US Pat. No. 10,432,995

VIDEO DISPLAY DEVICE, TERMINAL DEVICE, AND METHOD THEREOF

LG ELECTRONICS INC., Seo...

1. A method for communicating with at least one server and at least one mobile device in a video display apparatus connected to a set top box (STB), comprising:receiving uncompressed audio or video frames through an external input port from the STB;
extracting fingerprints from the uncompressed audio or video frames;
transmitting the fingerprints to a first server;
receiving a first URL from the first server, the first URL being used to retrieve supplementary content from a second server different from the first server;
retrieving the supplementary content from the second server based on the first URL received from the first server;
performing a bidirectional communication with the at least one mobile device;
transmitting a second URL for accessing information related to an application to the at least one mobile device, the second URL being different from the first URL;
receiving a subscription message from the at least one mobile device, the subscription message comprising service information for identifying a service between the video display apparatus and the at least one mobile device; and
transmitting a notification message to the at least one mobile device when the at least one mobile device is subscribed with the video display apparatus for the identified service between the video display apparatus and the at least one mobile device.

US Pat. No. 10,432,994

CONTENT COMPARISON TESTING ON LINEAR MEDIA STREAMS

The Nielsen Company (US),...

1. A system comprising:a first network connection to a first automatic content recognition (ACR) system, the first ACR system configured to determine first viewership information of a media segment displayed on a first television, wherein media content comprises at least the media segment;
a second network connection to a second ACR system, the second ACR system configured to determine second viewership information of an overlay content segment displayed on a second television;
a third network connection to a content management device configured to store one or more overlay content segments, the one or more overlay content segments including the overlay content segment displayed on the second television;
a memory;
a processing device coupled to the memory, the first network connection, the second network connection, and the third network connection, the processing device configured to execute a content comparison engine, wherein the content comparison engine is configured to:
receive, via the first network connection, one or more first viewership events associated with the media segment;
receive, via the second network connection, one or more second viewership events associated with the overlay content segment;
determine a first viewership level based on the one or more second viewership events associated with the overlay content segment, the first viewership level indicating an attentiveness of a first viewer of the overlay segment;
determine a second viewership level based on the one or more first viewership events associated with the media segment, the second viewership level indicating an attentiveness of a second viewer of the media segment;
determine that the first viewership level exceeds the second viewership level by a viewership level threshold, the viewership level threshold indicating a comparative difference between the first viewership level at the second television and the second viewership level at the first television;
and
in response to the first viewership level exceeding the second viewership level by the viewership level threshold, send a display instruction to the content management device via the third network connection, the display instruction instructing the content management device to send the overlay content segment to the first television and the second television for display.

US Pat. No. 10,432,993

OUTPUT AND PLAYBACK CONTROL DELIVERY FOR ADAPTIVE BITRATE STREAMING

ARRIS Enterprises LLC, S...

1. A method of customizing an adaptive bitrate streaming session, comprising:establishing a network connection session between a client device and a manifest delivery controller;
receiving a manifest request at said manifest delivery controller from said client device, wherein said manifest request identifies a video;
determining whether one or more playback control rules and/or output control rules have been set at said manifest delivery controller that apply to said video and/or said client device; and
sending a manifest and control tags from said manifest delivery controller to said client device, wherein the control tags are provided separate from the manifest,
wherein said manifest identifies locations of a plurality of adaptive bitrate chunks of said video,
wherein said control tags are associated with the playback control rules and/or output control rules that said manifest delivery controller determined applied to said video and/or said client device, and
wherein the manifest directly identifies the locations of the adaptive bitrate chunks rather than rely on a link and the control tags directly deliver the playback control rule information rather than rely on a link.

US Pat. No. 10,432,991

SECURE SESSION-BASED VIDEO WATERMARKING FOR ONLINE MEDIA STREAMING

GOOGLE LLC, Mountain Vie...

17. A Content Delivery Network (CDN), comprising:a memory configured to store:
a first media file that includes a plurality of first media file segments, a second media file as a copy of the first media file, the second media file includes a plurality of second media file segments, and
a manifest file; and
a processor configured to:
embed a first watermark with the plurality of first media file segments,
embed at least one second watermark with the plurality of second media file segments,
generate a plurality of addresses, each of the plurality of addresses referencing one of the plurality of first media file segments or one of the plurality of second media file segments,
generate the manifest file based on a portion of the plurality of first media file segments and a portion of the plurality of second media file segments, the manifest file including the plurality of addresses referencing one of the plurality of first media file segments or one of the plurality of second media file segments,
encrypt each of the plurality of addresses referencing one of the plurality of first media file segments or one of the plurality of second media file segments included in the manifest file,
receive an encrypted address referencing one of the plurality of first media file segments or one of the plurality of second media file segments,
decrypt the encrypted address,
select one of the plurality of first media file segments or one of the plurality of second media file segments using the decrypted address, and
communicate the one of the plurality of first media file segments or one of the plurality of second media file segments in response to receiving the encrypted address.

US Pat. No. 10,432,990

APPARATUS AND METHODS FOR CARRIER ALLOCATION IN A COMMUNICATIONS NETWORK

Time Warner Cable Enterpr...

1. A method of operating a computerized network controller apparatus in a digital content network to allocate radio frequency (RF) spectrum using at least a modulator apparatus, the method comprising:receiving, at a data communication interface of the computerized network controller apparatus, data identifying each of (i) a prioritized portion of the RF spectrum, and (ii) a non-prioritized portion of the RF spectrum;
receiving, at the data communication interface of the computerized network controller apparatus via the digital content network, data indicative of one or more user requests for content from one or more computerized user devices;
isolating the prioritized portion of the RF spectrum from a carrier selection algorithm operative to control the modulator apparatus, the carrier selection algorithm configured to allocate RF carriers for delivery of digital content based at least in part on the receipt of the data indicative of the one or more user requests for content;
causing utilization of the non-prioritized portion of the RF spectrum to dynamically service a first request of the one or more user requests for content, the first request corresponding to first digitally rendered content, the causing utilization of the non-prioritized portion of the spectrum based at least in part on a determination that the first digitally rendered content is not currently delivered on the prioritized portion of the RF spectrum; and
causing utilization of the prioritized portion of the RF spectrum to service a second request of the one or more user requests for content, the second request corresponding to second digitally rendered content, the prioritized portion of the spectrum not subject to allocation of RF carriers for delivery of the second digitally rendered content based on receipt of the data indicative of the one or more user requests for content.

US Pat. No. 10,432,989

TRANSMISSION APPARATUS, TRANSMISSION METHOD, RECEPTION APPARATUS, RECEIVING METHOD, AND PROGRAM

SATURN LICENSING LLC, Ne...

1. A transmission method comprising a step of delivering a Layered Coding Transport (LCT) packet including a portion and an LCT header, the portion being data including part of a fragment, whereinthe fragment includes:
a movie fragment (moof); and
a media data (mdat) including an mdat header and a sample group,
the moof includes BaseMediaDecodeTime representing a presentation time of a first sample of the mdat, and
the LCT header includes:
a sequence number representing a position of the fragment;
a version representing a position of the part of the fragment in the fragment;
a header extension portion including a Network Time Protocol (NTP) time representing the presentation time of the first sample of the mdat;
sample count start information representing a position of a first sample of the part of the fragment from a first sample of the fragment; and
a moof subset that is at least part of the moof.

US Pat. No. 10,432,988

LOW LATENCY WIRELESS VIRTUAL REALITY SYSTEMS AND METHODS

ATI TECHNOLOGIES ULC, Ma...

1. A method of processing Virtual Reality (VR) data, the method comprising:receiving user feedback information;
using one or more server processors to:
predict, based on the user feedback information, a user viewpoint of a next frame of a sequence of frames of video data to be displayed;
render a portion of the next frame of video data to be displayed using the prediction; and
encode the portion of the next frame of video data to be displayed; and
transmit the encoded and formatted portion of the next frame of video data to be displayed.

US Pat. No. 10,432,987

VIRTUALIZED AND AUTOMATED REAL TIME VIDEO PRODUCTION SYSTEM

Cisco Technology, Inc., ...

15. An apparatus comprising:at least one processor; and
at least one memory element storing data, which, when executed on the processor, performs an operation comprising:
receiving real-time metadata about a plurality of video streams;
receiving information associated with a directed stream, the information comprising a plurality of time segments defined by a director, wherein each respective time segment specifies a respective begin time and a respective end time, and identifies a respective video stream of the plurality of video streams selected, wherein the respective video stream was selected by the director for display in the directed stream during the respective time segment;
determining, based on the information, that the directed stream will display a first video stream during a first time segment;
generating a subsidiary stream for a first group of users by:
generating a first score for content included in the first video stream during the first time segment, based on real-time metadata associated with the first video stream and further based on a first set of rules associated with the first group of users;
generating a second score for content included in a second video stream during the first time segment, based on real-time metadata associated with the second video stream and further based on the first set of rules; and
upon determining that the second score is greater than the first score, outputting the second video stream in the subsidiary stream during the first time segment.

US Pat. No. 10,432,985

METHOD AND APPARATUS FOR GENERATING QUALITY ESTIMATORS

1. A method comprising:detecting, by a processing system comprising a processor, from an image pair comprising a first image and a second image, a first distortion type associated with the first image and a second distortion type associated with the second image, wherein the image pair is received from a server;
generating, by the processing system, a preference model according to the first distortion type and the second distortion type, wherein the preference model corresponds to a probability that the first image is preferred over the second image; and
providing, by the processing system, the preference model to the server, wherein the server distributes media content to viewer equipment, and wherein the media content is assigned distortion effects utilizing a selected distortion based on the preference model.

US Pat. No. 10,432,984

CONTEXT-SENSITIVE NOTIFICATION DISPLAY

DISH Ukraine L.L.C., Kha...

1. A method, comprising:receiving, by a television receiver, a packetized A/V stream comprising audio/video of particular programming content;
receiving, by the television receiver, a packetized metadata stream temporally synchronized to the particular programming content to indicate, for each of a plurality of intervals in time of the particular programming content, a respective parameter value corresponding to a viewer significance attributed to the interval in time of the particular programming content, such that the packetized metadata stream indicates a first parameter value for a first interval of the plurality of intervals in time and a second parameter value for a second interval of the plurality of intervals in time, the second interval not overlapping in time with the first interval, and the second parameter value being different from the first parameter value;
outputting, by the television receiver, the particular programming content for display by a presentation device in accordance with the packetized A/V stream;
monitoring, by the television receiver during the outputting, the packetized metadata stream to identify one of the plurality of intervals in time as corresponding to a presently displayed portion of the particular programming content, and to determine a present parameter value as the respective parameter value indicated by the packetized metadata stream for the identified one of the plurality of intervals in time;
detecting that the present parameter value is greater than or equal to a pre-defined and user-configurable threshold value; and
blocking, by the television receiver, output of a notification for display by the presentation device during the outputting of the particular programming content in response to the detecting.

US Pat. No. 10,432,983

LIVE VIDEO CLASSIFICATION AND PREVIEW SELECTION

Twitter, Inc., San Franc...

1. A computing device comprising:at least one processor; and
a non-transitory computer-readable medium having executable instructions stored thereon that, when executed by the at least one processor, are configured to:
for each of a plurality of live video streams available for viewing via a live video sharing platform:
obtain a portion of the live video stream, the portion being a segment generated by a streaming protocol,
assign the portion to a class using a video classifier, each class used in the video classifier having an associated tag indicating whether the class is preview-eligible or not preview-eligible, wherein a class with a preview-eligible tag has an associated percentage that represents rare occurrence within a statistically relevant sample of segments of live video streams, the percentage representing a quantity of segments in the sample that are classified into the class compared with a total quantity of segments in the sample,
determine, based on the tag for the class, whether the portion is preview-eligible, and
generate, responsive to determining that the portion is preview-eligible, a snippet of the live video stream using the portion, and
provide at least some of the snippets for display in a user interface, the snippets provided for display in the user interface being selectable and the user interface being configured to, responsive to a user selecting a first snippet of the snippets provided for display in the user interface, enable the user to join the live video stream corresponding to the first snippet.

US Pat. No. 10,432,982

ADAPTIVE BITRATE STREAMING LATENCY REDUCTION

ARRIS Enterprises LLC, S...

1. A method of transmitting media content, comprising:receiving an adaptive transport stream description at an HTTP streamer from a media preparation unit, the adaptive transport stream description describing media content available from the media preparation unit as one or more adaptive transport streams, wherein each of said one or more adaptive transport streams are continuous streams comprising a plurality of switchable segments each comprising one or more delivery chunks, the switchable segments being marked with segment boundary points and the delivery chunks being marked with chunk boundary points, wherein positions between each of said plurality of switchable segments are positions at which a client device can switch to a different one of said one or more adaptive transport streams;
publishing a playlist with said HTTP streamer listing identifiers for one or more of said plurality of switchable segments, the switchable segments including delivery chunks;
receiving said one or more adaptive transport streams into a memory buffer at said HTTP streamer from said media preparation unit;
receiving a request at said HTTP streamer from said client device for a particular switchable segment identified on said playlist to be received at a requested bit rate;
responding to said request in the HTTP streamer by processing the received one of more adaptive transport streams on the fly in real time by;
continuing receipt of delivery chunks of a switchable segment prior to the particular switchable segment until the delivery chunks reach a segment boundary point;
identifying boundary marks of the one or more chunks in only the particular switchable segment; and
transmitting the one or more delivery chunks from said particular switchable segment at the requested bit rate to said client device using HTTP chunked transfer encoding until a terminating segment boundary point is reached,
wherein each of said one or more delivery chunks are portions of the particular switchable segment that are independently decodable by said client device, such that said HTTP streamer is configured to begin sending delivery chunks from a requested switchable segment so that said client device begins decoding and rendering received delivery chunks when said HTTP streamer has not yet received additional ones of the switchable segments from said media preparation unit.

US Pat. No. 10,432,981

PROCESSING OF MULTIPLE MEDIA STREAMS

Sling Media L.L.C., Fost...

1. A system comprising a media studio including a processor and a memory, the memory storing instructions executable by the processor such that the processor is programmed to:receive one or more media input items, each from one of one or more media devices recording the media input items;
receive measurements, each for one of a plurality of quality parameters measuring picture quality for each of the media input items;
determine whether each measurement is within a range of acceptable measurements for the respective quality parameter;
transmit a warning to the media devices currently recording media input items that had at least one measurement outside the range of acceptable measurements for the respective quality parameter;
generate an aggregated media item that includes one or more of the media input items, the aggregated media item combining the one or more media input items for a common display;
for each media input item in a subset of the media input items that have each measurement within the respective range of acceptable measurements, generate a value based on the measurements for that media input item, wherein the aggregated media item includes the values corresponding respectively to the media input items; and
generate a media output item based at least in part on the subset, and further based at least in part on the measurements of the subset of media input items.

US Pat. No. 10,432,980

INHERITANCE IN SAMPLE ARRAY MULTITREE SUBDIVISION

GE VIDEO COMPRESSION, LLC...

1. A decoder for reconstructing an array of information samples encoded in a data stream and representing video information, the decoder comprising:an extractor configured for:
extracting, from the data stream, inheritance information associated with an inheritance coding block of the array of information samples, the inheritance information indicating as to whether inheritance is used, wherein the inheritance coding block corresponds to a first hierarchy level of a sequence of hierarchy levels and is composed of a set of coding sub-blocks, each of which corresponds to a second hierarchy level of the sequence of hierarchy levels, the first hierarchy level being indicated with a lower value than that of the second hierarchy level,
extracting, from the data stream if the inheritance is used with respect to the inheritance coding block, an inheritance subset associated with the inheritance coding block, the inheritance subset including at least one syntax element of a predetermined syntax element type, and
extracting, from the data stream, respective residual information associated with each of the set of coding sub-blocks; and
a predictor configured for:
copying the inheritance subset including the at least one syntax element into a set of syntax elements representing coding parameters used in an inter coding process corresponding to each of the set of coding sub-blocks,
determining, for each of the set of coding sub-blocks, a coding parameter used in the inter coding process associated with the corresponding coding sub-block based on the at least one syntax element, and
predicting a respective prediction signal for each of the set of coding sub-blocks based on the coding parameter determined for the coding sub-block,
wherein each of the set of coding sub-blocks is reconstructed based on the respective prediction signal and the respective residual information.

