitoring, by a first data processing system, current local network flow information corresponding to data packets received by the first data processing system via the network;
recording, by the first data processing system, the current local network flow information in a local flow information table;
generating, by the first data processing system, a current local network flow information message containing the current local network flow information;
computing, by the first data processing system, a hash value of the current local network flow information message;
broadcasting, by the first data processing system, the current local network flow information message to a plurality of randomly selected data processing systems connected to the network based on the hash value of the current local network flow information message, wherein each data processing system has a corresponding node, and each node shares their respective local flow information with other data processing nodes randomly;
analyzing, by a first data processing system, current aggregated flow information for a defined period of time, wherein the current aggregated flow information is a real-time current snapshot of an amount of network data packets flowing to the second data processing system from a plurality of different data processing systems via the network for the defined period of time, and the defined period of time represents a predetermined time interval threshold for when the first data processing system (i) transmits the current local network flow information recorded in the local flow information table to randomly selected other data processing systems connected to the network, and (ii) aggregates current local network flow information messages received from the other data processing systems;
determining, by the first data processing system, whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on the analyzing of the current aggregated flow information;
responsive to the first data processing system determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, determining, by first the data processing system, that the second data processing system is under a DDoS attack and transmitting a notification to the second data processing system indicating that the second data processing system is under a DDoS attack;
determining, by the first data processing system, whether the network flow increased above the defined flow threshold value to the first data processing system, itself, within the defined period of time based on the analyzing of the current aggregated flow information; and
responsive to the first data processing system determining that the network flow has increased above the defined flow threshold value to the first data processing system, itself, within the defined period of time, determining, by the first data processing system, that the first data processing system is under the DDoS attack, and performing, by the first data processing system, mitigation steps to halt the DDoS attack on the first data processing system.

US Pat. No. 10,116,671

DISTRIBUTED DENIAL-OF-SERVICE ATTACK DETECTION BASED ON SHARED NETWORK FLOW INFORMATION

International Business Ma...

1. A data processing system for detecting distributed denial-of-service (DDoS) attacks, the data processing system comprising:a bus system;
a storage device connected to the bus system, wherein the storage device stores program instructions; and
a processor connected to the bus system, wherein the processor executes the program instructions to:
monitor, by a first data processing system, current local network flow information corresponding to data packets received by the first data processing system via the network;
record, by the first data processing system, the current local network flow information in a local flow information table;
generate, by the first data processing system, a current local network flow information message containing the current local network flow information;
compute, by the first data processing system, a hash value of the current local network flow information message;
broadcast, by the first data processing system, the current local network flow information message to a plurality of randomly selected data processing systems connected to the network based on the hash value of the current local network flow information message, wherein each data processing system has a corresponding node, and each node shares their respective local flow information with other data processing nodes randomly;
analyze current aggregated flow information for a defined period of time, wherein the current aggregated flow information is a real-time current snapshot of an amount of network data packets flowing to the second data processing system from a plurality of different data processing systems via the network for the defined period of time, and the defined period of time represents a predetermined time interval threshold for when the first data processing system (i) transmits the current local network flow information recorded in the local flow information table to randomly selected other data processing systems connected to the network, and (ii) aggregates current local network flow information messages received from the other data processing systems;
determine whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information;
determine that the second data processing system is under a DDoS attack in response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time and transmit a notification to the second data processing system indicating that the second data processing system is under a DDoS attack;
determine, by the first data processing system, whether the network flow increased above the defined flow threshold value to the first data processing system, itself, within the defined period of time based on the analyzing of the current aggregated flow information; and
responsive to the first data processing system determining that the network flow has increased above the defined flow threshold value to the first data processing system, itself, within the defined period of time, determine, by the first data processing system, that the first data processing system is under the DDoS attack and perform, by the first data processing system, mitigation steps to halt the DDoS attack on the first data processing system.

US Pat. No. 10,116,670

EVENT SPECIFIC RELATIONSHIP GRAPH GENERATION AND APPLICATION IN A MACHINE DATA PROCESSING PLATFORM

SPLUNK INC., San Francis...

1. A method comprising:receiving, by a computer system, raw machine data produced by an information technology environment, the raw machine data indicative of activity of one or more components of the information technology environment;
wherein the received raw machine data include a plurality of data units, wherein the raw machine data in each data unit of the plurality of data units includes data indicative of an activity, entities that participated in the activity, and a timestamp for the activity;
for each data unit of the plurality of data units, by the computer system,
identifying a relationship between the entities indicated in the data unit, the relationship indicative of the activity indicated in the data unit, and
annotating, by using a data structure corresponding to a graph, the raw machine data in the data unit to incorporate data indicative of the relationship into the raw machine data in the data unit; and
providing, to an anomaly detection module, each of the plurality of data units including annotated raw machine data, for detection of a security-oriented anomaly in the information technology environment,
wherein the anomaly detection module is in a real-time path or a batch path, and wherein information regarding identified security-oriented anomalies is shared between the real-time path and the batch path.

US Pat. No. 10,116,669

DETECTING AND MITIGATING WARDRIVING

CA, Inc., New York, NY (...

1. A method comprising:based on detecting a first device attempting to access a network through a wireless access point,
instructing the first device to emit a light; and
activating a set of light detection sensors to detect light emitting from the first device, wherein the set of light detection sensors are distributed throughout a physical space; and
based on determining that light corresponding to the first device was not detected by at least one of the set of light detection sensors,
notifying the wireless access point that the first device was not detected;
determining, by the wireless access point, that the first device is unauthorized to access the network; and
securing the network against access by the first device.

US Pat. No. 10,116,668

SYSTEM AND METHOD FOR ENHANCED DISPLAY-SCREEN SECURITY AND PRIVACY

International Business Ma...

1. A security method comprising: assigning a sensitivity value for a communication with a sensitivity determining module including at least one hardware processor, wherein when the communication includes keywords in a sequence wherein the sequence of fragments includes changing an order of letters in each word of the communication except for a first and last letter of the word, and designated as being sensitive when the sensitivity value is greater than a threshold sensitivity level, and when the communication does not include said keywords designated as being sensitive, the sensitivity values is less than the threshold sensitivity level; formatting said communication for display, wherein when said sensitivity value exceeds the threshold sensitivity level, the communication is parsed into a sequence of fragments; and transmitting the communication as the sequence of fragments when said sensitivity value exceeds the threshold sensitivity level.

US Pat. No. 10,116,667

SYSTEM FOR CONVERSION OF AN INSTRUMENT FROM A NON-SECURED INSTRUMENT TO A SECURED INSTRUMENT IN A PROCESS DATA NETWORK

BANK OF AMERICA CORPORATI...

1. A system for validating resource availability using a block chain distributed network, the system comprising: a memory device with computer-readable program code stored thereon: a communication device; a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to:generate an availability check configuration for confirming resource availability from an originating entity by receiving information corresponding to available resources associated with the user and updating real time resource availability of user resources on a distributed ledger shared between one or more nodes, wherein the resources associated with the user are processed to the distributed ledger as a token representing a user name and account number comprising the resource availability, wherein the token is associated with the account number via a resource application associated with a financial institution;
receive, physically or electronically, an instrument for resource distribution usage by a user, wherein the instrument is received at the one or more nodes associated with the block chain distributed network;
extract and read data from a scanned or electronic copy of the instrument including a resource distribution amount and a user associated with the instrument, wherein the data is stored at the one or more nodes;
integrate the one or more nodes of the block chain distributed network into resource distribution channel systems to identify available resources associated with the user and provide a real-time resource availability of fluctuations to the distributed ledger validate the instrument against the block chain distributed network, wherein validating the instrument confirms instrument validity for the resource distribution;
confirm resource availability for the resource distribution amount of the instrument by generating a confirmation issued by the originating entity;
marking on the distributed ledger of the block chain distributed network the resource distribution amount required as unavailable;
convert the instrument to a validated secure instrument based on marking on the block chain distributed network the resource distribution amount as unavailable;
and communicate the converting to a receiver of the instrument for completion of the resource distribution.

US Pat. No. 10,116,666

SECURE DEBUG TRACE MESSAGES FOR PRODUCTION AUTHENTICATED CODE MODULES

Intel Corporation, Santa...

1. A computer-implemented method comprising:defining an authenticated code module (ACM) extension module, implemented at least partly in one or more of configurable logic or fixed functionality logic hardware, using an entry of a Firmware Interface Table (FIT) that contains a starting address of the ACM extension module, wherein the starting address is located outside of a protected boot block to enable secure output of debug messages and limit an amount of information potentially revealed about the ACM; and
extending a capability of an authenticated code module (ACM) by using the ACM extension module while reducing a boot block footprint of the ACM.

US Pat. No. 10,116,665

SECURED DISTRIBUTED COMPUTING ACROSS MULTIPLE FIREWALLS

THE BOEING COMPANY, Chic...

1. A method comprising:authenticating a user, by a computing device in a first private domain of an information network, by validating authentication information provided by the user when logging into the first private domain;
generating, by the computing device based on successfully validating the authentication information provided by the user when logging into the first private domain, a user identifier (“ID”) for the user;
providing, by the computing device, the user ID identifier (“ID”) to the user;
providing to the user, by the computing device, a first session ID;
receiving from the user, by the computing device,
a service call for a first analytic service residing in the first private domain, the service call including the user ID and the first session ID;
verifying, by the computing device, the first session ID received in the service call;
verifying, by the computing device, the user ID received in the service call;
providing, by the computing device, via a public domain of the information network, a service message for a second analytic service residing in a second private domain of the information network, the service message including the user ID, the first session ID, and job information for the second analytic service;
receiving, by the computing device, via the public domain, a first verification message from the second private domain, the first verification message including the user ID, the first session ID, and a second session ID;
validating, by the computing device, the user ID and the first session ID included in the first verification message;
providing, by the computing device, via the public domain, a second verification message, the second verification message including the user ID, the first session ID, and the second session ID; and
receiving, by the computing device, via the public domain, a response message from the second private domain, the response message including information determined by the second analytic service based on the job information in the service message.

US Pat. No. 10,116,664

AUTHORIZATION POLICY FOR GROUP-CENTRIC SECURE INFORMATION SHARING

1. An authorization engine for enforcing a group-centric secure authorization policy, the authorization engine comprising:a processor accessible by a user and configured to execute instructions;
a memory containing an access-limited object and further containing executable instructions configured to instruct the processor to execute a stateful security policy, including the operations:
define a group;
receive a join command wherein the user joins the group as a member;
receive a leave command wherein the user leaves the group;
receive an add command wherein the object is added to the group as to be in the group;
receive a remove command wherein the object is removed from the group; and
authorize the user to access the object only when the user is a member of the group and the object is in the group;
wherein the stateful security policy is based on an authorization equivalent to a stateless security policy;
wherein the stateful security policy is configured to enforce well-formedness constraints including:
the object cannot both be added to the group and removed from the group within the same state;
the user cannot both join the group and leave the group within the same state;
two types of operations cannot both occur in the same state for the user or the object;
after joining the group, the user cannot join again unless the user has left the group since joining the group;
after being added to the group, the object cannot be added to the group again unless it has been removed from the group since joining the group;
the user cannot leave the group when the user is not already a member of the group; and
the object cannot be removed from the group unless the object is already in the group; and
wherein the stateful security policy further sorts operations by time and provides an order of precedence wherein:
when add and join occur in the same state, add follows join;
when join and remove occur in the same state, join follows remove;
when add and leave occur in the same state, add follows leave; and
when remove and leave occur in the same state, there is no fixed precedence.

US Pat. No. 10,116,663

IDENTITY PROXY TO PROVIDE ACCESS CONTROL AND SINGLE SIGN ON

MOBILE IRON, INC., Mount...

1. A system, comprising:a processor configured to:
receive a request associated with a client app on a device to connect to the system, wherein the system is associated with a cloud-based service, wherein the system is remote from the cloud-based service;
establish a secure tunnel between the device and the system;
determine that the requesting client app is authorized to access the cloud-based service;
obtain a security token trusted by the cloud-based service;
provide the security token to the client app, wherein the security token is to be used by the client app to access to the cloud-based service and cached by the device, wherein the cached security token allows one or more other client apps on the device to be authenticated to one or more corresponding cloud-based services using the secure tunnel;
monitoring a compliance posture of the device; and
blocking access to the cloud-based service based at least in part on an indication that the compliance posture of the device has changed; and
a memory coupled to the processor and configured to provide the processor with instructions.

US Pat. No. 10,116,660

SECURITY MODES FOR A COMPONENT-BASED WEB SECURITY MODEL

salesforce.com, inc., Sa...

1. A system comprising:a processor; and
a memory storing instructions configurable to cause:
obtaining a plurality of documents for a web-based application, the web-based application comprising one or more of a plurality of components, the plurality of components comprising one or more custom components and one or more application programming interface (API) components;
processing a document object model (DOM) corresponding to the web-based application, wherein the one or more components of the web-based application are modeled in hierarchical form;
assigning each API component to a system mode setting configured to provide the API component access to the one or more components of the web-based application;
generating one or more secure documents for each custom component, each secure document comprising a key constituting an object reference of the custom component such that the custom component is accessible only to other custom components capable of providing the key in accordance with one or more rules of capability security; and
assigning each custom component to a user mode setting configured to provide the custom component access to another component of the web-based application for which the custom component can provide the key.

US Pat. No. 10,116,659

SYSTEM FOR REGULATING ACCESS TO AND DISTRIBUTING CONTENT IN A NETWORK

MULTIMEDIA CONTENT MANAGE...

1. A method for providing protected media access, comprising:producing, by a controller node that manages access to protected content, instructions for accessing the protected content;
transmitting, by the controller node, the produced instructions over the Internet for receipt by a plurality of client devices that are remote from the controller node;
receiving, by the controller node, requests for access to the protected content originating at specific client devices within the plurality of client devices, the requests transmitted in accordance with the produced instructions; and
selectively transmitting, by the controller node, the requested protected content to the specific client devices via the Internet.

US Pat. No. 10,116,658

PRIVILEGED ACCESS TO TARGET SERVICES

CyberArk Software Ltd., ...