US Pat. No. 10,432,979

INHERITANCE IN SAMPLE ARRAY MULTITREE SUBDIVISION

GE VIDEO COMPRESSION LLC,...

1. A decoder for reconstructing an array of information samples representing a spatially sampled video information signal, which is subdivided into a multi-tree structure of leaf regions of different sizes by multi-tree subdivision, wherein the multi-tree structure is obtained using a primary sub-division and a sub-ordinate sub-division, such that a tree-root block of the primary sub-division is sub-divided leaf blocks of the primary sub-division which, in turn, form the tree-root blocks of the sub-ordinate sub-division, further sub-divided into leaf regions of the multi-tree structure, each leaf region of the multi-tree structure has associated therewith (a) a hierarchy level out of a sequence of hierarchy levels of the multi-tree subdivision, and (b) coding parameters, which are, for each leaf region, represented by a respective set of syntax elements, the decoder comprising:an extractor configured to extract from the data stream, using a processor, inheritance information indicating whether inheritance is used, and based on an indication from the inheritance information that inheritance is to be used, at least one inheritance region of the array of information samples which is spatially composed of a set of non-overlapping sub-regions, wherein each of the set of non-overlapping sub-regions has a same resolution as that of the at least one inheritance region,
wherein, responsive to the indication from the inheritance information that inheritance is to be used, the extractor is further configured to extract from the data stream, using the processor, at least one syntax element associated with the at least one inheritance region, the at least one syntax element including an intra-prediction mode syntax element,
wherein the decoder is configured to:
decode, in a residual decoding order, using the processor, a residual signal for each of the set of non-overlapping sub-regions,
copy, using the processor, the at least one syntax element associated with the at least one inheritance region as a corresponding syntax element associated with the respective non-overlapping sub-region,
obtain, in the residual decoding order, using the processor, a separate intra prediction signal for each of the set of non-overlapping sub-regions according to an intra-prediction mode indicated by the intra-prediction mode syntax element, and
reconstruct, using the processor, each of the set of non-overlapping sub-regions by adding the respective intra prediction signal and the respective residual signal.

US Pat. No. 10,432,978

INHERITANCE IN SAMPLE ARRAY MULTITREE SUBDIVISION

GE VIDEO COMPRESSION, LLC...

1. A decoder for reconstructing an array of spatially sampled video information encoded in a data stream, the decoder comprising:an extractor configured to:
extract, from the data stream, multi-tree structure information associated with the array and an inheritance syntax element, wherein
the multi-tree structure information specifies a primary subdivision associated with prediction coding of a video array and a subordinate subdivision associated with transform coding of the video array, and
the inheritance syntax element indicates whether inheritance is used, and if inheritance is used, an inheritance region of the prediction coding which includes a set of leaf regions of the transform coding obtained by sub-dividing the inheritance region via the sub-ordinate sub-division,
extract, from the data stream, a first intra-prediction mode syntax element and a second intra-prediction mode syntax element, wherein a type of the second intra-prediction mode syntax element depends on the first intra-prediction mode syntax element and the second intra-prediction mode syntax element represents an intra-prediction coding parameter used in an intra mode of the prediction coding associated with the inheritance region, and
copy the intra-prediction coding parameter associated with the inheritance region into a subset of coding parameters for each of the set of leaf regions of the transform coding;
a residual reconstructor configured to:
decode a respective residual signal for each of the set of leaf regions of the transform coding; and
a predictor configured to:
calculate a respective intra prediction signal for each of the set of leaf regions according to the intra mode of the prediction coding using the intra-prediction coding parameter copied from the inheritance region, and a reconstructed reference signal of already reconstructed neighboring leaf regions of the multi-tree structure,
wherein each of the set of leaf regions within the inheritance region is reconstructed by combining the respective intra prediction signal and the respective residual signal.

US Pat. No. 10,432,977

SIGNAL RESHAPING FOR HIGH DYNAMIC RANGE SIGNALS

Dobly Laboratories Licens...

1. A method to improve backward compatible decoding, the method comprising:accessing with a processor an image database;
computing first hue values in a first color space of the images in the image database;
computing second hue values in a second color space of the images in the database;
computing a hue rotation angle by minimizing a hue cost function, wherein the hue cost function is based on a difference measure of the first hue values and rotated second hue values;
generating based on the hue rotation angle a color-rotation matrix for color-rotating input images prior to encoding;
computing first saturation values of the images in the database in the first color space;
transforming the images in the database into the second color space to generate transformed images;
applying the color-rotation matrix to the transformed images to generate color-rotated images;
computing second saturation values of the color-rotated images;
computing a saturation scaler based on minimizing a saturation cost function, wherein the saturation cost function is based on a difference measure between the first saturation values and scaled second hue values; and
generating a scaling vector based on the saturation scaler.

US Pat. No. 10,432,976

IMAGE PROCESSING APPARATUS AND METHOD

VELOS MEDIA, LLC, Plano,...

1. An image processing apparatus comprising:a processor; and
a memory storing instructions that, when executed by the processor, cause the processor to:
decode, from encoded data, identification information indicating whether a non-compression mode has been selected in a coding unit, wherein the encoded data includes the coding unit and the identification information, the coding unit being formed by block partitioning a largest coding unit (LCU) into a plurality of coding units, whereing the block partitioning of the LCU includes recursively splitting the LCU into the plurality of coding units; and
decode the coding unint in the encoded data using the identification information by:
if the identification information indicates that the non-compression mode has not been selected in the coding unit, decoding the coding unit according to a first bit depth, and
if the identification information indicates that the non-compression mode has been selected in the coding unit, decoding the coding unit according to a second bit depth.

US Pat. No. 10,432,975

METHOD FOR ENCODING/DECODING IMAGE AND DEVICE FOR SAME

LG Electronics Inc., Seo...

1. A method for decoding an image, the method comprising:parsing a weight value (w) of a loop filter from a bit stream output from an encoder;
applying the loop filter to an image obtained using a predicted signal and a residual signal; and
generating one or more of a reconstructed image and a reference image by performing weighted sum of an image before the loop filter is applied and an image after the loop filter is applied, on the basis of the w,
wherein the reconstructed image is generated by adding an image before 1-w-applied loop filter is applied and an image after w-applied loop filter is applied.

US Pat. No. 10,432,974

METHODS AND APPARATUS TO PERFORM FRACTIONAL-PIXEL INTERPOLATION FILTERING FOR MEDIA CODING

Intel Corporation, Santa...

1. A method, comprising:applying a finite impulse response (FIR) filter to samples of a source signal to generate an array of values;
after applying the FIR filter, applying an infinite impulse response (IIR) filter to the array of the values to generate fractional-pixel interpolated values; and
at least one of storing the fractional-pixel interpolated values in an encoded video data structure, outputting the fractional-pixel interpolated values to a display interface, or using the fractional-pixel interpolated values as prediction data to encode a future frame.

US Pat. No. 10,432,973

CONSTRAINTS AND UNIT TYPES TO SIMPLIFY VIDEO RANDOM ACCESS

Microsoft Technology Lice...

1. A method, comprising:encoding a broken link access (BLA) picture;
encoding one or more leading pictures associated with the BLA picture; and
generating a bitstream that comprises the encoded BLA picture and the one or more encoded leading pictures, wherein the generating the bitstream further comprises generating in the bitstream explicit indications for each of the one or more encoded leading pictures indicating whether a respective leading picture is decodable or not decodable when pictures from before the BLA picture in decoding order are unavailable to a decoder.

US Pat. No. 10,432,972

GUIDED OFFSET CORRECTION FOR LOOP RESTORATION IN VIDEO CODING

GOOGLE LLC, Mountain Vie...

1. A method of reducing error in a reconstructed frame comprising pixels, the method comprising:classifying the pixels into available offset classes based on a classification scheme, wherein the classification scheme includes multiple classifications associated with respective pixel characteristics, and for a classification of the multiple classifications:
the classification has a respective plurality of classification classes; and
each of the plurality of classification classes of the classification is defined by respective ranges of values of a pixel characteristic associated with the classification, wherein the available offset classes into which the pixels may be classified are determined as respective combinations of classification classes of the multiple classifications, and
wherein classifying the pixels comprises:
assigning a pixel of the pixels to a respective classification class of at least two classifications of the multiple classifications based on values of the pixel and the respective ranges of values defining the plurality of classification classes of each of the at least two classifications; and
assigning the pixel to a single offset class of the available offset classes based on a combination of the classification classes of the at least two classifications to which the pixel is assigned;
for each offset class of those of the available offset classes that include pixels after the classifying:
determining an offset value for the offset class;
applying the offset value for the offset class to each pixel of the offset class resulting in offset-adjusted pixels of the offset class; and
determining, for the offset class, an error reduction in using the offset value for the offset class as compared to omitting the offset value for the offset class, the error reduction based on the pixels of the offset class in the reconstructed frame, the offset-adjusted pixels of the offset class, and co-located source pixels in a source frame decoded to generate the reconstructed frame; and
selecting, for reducing error in the reconstructed frame, a subset of those of the available offset classes that include pixels after the classifying based on the error reductions.

US Pat. No. 10,432,971

IMAGE DATA COMPRESSION AND DECOMPRESSION USING MINIMIZE SIZE MATRIX ALGORITHM

Sheffield Hallam Universi...

1. A data processing device comprising at least one data processor and a non-transitory computer readable medium coupled to the at least one data processor, the non-transitory computer readable medium storing instructions that when executed by the at least one data processor cause the at least one data processor to perform a process comprising:applying a discrete cosine (DCT) transformation to each of a plurality of non-overlapping pixel blocks which span a frame of image data to generate a set of DCT coefficients for each pixel block comprising a DC DCT coefficient and a plurality of AC DCT coefficients;
quantising each set of DCT coefficients to generate a set of quantised DC DCT coefficients and a set of quantised AC DCT coefficients;
forming a DC array from the set of quantised DC DCT coefficients;
forming an AC matrix from the set of quantised AC DCT coefficients;
forming a limited data array comprising elements having values corresponding only to each unique value of the elements of the AC matrix;
compressing the AC matrix by eliminating blocks of data of the AC matrix having only zero values and forming a reduced AC array from blocks of data of the AC matrix including non-zero values;
storing a position in the AC matrix of each block of data of the AC matrix including non-zero values in a location array;
generating a key using a maximum value of the elements of the reduced AC array, and wherein the key comprises a plurality of key components;
compressing the reduced AC array using the key to form a coded AC array, wherein a same number of elements of the reduced AC array as a number of key components are combined using the key to form a single element of the coded AC array;
arithmetically coding the DC array and the coded AC array to form arithmetically coded data; and
forming a compressed image file including the arithmetically coded data, storing the location array in a header of the compressed image file and storing the key and the limited data array.

US Pat. No. 10,432,970

SYSTEM AND METHOD FOR ENCODING 360° IMMERSIVE VIDEO

Telefonaktiebolaget LM Er...

1. A media preparation method, comprising:receiving a media input stream;
generating a plurality of bitrate representations of the media input stream, each bitrate representation having a separate video quality that is related to a quantization parameter (QP) value used for each bitrate representation;
encoding each bitrate representation into a first coded bitstream comprising a plurality of frames with a specific Group-of-Pictures (GOP) structure, wherein each GOP starts with an intra-coded (I) frame followed by a set of frames including at least one predictive-coded (P) frame; and
encoding each bitrate representation into a second coded bitstream comprising a plurality of frames with a GOP structure that has a size coextensive with a size of the GOP structure of the first coded bitstream, wherein each GOP of the second coded bitstream starts with an I-frame followed by a plurality of X-frames, each X-frame having a slice header of a P-frame and comprising blocks of only intra-coded data (I-blocks).

US Pat. No. 10,432,969

3D VIDEO DATA STREAM COMPRISING A VALUE TABLE ASSOCIATING REFERENCE VIEWS AND CAMERA PARAMETER IN TEMPORAL UNIT SCOPE AND BEYOND TEMPORAL UNIT SCOPE PARAMETER SETS AND AN ENCODER FOR ENCODING AND A DECODER FOR DECODING THE 3D VIDEO DATA STREAM

Fraunhofer-Gesellscaft zu...

1. A non-transitory computer-readable storage medium storing a 3D video data stream comprising:a set of coded views coded in the 3D video data stream in temporal units; and
a parameter set comprising a first table comprising an entry for each coded view, which comprises
a value indicating a count of a number of reference views,
for each coded view for which the count of the number of reference views exceeds zero,
a flag indicating whether, for each of the number of reference views of the respective coded view, a relative camera parameter associated with the respective reference view is present in the first table or within portions of the 3D video data stream not exceeding the scope of the temporal units,
for each of the number of reference views of the respective coded view,
an index indexing the respective reference view, and
if the flag indicates that, for each of the number of reference views of the respective coded view, the relative camera parameter associated with the respective reference view is present in the first table, the relative camera parameter associated with the respective reference view of the respective coded view,
wherein a scope of the parameter set is beyond the scope of the temporal units,
wherein the 3D video data stream further comprises, for each coded view for which the flag indicates that, for each of the number of reference views of the respective coded view, the relative camera parameter associated with the respective reference view is present within the portions of the 3D video data stream not exceeding the scope of the temporal units,
within each temporal unit encompassed by the scope of the parameter set,
a temporal unit scope parameter set for the respective coded view, the temporal unit scope parameter set comprising a second table comprising, for each of the number of reference views of the respective coded view, an associated entry comprising
the relative camera parameter associated with the reference view of the respective coded view indexed by the index indexing the respective reference view,
wherein the relative camera parameter comprises
a pair of scale and offset values to convert depth values of the associated reference view to disparity values between the coded view for which the relative camera parameter is present in the 3D video data stream and the reference view with which the relative camera parameter is associated.

US Pat. No. 10,432,968

METHOD AND APPARATUS FOR PERFORMING INTRA-PREDICTION USING ADAPTIVE FILTER

ELECTRONICS AND TELECOMMU...

1. A video decoding method, comprising:determining whether to apply a first filter to a reference pixel value of a current block based on at least one of an intra prediction mode of the current block and a size of the current block;
deriving a prediction value of the current block using the reference pixel value; and
determining whether to apply a second filter for the prediction value of the current block based on at least one of the intra prediction mode of the current block and the size of the current block, for thereby producing a filtered prediction value,
wherein the intra prediction mode of the current block is determined based on a Most Probable Mode (MPM),
wherein when the intra prediction mode of the current block is a DC mode, the filtered prediction value is generated by applying a 3-tap filter for an upper-leftmost pixel of the current block among prediction pixels of the current block and applying a 2-tap filter for remaining uppermost pixels and leftmost pixels except the upper-leftmost pixel among prediction pixels of the current block, and
wherein the 3-tap filter includes first and second filter coefficients corresponding to the reference pixel value and a third filter coefficient corresponding to the prediction value, wherein the third filter coefficient is 2 times larger than the first filter coefficient.

US Pat. No. 10,432,967

MULTIPLEX METHOD AND ASSOCIATED FUNCTIONAL DATA STRUCTURE FOR COMBINING DIGITAL VIDEO SIGNALS

1. A method for coding a set of at least two compressed digital images received from at least two video participants of a video conference in a multipoint control unit, wherein the compressed digital images are chronologically synchronous images of different chronological image sequences in different data sets of the at least two video participants and are divided into macroblocks of pixels coded with color value statements, including intraprediction macroblocks; wherein the coding occurs in an area which is divided into first areas, each of which is occupied by the said macroblocks of one of the compressed digital images, and a second area by which the first areas are spaced in parallel from each other, wherein the second area is occupied by pixels with a color value default for the intraprediction, to avoid decompression errors during intrapredictions, wherein all the pixels of the second area have this color value default and the second area in each case spaces apart two of the first areas in parallel by a distance corresponding to at least one of the quadratic macroblocks; the method comprising:compressing each of the images into at least a first data stream portion which comprises at least one portion of the macroblocks, said portion being reduced by at least physical redundancies for transmission of the compressed images to video conference participants as a compilation of the different chronologically synchronous images received from the at least two video participants, and a second data stream portion assigned to the first data stream portion, said second data stream portion describing the reduced physical redundancies,
wherein for each of the intraprediction macroblocks, the first data stream portion is reduced by color value statements with correlations to color values from at least one line of pixels which are arranged outside and on an edge of the intraprediction macroblock and for which the color value default is used in the case of pixels outside the compressed image, and the second data stream portion comprises intrapredictors to describe the correlations to the color values; and
wherein the color value default is a pre-selected color value that separates the first areas from the second area so that all pixels in the second area have a same color value for separation of the different digital images received from the at least two video participants that are compressed into the first data stream portion during the compressing of each of the images so that the first data stream portion is decompressible and decodable for displaying the at least two digital images of the compilation of the different chronologically synchronous images.