1. A credentials management system for managing privileged credentials for use in a ticket-based authentication protocol, comprising:at least one hardware processor configured to:
receive a request issued by a client to access a target service in a network;
determine that the request requires privileged access at the target service;
determine, based at least in part on the request, a privileged credential accessible to the credentials management system, the privileged credential being associated with the client but not accessible to the client;
communicate with an authentication service using the privileged credential to obtain a privileged access ticket on behalf of the client based on the privileged credential;
receive the privileged access ticket from the authentication service, responsive to the authentication service authenticating the credentials management system based on the privileged credential; and
forward the privileged access ticket to the client thereby enabling the client to access the target service using the privileged access ticket.

US Pat. No. 10,116,657

SYSTEMS AND METHODS FOR PROVIDING BLOCK CHAIN-BASED MULTIFACTOR PERSONAL IDENTITY VERIFICATION

BLACK GOLD COIN, INC., L...

1. A system for providing blockchain-based personal identity verification, the system comprising:one or more computer-readable storage media configured to store a blockchain;
a computer system comprising one or more processors programmed to execute computer program instructions that, when executed, cause the computer system to:
assign a verification address associated with the blockchain to an individual, the individual having a previously verified personal identity;
store, at the one or more computer-readable storage media, an identifier of the individual and biometric information of the individual in association with the verification address associated with the blockchain, and
wherein the biometric information is related to biometric data of the individual, and the verification address is derived from private and public keys;
obtain, from a client-side device, the identifier and biometric data in connection with a request to verify the individual's identity, the request indicating the verification address associated with the blockchain;
obtain the stored identifier and the stored biometric information using the verification address indicated in the request; and
sign verification of the individual's identity responsive to a determination that the identifier of the request and the biometric data of the request match the stored identifier and the stored biometric information.

US Pat. No. 10,116,656

SYSTEMS AND METHODS FOR ENABLING CALLS TO BYPASS CALL-BLOCKING FUNCTIONS

Symantec Corporation, Mo...

1. A computer-implemented method for enabling calls to bypass call-blocking functions, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:transmitting from the computing device that is configured with a call-blocking function, a token to an additional device during a call to the additional device initiated by the computing device, the token comprising audio-encoded data, wherein the additional device is owned by an individual who is to be allowed to bypass the call-blocking function of the computing device;
receiving, by the computing device, over an audio channel, a request from the additional device to initiate a return call to the computing device that would be blocked by the call-blocking function, the request to initiate the return call comprising an attempt by the additional device to initiate the return call;
determining, by the computing device, that the request to initiate the return call comprises the token by monitoring the audio channel for the token;
enabling the return call from the additional device to the computing device to bypass the call-blocking function in response to determining that the request comprises the token.

US Pat. No. 10,116,655

HYBRID DATA MANAGED LOCK SYSTEM

Schlage Lock Company LLC,...

1. A method, comprising:programming a user key with new access rights information including an activation date and an expiration date for access privileges for a particular user key;
determining, with a lock device, whether the user key is authorized to update the lock device based on data in the user key;
performing, by the lock device, a set of data checks on data stored in the user key;
updating a memory of the lock device with the new access rights information in response to a determination that the user key is authorized to update the lock device and the set of data checks indicates that (i) the user key is associated with a facility of the lock device, (ii) the user key is associated with the lock device, and (iii) the user key includes a serial number of a previous user key authorized to access the lock device, wherein the user key is a smart card; and
writing data to the user key by the lock device that indicates whether one or more other lock devices have not yet been updated.

US Pat. No. 10,116,654

METHOD FOR CLONING A SECURE ELEMENT

GEMALTO SA, Meudon (FR)

1. A method for cloning a first secure element of a first body-coupling communication device from a backup secure element of a first user, said backup secure element comprising at least credentials of said first user, the method comprising:a preliminary phase of checking the authenticity of the first secure element of the first body-coupling communication device using a second secure element of a second body-coupling communication device belonging to a second user, which is a trusted user and is different from the first user, said second secure element being able to be paired with a third secure element of a third body-coupling communication device, comprising:
activating the first secure element by the first user and capturing a biometric data of the first user on the first secure element before pairing the first and the second secure element with the third secure element;
detecting the first secure element by the third secure element and transferring pairing data between the first and the second secure element so that the first secure element and the second secure element are able to communicate directly together by the first user and the second user touching together the third body-coupling communication device containing the third secure element;
authenticating the first secure element by the second secure element;
establishing a secure communication channel between the first and the second secure elements; and
informing the first user on the authenticity of the first secure element by providing an authentication signal on the second secure element; and
a cloning phase activated by the first user upon confirmation of the authenticity of the first secure element based on the authentication signal provided on the second secure element, comprising:
a two-factor authentication of the user performed on the backup secure element by capturing biometric data of the user on the first secure element and the backup secure element, pairing the first secure element and the backup secure element, transferring said biometric data captured on the first secure element to the backup secure element; and
upon biometric data match, authorizing the cloning including copying said credentials of the first user from the backup secure element to the first secure element.

US Pat. No. 10,116,653

SYSTEM AND METHOD FOR SECURING IPMI REMOTE AUTHENTICATED KEY-EXCHANGE PROTOCOL (RAKP) OVER HASH CRACKS

AMERICAN MEGATRENDS, INC....

1. A system, comprising:a management controller, comprising a processor and a non-volatile memory storing computer executable code, wherein the computer executable code, when executed at the processor of the management controller, is configured to:
receive, from a computing device via a network under an intelligent platform management interface (IPMI) remote authenticated key-exchange protocol (RAKP), a credential information comprising a password;
in response to receiving the credential information, generate a hash information based on the password, and send the hash information to the computing device via the network under the IPMI RAKP; and
after a time interval from sending the hash information to the computing device, change the password to a new password,
wherein the time interval is determined based on strength parameters of the password, including:
a length of the password;
whether the password includes symbols;
whether the password includes numbers;
whether the password includes lowercase characters; and
whether the password includes uppercase characters.

US Pat. No. 10,116,652

SHARING ACCESS TO A MEDIA SERVICE

Sonos, Inc., Santa Barba...

1. A method, comprising:receiving, via one or more first computing devices from a second computing device over a wide area network (WAN), a first message comprising an authorization code associated with a media service;
determining, via the one or more first computing devices, that the authorization code of the first message is valid;
responsive to determining that the authorization code is valid, generating, via one or more first computing devices, a first authorization token;
transmitting, via the one or more first computing devices, the first authorization token;
receiving, via the one or more first computing device from a media playback system, a second message comprising a second authorization token;
determining that the second authorization token is valid based on the first authorization token;
responsive to determining that the second authorization token is valid, providing the media playback system with temporary access to media content of the media service;
receiving, via the one or more first computing devices from the media playback system, a media request for media content; and
responsive to the media request, transmitting, via the one or more first computing devices to the media playback system, the media content.

US Pat. No. 10,116,651

TECHNOLOGIES FOR ENHANCING COMPUTER SECURITY

KARA PARTNERS LLC, Midlo...

1. A method of securely transmitting data, comprising:receiving, at at least one processor, an unencrypted data stream comprising a first sequence of values;
segmenting, by the at least one processor, the first sequence of values into words having a word-length equal to either a first variable or a second variable different from the first variable based on a mode of a switch configured to switch between a first mode and a second mode, said plurality of words including an original first word having a word-length equal to the first variable based on the switch being in the first mode and an original second word having a word-length equal to the second variable based on the switch being in the second mode;
inserting random values, by the at least one processor, at predetermined locations in the original first and second words to generate modified first and second words, the modified first and second words having a word-length equal to a third variable different than the first and second variables; and
combining, by the at least one processor, the modified first and second words into a second sequence of values defining an encrypted data stream,
wherein a value of the first variable does not equal a value of the second variable, the value of the first variable does not equal a value of the third variable, and the value of the second variable does not equal the value of the third variable.