US Pat. No. 10,432,966

METHODS OF CONSTRAINED INTRA BLOCK COPY FOR REDUCING WORST CASE BANDWIDTH IN VIDEO CODING

MEDIATEK INC., Hsin-Chu ...

1. A method of video coding for video data, comprising:receiving input data associated with a current block in a current picture;
determining restricted prediction, wherein said determining the restricted prediction comprising disabling or disallowing selected prediction for one or more selected PU (prediction unit) sizes, PU prediction types or both; and
applying video coding to the current block using coding modes including IntraBC prediction (Intra Block Copy prediction) in accordance with the restricted prediction, wherein the selected prediction corresponds to the IntraBC prediction.

US Pat. No. 10,432,965

VIDEO-ENCODING METHOD AND VIDEO-ENCODING APPARATUS BASED ON ENCODING UNITS DETERMINED IN ACCORDANCE WITH A TREE STRUCTURE, AND VIDEO-DECODING METHOD AND VIDEO-DECODING APPARATUS BASED ON ENCODING UNITS DETERMINED IN ACCORDANCE WITH A TREE STRUCTURE

SAMSUNG ELECTRONICS CO., ...

1. An apparatus for decoding a video, the apparatus comprising:a receiver configured to receive a bitstream with respect to an encoded video; and
a decoder configured to extract, from the received bitstream, information about a size of a coding unit that is a data unit for decoding of a picture of the encoded video, a variable depth of the coding unit, split information and an encoding mode with respect to coding units having a tree structure of the picture, determine a maximum size of the coding unit based on the information about the size and the variable depth, split the picture into one or more maximum coding units based on the determined maximum size, determine the coding units having the tree structure based on the split information, and decode and reconstruct the picture based on the determined coding units based on the encoding mode, wherein a maximum coding unit, among the one or more maximum coding units, is hierarchically split into one or more coding units of depths including at least one of a current depth and a lower depth according to the split information, when the split information indicates a split for the current depth, a coding unit of the current depth is split into four coding units of the lower depth, independently from neighboring coding units, and when the split information indicates a non-split for the current depth, the coding unit of the current depth is split into one or more prediction units.

US Pat. No. 10,432,964

SIGNALING OF STATE INFORMATION FOR A DECODED PICTURE BUFFER AND REFERENCE PICTURE LISTS

Microsoft Technology Lice...

1. A computing system comprising a processor and memory, wherein the computing system implements a video decoder, and wherein the computing system is configured to perform operations comprising:receiving at least part of a bitstream;
parsing syntax elements from the bitstream, wherein the syntax elements represent long-term reference picture (“LTRP”) status information for a current picture among pictures of a sequence, wherein the LTRP status information for the current picture identifies which pictures, if any, are available for use as LTRPs for the current picture, the syntax elements including identifying information for a given LTRP in the LTRP status information for the current picture, and wherein the identifying information for the given LTRP is a value of picture order count least significant bits (“POC LSBs”), modulo a most significant bit wrapping point, for the given LTRP for the current picture; and
using the LTRP status information during decoding, wherein the value of the POC LSBs for the given LTRP, modulo the most significant bit wrapping point, is used to at least in part indicate a difference between POC values of the current picture and the given LTRP.

US Pat. No. 10,432,963

BIT DEPTH VARIABLE FOR HIGH PRECISION DATA IN WEIGHTED PREDICTION SYNTAX AND SEMANTICS

ARRIS Enterprises LLC, S...

1. A method for decoding a bitstream, the method comprising:identifying one or more weight flags signaled in the bitstream that indicates presence of weighting factors for at least one of a luma component and/or a chroma component;
determining a first weighting factor for performing weighted prediction for a current unit of a current picture the first weighting factor for weighting pixels of a first reference unit of a first reference picture when performing motion compensation for the current unit;
determining a second weighting factor for weighting pixels of a second reference unit of a second reference picture when performing motion compensation for the current unit,
wherein when weighting factors for a luma component is present:
determining from a signaled delta_luma_weight_l0 syntax a difference of the first weighting factor and the second weighting factor applied to a luma prediction value for list 0 prediction using a variable RefPicList0[i] for a first luma component, and
deriving a variable LumaWeightL0 associated with the luma component weighting factors, wherein when the one or more weight flags indicates presence of the weighting factor for a luma component, LumaWeightL0 is derived to be equal to (1?luma_log 2_weight_denom)+delta_luma_weight_l0 in a range of ?(1?(BitDepthy?1)), (1?(BitDepthy?1)?1, inclusive,
wherein luma_log 2_weight_denom is a base 2 logarithm of a denominator for all luma weighting factors, and BitDepthy is a bit depth for the luma component of the respective reference picture; and
wherein when weighting factors for a chroma component is present:
determining from a delta_chroma_weight_l0[i][j] syntax a difference of the first weighting factor and the second weighting factor applied to a chroma prediction value for list 0 prediction using a variable RefPicList0[i] with j equal to 0 for Cb or j equal to 1 for Cr for a second component; and
deriving a variable ChromaWeightL0 associated with the chroma component weighting factor, wherein when the one or more weight flags indicates presence of the weighting factor for a chroma component, ChromaWeightL0 is derived to be equal to ((1?(luma_log 2_weight_denom+delta_chroma_log 2_weight_denom))+delta_chroma_weight_l0, delta_chroma_weight_l0 in a range of ?(1?(BitDepthc?1)), (1?BitDepthc?1))?1, inclusive,
wherein delta_chroma_log 2_weight_denom is a difference of a base 2 logarithm of a denominator for all chroma weighting factors, and BitDepthc is a bit depth for the chroma component of the respective reference picture;
wherein the delta_chroma_weight_l0[i][j] syntax is within the range set by the first value, and
wherein the second component comprises a chroma component of the first reference unit or the second reference unit.

US Pat. No. 10,432,962

ACCURACY AND LOCAL SMOOTHNESS OF MOTION VECTOR FIELDS USING MOTION-MODEL FITTING

PIXELWORKS, INC., Portla...

1. A method of producing video data, comprising:receiving, at a processor, a current frame of image data in a stream of frames of image data;
dividing a current frame of image data into blocks;
identifying a current block and defining a neighborhood of blocks for the current block;
generating at least one initial motion vector for each block;
using the initial motion vector for current block and an initial motion model to calculate a weight for each initial motion vector in the neighborhood based on a difference between initial motion vector for the current block and the initial motion vector for at least one other block from the current block in the neighborhood and differences in the image data between the current block and the other blocks in the neighborhood;
using the weights for each initial motion vector to generate coefficients for a refined motion model;
refining the initial motion vector for the current block according to the refined motion model to produce a refined motion vector;
using the refined motion vector and the pixels in the stream of frames to produce at least one of adjusted pixels and new pixels; and
displaying the at least one of adjusted pixels and new pixels on a display.

US Pat. No. 10,432,961

VIDEO ENCODING OPTIMIZATION OF EXTENDED SPACES INCLUDING LAST STAGE PROCESSES

Apple Inc., Cupertino, C...

1. A video compression method, comprising:converting a video signal from a first format to a second format used by a video encoder;
combining a predicted video signal in the second format with the video signal in the second format to produce a residual video signal in the second format;
coding the residual video signal by the video encoder using selected coding parameters;
decoding the coded data that are output by the video encoder to produce decoded data in the second format;
filtering with a first input of the decoded data in the second format and a second input of the video signal in the first format, and producing filtered decoded data in the second format using both the first input and the second input;
storing the filtered decoded data in a decoded picture buffer; and
predicting the predicted video signal in the second format from the stored filtered decoded data in the decoded picture buffer.

US Pat. No. 10,432,960

OFFSET TEMPORAL MOTION VECTOR PREDICTOR (TMVP)

ARRIS Enterprises LLC, S...

1. A method of temporal motion vector prediction for inter block coding in High Efficiency Video Coding (HEVC) that relies on a block based translational model, the method comprising:designating a current prediction block as an area for motion compensation using HEVC where all the pixels inside the current prediction block perform identical translation temporally using either one or more motion vectors MVs;
deriving a coordinate offset for the current prediction block from the MVs of its spatially neighboring blocks;
defining an offset of a temporal motion vector predictor (TMVP) for the current prediction block as the MV of an offset block which is in the geometrical location of the current prediction block coordinate plus the coordinate offset in a specified temporal reference picture; and
using the offset TMVP to code MVs,
wherein the motion vectors of neighboring prediction blocks to the current prediction block are used to calculate the offset for the TMVP,
wherein the neighboring prediction blocks located in a first three positions in a merge candidate list for the current prediction block are used in calculating the offset for the TMVP, wherein the three neighboring prediction blocks comprise a left (L), an above (A), and an above-left (AL),
wherein with the three neighboring prediction blocks, the offset for the TMVP for the current prediction block is derived as median of motion vectors of these neighbors, as follows:
dx=median (Lx, ALx, Ax)
dy=median (Ly, ALy, Ay)
wherein Lx, ALx, Ax are the x component of motion vectors of Left neighbor, Above-left neighbor, and Above neighbor, respectively, and
wherein Ly, ALy, Ay are the y component of Left neighbor, Above-left neighbor, and Above neighbor, respectively.

US Pat. No. 10,432,959

SIGNALING HIGH DYNAMIC RANGE AND WIDE COLOR GAMUT CONTENT IN TRANSPORT STREAMS

ARRIS Enterprises LLC, S...

1. An apparatus for generating or receiving a transport stream including a program map table, the apparatus comprising:one or more processors including computer-readable instructions for generating a program map table that includes the following:
an elementary stream identifier indicating a particular elementary stream within a transport stream;
a High Efficiency Video Coding (HEVC) video descriptor signaling a syntax element using two bits for combining signaling of a presence or absence of both a high dynamic range (HDR) content and a wide color gamut (WCG) content in a single syntax element,
wherein the high dynamic range content and/or wide color gamut content is associated with an elementary stream based on the elementary stream identifier signaled in the program map table.

US Pat. No. 10,432,958

TILING IN VIDEO ENCODING AND DECODING

Dolby Laboratories Licens...

1. A method for decoding a video bitstream by a decoding apparatus, the method comprising:accessing a video picture in the bitstream that includes multiple pictures combined into a single picture, wherein the multiple pictures include a first picture from a first view, and a second picture from a second view;
accessing information in the bitstream indicating how the multiple pictures in the accessed video picture are combined, wherein the information indicates whether at least one of the pictures is individually flipped; and
decoding the video picture into decoded versions of the first picture and the second picture based on the accessed flipping information extracted from the bitstream.

US Pat. No. 10,432,957

TRANSMISSION DEVICE, TRANSMITTING METHOD, RECEPTION DEVICE, AND RECEIVING METHOD

Saturn Licensing LLC, Ne...

1. A transmission device comprising:circuitry configured to
generate a container in a format including identifying information and a video stream separately provided in the container, the video stream including encoded image data;
insert, into the video stream, auxiliary information for downscaling a spatial and/or temporal resolution of the image data;
set the identifying information included in the container to indicate that the video stream includes the auxiliary information for a decoder that does not support the spatial and/or temporal resolution of the image data, and
transmit the container, wherein
downscaling processing of the spatial and/or temporal resolution of the image data is applied, by a reception device which receives the container having the video stream and the identifying information and extracts the auxiliary information inserted into the video stream, to the image data according to the extracted auxiliary information for downscaling the spatial and/or temporal resolution of the image data to generate display image data having a desired resolution.

US Pat. No. 10,432,955

HIGH DYNAMIC RANGE ADAPTATION OPERATIONS AT A VIDEO DECODER

ARRIS Enterprises LLC, S...

1. A method of decoding a bitstream, comprising:receiving a bitstream compressed during encoding from a high-bit depth input in to a 10-bit 4:2:0 bitstream at a decoder;
decoding said bitstream with said decoder into color values and metadata items indicating information about adaptive post-processing operations to be performed by said decoder, said metadata including at least one of a color conversion, a transfer function, or a second color space conversion operation applied to the bitstream during encoding, said decoding including performing, with said decoder, one or more high dynamic range (HDR) adaptation operations on said color values based on said metadata items; and
reconstructing an HDR video from said color values by inverse quantization re-mapping the 10bit bitstream data, performing inverse perceptual normalization, and processing color components with an inverse color conversion, inverse transfer function, and inverse color conversion,
wherein said one or more HDR adaptation operations convert said color values into a format expected by said one or more fixed post-processing operations.

US Pat. No. 10,432,954

VIDEO ENCODER, VIDEO ENCODING SYSTEM AND VIDEO ENCODING METHOD

NVIDIA CORPORATION, Sant...

1. A video encoding system, comprising a controller, a first video encoder, a second video encoder, and a memory, where the video encoding system:divides a frame of an image into a predetermined number of predetermined portions, where the predetermined number of the predetermined portions is based on a number of a plurality of video encoders within the video encoding system;
sends, from the controller to a first video encoder of the plurality of video encoders, a command to encode a first predetermined portion of the frame of the image;
sends, from the controller to a second video encoder of the plurality of video encoders, a command to encode a second predetermined portion of the frame of the image separate from the first predetermined portion of the frame of the image;
retrieves from the memory, by the first video encoder, the first predetermined portion of the frame of the image;
retrieves from the memory, by the second video encoder, the second predetermined portion of the frame of the image;
encodes, by the first video encoder, the first predetermined portion of the frame of the image to create a first encoded portion of the frame of the image, wherein during the encoding of the first predetermined portion of the frame of the image by the first video encoder, a value of an image height and width register used by the first video encoder is set based on a height and width of the first predetermined portion of the frame of the image, and a value of a macro block (MB) position register used by the first video encoder is set based on a position of a macro block in the image;
encodes, by the second video encoder, the second predetermined portion of the frame of the image to create a second encoded portion of the frame of the image different from the first encoded portion of the frame of the image, wherein during the encoding of the second predetermined portion of the frame of the image by the second video encoder, a value of an image height and width register used by the second video encoder is set based on a height and width of the second predetermined portion of the frame of the image, and a value of a macro block (MB) position register used by the second video encoder is set based on the position of the macro block in the image;
writes, by the first video encoder, the first encoded portion of the frame of the image to the memory; and
writes, by the second video encoder, the second encoded portion of the frame of the image to the memory.

US Pat. No. 10,432,953

COMPRESSING IMAGES USING NEURAL NETWORKS

DeepMind Technologies Lim...

1. A method comprising:receiving an image;
processing the image using an encoder neural network, wherein the encoder neural network is configured to receive the image and to process the image to generate an output defining values of latent variables that each represent a feature of the image;
generating a lossy compressed representation of the image using a first number of the latent variables that is less than all of the latent variables that have values that are defined by the output;
providing the lossy compressed representation of the image for use in generating a reconstruction of the image; and
generating the reconstruction of the image from the lossy compressed representation of the image, comprising:
selecting a value of the latent variables that are not in the first number of latent variables randomly from a prior distribution; and
generating the reconstruction of the image by conditioning a generative neural network on the values of the first number of latent variables and the randomly selected values of the latent variables that are not in the first number of latent variables.

US Pat. No. 10,432,952

SYSTEM AND METHODS FOR FIXED-POINT APPROXIMATIONS IN DISPLAY STREAM COMPRESSION (DSC)

QUALCOMM Incorporated, S...