US Pat. No. 10,116,650

METHODS AND SYSTEMS FOR CONTACT IMPORTING USING A MOBILE DEVICE

Facebook, Inc., Menlo Pa...

1. A method comprising:by one or more computing devices of a social-networking system, providing to a user of a wireless service provider a reference code identifying the user, wherein the user is associated with the social-networking system;
by the one or more computing devices, upon receiving the reference code by a mobile computing device of the user, providing an indication for the user to log in to the wireless service provider;
by the one or more computing devices, receiving first contact information for contacts of the user from the wireless service provider based on at least the reference code, wherein the first contact information is maintained by the wireless service provider;
by the one or more computing devices, identifying differences between the first contact information and second contact information maintained by the social network system; and
by the one or more computing devices, updating the second contact information maintained by the social network system based on the identified differences, synchronizing the contact information maintained by the wireless service provider and the contact information maintained by the social-networking system, identifying new contact information including new contacts based on the synchronizing, requesting a selection of the new contacts to be added to a social network of the user, and providing invitations to the selection of the new contacts to join the social network of the user.

US Pat. No. 10,116,649

P2P CONNECTING AND ESTABLISHING METHOD AND COMMUNICATION SYSTEM USING THE SAME

THROUGHTEK TECHNOLOGY (SH...

1. An establishing method for a P2P connection, applied to a link server, for establishing a P2P connection between a client device and a remote device, the establishing method comprising:receiving, by the link server, a connection request from the client device, wherein the connection request is for requesting to be connected to the remote device;
detecting, by the link server, a validation token in a network packet from the client device according to the connection request; and
executing, by the link server, a connection verifying procedure when the validation token from the client device is detected to be valid, wherein the connection verifying procedure comprises:
receiving a first validation code and a first address information of the client device from the client device;
reading a second address information of the remote device and a second validation code of the remote device from a storage unit; and
sending the received first validation code and the received first address information of the client device to the remote device and sending the read second address information of the remote device and the read second validation code to the client device, so as to establish the P2P connection between the client device and the remote device according to the first address information, the first validation code, the second address information, and the second validation code.

US Pat. No. 10,116,648

USER AUTHENTICATION

EMC IP Holding Company LL...

1. A method comprising steps of:receiving a request to access a first application on a device;
determining a level of sensitivity associated with the first application in response to receiving the request, wherein the level of sensitivity is represented by a first sensitivity value;
determining that access has previously been granted to a second application on the device or on another device, wherein the second application is different to the first application;
determining a differential between the first sensitivity value and a second sensitivity value in connection with the second application, wherein the differential describes a difference in sensitivity between the first and second applications;
determining that the first sensitivity value is within a predetermined sensitivity value range;
selecting an authentication method for use as part of an authentication operation in connection with the request, wherein the selection of the authentication method is based on the determined differential and the said determination that the first sensitivity value is within the predetermined sensitivity value range; and
applying the selected authentication method in connection with the request as part of an authentication operation that determines whether to grant the request to access the first application on the device;
wherein the steps are performed by at least one processing device comprising a processor coupled to a memory.

US Pat. No. 10,116,647

UNIFIED PROVISIONING OF APPLICATIONS ON DEVICES IN AN ENTERPRISE SYSTEM

Oracle International Corp...

1. A method comprising:determining, based on a user role associated with an identity of a user, an account enabling the identity to access a first resource, wherein the first resource is accessible from a first device using a first application, wherein the first device is registered for the identity of the user;
configuring, by a computer system, the first application with connection information that enables the first application to connect the first device to a first target system based on the account, wherein the first target system provides access for the first resource according to the account;
configuring, by the computer system, the first application with access information that permits the first application to access the first resource, wherein the access information is based on access permitted to the identity by the account; and
transmitting the first application to the first device upon configuring the first application with the connection information and the access information.

US Pat. No. 10,116,646

SOFTWARE-DEFINED NETWORK THREAT CONTROL

Sprint Communications Com...

1. A method of operating a Software-Defined Network (SDN) data-plane machine that stores flow data and a physically-embedded, read-only, hardware-trust key, the method comprising:a southbound transceiver receiving hardware-trust challenge data transferred by a hardware-trust controller;
a data processing system processing the hardware-trust challenge data based on the physically-embedded, read-only, hardware-trust key to generate hardware-trust response data;
the southbound transceiver transferring the hardware-trust response data for delivery to the hardware-trust controller;
a user data transceiver receiving user data;
the data processing system directing the user data transceiver to route the user data based on the flow data;
the user data transceiver routing the user data responsive to the direction from the data processing system;
the southbound transceiver receiving modification data from an SDN controller;
the data processing system determining that the SDN controller is authorized by the hardware-trust controller to modify the flow data and modifying the flow data based on the modification data responsive to the authorization from the hardware-trust controller;
the southbound transceiver receiving other modification data from another SDN controller;
the data processing system determining that the other SDN controller is not authorized by the hardware-trust controller to modify the flow data and responsively generating flow modification failure data for the other SDN controller; and
the southbound transceiver transferring the flow modification failure data for the other SDN controller for delivery to the hardware-trust controller.

US Pat. No. 10,116,645

CONTROLLING USE OF ENCRYPTION KEYS

Amazon Technologies, Inc....

1. A system-on-chip, comprising:a processor;
a fuse-based memory storing:
information for deriving a first public key for a first asymmetric key pair; and
one or more current key version numbers, each associated with a corresponding secondary public key;
wherein, in a secure boot process, the processor is configured to:
load a digital certificate that includes a secondary public key for a second asymmetric key pair and a key version number associated with the secondary public key;
authenticate the digital certificate using the first public key;
compare a key version number for the secondary public key provided by the digital certificate with a corresponding current key version number in the fuse-based memory;
if the key version number for the secondary public key is lower than the current key version number, determine that the secondary public key is not a trusted public key; and
if the key version number for the secondary public key is equal to or higher than the current key version number, determine that the secondary public key is a trusted public key;
wherein the processor is configured to replace an old secondary public key with a new trusted secondary public key if the key version number for the new secondary public key is equal to or higher than the current key version number.

US Pat. No. 10,116,644

NETWORK ACCESS SESSION DETECTION TO PROVIDE SINGLE-SIGN ON (SSO) FUNCTIONALITY FOR A NETWORK ACCESS CONTROL DEVICE

Pulse Secure, LLC, San J...