1. An apparatus for coding video data, comprising:a memory for storing the video data, the memory including a buffer; and
a hardware processor operationally coupled to the memory and configured to:
determine and store a scaling parameter based upon a total number of pixels within a slice of video data;
determine and store a data structure associating a plurality of input values with their reciprocal values;
receive the video data to be coded, the video data comprising at least one slice divided into a plurality of blocks;
determine a threshold value based upon the stored scaling parameter;
for a block of the slice to be coded, in response to a determination that a number of remaining pixels in the slice is less than the threshold value, update the scaling parameter and determine an updated threshold value based upon the scaling factor; and
perform one or more fixed-point approximation operations to determine a target rate for the block, based upon a reciprocal value associated with the number of remaining pixels scaled based upon the scaling factor, wherein the reciprocal value is determined using the stored data structure.

US Pat. No. 10,432,951

CONFORMANCE AND INOPERABILITY IMPROVEMENTS IN MULTI-LAYER VIDEO CODING

QUALCOMM Incorporated, S...

1. A method of processing video data comprising:receiving coded video data having a plurality of output operation points;
extracting a selected output operation point from the plurality of output operation points, the selected output operation point being a sub-bitstream of an entire bitstream;
performing a first bitstream conformance test on the selected output operation point when the selected output operation point corresponds to one of an entire bitstream with only the base layer to be output, and a temporal subset of the entire bitstream with only the base layer to be output, the first bitstream conformance test being based on a set of sequence-level hypothetical reference decoder (HRD) parameters in an active sequence parameter set (SPS) for a base layer, and one or more non-nested supplemental enhancement information (SEI) messages, wherein the non-nested SEI messages comprise one of decoding unit information (DUI), buffering period (BP), and picture timing (PT) SEI messages, and the non-nested SEI messages are directly included in an SEI network abstraction layer (NAL) unit,
performing a second bitstream conformance test on the selected output operation point when the selected output operation point corresponds to one of a layer set specified by a base video parameter set (VPS) of an active VPS and a temporal subset of the layer set with only the base layer to be output, the second bitstream conformance test being based on a set of sequence-level HRD parameters in the base VPS and directly nested SEI messages, and
performing a third bitstream conformance test on the selected output operation point when the selected output operation point corresponds to one of an output layer set (OLS) specified by a VPS extension of the active VPS and a temporal subset of the OLS, the third bitstream conformance test being based on a set of sequence-level HRD parameters in the active VPS and indirectly nested SEI messages; and
applying the indirectly nested SEI messages only when the selected output operation point corresponds to an OLS specified in the VPS extension, the indirectly nested SEI messages being one of BP, PT, and DUI SEI messages.

US Pat. No. 10,432,950

IMAGE ENCODING/DECODING METHOD AND DEVICE

Electronics and Telecommu...

1. A method for image decoding that supports a plurality of layers, the method being performed by a decoding apparatus and comprising:decoding a picture of a first layer which a picture of a second layer including a current decoding target block refers to;
mapping the picture of the first layer to a picture size of the second layer;
configuring a first reference picture list for the picture of the second layer by adding the mapped picture of the first layer to a first predetermined position in the first reference picture list;
configuring a second reference picture list for the picture of the second layer by adding the mapped picture of the first layer to a second predetermined position in the second reference picture list;
generating prediction samples of the current decoding target block by predicting the current decoding target block of the second layer based on the first reference picture list and the second reference picture list to generate a prediction block;
generating a residual block of the current decoding target block; and
reconstructing the current decoding target block based on the prediction block and the residual block,
wherein the first predetermined position is different from the second predetermined position, which is an end position in the second reference picture list.

US Pat. No. 10,432,949

IMAGE DECODING METHOD, IMAGE ENCODING METHOD, IMAGE DECODING APPARATUS, AND IMAGE ENCODING APPARATUS

PANASONIC CORPORATION, O...

1. An image decoding method comprising:decoding, from a bitstream, constraint tile information that indicates a prohibition of reference from a current tile, which is one of a plurality of tiles obtained by partitioning a picture, to another tile;
generating a prediction motion vector list that includes a plurality of prediction motion vector candidates and a plurality of prediction motion vector indices respectively corresponding to the plurality of prediction motion vector candidates;
decoding, from the bitstream, a prediction motion vector index for a current block included in the current tile and decoding the current block by using a prediction motion vector candidate specified by the decoded prediction motion vector index in the prediction motion vector list, and
wherein in the generating of the prediction motion vector list, when (i) the constraint tile information is decoded and (ii) the current block is located at an end of the current tile, the prediction motion vector list not including any temporal motion vectors, each of which refers to another picture which is different from a current picture in which the current block is included, is generated,
wherein the constraint tile information is decoded from a sequence header of the bitstream.

US Pat. No. 10,432,948

DETERMINING INTRA PREDICTION MODE OF IMAGE CODING UNIT AND IMAGE DECODING UNIT

SAMSUNG ELECTRONICS CO., ...

1. A method of decoding an image, the method comprising:obtaining first information that indicates an intra prediction mode of a luminance block from a bitstream;
obtaining second information that indicates an intra prediction mode of a chrominance block corresponding to the luminance block from the bitstream;
performing intra prediction on the luminance block based on the intra prediction mode of the luminance block; and
performing intra prediction on the chrominance block based on the intra prediction mode of the chrominance block,
wherein the intra prediction mode of the luminance block includes a particular direction among a plurality of directions and the particular direction is indicated by one of (i) dx number in a horizontal direction and a fixed number in a vertical direction, and (ii) dy number in the vertical direction and a fixed number in the horizontal direction,
wherein the dx number and the dy number are determined among {26, 21, 17, 13, 9, 5, 2, ?2, ?5, ?9, ?13, ?17, ?21, ?26} according to the intra prediction mode of the luminance block,
wherein the fixed number in the vertical direction and the fixed number in the horizontal direction are 2 5,
wherein the performing intra prediction on the luminance block comprising:
determining one of (i) a left neighboring pixel of a first previous luminance block adjacent to a left side of the luminance block and decoded prior to the luminance block and (ii) an up neighboring pixel of a second previous luminance block adjacent to an upper side of the luminance block and decoded prior to the current luminance block, the left neighboring pixel is determined based on j*dy>>5 and the up neighboring pixel is determined based on i*dx>>5, where a location of a current pixel of the luminance block is (j,i), where j and i are integers,
wherein, when the second information indicates that the intra prediction mode of the chrominance block is equal to the intra prediction mode of the luminance block, the intra prediction mode of the chrominance block is determined to be equal to the intra prediction mode of the luminance block,
wherein the image is split into a plurality of maximum coding units according to information about maximum size of a coding unit,
a maximum coding unit, of the plurality of maximum coding units, is hierarchically split into one or more coding units of depths including at least one of a current depth and a lower depth according to split information,
when the split information indicates a split for the current depth, a coding unit of the current depth is split into four coding units of the lower depth, independently from neighboring coding units, and
when the split information indicates a non-split for the current depth, one or more prediction units are obtained from the coding unit of the current depth based on a partition type of the coding unit.

US Pat. No. 10,432,947

METHOD AND APPARATUS FOR DECODING VIDEO, AND METHOD AND APPARATUS FOR CODING VIDEO

SAMSUNG ELECTRONICS CO., ...

1. A video decoding method comprising:determining neighboring pixels of a current block to be used for performing intra prediction on the current block;
acquiring, from a bitstream, information indicating one of a plurality of filtering methods used on the neighboring pixels;
selecting one of the plurality of filtering methods according to the acquired information;
filtering the neighboring pixels by using the selected filtering method; and
performing the intra prediction on the current block by using the filtered neighboring pixels,
wherein the plurality of filtering methods comprise a spatial domain filtering method and a frequency domain filtering method, wherein the spatial domain filtering method filters the neighboring pixels in a spatial domain, and the frequency domain filtering method filters the neighboring pixels in a frequency domain.

US Pat. No. 10,432,945

PROBABILITY UPDATE METHOD FOR BINARY ARITHMETIC CODING/DECODING, AND ENTROPY CODER/DECODER USING THE SAME

SAMSUNG ELECTRONICS CO., ...

1. A probability update method for binary arithmetic decoding, the method comprising:receiving a predetermined number of bins that are to be binary arithmetic decoded;
obtaining an autocorrelation value of each of the bins by using values of the received predetermined number of bins;
determining at least one scaling factor used to update a probability of a binary value based on the autocorrelation value;
updating a probability used in context-based adaptive binary arithmetic decoding by using the determined at least one scaling factor; and
arithmetic decoding a current bin by using the updated probability,
wherein the updating a probability comprises:
obtaining the updated probability by adding a first value and a second value, the first value being obtained by multiplying a value based on the at least one scaling factor by a probability of a previous bin, and the second value being obtained by multiplying the at least one scaling factor by a value of a current bin,
wherein when a value of the current bin is y (y is 0 or 1), a probability previous to the current bin is p(t?1) (t is an integer), the updated probability is p(t), and the at least one scaling factor is ?, the updated probability p(t) is obtained according to an equation P(t)=?y+(1??)*P(t?1).

US Pat. No. 10,432,943

SIGNALING COLOR VALUES FOR 3D LOOKUP TABLE FOR COLOR GAMUT SCALABILITY IN MULTI-LAYER VIDEO CODING

QUALCOMM Incorporated, S...

1. A method of decoding video data, the method comprising:determining a number of octants for each of three color components of a three-dimensional (3D) lookup table for color gamut scalability;
determining a quantization value for residual values of the color mapping coefficients;
for each of the octants for each of the color components, decoding color mapping coefficients for a linear color mapping function of color values in the 3D lookup table used to convert color data in a first color gamut for a lower layer of the video data to a second color gamut for a higher layer of the video data, wherein decoding the color mapping coefficients further comprises:
for each of the octants for each of the color components, decoding residual values of the color mapping coefficients;
inverse quantizing the residual values of the color mapping coefficients based on the determined quantization value; and
reconstructing the color mapping coefficients based on the decoded residual values and predicted values of the color mapping coefficients;
generating the 3D lookup table based on the number of octants for each of the color components and color values associated with the color mapping coefficients for each of the octants;
decoding residual data of video blocks of the video data; and
reconstructing the video blocks of the video data based on the decoded residual data and at least one reference picture generated using the 3D lookup table.

US Pat. No. 10,432,942

SIGNALING COLOR VALUES FOR 3D LOOKUP TABLE FOR COLOR GAMUT SCALABILITY IN MULTI-LAYER VIDEO CODING

QUALCOMM Incorporated, S...

1. A method of decoding video data, the method comprising:determining a number of octants for each of three color components of a three-dimensional (3D) lookup table for color gamut scalability;
for each of the octants for each of the color components, decoding color mapping coefficients for a linear color mapping function of color values in the 3D lookup table used to convert color data in a first color gamut for a lower layer of the video data to a second color gamut for a higher layer of the video data, wherein decoding the color mapping coefficients comprises, for a first one of the octants for each of the color components, decoding at least one coefficient of the color mapping coefficients based on a predicted value of the at least one coefficient of the color mapping coefficients, and wherein decoding the color mapping coefficients further comprises, for each remaining one of the octants for each of the color components, decoding the color mapping coefficients based on predicted values from at least one previously decoded octant;
generating the 3D lookup table based on the number of octants for each of the color components and color values associated with the color mapping coefficients for each of the octants;
decode residual data of video blocks of the video data; and
reconstruct the video blocks of the video data based on the decoded residual data and at least one reference picture generated using the 3D lookup table.

US Pat. No. 10,432,941

SIGNALING COLOR VALUES FOR 3D LOOKUP TABLE FOR COLOR GAMUT SCALABILITY IN MULTI-LAYER VIDEO CODING

QUALCOMM Incorporated, S...

1. A method of decoding video data, the method comprising:determining a number of octants for each of three color components of a three-dimensional (3D) lookup table for color gamut scalability;
for each of the octants for each of the color components, decoding color mapping coefficients for a linear color mapping function of color values in the 3D lookup table used to convert color data in a first color gamut for a lower layer of the video data to a second color gamut for a higher layer of the video data, wherein decoding the color mapping coefficients comprises, for a first one of the octants for each of the color components, decoding at least one coefficient of the color mapping coefficients based on a predicted value of the at least one coefficient of the color mapping coefficients, and wherein the at least one coefficient of the color mapping coefficients comprises a key coefficient that defines a weighting factor for the linear color mapping function between a same color component of the lower layer of the video data and the higher layer of the video data;
generating the 3D lookup table based on the number of octants for each of the color components and color values associated with the color mapping coefficients for each of the octants;
decoding residual data of video blocks of the video data; and
reconstructing the video blocks of the video data based on the decoded residual data and at least one reference picture generated using the 3D lookup table.

US Pat. No. 10,432,940

ENTROPY CODING OF MOTION VECTOR DIFFERENCES

GE VIDEO COMPRESSION, LLC...

1. A decoder for decoding a video encoded in a data stream, comprising:a desymbolizer configured to debinarize a binarization of a motion vector difference, the motion vector difference representing a prediction error between a motion vector used in motion-compensated prediction coding of the video and a prediction of the motion vector, wherein the binarization of the motion vector difference includes (a) a prefix bin string including a truncated unary code based on a cutoff value equal to two, wherein each bin of the truncated unary code indicates whether an absolute value of the motion vector difference is greater than a respective fixed value, and (b) a suffix bin string including an Exp-Golomb code having a fixed order set to one; and
a reconstructor configured to:
determine a set of motion vector predictors based on motion vectors of neighbors of a coding block in the video to which the motion vector difference belongs,
obtain, from the data stream, an index indicating a specific motion vector predictor of the set of motion vector predictors, reconstruct the motion vector based on a debinarized value of the motion vector difference and the specific motion vector predictor, and
reconstruct the coding block of the video based on the reconstructed motion vector.

US Pat. No. 10,432,939

ENTROPY CODING SUPPORTING MODE SWITCHING

GE VIDEO COMPRESSION, LLC...

1. A decoder for decoding a data stream including encoded data of a video, the decoder comprising:an entropy decoding engine configured to decode data from the data stream based on an entropy decoding scheme to obtain a sequence of symbols, wherein, with respect to at least one symbol of the sequence of symbols, the entropy decoding engine is configured to:
select a context corresponding to the at least one symbol, and
decode the at least one symbol using the selected context based on the entropy decoding scheme, wherein the entropy decoding includes updating a probability model associated with the selected context at one of a first update rate under a high-efficiency mode of entropy decoding and a second update rate, that is lower than the first update rate, under a low-complexity mode of entropy decoding;
a desymbolizer configured to desymbolize the sequence of symbols to obtain a sequence of syntax elements; and
a reconstructor configured to reconstruct at least a portion of the video based on the sequence of syntax elements.

US Pat. No. 10,432,938

METHOD AND DEVICE FOR VIDEO CODING AND DECODING

Huawei Technologies Co., ...

1. A video coding method comprising:dividing a picture to be encoded into several slices, each containing continuous blocks;
grouping the slices contained in the picture into one or more slice sets, each containing one or more of the slices; and
encoding slices in the slice sets according to slice and slice set division information to get a coded bit stream of the picture, wherein the information includes whether one or more slice set syntax elements are present in a current slice;
wherein when none of the slice set syntax elements is present in the current slice, using syntax set syntax elements for encoding the current slice that are
a) the same as any slice set syntax elements of a slice containing one or more slice set syntax elements that occurs before the current slice in a current slice set, or
b) the same as any slice set syntax elements of a first slice in the current slice set.

US Pat. No. 10,432,937

ADAPTIVE PRECISION AND QUANTIFICATION OF A WAVELET TRANSFORMED MATRIX

Jean-Claude Colin, Versa...

1. A method for compressing a digital image, comprising:a step for reducing an entropy of a component of said image, represented in a form of an original matrix (X), wherein:
said original matrix is transformed into a transformed matrix (T) using a wavelet transformation;
a respective quantisation coefficient corresponds to each detail matrix for each of plural detail matrices;
said wavelet transformation is calculated in fixed decimal point using a first number (D) of digits, wherein D?1, after the decimal point, for each wavelet level for which at least one of the quantisation coefficients corresponding to each of the detail matrices is strictly greater than 1, and
at the end of the processing of a wavelet level in fixed-decimal point numbers, values of an approximation matrix are transformed into integer numbers when each of the quantisation coefficients of each of the detail matrices of a subsequent wavelet level is equal to 1, and are kept in fixed-decimal point numbers in the contrary case.

US Pat. No. 10,432,936

APPARATUS AND METHODS FOR PERCEPTUAL QUANTIZATION PARAMETER (QP) WEIGHTING FOR DISPLAY STREAM COMPRESSION

QUALCOMM Incorporated, S...

1. An apparatus for coding video data using display stream compression, comprising:an encoder configured to code a current block of video data using the YCoCg color space comprising a luma channel, a chrominance orange (Co) channel, and a chrominance green (Cg) channel; and
a rate controller comprising a hardware processor, the rate controller configured to:
determine a luma quantization parameter (QP) for quantizing the luma channel of the current block of video data; and
based upon the determined luma QP, determine a Cg QP for quantizing the Cg channel of the current block of video data and a Co QP for quantizing the Co channel of the current block of video data, wherein the Cg QP and the Co QP are greater than the luma QP, and wherein the rate controller is configured to determine the Co QP such that the Co QP will always be greater than the Cg QP;
wherein the encoder is configured to encode the current block of video data based upon the determined luma QP, Co QP, and Cg QP to form a video data bitstream for display or transmission.

US Pat. No. 10,432,935

DATA ENCODING APPARATUS AND DATA ENCODING METHOD

SAMSUNG ELECTRONICS CO., ...

1. A data encoding apparatus, comprising:a memory storing computer-readable instructions; and
one or more processors configured to execute the computer-readable instructions such that the one or more processors are configured to,
receive first video data in a macroblock unit,
determine a first rounding offset value using the first video data,
create second video data by applying the first rounding offset value to the first video data,
determine a second rounding offset value, which is different from the first rounding offset value, using the second video data,
create a quantized coefficient by applying the second rounding offset value to the first video data,
determine the first rounding offset value depending on a prediction mode or a level value, and
determine the second rounding offset value using the number of data having a level value of 0 between first data and second data.

US Pat. No. 10,432,934

VIDEO ENCODING DEVICE AND VIDEO DECODING DEVICE

NEC Corporation, Tokyo (...

1. A video encoding device for dividing input video data into blocks of a predetermined size and applying quantization to each image block obtained by division, to perform a compression-encoding process, comprising:at least one processor configured to execute machine-readable instructions to implement:
a quantization step size encoding unit configured to encode a quantization step size for controlling granularity of the quantization;
a quantization step size downsampling unit configured to downsample one or more encoded quantization step sizes to generate a quantization step size representative value;
a quantization step size representative value storing unit configured to store the quantization step size representative values generated by the quantization step size downsampling unit;
a quantization step size downsampling control unit configured to control an operation of the quantization step size downsampling unit based on a predetermined operation parameter including at least one of a downsampling scale factor or information indicating a type of computation when generating the quantization step size representative value; and
a multiplexer configured to multiplex at least the operation parameter of the quantization step size downsampling unit, in a compression-encoded video bitstream,
wherein the quantization step size encoding unit is configured to predict the quantization step size using the quantization step size representative value.

US Pat. No. 10,432,933

IMAGE PROCESSING DEVICE, IMAGE PROCESSING METHOD, AND PROGRAM

Sony Corporation, Tokyo ...

1. An encoder for encoding an image signal comprising: processing circuitry configured toset, as a block setting process and in case that a condition that an operating mode requires resource efficiency higher than that of a normal mode, a depth of block division with more limited variety of pixel sizes of coding units than that of the normal mode;
perform cost calculation and divisional determination only with respect to coding units within the set depth; and
skip cost calculation and divisional determination with respect to coding units outside the set depth.

US Pat. No. 10,432,932

DIRECTIONAL DERINGING FILTERS

Mozilla Corporation, Mou...

1. A method for removing ringing artifacts from a coded image, the method comprising:receiving, by a processor, coded image data for an image that has undergone quantization;
dividing, by a processor, the received coded image data into a plurality of blocks;
identifying, by the processor, a direction for each block of the coded image data, the identifying comprising:
selecting a directional block, the directional block having the same number of pixels as the block and being divided into a plurality of pixel lines, the pixel lines having one of a set of at least four predetermined directions, the directional block having a constant value across each pixel line;
calculating a parameter related to a sum of a mean-square difference between a pixel value of each pixel of the block, each pixel having a location in the block, and the pixel average of pixels falling on a pixel line of the directional block that includes the location in the block of the corresponding pixel;
repeating the calculating the parameter for each of the set of at least four predetermined directions; and
selecting the direction of the set of at least four predetermined directions having a parameter value related to a minimum summed mean-square difference as the direction for the block;
applying a non-linear filter, by the processor, to each block of the coded image data, the non-linear filter for each block being based on the identified direction for the block, thereby transforming the blocks of the image into filtered blocks of the image, the nonlinear filter having a definition of:

 with a threshold function defined as

 and
storing, by the processor, the filtered blocks of the image in a data store.

US Pat. No. 10,432,931

METHOD FOR TIME-DEPENDENT VISUAL QUALITY ENCODING FOR BROADCAST SERVICES

INTEGRATED DEVICE TECHNOL...

1. A method for encoding a video signal, comprising the steps of:generating an encoded bitstream during a first time period associated with a first time of day by encoding each of a plurality of images in the video signal with a first encoding profile comprising multiple encoding passes in a circuit;
and
generating the encoded bitstream during a second time period associated with a second time of day by encoding each of the images using a second encoding profile comprising a single encoding pass in the circuit, wherein each encoding profile determines one or more resources configured to be applied to the images before generating the encoded bitstream.

US Pat. No. 10,432,930

MULTI-VIDEO DECODING WITH INPUT SWITCHING

Google LLC, Mountain Vie...

1. A method comprising:receiving, by one or more processors, a first bitstream that includes, in sequence, a first setoff comprising an intra-coded frame followed by an offset of predictive-coded frames and a first sequence of frames that represents a first video, wherein the first sequence of frames is divided into groups of frames that include a first predictive-coded frame followed by one or more second predictive-coded frames, and wherein the first predictive-coded frames are sub-divided into intra-coded units to simulate intra-coded frames;
receiving, by one or more processors, a second bitstream that includes, in sequence, a second setoff comprising of an intra-coded frame and a second sequence of frames that represents a second video, wherein the second sequence of frames is divided into groups of frames that include a third predictive-coded frame followed by one or more fourth predictive-coded frames, and wherein the third predictive-coded frames are sub-divided into intra-coded units to simulate intra-coded frames;
combining, by the one or more processors, the intra-coded frame of the first setoff with the intra-coded frame of the second setoff as a first output frame in a bitstream of output frames;
combining, by the one or more processors, one or more of the predictive-coded frames of the first setoff with respective predictive-coded frames of the second sequence of frames as second output frames that follow the first output frame in the bitstream of output frames such that the one or more predictive-coded frames of the first setoff delay the first sequence of frames relative to the second sequence of frames within the bitstream;
combining in sequence, by the one or more processors, the predictive-coded frames of the first sequence of frames with respective predictive-coded frames of the second sequence of frames as third output frames that follow the second output frames in the bitstream of output frames; and
sending, by one or more processors, the bitstream of output frames to a decoder.

US Pat. No. 10,432,928

USING A CURRENT PICTURE AS A REFERENCE FOR VIDEO CODING

Qualcomm Incorporated, S...

1. A method of encoding or decoding video data, the method comprising:storing, by a video coder and in a reference picture buffer, a set of reconstructed blocks of a current picture of the video data;
assigning an index value to the current picture in a reference picture list (RPL) used during prediction of blocks of the current picture;
determining that motion information of a current block of the current picture specifies the index value of the current picture in the reference picture list and a position of a reference block in the current picture, the reference block being a block among the set of reconstructed blocks of the current picture;
in response to the determination, forming a predictor block from the reference block among the set of reconstructed blocks of the current picture stored in the reference picture buffer; and
reconstructing, by the video coder and based on the RPL, pixel values of the current block of video data in the current picture based on a sum of residual pixel data and pixel values of the predictor block formed from the reference block among the set of reconstructed blocks of the current picture of video data.

US Pat. No. 10,432,927

3D TEST CHART, ADJUSTING ARRANGEMENT, FORMING METHOD AND ADJUSTING METHOD THEREOF

Ningbo Sunny Opotech Co.,...

1. A 3D test chart arrangement, comprising:a plurality of test chart layers arranged in a direction along a depth thereof, wherein each of said test chart layers is provided with at least one test pattern, wherein in the direction along the depth, each of said test pattern of one of said test chart layers does not overlap with other said test patterns of other said test chart layers, wherein set a as a parameter which represents a precision requirement for fitting a back focus of a photographic arrangement to be tested, set EFL as a parameter which represents a focal length, set h as a parameter which represent a position configuration of said 3D test chart, wherein h.sub.j represents a position of jth layer of said test chart layers, wherein a functional equation regarding a position configuration of said test chart layers is as follows: a=?((EFL*(?hj)/(EFL?hj)?(EFL*(?h)/(EFL?h))); and
a plurality of carriers which are overlappedly and spacedly aligned with each other, wherein said plurality of test chart layers are formed on said plurality of carriers respectively, wherein a distance between two of said plurality of carriers determines a distance between two of said plurality of test chart layers on said two of said plurality of carriers.

US Pat. No. 10,432,926

METHOD FOR TRANSMITTING CONTENTS AND ELECTRONIC DEVICE THEREOF

Samsung Electronics Co., ...

1. A data transmission method in an electronic device, the method comprising:receiving an input relating to data to be transmitted;
monitoring a state of the electronic device;
comparing the state of the electronic device to a pre-set transmission condition for preventing an excessive current consumption of the electronic device when transmitting the data;
determining whether the state of the electronic device satisfies the pre-set transmission condition;
transmitting the data when the state of the electronic device satisfies the pre-set transmission condition; and
refraining from transmitting the data when the state of the electronic device does not satisfy the pre-set transmission condition,
wherein the pre-set transmission condition comprises a camera module of the electronic device terminating,
wherein the transmitting of the data comprises:
determining a transceiver among a plurality of transceivers based on at least part of the monitoring result, and
transmitting at least part of the data through the determined transceiver, and
wherein the transceiver is selected on a basis of consuming less power than another transceiver.

US Pat. No. 10,432,925

LIGHT FIELD DISPLAY CONTROL METHODS AND APPARATUS, AND LIGHT FIELD DISPLAY DEVICES

BEIJING ZHIGU TECH CO., L...

1. A light field display control method, comprising:determining target pixel density distribution information, wherein determining the target pixel density distribution information comprises:
determining a first region of a light field image;
determining a first display region of a display, wherein determining the first display region in the display includes:
determining light field sub-image information corresponding to the first region in the light field image, and determining the first display region that affects displaying of the light field sub-image information; or
determining the first display region according to relative location information of pixels in the first region with respect to a reference point of the light field image; and
determining the target pixel density distribution information according to the first display region, wherein in the target pixel density distribution information, a target pixel density corresponding to the first display region is different from a target pixel density corresponding to a second display region, and the second display region is a display region of the display other than the first display region;
adjusting display pixel density distribution of a display of a light field display device according to the target pixel density distribution information, so that at least two display regions in the display of the light field display device after the adjustment have different display pixel densities;
performing sampling processing on the light field image according to location information of display pixels of the display of the light field display device after the adjustment; and
displaying, by the light field display device after the adjustment, the light field image undergone the sampling processing.

US Pat. No. 10,432,924

THREE-DIMENSIONAL DISPLAY DEVICE AND DRIVING METHOD THEREOF

BOE TECHNOLOGY GROUP CO.,...

1. A three-dimensional display device, comprising:a liquid crystal display panel; and
an electroluminescent display panel arranged under the liquid crystal display panel,
wherein the electroluminescent display panel comprises a plurality of first areas and a plurality of second areas, the plurality of first areas and the plurality of second areas are arranged in array and arranged alternately in row direction and column direction, under a three-dimensional display mode, the plurality of first areas are light emitting areas, the plurality of second areas are black areas, and the light emitting areas comprise repeatedly arranged R light emitting areas, G light emitting areas, B light emitting areas and X light emitting areas, and
wherein the liquid crystal display panel comprises a plurality of first sub-pixels arranged in array, at least every two first sub-pixels adjacent in row direction correspond to a first area, under the three-dimensional display mode, first sub-pixels corresponding to a same first area are used for providing gray scale information of different viewpoint images, and gray scales displayed by the first sub-pixels corresponding to the same first area are controlled to be different from each other to enable the three-dimensional display, wherein a central position of each first area overlaps with a central position of one of at least two corresponding first sub-pixels.

US Pat. No. 10,432,752

METHOD AND SYSTEM FOR MOBILE APPLICATIONS UPDATE IN THE CLOUD

International Business Ma...

1. A computer program product comprising a non-transitory computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on an information handling system, causes the system to update mobile device applications at one or more central servers by:establishing, at the one or more central servers, an application virtual machine representation of a first mobile device application installed on a mobile device;
updating the application virtual machine representation at the one or more central servers to perform software configuration, installation, upgrade, optimization, testing, or maintenance tasks on the application virtual machine representation without using computational resources at the mobile device; and
sending, to the mobile device that, one or more modules that were changed when updating the application virtual machine representation for integration into the first mobile device application installed on the mobile device.

US Pat. No. 10,432,719

SYSTEM AND METHOD FOR EFFICIENT VIRTUALIZATION IN LOSSLESS INTERCONNECTION NETWORKS

ORACLE INTERNATIONAL CORP...

1. A system for supporting efficient virtualization in a lossless interconnection network, comprising:one or more microprocessors;
a plurality of switches arranged in at least two levels, wherein each of the plurality of switches are associated with a linear forwarding table (LFT) of a plurality of LFTs;
a plurality of host channel adapters, wherein the plurality of host channel adapters are interconnected via the plurality of switches;
a plurality of hypervisors, wherein each of the plurality of hypervisors are associated with at least one host channel adapter of the plurality of host channel adapters; and
a plurality of virtual machines, wherein each virtual machine connects to a host channel adapter of the plurality of host channel adapters via a respective hypervisor;
wherein a virtual machine of the plurality of virtual machines performs a live migration from a first hypervisor at a first host channel adapter to a second hypervisor at a second host channel adapter, and wherein during the live migration, a local identifier (LID) of the virtual machine is updated; and
wherein, as a result of the migration of the virtual machine from the first host channel adapter to the second host channel adapter, a set of the plurality of LFTs are updated, the set of the plurality of LFTs being defined based upon a determination of a nearest common ancestor switch of the first host channel adapter and the second host channel adapter.

US Pat. No. 10,432,718

PREDICTIVE FILE SYNCHRONIZATION

INTERNATIONAL BUSINESS MA...

1. A method comprising:predicting from an input data of a user, at a time, using a processor and a memory of a computing device, wherein the input data comprises at least one from a group comprising a location of the user and an electronic message of the user, that the user will need to use a set of files during a future period, and wherein the predicting is responsive to a security setting in the data network changing to an undesirable value;
selecting from the set of files, a subset of files that are designated for synchronization with a remote storage over a data network;
computing a priority of a file in the subset according to a characteristic of the file in the subset; and
causing a synchronization operation to synchronize the subset of files in an order of priorities associated with the files in the subset.

US Pat. No. 10,432,717

SETUP SYNCHRONIZATION APPARATUS AND METHODS FOR END USER MEDICAL DEVICES

Ascensia Diabetes Care Ho...

1. An apparatus comprising:a controller including a memory;
a transceiver operatively coupled to the controller; and
a host computer interface operative to couple the controller to a host computer,
wherein the memory is operative to store instructions executable on the controller, the instructions adapted to cause the controller to:
scan for an advertising medical device using the transceiver,
establish a communications connection with a medical device advertising for synchronization, the medical device having a real-time clock, wherein the real-time clock is not running prior to the advertising for synchronization, and
transmit synchronization data to a medical device once a communication connection has been established.