1. A method comprising:establishing, with a network access control (NAC) client executing on a client device, a network access session between a user of a network associated with the NAC client and the NAC device;
configuring, with the NAC client, the client device to resolve a hostname to an internet protocol (IP) address in response to establishing the network access session;
listening, with the NAC client, to the IP address;
receiving, with the NAC device, a security assertion request from a user agent executing on the client device, the security assertion request including a request for a security assertion to be made by the NAC device, the security assertion indicating that a user of the user agent has been authenticated by the NAC device;
sending, with the NAC device, a redirect to the user agent in response to receiving the security assertion request, the redirect including a session verification request that includes information indicative of the security assertion request, the redirect message specifying that the redirect message is to be redirected to the hostname;
resolving, with the client device, the hostname to the IP address;
forwarding, with the user agent executing on the client device, the session verification request included in the redirect to the IP address;
sending, with the NAC client, a session verification message to the NAC device in response to receiving the session verification request at the IP address, the session verification message including the information indicative of the security assertion request and session verification information that is indicative of a session that has been established between the user and the NAC device;
sending, with the NAC device, a security assertion responsive to the security assertion request to the NAC client in response to receiving the session verification information from the NAC client; and
forwarding, with the NAC client, the security assertion to the user agent executing on the client device.

US Pat. No. 10,116,643

VIRTUALIZED DATA STORAGE AND MANAGEMENT OF POLICY AND CREDENTIAL DATA SOURCES

Oracle International Corp...

1. A method comprising:receiving, at a computer system, using an interface for accessing a plurality of storage systems, a data request for credential information from a single sign-on service of one or more single sign-on services, wherein the credential information is stored at one of the plurality of storage systems, and wherein the data request includes one or more criteria for obtaining the credential information from the single sign-on service;
identifying, using one or more credential criteria identified in the data request based on the one or more criteria, a storage system associated with the data request, wherein the one or more credential criteria are generated for the credential information;
selecting, from a plurality of plug-ins, a plug-in corresponding to the identified storage system, wherein the plug-in is selected based on a type of storage system, and wherein the plug-in converts the data request according to the type of storage system; and
sending, to the single sign-on service for which the data request is received, data associated with the data request, the data being obtained from the identified storage system.

US Pat. No. 10,116,642

IDENTITY MANAGEMENT OVER MULTIPLE IDENTITY PROVIDERS

KONY, INC., Orlando, FL ...

1. A method comprising:requesting a backend service from multiple backend services by a requesting device;
exposing the requested backend service through a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device; and
providing, via identity services, a credential vault for a user to store a crypographic hash of a password and username that is used in conjunction with a valid identity token to leverage passwords for non-authorized legacy systems that the user may be required to login to retrieve data or leverage services,
wherein the gateway service directly calls in and is exposed to the requested backend services using the token and a token template, and
wherein the identity services comprise an identity management system which manages identities of plural devices through the use of tokens which are recognized by the backend services when passed by the gateway service.

US Pat. No. 10,116,641

CLOUD QUEUE PLAYBACK POLICIES ON A GRAPHICAL USER INTERFACE

Sonos, Inc., Santa Barba...

1. Tangible, non-transitory, computer-readable media having instructions encoded therein, wherein the instructions, when executed by one or more processors, cause a control device of a media playback system to perform a method comprising:transmitting, over a network interface to a computing system, a request to access a first cloud queue that includes a given pre-defined playlist of audio tracks, wherein the first cloud queue is accessible to the media playback system via a wide area network;
after transmitting the request to access the first cloud queue, receiving, over the network interface from the computing system, an indication of one or more first media items of the first cloud queue and an indication of one or more first playback policies associated with pre-defined playlists, wherein the one or more first playback policies authorize the media playback system to perform a particular set of one or more first playback operations on the first cloud queue when a pre-defined playlist is queued in the first cloud queue;
while the first cloud queue is being accessed, causing a graphical display to display a control interface comprising playback controls corresponding to the one or more first playback operations;
transmitting, over the network interface to the computing system, a request to access a second cloud queue that includes a given internet radio station;
after transmitting the request to access the second cloud queue, receiving, over the network interface from the computing system, an indication of one or more second media items of the second cloud queue and an indication of one or more second playback policies associated with internet radio stations, wherein the one or more second playback policies authorize the media playback system to perform a particular set of one or more second playback operations on the second cloud queue when an internet radio station is queued in the second cloud queue; and
while the second cloud queue is being accessed, causing the graphical display to display the control interface comprising playback controls corresponding to the one or more second playback operations, wherein the control interface comprising playback controls corresponding to the one or more first playback operations is different from the control interface comprising playback controls corresponding to the one or more second playback operations.

US Pat. No. 10,116,640

IMAGE PROCESSING SYSTEM, IMAGE PROCESSING DEVICE, AND AUTHENTICATION METHOD

RICOH COMPANY, LIMITED, ...

1. An image processing system comprising:a first image processing device;
one or more second image processing devices; and
a server device, wherein
the first image processing device comprises:
memory storing computer-readable instructions; and
one or more processors configured to execute the computer-readable instructions such that the one or more processors are configured to perform operations including,
receiving an input of first authentication information for authenticating a user based on a first authentication method;
authenticating on an own device by using the first authentication information; and
using the one or more second image processing devices, and
transmitting, when a function of the one or more second image processing devices is to be operated, the first authentication information to the one or more second image processing devices, and transmitting, when authentication to only a second image processing device of a plurality of image processing devices based on the first authentication information has failed, a transmission request of authentication method information indicating a second authentication method of the second image processing device to the second image processing device, the authentication to which based on the first authentication information has failed; and wherein
the server device includes:
memory storing computer-readable instructions; and
one or more processors configured to execute the computer-readable instructions such that the one or more processors are configured to perform operations including,
transmitting, when receiving the first authentication information from the first image processing device, the first authentication information to the one or more second image processing devices, and transmitting, when receiving an authentication result based on the first authentication information from each of the one or more second image processing devices, the authentication result to the first image processing device.

US Pat. No. 10,116,639

SECURITY CONTROLLER SC RESTORATION METHOD AND APPARATUS

Huawei Technologies Co., ...

1. A security controller (SC) restoration method comprising:assigning, by a master node, a backup SC function to a first node, wherein the master node is an original domain master (DM) node or a backup DM node;
sending, by the master node, a first message regarding the backup SC to a second node, wherein the first message comprises an identifier of the first node to which the backup SC belongs;
when a third node to which an original SC belongs is disconnected and the first and master nodes are different nodes, sending, by the master node, a second message for enabling the SC function at the first node by performing authentication according to the second message on the first node; and
when the master node is the same as the first node activating, by the master node, the SC function for performing authentication at the master node.

US Pat. No. 10,116,638

METHOD AND DEVICE FOR UPLOADING DATA TO SOCIAL PLATFORM

TENCENT TECHNOLOGY (SHENZ...

1. A method for uploading data to a social platform, comprising:setting a plugin into an application program, wherein the plugin integrates multiple Application Program Interfaces (API) corresponding to multiple social platforms, each API possessing a publishing function provided by at least one of the multiple social platforms;
after the plugin is set into the application program, opening, by the application program, a page;
receiving a request for uploading data associated with the opened page in response to an icon corresponding to the plugin being selected on the user interface of the application program;
obtaining data to be uploaded according to the request;
after obtaining the data to be uploaded, determining at least two social platforms for uploading the data based on user selection among the multiple social platforms whose APIs are integrated by the plugin; and
simultaneously uploading the data to the at least two social platforms through one or more corresponding API integrated by the plugin,
wherein setting the plugin into the application program comprises:
adding an attribute of the plugin into a declaration file of the application program, the declaration file being directed to an operating system running the application program; and
configuring the plugin to inherit an abstract class specified in an SDK of the application program.

US Pat. No. 10,116,637

SECURE TELECOMMUNICATIONS

Wickr Inc., San Francisc...

1. A system, comprising:a processor configured to:
receive, at a first device via a control channel, a secure telecommunication request from a second device, wherein the secure telecommunication request includes at least one of a first meeting identifier and a first meeting key;
transmit, from the first device, the meeting identifier to a communication server, via a communication channel that is separate from the control channel, to obtain encrypted communication data;
receive, at the first device, encrypted communication data from the communication server;
decrypt, by the first device, the encrypted communication data using the first meeting key;
provide the decrypted communication data to a user of the first device; and
a memory coupled to the processor and configured to provide the processor with instructions.

US Pat. No. 10,116,636

APPARATUS AND METHOD FOR SECURE TRANSMISSION AVOIDING DUPLICATE DATA

FUJITSU LIMITED, Kawasak...

1. A communication device, comprising:a memory; and
a processor coupled to the memory and configured to, upon receiving, from another communication device, a sequence of information sets respectively corresponding to a sequence of data-segments, each information set including at least a pair of a segment identifier identifying a data-segment and an encryption key for decoding an encrypted data-segment that is generated from the data-segment by using the encryption key, determine, for each of the sequence of information sets, whether the encrypted data-segment corresponding to the segment identifier is held in the memory in association with the segment identifier, wherein:
in a first case where a first sequence of information sets respectively corresponding to a first sequence of data-segments destined for a first destination and including a first data-segment is received, the first sequence of information sets including a first information set that corresponds to the first data-segment and includes a triplet of a first segment identifier identifying the first data-segment, a first encryption key, and a first encrypted data-segment generated by encrypting the first data-segment with the first encryption key, while the first encrypted data-segment is not held in the memory in association with the first segment identifier, the processor performs a first reception process including:
acquiring the first encrypted data-segment from the first sequence of information sets,
storing the acquired first encrypted data-segment in the memory in association with the first segment identifier without storing the received first encryption key in the memory so as to block the first encryption key from being read by unauthorized access to the memory,
restoring the first data-segment by decoding the first encrypted data-segment with the first encryption key that is obtained from the first information set included in the received first sequence of information sets, and
outputting the restored first data-segment to the first destination as the first data-segment of the first sequence of data-segments; and
in a second case where a second sequence of information sets respectively corresponding to a second sequence of data-segments destined for a second destination and including a second data-segment identical to the first data-segment is received, the second sequence of information sets including a second information set that corresponds to the second data-segment identical to the first data-segment and includes a pair of the first segment identifier and the first encryption key without including the first encrypted data-segment therein, while the first encrypted data-segment is held in the memory in association with the first segment identifier, the processor performs a second reception process including:
acquiring, from the memory, the first encrypted data-segment associated with the first segment identifier,
restoring the first data-segment by decoding the first encrypted data-segment with the first encryption key that is obtained from the second information set included in the received second sequence of information sets, and
outputting the restored first data-segment to the second destination as the second data-segment of the second sequence of the data-segments so as to avoid redundant transmission of the second data-segment for the second destination, which is identical to the first data-segment for the first destination, between the communication device and the another communication device.

US Pat. No. 10,116,635

MOBILE-BASED EQUIPMENT SERVICE SYSTEM USING ENCRYPTED CODE OFFLOADING

OTIS ELEVATOR COMPANY, F...

1. A mobile-based equipment service system applied by a user, the mobile-based equipment service system comprising:a remote server including a computer processor, a non-transitory storage medium, an application executed by the computer processor and stored in the non-transitory storage medium, a user authentication database stored in the non-transitory storage medium and applied by the application;
a mobile device including a user interface, the mobile device being configured to send a user authentication message initiated by the user via the user interface to the remote server, wherein the application is configured to verify the user by comparing the user authentication message to the user authentication database, and once verified, develop and effect the sending of an encrypted blob to the mobile device in response to the user authentication message;
at least one equipment controller including a computer processor, a non-transitory storage medium, executable code, executed by the computer processor and stored in the non-transitory storage medium;
at least one site, wherein each site of the at least one site includes at least one respective equipment controller of the at least one equipment controller, and the encrypted blob is secured by the remote server via a site specific private key associated with a respective site of the at least one site, the authentication message including user credentials and a selected site of the at least one site selected by the user, wherein the computer processor of the equipment controller is configured to receive the encrypted blob and the executable code is configured to decrypt the encrypted blob received from the mobile device and utilizing the site specific private key.

US Pat. No. 10,116,634

INTERCEPTING SECURE SESSION UPON RECEIPT OF UNTRUSTED CERTIFICATE

A10 Networks, Inc., San ...

1. A system for intercepting a secure session, the system comprising:a network device configured to:
intercept a first secure data session, wherein the first secure data session is established between a client device and a server device via a security gateway;
establish a second secure data session between the server device and the security gateway;
receive a first secure session request from the client device over the first secure data session;
receive a server certificate from the server device over the second secure data session, the server certificate being associated with the first secure session request;
determine that the server certificate is untrusted;
in response to the determining that the server certificate is untrusted, generate a gateway certificate based on the server certificate;
provide the gateway certificate to the client device, wherein the client device determines that the gateway certificate is untrusted and determines, based on a security policy, whether to proceed with the first secure data session; and
receive first secure content from the client device over the first secure data session; and
a processor being in operative connection with the network device, wherein the processor is configured to:
create first encrypted secure content using the first secure content and the server certificate from the server device; and
send or cause sending the first encrypted secure content to the server device over the second secure data session.

US Pat. No. 10,116,633

SYSTEMS AND DEVICES FOR HARDENED REMOTE STORAGE OF PRIVATE CRYPTOGRAPHY KEYS USED FOR AUTHENTICATION

BANK OF AMERICA CORPORATI...

1. A system for hardened remote storage of private cryptography keys and authentication, the system comprising:a storage device comprising a first computing platform including:
a first memory configured to store one or more private cryptography keys, and
a first processor in communication with the first memory, wherein the first processor is configured to:
receive user configuration inputs that define (i) one or more tamper-related signals and (ii) a threshold amount for each of the one or more tamper-related signals, wherein meeting or exceeding the threshold amount results in deletion of the one or more private cryptography keys from the first memory,
generate the one or more private cryptography keys,
provide for the private cryptography keys to be accessible to a computing node in communication with the storage, while the computing node is executing an authentication routine without having to communicate the private cryptography keys to the computing node, and
in response to receiving at least one of the one or more tamper-related signals and determining that the threshold amount associated with the at least one of the tamper-related signals has been met or exceeded, delete the one or more private cryptography keys from the first memory; and
the computing node that is remote from the storage device and comprising a second computing platform including:
a second memory configured to store the authentication routine, and
a second processor in communication with the second memory, wherein the second processor is configured to, in response to sending data to the storage device, receive a verification result from the storage device, and execute the authentication routine to authenticate a user based at least in part on the verification result.

US Pat. No. 10,116,632

SYSTEM, METHOD AND COMPUTER-ACCESSIBLE MEDIUM FOR SECURE AND COMPRESSED TRANSMISSION OF GENOMIC DATA

New York University, New...