US Pat. No. 10,432,716

METADATA SYNCHRONIZATION SYSTEM

Bank of America Corporati...

1. A method for metadata synchronization comprising:receiving, at a federated metadata repository, a plurality of metadata elements, said plurality of metadata element being transmitted from a plurality of applications, said plurality of applications being coupled to a plurality of application hubs;
receiving, at a governed metadata repository, a subset of the plurality of metadata elements, said subset of the plurality of metadata elements being entity-critical metadata elements, said entity-critical metadata elements comprising at least governed assets and relationships, each entity-critical metadata element including a six-part attribute key, each of said six-part attribute keys not being included in the plurality of metadata elements included in the federated metadata repository, each of said six-part attribute keys comprising a server name variable character attribute, a database/location variable character attribute, a schema name variable character attribute, a table/file name variable character attribute, a column/field name variable character attribute and an originating metadata repository number attribute;
crawling, via a crawler, the plurality of applications, to determine that each metadata element included in the plurality of metadata elements has been received at the federated metadata repository;
transmitting a first notification message to a first user in the event that a metadata element is not received at the federated metadata repository;
crawling, via the crawler, the federated metadata repository and the governed metadata repository to determine whether each metadata element that is included in both of the federated metadata repository and the governed metadata repository are identified using the same data type;
upon identification of a metadata element which is identified using one data type in the federated metadata repository and another data type in the governed metadata repository, conforming, via a processor, the data type of identified metadata element included in the federated metadata repository and the data type of the identified metadata element included in the governed metadata repository;
crawling further, via the crawler, the plurality of applications to identify an extinct metadata element in an application that is coupled to the federated metadata repository;
in response to the identifying of the extinct metadata element, removing, via the system, the extinct metadata element from the federated metadata repository; and
conforming, via the processor, the governed metadata repository to the federated metadata repository by removing further the extinct metadata element from the governed metadata repository.

US Pat. No. 10,432,715

ELECTRONIC APPARATUS, SYSTEM AND SYNCHRONIZATION METHOD

Toshiba Client Solutions ...

1. An electronic apparatus assigned with a first apparatus identifier, the electronic apparatus being able to be connected to a wearable sensing device, the electronic apparatus comprising:a non-volatile storage device comprising a data file that stores data sensed by the wearable sensing device; and
a processor that communicates with a server while performing synchronization of a backup file stored in the server and the data file, the server comprising a storage that stores the backup file of a first data file stored in the non-volatile storage device in the electronic apparatus and of a second data file stored in a second electronic apparatus assigned with a second apparatus identifier, a user identifier being assigned to at least one of the electronic apparatus or the second electronic apparatus, and the storage stores an apparatus file storing correspondence between the user identifier and at least one of the first apparatus identifier or the second apparatus identifier, wherein
the processor requests the server to transmit the at least one of the first apparatus identifier or the second apparatus identifier corresponding to the user identifier of a user of the wearable sensing device,
when the processor receives the first apparatus identifier and the second apparatus identifier corresponding to the user identifier, the processor synchronizes the data file stored in the non-volatile storage device and the backup file stored in the storage of the server by:
requesting the server transmit update data stored in the backup file which was updated by the second electronic apparatus after a last synchronization by the electronic apparatus,
receiving the update data transmitted from the server, and
updating the data file in the non-volatile storage device based on the update data.

US Pat. No. 10,432,714

DATA PROCESSING METHOD AND SYSTEM BASED ON ASYMMETRIC P2P NETWORK

TENCENT TECHNOLOGY (SHENZ...

1. A data processing system based on an asymmetric P2P network, comprising:a data server, configured to store a to-be-downloaded resource;
a computer terminal group, comprising at least one computer terminal, the at least one computer terminal communicated with the data server, and being configured to download the to-be-downloaded resource from the data server or another computer terminal in the computer terminal group;
a configuration server configured to store a control parameter that is set to a first control value or a second control value;
a directory server, and
a mobile terminal group, comprising a plurality of mobile terminals;
wherein each mobile terminal in the mobile terminal group is configured to:
establish a communication relationship with the data server, the computer terminal, and the configuration server;
download the to-be-downloaded resource from a computer terminal of the computer terminal group if the to-be-downloaded resource is available on the computer terminal;
download the to-be-downloaded resource from the data server if the to-be-downloaded resource is not available on any computer terminal of the computer terminal group;
read the control parameter from the configuration server;
after downloading the to-be-downloaded resource, in response to the control parameter being set to the second control value, upload download information of the mobile terminal to the directory server, the download information of the mobile terminal including address information of the mobile terminal and identity information of the to-be-downloaded resource acquired by the mobile terminal; and
after downloading the to-be-downloaded resource, in response to the control parameter being set to the first control value, avoid uploading the download information of the mobile terminal to the directory server.

US Pat. No. 10,432,713

APPLICATION AWARE INPUT/OUTPUT FENCING

Veritas Technologies LLC,...

1. A computer-implemented method comprising:determining a first weight assigned to a first application instance of a plurality of application instances and a second weight assigned to a second application instance of the plurality of application instances, wherein
each of the plurality of application instances is an instance of an application,
the first application instance is executed by a first node of a cluster of nodes, and
the second application instance is executed by a second node of the cluster of nodes; and
in response to detection of a network partition event, performing an application fencing operation, wherein
the network partition event results in partitioning of the cluster of nodes into at least a first sub-cluster and a second sub-cluster,
the first node is comprised in the first sub-cluster,
the second node is comprised in the second sub-cluster, and
the application fencing operation comprises
terminating one of the first application instance or the second application instance, wherein
the terminating is based, at least in part, on the first weight and the second weight, and
the terminating is performed without terminating either of the first node or the second node.

US Pat. No. 10,432,712

SYSTEM AND METHOD OF INJECTING STATES INTO MESSAGE ROUTING IN A DISTRIBUTED COMPUTING ENVIRONMENT

PTC Inc., Boston, MA (US...

1. A computer-implemented method of operating an intermediate server to load share authentication operations with a platform server, the method comprising:providing a platform server and a plurality of intermediate servers, wherein each of the plurality of intermediate servers connects and maintains a persistent connection to the platform server, and wherein the plurality of intermediate servers communicate and maintain a plurality of persistent connections with a plurality of edge servers;
receiving, by a port at an intermediate server among the plurality of intermediate servers, a service request from a given edge server of the plurality of edge servers over a first persistent connection, wherein the service request includes an identifier associated with an identification of a computing device connected to the given edge server;
determining, by a processor at the intermediate server, a state identifier based on the received identifier associated with the identification of the computing device, wherein the intermediate server maintains, in memory, the state identifier associated with an authentication exchange having been conducted between the computing device connected to the given edge server and the platform server;
inserting, by the processor at the intermediate server, the state identifier into the service request; and
transmitting, at the intermediate server, the service request to the platform server over a second persistent connection, wherein the service request is processed by the platform server subject to inclusion of the state identifier.

US Pat. No. 10,432,711

ADAPTIVE ENDPOINT SELECTION

Amazon Technologies, Inc....

1. A method for selecting, for a client device, a service endpoint from a plurality of service endpoints in a distributed system of a service provider, the method comprising:storing processing data for each of the plurality of service endpoints,
for at least a first service request from the client device, where a current history length is less than or equal to a threshold length, applying uniform random selection to select a first one of the plurality of service endpoints;
for at least a second service request from the client device, where the current history length for all of the plurality of service endpoints exceeds the threshold length:
calculating for each of the plurality of service endpoints and using the processing data:
a success rate based on a number of successfully processed requests from a plurality of received requests, wherein the success rate indicates a rate of success for the plurality of received requests;
an average latency based on latency associated with each of the successfully processed requests;
a latency score based on a minimum average latency and the average latency, wherein the minimum average latency is selected from the average latency for each of the plurality of service endpoints;
a raw score based on the latency score and the success rate; and
a selection weight based on the raw score and a balancing parameter, wherein the balancing parameter determines an extent to which the selection weight deviates, based on the processing data, from uniform weights across the plurality of service endpoints; and
selecting a second one of the plurality of service endpoints based on the selection weight; and
directing the first and second service requests to the first and second selected service endpoints respectively.

US Pat. No. 10,432,710

ANYCAST ROUTING TECHNIQUES IN A NETWORK

Level 3 Communications, L...

1. A method for servicing requests for content in a content delivery network (CDN), the method comprising:receiving, from a requesting device, a request for an Internet Protocol (IP) address for a content servicing device in the CDN;
obtaining an approximate geographic location of the requesting device based at least on the request for the IP address;
selecting a geographic-specific anycast IP address based at least on the approximate geographic location of the requesting device, the geographic-specific anycast IP address selected from a plurality of anycast IP addresses utilized in the CDN;
transmitting the geographic-specific anycast IP address to the requesting device, wherein the geographic-specific anycast IP address is associated with a first content servicing device; and
determining that the approximate geographic location of the requesting device is different from a geographic region of an end user device based on the end user device utilizing the geographic-specific anycast IP address to receive the content from a second content servicing device that is different from the first content servicing device.

US Pat. No. 10,432,709

LOAD BALANCING METHOD, LOAD BALANCING SYSTEM, LOAD BALANCING DEVICE AND TOPOLOGY REDUCTION METHOD

Industrial Technology Res...

1. A load balancing method, comprising:configuring a transmission progress value for each of a plurality of edge servers, and grouping the plurality of edge servers into a plurality of server groups, wherein the edge servers of each of the plurality of server groups provide one of a plurality of video streams, and each of the plurality of edge servers is grouped into at least one server group among the plurality of server groups;
receiving a download request corresponding to a first video stream among the plurality of video streams from a user device;
selecting a first server group from the plurality of server groups according to the download request, wherein the first server group provides the first video stream;
selecting one edge server having a minimum transmission progress value from the edge servers of the first server group as a first edge server to provide video data of the first video stream to the user device according to the transmission progress values of the edge servers of the first server group;
calculating an increment and accumulating the increment to the transmission progress value of the first edge server; and
redirecting the download request to the first edge server.

US Pat. No. 10,432,708

CONTENT DELIVERY NETWORK

Vimmi Communications Ltd....

1. A content delivery system, comprising:a distributed content delivery network (CDN) segmented to a plurality of segments, each of said plurality of segments comprising:
at least one edge server;
at least one access point providing access for at least one client device to said distributed CDN; and
a plurality of delivery servers deployed in said each segment to deliver content objects to said at least one client device;
wherein each respective edge server of each respective segment of said plurality of segments comprising at least one processor for executing a code of at least one management agent, said code comprising:
code instructions to monitor continuously a plurality of delivery servers deployed in said respective segment to update constantly a first content record locally stored by said respective edge server and listing a plurality of content objects, each of said plurality of content objects is associated in said first content record with at least one availability parameter indicative of availability of said each content object from at least one of said plurality of delivery servers deployed in said respective segment,
code instructions to receive, through said at least one access point, a content request from said at least one client device to retrieve at least one requested content object of said plurality of content objects,
code instructions to select, according to an analysis of said at least one availability parameter associated with said at least one requested content object in said first content record, a preferred delivery server from said plurality of delivery servers deployed in said respective segment to provide said at least one requested content object to said at least one client device, and
code instructions to provide an internet protocol (IP) address of said preferred delivery server to said at least one client device, and
wherein said preferred delivery server comprising at least one processor for executing a code of at least one delivery agent, said code comprising:
code instructions to monitor continuously said plurality of delivery servers deployed in said respective segment to update constantly a second content record locally stored by the preferred delivery server,
code instructions to receives said content request from said at least one client device which uses said IP address to establish a transmission session with said preferred delivery server to retrieve said at least one requested content object, and
code instructions to provide said at least one requested content object to said at least one client device such that in case said at least one requested content object is not stored locally by said preferred delivery server said preferred delivery server fetches said at least one requested content object from at least another one of said plurality of delivery servers, said at least another one delivery server is identified according to an analysis of said second content record.

US Pat. No. 10,432,707

OPTIMIZATION OF INTEGRATION FLOWS IN CLOUD ENVIRONMENTS

International Business Ma...

1. A method for efficiently determining computer resource allocation, the method comprising:monitoring an integration flow, the integration flow including a route, one or more nodes, and one or more secure connectors, wherein the one or more nodes and the one or more secure connectors are computing resources in a shared pool of configurable computing resources;
receiving a first message;
receiving a central processing unit (CPU) serialization load, the CPU serialization load comprising a set of processing data, the set of processing data reflecting the amount of a CPU processing load required to serialize and deserialize the first message on-premise;
receiving a first threshold of the CPU processing load of the first message, wherein the first threshold is a ratio of serialization load to CPU processing load of the first message;
determining that the set of processing data is below the first threshold, comprising:
determining the serialization load of the first message;
determining the CPU processing load of the first message;
determining the ratio of serialization load to CPU processing load; and
comparing the ratio of serialization load to CPU processing load to the first threshold;
identifying, based on the determining, a processing location of the integration flow at a second node of the one or more nodes, wherein the second node is hosted on a public cloud; and
transmitting, for processing, the first message to the second node.

US Pat. No. 10,432,706

LOW-LATENCY HIGH-THROUGHPUT SCALABLE DATA CACHING

ENGINE MEDIA LLC, Prince...

1. A system comprising:a first data source comprising a processor and a first memory, the first data source connected to a first data cache over a network, wherein the first data source is located in a same geographical region as the first data cache, and wherein the first data source stores a plurality of data entries selected based on a first geolocation of the first data source;
a master data source connected to the first data source over the network;
a second memory storing the first data cache; and
a load balancer service and a data cache service executing on one or more processors communicatively coupled with the memory to:
receive, by the load balancer service, a first request from a client device based on the client device being located in a second geolocation in close proximity to the first geolocation of the first data source;
request, by the load balancer service, a first data entry associated with the first request from the data cache service, wherein the first data entry is available from the master data source;
determine, by the data cache service, that the first data entry is unavailable in both the first data cache and the first data source; and
responsive to determining that the first data entry is unavailable, reject, by the load balancer service, the first request, wherein the first data source retrieves the first data entry from the master data source after the first request is rejected.

US Pat. No. 10,432,704

TRANSLATION OF MESSAGES USING SENSOR-SPECIFIC AND UNIFIED PROTOCOLS

SAP SE, Walldorf (DE)

1. A method, comprising: receiving, at a load balancer, a first message from a first sensor to a backend application server, the first message in a first sensor-specific protocol, and the first message including a message handler name of a message handler that is to handle a payload of the first message;identifying, by the load balancer, the first sensor-specific protocol of the first message; translating, by the load balancer, the first message from the first sensor-specific protocol to a second message in a unified protocol associated with the backend application server; and transmitting, by the load balancer, the second message in the unified protocol to the backend application server for processing by a backend application server application;
receiving the second message at a message broker;
extracting, from the second message and by the message broker, the message handler name;
determining, by the message handler, that the backend server application provides a message handler named with the message handler name; in response to determining that the backend server application provides a message handler named with the message handler name, providing a payload of the second message to the backend server application;
receiving, by the load balancer, a third message, in the unified protocol, from the backend application server application, wherein the third message has a first topic, is targeted to sensors subscribed to the first topic, and has a retain flag set wherein the load balancer automatically sends the third message to new sensors that subscribe to the first topic after the third message is sent in response to the new sensors subscribing to the first topic;
determining, by the load balancer, that the first sensor has subscribed to the first topic;
in response to determining that the first sensor has subscribed to the first topic: performing, by the load balancer, a first translation of the third message, from the unified protocol to the first sensor-specific protocol, to create a fourth message; and sending, by the load balancer, the fourth message to the first sensor; after receiving the third message, receiving, at the load balancer, a subscription request for the first topic from a second sensor, the subscription request in a second sensor-specific protocol that is a different protocol than the first sensor-specific protocol and the unified protocol; determining, by the load balancer, that the third message has the retain flag set and has not been sent to the second sensor; and in response to determining that the third message has the retain flag set and has not been sent to the second sensor:
performing, by the load balancer, a second translation of the third message, from the unified protocol to the second sensor-specific protocol, to create a fifth message; and transmitting, by the load balancer, the fifth message to the second sensor.

US Pat. No. 10,432,703

ON-DEMAND SESSION UPGRADE IN A COORDINATION SERVICE

Facebook, Inc., Menlo Pa...

1. A method comprising:receiving, at a server in a group of servers and from a client device, a request for executing a transaction by the server;
determining, at the server, a type of the transaction as a first transaction type or a second transaction type;
responsive to a determination that the transaction is of the first transaction type, creating or using, by the server, an existing local session between the server and the client device for executing the transaction, wherein the transaction of the first transaction type does not require the local session to be kept track of by at least a majority of the servers in the group;
responsive to a determination that the transaction is of the second transaction type, converting, by the server, the existing local session to a global session between the client device and the server, wherein:
the existing local session is associated with a prior transaction that is of the first transaction type and is separate from the transaction, and
the transaction of the second transaction type requires the global session to be kept track of by at least a majority of the servers in the group for executing in the group, wherein converting the existing local session includes:
informing the servers in the group about the existing local session,
requesting, by the server, a leader server in the group to obtain a vote of the majority of the servers in the group to create an ephemeral node at the server using the global session, the ephemeral node representing the transaction of the second transaction type,
forwarding, by the leader server to the server, the vote to create the ephemeral node, and
creating, at the server and by the client device in response to receiving the vote, the ephemeral node, wherein the ephemeral node contains data required for the execution of the transaction of the second transaction type, and wherein the ephemeral node is stored in each server of the group of servers for a lifetime of the global session between the server and the client device; and
executing, at the server, the transaction in the group, wherein the executing includes: using the ephemeral node for discovering, based on metadata published by multiple services, a location of one or more of the multiple services executing in a distributed computing system.

US Pat. No. 10,432,702

SEPARATED DEVICE DETECTION ARCHITECTURE

Wells Fargo Bank, N.A., ...

1. A method for responding to a content retrieval request at a server, the method comprising:receiving the content retrieval request from a computing device;
detecting, at a device aware controller, a device capability of the computing device;
setting, at the device aware controller, a rule boundary for the content retrieval request based on the at least one device capability;
forwarding the content retrieval request with the rule boundary to a device agnostic controller;
receiving from the device agnostic controller at the device aware controller, data corresponding to the content retrieval request with the rule boundary applied; and
providing the data with the rule boundary applied to the computing device for presentation on the computing device.

US Pat. No. 10,432,701

DELIVERY OF INSTRUCTIONS IN HOST APPLICATIONS

Tealium Inc., San Diego,...

1. A method comprising:under control of a physical user computing device:
executing a host application comprising a first tag library, the first tag library configured to track interaction data indicative of end user interactions with the physical user computing device, wherein the first tag library comprises first content configured to being presented on the physical user computing device;
receiving a second tag library comprising modified content, wherein the modified content is different from the first content;
before recompiling the host application, constructing a tag object from the second tag library comprising the modified content; and
executing the tag object, wherein executing the tag object comprises:
causing presentation of the modified content instead of the first content on the physical user computing device.

US Pat. No. 10,432,700

CONVERSATION CONNECTED VISUALIZATION OF ITEMS BASED ON A USER CREATED LIST

Microsoft Technology Lice...

1. A method to provide conversation connected visualization of items based on a user created list, the method comprising:automatically extracting a list of items from a communication based on one of:
analysis of textual content entered into a body of the communication using natural language processing, and
receipt of one of a bulleted list and a numbered list entered into the body of the communication;
determining, with a processor of a computing device, a plurality of connections between the items on the list;
analyzing the items on the list to determine a type of each of the items on the list;
automatically generating, with the processor, a visualization of the items and the plurality of connections based on the type of each of the items on the list;
providing, with the processor, one or more prompts to allow a user to define or characterize the items;
associating the visualization with a conversation that includes the communication; and
providing the visualization to be displayed by a client application in conjunction with the conversation.

US Pat. No. 10,432,699

CROWD-SOURCED OPERATIONAL METRIC ANALYSIS OF VIRTUAL APPLIANCES

VMware, Inc., Palo Alto,...

21. A system for performing an operational metric analysis for a virtual appliance comprising:a processor; and
a memory storing program code, which, when executed on the processor, performs the operational metric analysis for the virtual appliance, comprising:
obtaining application operational data from a plurality of instances of the virtual appliance by identifying one or more operational features that are relevant an operational metric of the virtual appliance using an entropy-based model, wherein the entropy-based model is based upon a measure of how much information is obtained about the operational metric through the one or more operational features and the entropy-based model selects the one or more operational features by identifying a plurality of operational features for which a mutual information calculation between an operational feature and the operational metric is greater than one;
generating an operational metric prediction for the virtual appliance based on the application operational data;
determining a confidence factor in the operational metric prediction for the virtual appliance;
injecting the operational metric prediction for the virtual appliance in metadata of the virtual appliance; and
allocating resources for each instance of a second plurality of instances of the virtual appliance based on the operational metric prediction and the confidence factor for the virtual appliance in response to provisioning the second plurality of instances of the virtual appliance subsequent to the plurality of instances, wherein the resources comprise at least one of a processor resource, memory resource and network resource.

US Pat. No. 10,432,698

INFORMATION PROCESSING METHOD, APPARATUS, TERMINAL, AND SERVER

TENCENT TECHNOLOGY (SHENZ...

1. An information processing method performed at a first terminal having a processor and memory for storing one or more programs to be executed by the processor, the method comprising:after an exclusive binding relationship is established at a remote server between a webpage extraction application running on the first terminal and a user account of an instant messaging application running on a second mobile terminal:
displaying, by the first terminal, a webpage in a web browser running on the first terminal, wherein the webpage extraction application is located in the web browser;
detecting, by the first terminal, a predefined user operation on the webpage extraction application running on the first terminal to transmit the webpage currently displayed in the web browser on the first terminal to the second mobile terminal through the remote server, wherein the webpage includes a plurality of images;
in response to detecting the predefined user operation:
extracting, by the first terminal, an identifier of the webpage and address information of the plurality of images in the webpage that satisfy a side length threshold; and
sending, by the first terminal, the identifier of the webpage and the address information of the images that satisfy the side length threshold to the remote server, wherein the remote server, in a sequence, sends an information transmission prompt message corresponding to the document identifier to the second mobile terminal for display to a user of the second mobile terminal, receives an information transmission instruction message generated by the user of the second mobile terminal, forwards the identifier and the address information of the images that satisfy the side length threshold to the second mobile terminal and returns an information transmission notification message to the first terminal;
receiving, by the first terminal, the information transmission notification message from the remote server;
in response to receiving the information transmission notification message, generating, by the first terminal, an information sharing prompt message, the information sharing prompt message identifying a total number of webpages the webpage extraction application at the first terminal has shared with the instant messaging application at the second mobile terminal through the remote server during a predefined time period; and
sending, by the first terminal, the information sharing prompt message to the second mobile terminal through the remote server for display on the second mobile terminal.

US Pat. No. 10,432,697

METHOD AND SYSTEM FOR RE-DEPLOYING METADATA AND ASSOCIATED DATA FROM A SOURCE ORGANIZATION TO A DESTINATION ORGANIZATION

salesforce.com, inc., Sa...

1. A method for re-deploying metadata and data from a source organization of a first tenant of a multi-tenant database system to a destination organization of a second tenant of the multi-tenant database system that is different than the source organization, the method comprising:selecting, via a user system, metadata that is to be retrieved from the source organization;
automatically creating, via a metadata engine that executes at one or more hardware-based processors, a manifest file that comprises the selected metadata that is to be retrieved from the source organization;
storing the manifest file at a secure file storage where it is securely stored for re-deployment to the destination organization;
automatically retrieving, via a data engine that executes at one or more other hardware-based processors, data associated with the selected metadata, wherein the selected metadata and the data associated with the selected metadata collectively make up an application, wherein the selected metadata comprises: customized content of the source organization; and wherein the data comprises: records held by an object;
re-deploying, in response to an input from the user system, the manifest file of the selected metadata to the destination organization that is different than the source organization; and
re-deploying, via a data engine that executes at one or more other hardware-based processors, the data associated with the selected metadata to the destination organization that is different than the source organization,
wherein each organization has a unique identifier (ID) that defines a logical space provided to a particular tenant of the multi-tenant database system and represents data of that particular tenant so that data of that particular tenant data is separate from data of all other tenants of the multi-tenant data base system, and
wherein redeploying, via the data engine that executes at the one or more other hardware-based processors, the data comprises: automatically reconstructing, at the data engine when the manifest file has been re-deployed, relationships amongst the data that has been successfully migrated to the destination organization and a new identifier that is associated with the data at the destination organization.

US Pat. No. 10,432,696

TRANSMITTING APPARATUS, TRANSMITTING METHOD, RECEIVING APPARATUS, RECEIVING METHOD, PROGRAM, AND CONTENT DISTRIBUTION SYSTEM

Saturn Licensing LLC, Ne...

1. A receiving apparatus, comprising:receiving circuitry configured to receive content transmitted over the Internet, the content including streaming content from a content distribution server;
sending circuitry configured to
generate a manifest file corresponding to the content and indicating a quality of the received content, and
send the manifest file to a transmitting apparatus;
relaying circuitry configured to relay the content to a different receiving apparatus over the Internet; and
manifest file acquiring circuitry configured to acquire another manifest file that is distributed from the transmitting apparatus and that is generated by the different receiving apparatus,
wherein the manifest file is distributed to the different receiving apparatus, from the transmitting apparatus, over the Internet when the transmitting apparatus receives a request to transmit the manifest file from the different receiving apparatus over the Internet, and
wherein the manifest file is distributed to the different receiving apparatus, from the transmitting apparatus, by on-air broadcast different from the Internet, when the transmitting apparatus does not receive the request to transmit the manifest file from the different receiving apparatus over the Internet.

US Pat. No. 10,432,695

MEDIA APPLICATION BACKGROUNDING

GOOGLE LLC, Mountain Vie...

1. A method comprising:providing, by a first application executed by a processing device in a computing device, a playback of a media item received from a content platform, wherein the media item comprises a video portion and an audio portion, and wherein the playback of the video portion occurs on a display device of the computing device;
in response to the first application entering a background state during the playback of the media item, stopping the playback of the video portion on the display device while continuing to provide the playback of the audio portion while the first application is in the background state by sending a request to the content platform to continue sending the audio portion without sending the video portion; and
in response to the first application entering a foreground state during the playback of the audio portion without the playback of the video portion, resuming the playback of the video portion, wherein resuming comprises coordinating synchronization of the playback of the video portion with the playback of the audio portion that continued to be provided while the first application was in the background state.

US Pat. No. 10,432,694

METHOD FOR LOADING A WEB PAGE AT A USER EQUIPMENT, IN A TELECOMMUNICATION NETWORK, AND AN INTERNET PROTOCOL, IP, ACCESS POINT SERVER AS WELL AS A USER EQUIPMENT ARRANGED FOR OPERATION IN THE TELECOMMUNICATION NETWORK

TELEFONAKTIEBOLAGET LM ER...

1. A method for loading a web page at a web page requester, in a telecommunication network, the telecommunication network comprising an Internet Protocol (IP) access point server and a web server hosting the web page, the method comprising:receiving a request, by the IP access point server and from the web page requester, for loading the web page;
determining, by the IP access point server, that the web page qualifies for web page loading policy handling;
retrieving from the web server, by the IP access point server and in response to the request, web page markup data relating to the web page;
providing, by the IP access point server and to the web page requester, the web page markup data and policy handling information relating to the web page loading policy handling; and
processing, by the IP access point server, subsequent requests from the web page requester in accordance with the provided policy handling information for retrieving content at a web server for loading the web page.

US Pat. No. 10,432,693

SYSTEM, METHOD AND COMPUTER PROGRAM FOR SIGNING AND DEDICATING INFORMATION OBJECTS

SYNGRAFII INC., Toronto ...

1. A computer network implemented method of applying a personalization to electronic objects, the method comprising:receiving or accessing, by a computer device, a queue of electronic objects associated with a user;
determining, by the computer device, a recipient of an electronic object in the queue of electronic objects and accessing a profile data of the recipient in a database, wherein the profile data comprises a data item representing a historical interaction between the user and the recipient;
displaying the historical interaction to the user in connection with an online event involving both the user and the recipient;
displaying the profile data of the recipient to the user for generation of a signature or dedication associated with the electronic object;
generating, by a signature utility, the signature or dedication based on input received from the user;
applying the signature or dedication to the electronic object;
generating a biometric record associated with the electronic object, for validation that the generated signature or dedication is associated with the user; and
generating an encrypted unique identifier associated with the electronic object, for validation of the electronic object to which the generated signature or dedication is associated.

US Pat. No. 10,432,692

STREAMING WITH COORDINATION OF VIDEO ORIENTATION (CVO)

INTEL CORPORATION, Santa...

1. An apparatus of a client operable to receive streaming content from a server, the apparatus comprising one or more processors and memory configured to:signal, at the client, a device capability exchange message for transmission to the server, wherein the device capability exchange message indicates that the client is not an orientation-aware terminal; and
process, at the client, streaming content received from the server, wherein a rendering orientation of the streaming content is corrected for misalignment at the server prior to delivery of the streaming content to the client when the device capability exchange message indicates that the client is not an orientation-aware terminal.

US Pat. No. 10,432,691

METHODS AND NODES FOR TRANSMISSION OF A SYNCHRONOUS DATA OVER PACKET DATA NETWORK

Transmode Systems AB, St...

1. Method performed by a system of a communications network for transmission of a synchronous data stream having a bitrate determined by a clock frequency, over an asynchronous packet data network between a transmitter node and a receiver node, comprising:packaging, by the transmitter node, the synchronous data stream into data packets, wherein the size of the data packet payload is varied, such that the clock frequency of the synchronous data stream of a synchronous communications unit is indicated,
transmitting, by the transmitter node, the data packets onto the asynchronous packet data network with a fixed packet rate defined by a first clock frequency which corresponds to the average distance in time between two consecutive data packets transmitted onto the asynchronous packet data network, which is independent of the bitrate of the synchronous data stream,
receiving, by the receiver node, the data packets from the asynchronous packet data network,
detecting, by the receiver node, the fixed packet rate, and based on the fixed packet rate,
regenerating, by the receiver node, the first clock frequency by detection of a distance in time between two consecutive data packets received from the asynchronous packet data network, and reading, by the receiver node, data of the received data packets with a second clock frequency, which second clock frequency is adapted such that the amount of data stacked at the receiver node is more or less constant.

US Pat. No. 10,432,688

SYSTEM AND METHOD FOR OPTIMIZED DELIVERY OF LIVE ABR MEDIA

TELEFONAKTIEBOLAGET LM ER...

1. A method for providing live adaptive bitrate (ABR) video to a client at a premises, comprising:receiving, in a multicast stream, RTP packets containing an aggregate manifest for a channel and RTP packets containing adaptive bitrate (ABR) transport stream (TS) packets for the channel and identifying an ABR fragment to which the TS packets belong; and
when all RTP packets for a given ABR fragment have been received, de-packetizing the TS packets from the RTP packets in sequence order to reassemble the ABR fragment and caching the ABR fragment for delivery as requested to an ABR client on the premises.

US Pat. No. 10,432,687

BIOMETRIC MASKING

Cisco Technology, Inc., ...

1. An apparatus comprising:a camera configured to:
capture sample video data during a setup period when a user becomes a participant of a video conference, wherein the sample video data is not transmitted to other participants of the video conference; and
capture video data of the participant during the video conference;
an input/output module to transmit data to and receive data from a video conference server hosting the video conference;
processing circuitry; and
a biometric detection and obfuscation application configured to derive baseline data from the sample video data, the biometric detection and obfuscation application comprising at least one of:
a pulse masker to be executed by the processing circuitry and operative to detect and obfuscate facial coloration of the participant in the video data that is indicative of a pulse rate of the participant, the facial coloration being detected based on a comparison of the video data to the baseline data;
an expression and respiration masker to be executed by the processing circuitry and operative to detect and obfuscate a micro-expression and/or a respiration rate for the participant in the video data, the micro-expression and/or the respiration rate being detected based on a comparison of the video data to the baseline data; and
a pupil masker to be executed by the processing circuitry and operative to detect and obfuscate a pupil size change and/or a pupil movement in the video data for the participant, the pupil size change and/or a pupil movement being detected based on a comparison of the video data to the baseline data.