1. A non-transitory computer-accessible medium having stored thereon computer-executable instructions for generating at least one compressed genetic sequence, wherein, when a computer arrangement executes the instructions, the computer arrangement is configured to perform procedures comprising:(a) obtaining at least one reference sequence;
(b) obtaining a particular sequence read for at least one genetic sequence from a sequence platform;
(c) comparing the particular sequence read to the at least one reference sequence;
(d) storing the particular sequence read only if the particular sequence read does not match the at least one reference sequence; and
(e) generating the at least one compressed genetic sequence by repeating procedures (b)-(d) for further sequence reads which are different from the particular sequence read.

US Pat. No. 10,116,631

SYSTEMS AND METHODS FOR MANAGED DATA TRANSFER

Open Text SA ULC, Halifa...

1. A system for managed file transfer, comprising:a server machine operating a managed file transfer server connected, over a network, to a plurality of location servers, the server machine operating the managed file transfer server to:
receive a request to send data to a recipient;
determine a location of the recipient;
determine a location server of the plurality of location servers that is closest to the location of the recipient; and
automatically initiate a server-to-server transfer to move the data to the location server that is closest to the location of the recipient;
wherein the request is received from a first location server operating at a first location, the location server that is closest to the location of the recipient is a second location server operating at a second location, and the server-to-server transfer is automatically initiated by the managed file transfer server to move the data from the first location server to the second location server, each of the first location server and the second location server being a subset of the managed file transfer server, the subset comprising a transfer server and a file server.

US Pat. No. 10,116,630

SYSTEMS AND METHODS FOR DECRYPTING NETWORK TRAFFIC IN A VIRTUALIZED ENVIRONMENT

Bitdefender IPR Managemen...

1. A client system comprising a hardware processor and a memory, the hardware processor configured to execute a virtual machine, an introspection engine, and a network filter, the introspection engine and the network filter executing outside of the virtual machine, wherein:the virtual machine is configured to carry out a communication session with a remote party, the communication session comprising a handshake message followed by an encrypted payload, wherein the handshake message contains an encryption parameter used by the client system to derive an encryption key, and wherein the encrypted payload is encrypted with the encryption key;
the network filter controls a network adapter of the client system and is configured to intercept the handshake message and in response, transmit a notification to the introspection engine; and
the introspection engine is configured to:
infer an occurrence of a first session event of the communication session according to the notification,
identify within the memory a target memory page according to whether a content of the target memory page has changed between the occurrence of the first session event and an occurrence of a second session event of the communication session, and
in response, transmit the content of the target memory page to a decryption engine configured to decrypt the encrypted payload according to the content.

US Pat. No. 10,116,629

SYSTEMS AND METHODS FOR OBFUSCATION OF DATA VIA AN AGGREGATION OF CLOUD STORAGE SERVICES

Carbonite, Inc., Boston,...

1. A method for obfuscation of data via an aggregation of cloud storage services, comprising: identifying, by a synchronization client of a client device, a file for transfer to an aggregation of a plurality of cloud storage services; extracting, by the synchronization client using a comb filter, a first subset of the file by skipping elements of the file to extract every nth element; transmitting, by the synchronization client, the first subset of the file to a first cloud storage service of the plurality of cloud storage services; extracting, by the synchronization client using the comb filter, a second subset of the file by skipping elements of the file to extract every nth element, offset by one, wherein in the extracting of the first subset and the extracting of the second subset, n is selected to avoid having a whole number relationship to a width of a memory read bus used by the synchronization client; transmitting, by the synchronization client, the second subset of the file to a second cloud storage service of the plurality of cloud storage services; and transmitting, by the synchronization client, metadata of the file and an identification of the first subset, first cloud storage service, second subset, and second cloud storage service, to a third cloud storage service.

US Pat. No. 10,116,628

SERVER-PAID INTERNET ACCESS SERVICE

1. A method of operating an access point, the method comprising:receiving a first request from a device associated with a user to access a first web server operated by a first entity that has agreed with a second entity operating the access point to incur costs associated with a connection to a network provided by the access point;
sending a response to the device associated with the user, the response including an address of an authentication program accessible via a secure port of a second web server different from the first web server, the response to cause the device associated with the user to securely communicate with the secure port for a period of time sufficient for the device associated with the user to attempt to be authenticated via the authentication program, the second web server to provide a one-time encryption key to the device associated with the user via the secure port such that the second entity associated with the access point is unable to access the one-time encryption key;
receiving an acknowledgment indicative of a result of the attempt to be authenticated via the authentication program; and
when the received acknowledgement indicates that the device associated with the user is authentic, operating, by executing an instruction with at least one processor, an access controller of the access point to route traffic to and from the device associated with the user based on an access control profile associated with the first web server, wherein the access control profile restricts the device associated with the user to an access range of addresses.

US Pat. No. 10,116,627

METHODS AND SYSTEMS FOR IDENTIFYING TARGETED CONTENT ITEM FOR USER

CONDUENT BUSINESS SERVICE...

1. A method for identifying a targeted content item for a user, the method comprising:receiving, by one or more processors, one or more encrypted first attributes associated with said user, and a first key, wherein said one or more encrypted first attributes are generated by encrypting one or more first attributes of said user using said first key;
encrypting, by said one or more processors, one or more content items using said first key, wherein said one or more content items are stored in a data structure such that said one or more content items are indexed in said data structure according to respective bit-strings representing one or more second attributes associated with each of said one or more content items;
determining, by said one or more processors, at least one encrypted content item from said data structure that corresponds with said one or more first attributes without decrypting said one or more encrypted first attributes, wherein determining said at least one encrypted content item comprises:
performing an iterative Homomorphic cryptographic process on said data structure using said one or more encrypted content items in said data structure, said respective bit-strings representing the one or more second attributes of said indexed one or more content items, and said one or more encrypted first attributes; and
providing said at least one encrypted content item to said user, wherein said at least one encrypted content item is decrypted to generate said targeted content item and wherein performing said iterative Homomorphic cryptographic process prevents release of said one or more second attributes to said user.

US Pat. No. 10,116,626

CLOUD BASED LOGGING SERVICE

Fortinet, Inc., Sunnyval...

1. A method comprising:enabling a network administrator of a network security gateway of a private network of an enterprise to view and modify various configuration settings for the network security gateway, wherein a configuration screen associated with logging and reporting settings has integrated therein one or more settings associated with a cloud-based logging service;
causing the network security gateway to use the cloud-based logging service as a logging device for storage and retrieval of information regarding one or more of network traffic, system events and security events observed by the network security gateway by enabling by default, by the network security gateway, a setting of the one or more settings associated with logging and archiving of the information; and
automatically creating, by the network security gateway, an account within the cloud-based logging service by registering the network security gateway itself as a user of the cloud-based logging service, thereby allowing the network security gateway to make use of the cloud-based logging service for purposes of logging and reporting the information without requiring separate registration with the cloud-based logging service to be performed by the network administrator.

US Pat. No. 10,116,625

SYSTEMS AND METHODS FOR SECURE CONTAINERIZATION

SECUREWORKS, CORP., Wilm...

1. A method for provisioning a secure container for running an application, comprising:routing traffic between the application and a secure container service over a virtual private network;
using network filter rules to restrict network traffic to or from the application other than traffic to or from the secure container service;
using a customized domain name system service to provide name resolution to domain name system requests from the application within the secure container, the name resolution limited to server names allowed by a security policy;
examining the secure container for known vulnerabilities and preventing the secure container from launching when a known vulnerability is detected, the examining including at least one of checking configuration settings to identify combinations of settings that create known vulnerabilities, checking versions of libraries or applications within the secure container to identify unpatched known vulnerabilities, performing a port scan to identify known vulnerabilities, and any combination thereof;
establishing an inbound network proxy to filter and route approved inbound traffic to the application; and
establishing an outbound network proxy to filter and route approved outbound traffic from the application.

US Pat. No. 10,116,624

INTELLIGENT SORTING FOR N-WAY SECURE SPLIT TUNNEL

Aerohive Networks, Inc., ...

1. A method comprising:sorting outgoing datagrams into one of at least three categories, wherein the at least three categories include a first category of datagrams addressed to a central network location, a second category of datagrams addressed to destinations on a white list, and a third category of datagrams addressed to other destinations absent from the white list;
sending datagrams in the first category to the central network location along an N-way split virtual private network tunnel, wherein N is an integer greater than or equal to three;
sending datagrams in the second category to the destinations on the white list along the N-way split virtual private network tunnel;
sending datagrams in the third category to a scanning service website along the N-way split virtual private network tunnel, the scanning service website configured to provide a first scrubbing service for HTTP datagrams and a second scrubbing service for SMTP, POP, and IMAP datagrams.

US Pat. No. 10,116,623

METHODS AND SYSTEMS FOR PROVIDING A TOKEN-BASED APPLICATION FIREWALL CORRELATION

salesforce.com, inc., Sa...

1. A method comprising:receiving a request for access to a resource from a remote user device, the request received by an application-level firewall;
associating a token with the request, by the application-level firewall, wherein the token is added to a session context and the token is injected into multiple events that originate from the request to service the request during the session to allow the application-level firewall to correlate the request with a corresponding session wherein associating a token with the request comprises the application-level firewall modifying logic of the request to include the token;
storing the token and associated information in an event correlator communicatively coupled with the application-level firewall;
associating the token with one or more subsequent actions by the resource in response to receiving the request, wherein the one or more subsequent actions comprises at least generating a database query based on the request, the database query including the token in logic of the database query;
selectively applying one or more traffic management policies by the application-level firewall based on at least the session context having the token by at least identifying abnormalities in transactions through the application-level firewall utilizing at least a statistical model, wherein a total score is maintained over a session and can be updated by multiple host system entities; and
transmitting a response to the request with the token to the remote user device via the application firewall, wherein the application-level firewall analyzes the response and determines an action to be taken on the response based on the token and the associated information.

US Pat. No. 10,116,622

SECURE COMMUNICATION CHANNEL USING A BLADE SERVER

INTERNATIONAL BUSINESS MA...

1. A system comprising:a security blade server configured to perform a security operation on network traffic exchanged between network devices in a first portion of a virtual network that includes the security blade server and network devices outside the first portion in a second portion of the virtual network, the network devices in the first portion bridged together and secured by the security blade server, wherein the first portion of the virtual network is protected by the security operation of the security blade server, wherein the network devices are bridged together by the security blade server to separate the second portion of the virtual network from the first portion of the virtual network, and wherein a gateway bridges the first portion and the second portion; and
a network controller configured to execute an application and concurrently program, using an application program interface (API), the security blade server and another security blade server to perform the security operation, to encrypt and encapsulate data, to access an address list, to virtualize each of the network devices in the virtual network based on a software defined environment, and to virtually position the security blade server as a bridge in a channel of the network traffic exchanged between at least two of the network devices using the API.

US Pat. No. 10,116,621

METHOD AND SYSTEM FOR MESSAGING SECURITY

Axway Inc., Phoenix, AZ ...

1. A system comprising:a messaging firewall that cooperates with a remote publicly accessible security server to securely transmit e-mail messages,
wherein the messaging firewall encrypts an e-mail message in accordance with at least one encryption key and determines, based on textual content, a destination, a size, and a source of the e-mail message, whether application of a signature to the e-mail message is required, the e-mail message being sent from the source to one or more recipients;
wherein the messaging firewall queries the remote security server for an encryption key including related encryption data which is associated with at least one target server for the e-mail message, and that in response to a determination that application of a signature is required for the e-mail message, retrieves the signature and a certificate associated with the source of the e-mail message;
wherein the encryption key is the recipient's public key;
wherein the certificate is used to store the recipient's public key;
wherein the signature is applied to the e-mail message to allow for a recipient of the one or more recipients to authenticate the source, wherein the encryption key is stored in the remote security server, and the certificate is included with the signature; and
wherein the messaging firewall transmits the e-mail message to at least one target server for which encryption data was retrieved by the messaging firewall.

US Pat. No. 10,116,620

METHOD FOR ACCESS NETWORK VIRTUALIZATION AND PROXY NODE

Huawei Technologies Co., ...

1. A method for access network virtualization, applied in a system comprising a first remote access node and a second remote access node, a proxy node and a management system, wherein the method comprises:establishing, by the proxy node, a relationship mapping table, wherein the relationship mapping table comprises a first mapping relationship and a second mapping relationship, wherein the first mapping relationship comprises an Internet protocol (IP) address of a virtual access node (AN), a first user side port of the virtual AN and a user side port of the first remote access node, wherein the second mapping relationship comprises the IP address of the virtual AN, a second user side port of the virtual AN and a user side port of the second remote access node, wherein the virtual AN is a device which the management system is capable of managing;
receiving a packet sent by the management system;
querying the relationship mapping table according to first parameter information carried in the packet to obtain second parameter information, wherein the first parameter information comprises the IP address of the virtual AN and the first user side port of the virtual AN, and wherein the second parameter information comprises the user side port of the first remote access node; and
sending the packet to the first remote access node corresponding to the user side port of the first remote access node according to the second parameter information.

US Pat. No. 10,116,619

SYSTEMS AND METHODS FOR PROVISIONING, CONFIGURING, DIAGNOSING, AND MAINTAINING OUT-OF BAND MANAGEMENT OF COMPUTING DEVICES

Connectwise, Inc., Tampa...

1. A method of provisioning an out-of-band system comprising:establishing, by a management engine of a server of a first domain, a network tunnel with a device on a second domain different from the first domain, the network tunnel comprising at least one of a virtual private network (“VPN”) or a secure socket shell (“SSH”) configured to route one or more communication ports of the device for provisioning;
modifying, by the management engine subsequent to establishing the network tunnel, via a dynamic host configuration protocol (“DHCP”) server on the second domain, the second domain to a modified domain including a fixed subdomain of the first domain, the fixed subdomain corresponding to a provisioning engine of the first domain;
receiving, by the provisioning engine from the device via the network tunnel established by the server of the first domain, responsive to the device obtaining the fixed subdomain of the first domain from the DHCP server, a provisioning request to initiate a provisioning cycle comprising at least one of configuring the device, diagnosing the device, or maintaining the device;
transmitting, by the provisioning engine to the device via the network tunnel established by the server of the first domain, a certificate configured with the first domain, the device configured to validate the certificate based on the certificate matching the modified domain obtained from the DHCP server;
reverting, by the management engine, responsive to completion of the provisioning cycle by the device, the modified domain to the second domain; and
terminating, by the management engine, responsive to reverting the modified domain to the second domain and the completion of the provisioning cycle, the network tunnel comprising the at least one of the VPN or the SSH established by the server of the first domain and used to provision the device.