US Pat. No. 10,432,686

STREAMING MEDIA FILE MANAGEMENT

Amazon Technologies, Inc....

1. A method comprising:receiving, by a processing device of a media player, a portion of a streaming media file, the streaming media file comprising a first fragment comprising a first fragment-level metadata portion and first fragment media data;
downloading, by the processing device at a first bitrate, a first sub-portion of the first fragment-level metadata portion, wherein the first sub-portion of the first fragment-level metadata portion comprises a first track fragment run portion;
parsing, by the processing device, the first sub-portion of the first fragment-level metadata portion to identify a first fragment-level metadata portion size;
parsing, by the processing device, the first track fragment run portion to identify a first fragment media data size;
calculating, by the processing device, a first fragment size based on the first fragment-level metadata portion size and the first fragment media data size; and
performing, by the processing device, a download operation based on the first fragment size, wherein the download operation comprises at least one of:
canceling a current download of the first fragment in view of a determination that the first fragment size exceeds a current available download bandwidth,
continuing the current download of the first fragment at the first bitrate,
downloading a second fragment of the streaming media file at a second bitrate that is higher than the first bitrate, or
downloading the second fragment at a second bitrate that is lower than the first bitrate.

US Pat. No. 10,432,685

LIMITING KEY REQUEST RATES FOR STREAMING MEDIA

Brightcove, Inc., Boston...

1. A method comprising:maintaining, at a digital key-provider service, a series of digital keys corresponding to a series of portions of streaming media and statistics of digital key requests for each requestor-id of a plurality of requestor-ids, wherein a requester can access a portion of a streaming media item by submitting, to a media server, a key corresponding to the portion of streaming media;
receiving from a first client, at the key-providing service, a first key request for a first key needed to play a first portion of a streaming media item; and
in response to receiving the first key request, the key-providing service performing the steps of:
determining that the first key request includes a first requestor-id;
retrieving first statistics maintained for the first requestor-id;
wherein the first statistics include first rate information that reflects a current key-request rate associated with the first requestor-id;
updating the current key-request rate to indicate receipt of the first key request;
based at least in part on a comparison of the current key-request rate to a maximum key-request rate, determining whether to:
provide the first key to the first client without taking remedial action, or take remedial action;
responsive to determining to provide the first key to the first client without taking remedial action, providing the first key to the first client without taking remedial action; and
responsive to determining to take remedial action, taking remedial action.

US Pat. No. 10,432,684

PROCESSING FILES FROM A MOBILE DEVICE

MICROSOFT TECHNOLOGY LICE...

1. A method comprising:selecting, by a mobile device, a file stored on a computing device that is separate from the mobile device; and
providing, by the mobile device, the selected file stored on the computing device to a display device that is separate from the computing device and from the mobile device, to depict the selected file stored on the computing device, including submitting, by the mobile device, one or more commands to the computing device to cause the computing device to transmit the selected file to the display device for display, where there is no requirement that the display device and the computing device be in proximity of each other, that the display device and the mobile device be in proximity of each other, or that the computing device and the mobile device be in proximity of each other.

US Pat. No. 10,432,682

METHOD AND SYSTEM OF REDIRECTING STREAMING CONTENT OVER A COMMUNICATION NETWORK

TEJAS NETWORKS LIMITED, ...

1. A method of redirecting streaming content from one user equipment to other available precise user equipment from a lookup server over a communication network, the method comprising:registering a plurality of User Equipment (UE) and a server with at least one lookup server, wherein the plurality of User Equipment comprises a first User Equipment (UE) and at least one second User Equipment (UE), each of the first UE, the at least one second UE and the server are tagged individually with a unique identifier, and wherein each unique identifier is associated with a physical address;
sourcing a content onto the first UE, wherein the first UE requests the lookup server for the physical address, matching with the physical address associated with the unique identifier of the server, wherein a session ID is assigned to a session, established on sourcing the content;
checking periodically integrity of the connection between the plurality of UE and the lookup server;
triggering, upon notification, to identify transfer of some or all content at the first UE to an available second UE from the at least one second UE, wherein triggering to identify the transfer of the some or all content from the first UE to the available second UE is at a rendezvous point, wherein the rendezvous point facilitates in restoring connection by changing the sourcing of the content from one server to other server that is registered with the lookup server; and
redirecting the transfer of the content of the server from the first UE to the available second UE in the established session, wherein the redirection is based on the unique identifier of the server comprising the content.

US Pat. No. 10,432,680

SYSTEM TIME FREQUENCY AND TIME INFORMATION

SONY CORPORATION, Tokyo ...

1. A method of a reception apparatus for receiving transmission frames, the method comprising:receiving, by circuitry of the reception apparatus, the transmission frames, each of the transmission frames including a bootstrap, a preamble, and a payload; and
determining, by the circuitry, an absolute point of time at which a first symbol of the bootstrap in one of the transmission frames was transmitted based on first time information included in the preamble of the one of the transmission frames, wherein
the one of the transmission frames is included in a plurality of transmission frames, and
the one of the transmission frames is the only transmission frame of the plurality of transmission frames that includes the first time information.

US Pat. No. 10,432,678

MULTIPARTY REAL-TIME COMMUNICATIONS SUPPORT OVER INFORMATION-CENTRIC NETWORKING

Cisco Technology, Inc., ...

1. A method, comprising:creating, at a conference server, a manifest for a conferencing event in a network, the manifest being created when the conferencing event is initiated;
adding a name tag identifying the conferencing event to the manifest;
activating the manifest to start the conferencing event, wherein activating the manifest enables the manifest to be read and updated;
receiving, at the conference server, an interest packet including one or more parameters indicating a named flow for the conferencing event being produced at a source node;
adding content metadata of the named flow to the manifest; and
sending the manifest to the source node to allow the source node to publish the named flow for the conferencing event.

US Pat. No. 10,432,675

COLLISION PREVENTION IN SECURE CONNECTION ESTABLISHMENT

Microsoft Technology Lice...

1. A method for reducing failed secure connections in a network, by preventing collisions by increasing acceptance of secure connection requests during pendency of other network secure connection requests, the method comprising:a network node X sending an X-to-Y secure connection request toward a network node Y;
network node X receiving a Y-to-X secure connection request from network node Y while the X-to-Y secure connection request sent by network node X is pending, namely, after network node X has sent the X-to-Y secure connection request and before network node X has received from network node Y and processed a response to the X-to-Y secure connection request and a maximum predetermined time that network node X will wait for that response has not elapsed;
network node X sending toward network node Y an acceptance of the Y-to-X secure connection request, instead of network node X rejecting the Y-to-X secure connection request because the X-to-Y secure connection request is still pending;
network node X communicating with network node Y to establish a security association between network node X and network node Y, the security association based at least partially on information in the Y-to-X secure connection request, wherein the method is further characterized in at least one of the following ways:
the X-to-Y secure connection request is part of a first INIT phase, namely, an INIT phase in which network node X operates as Initiator and network node Y operates as Responder under a node X Internet Key Exchange protocol implementation, and wherein the Y-to-X secure connection request is part of a second INIT phase, namely, an INIT phase in which network node Y operates as Initiator and network node X operates as Responder under a node Y Internet Key Exchange protocol implementation; or
the X-to-Y secure connection request is part of a first AUTH phase, namely, an AUTH phase in which network node X operates as Initiator and network node Y operates as Responder under a node X Internet Key Exchange protocol implementation, and wherein the Y-to-X secure connection request is part of a second AUTH phase, namely, an AUTH phase in which network node Y operates as Initiator and network node X operates as Responder under a node Y Internet Key Exchange protocol implementation.

US Pat. No. 10,432,673

IN-CHANNEL EVENT PROCESSING FOR NETWORK AGNOSTIC MOBILE APPLICATIONS IN CLOUD BASED SECURITY SYSTEMS

Zscaler, Inc., San Jose,...

1. A method implemented in a mobile device communicatively coupled to a cloud based security system, the method for detecting and processing in-channel events associated with a network agnostic mobile application, the method comprising:intercepting outgoing data from the network agnostic mobile application at a tunnel interface on the mobile device configured to relay the outgoing data to the cloud based security system, wherein the intercepting is via a virtual tunnel interface with a default route thereto in a device routing table and with open listening ports for User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) traffic;
monitoring the outgoing data for network transactions from the network agnostic mobile application to maintain a context of the network transactions and intended responses for every request;
transmitting the outgoing data from the tunnel interface to the cloud based security system, wherein the transmitting comprises swapping packet source and destination addresses and replacing a destination port to one of the listening ports based on an associated packet protocol; and
receiving a response from the cloud based security system responsive to the outgoing data and processing any deviation from the intended responses including generating a notification for display on the mobile device.

US Pat. No. 10,432,671

DYNAMIC POLICY INJECTION AND ACCESS VISUALIZATION FOR THREAT DETECTION

1. A system comprising:one or more processors and non-transitory machine readable storage medium;
program instructions to monitor one or more live information flows, wherein the live information flows include flows of data from a plurality of sources to a plurality of destinations;
program instructions to provide a user interface that includes a plurality of buckets, wherein each bucket is associated with a different enforcement action and each bucket displays a total number of enforcement policies presently triggered in real-time that include the associated enforcement action;
program instructions to determine an occurrence of a security event within the one or more live information flows based on a trigger of an enforcement policy, wherein the enforcement policy includes a specification of a source, a destination, and an enforcement action, and when the data within the one or more live information flows matches at least the source and the destination of the enforcement policy, the enforcement policy is triggered and the enforcement action is applied; and
program instructions to update the user interface to reflect the occurrence of the security event by: (i) identifying a bucket from the plurality of buckets that is associated with the enforcement action applied by the enforcement policy, and (ii) increasing the total number of enforcement policies presently triggered in real-time by the enforcement action and displayed within the identified bucket,
wherein the program instructions are stored on the non-transitory machine readable storage medium for execution by the one or more processors.

US Pat. No. 10,432,670

SYSTEMS AND METHODS FOR NETWORK SECURITY MEMORY REDUCTION VIA DISTRIBUTED RULESETS

Fortress Cyber Security, ...

1. A method for providing distributed rule sets for network security appliances, comprising:generating, by a management server, from a rule database comprising a plurality of packet processing rules, a first rule set for a first security appliance by:
adding, to the first rule set, a first subset of the packet processing rules consisting of packet processing rules identified in the rule database as mandatory,
determining that a storage size of the first rule set is below a threshold, and
adding, to the first rule set, a second subset of the packet processing rules consisting of packet processing rules not identified in the rule database as mandatory, responsive to the determination that the storage size of the first rule set is below the threshold;
generating, by the management server, a second rule set for a second security appliance by:
adding, to the second rule set, the first subset of the packet processing rules,
determining that a storage size of the second rule set is below the threshold, and
adding, to the second rule set, a third subset of the packet processing rules consisting of packet processing rules not identified in the rule database as mandatory, responsive to the determination that the storage size of the second rule set is below the threshold and responsive to addition of the second subset of the packet processing rules to the first rule set, the third subset different from the second subset; and
transmitting, by the management server, the first rule set to the first security appliance and the second rule set to the second security appliance.

US Pat. No. 10,432,669

SECURITY APPLIANCE TO MONITOR NETWORKED COMPUTING ENVIRONMENT

Palo Alto Networks, Inc.,...

1. A method for evaluating a software defined infrastructure, comprising:retrieving configuration and operational information associated with the software defined infrastructure by a security appliance;
extracting selective information from the retrieved configuration and operational information by the security appliance;
storing extracted selective information in a plurality of data store;
evaluating selectively stored information for compliance to a policy, by the security appliance; and
generating a report based on the evaluation,
wherein, configuration and operational information includes information related to asset configuration, audit event and network communication associated with the software defined infrastructure; and
wherein the generated report includes a message component, a network query component and an event query component, wherein the message component includes a textual description of a violation, wherein the network query component is configured to submit a query to the security appliance to retrieve associated network flow information related to the violation, and wherein the event query component is configured to submit a query to the security appliance to retrieve associated audit events related to the violation.

US Pat. No. 10,432,666

METHOD AND APPARATUS FOR ASSOCIATING DATA LOSS PROTECTION (DLP) POLICIES WITH ENDPOINTS

Sailpoint Technology Hold...

1. A method of policy management in a data loss prevention (DLP) system, comprising:defining a policy model that associates a user with one or more endpoints, the user being associated with at least one role or group;
determining a set of policies for an endpoint in the DLP system using an identity of the user that is associated with the endpoint and a list of roles or groups for the user; and
determining a set of endpoints for distribution of a policy by generating an endpoint set, the endpoint set for the policy generated by the following sub-steps:
for each role or group that is a target of the policy, identifying each user associated with the role or group;
for each user associated with the role or group, identifying a list of one or more endpoints with which the user is associated; and
adding the one or more endpoints from the list into the endpoint set, wherein at least one of the determining steps is performed using a computer program executing in a hardware element;
generating a policy distribution list that includes the endpoint set associated with one or more policies for distribution to the endpoints; and
distributing each policy included in the distribution list to the endpoints identified in its associated endpoint set.

US Pat. No. 10,432,665

CREATING, MANAGING AND DEPLOYING DECEPTIONS ON MOBILE DEVICES

ILLUSIVE NETWORKS LTD., ...

4. A method for managing attacker incidents on a mobile device, comprising:instructing, by a deception management server, a mobile device manager (MDM) to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization;
in response to said instructing running, by the MDM, a dedicated agent on the mobile device;
registering, by the dedicated agent, the mobile device and its current deceptions state with the deception management server;
receiving, by the dedicated agent from the deception management server, a list of deceptions to install in the mobile device;
installing, by the dedicated agent, the deceptions in the received list in the mobile device, wherein the received deceptions include data leading to a trap server;
attempting, by an attacker, to use deceptive data installed in the mobile phone, to connect to a service;
in response to said attempting, triggering an incident in the trap server;
notifying, by the trap server, the deception management server, that an incident has occurred;
further instructing the MDM, by the deception management server, to run forensics on the mobile device;
in response to said further instructing, running by the MDM, forensics on the mobile device; and
transmitting forensic data, by a forensics collector in the dedicated agent, to the deception management server.

US Pat. No. 10,432,664

SYSTEMS AND METHODS FOR IDENTIFYING ILLEGITIMATE ACTIVITIES BASED ON GRAPH-BASED DISTANCE METRICS

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:generating, by a computing system, a bipartite node graph comprising a plurality of user account nodes, a plurality of edge nodes, and a plurality of connections connecting the plurality of user account nodes to the plurality of edge nodes, wherein each edge node of the plurality of edge nodes represents an edge connecting to at least two user account nodes of the plurality of user account nodes and each node of the at least two user account nodes is connected to at least one edge node of the plurality of edge nodes;
calculating, by the computing system, a distance score for each user account node of the plurality of user account nodes, wherein the distance score represents a minimum distance from a user account node of the plurality of user account nodes to a nearest illegitimate user account node of the plurality of user account nodes; and
determining, by the computing system, that a transaction is an illegitimate transaction based on the distance scores calculated for the each user account node of the plurality of user account nodes, wherein the calculating the distance score for each user account node of the plurality of user account nodes is performed iteratively, and further wherein after a threshold number of iterations, each user account node of the plurality of user account nodes that does not have a calculated distance score is assigned a distance score equal to a distance score cap value.

US Pat. No. 10,432,663

ELECTRONIC SECURITY KEYS FOR DATA SECURITY BASED ON QUANTUM PARTICLE STATES THAT INDICATES TYPE OF ACCESS

BANK OF AMERICA CORPORATI...

1. A system for determining a type of unauthorized access during communication of a quantum-level encrypted message, the system comprising:a first computing apparatus having a first memory and at least one first processor, wherein the memory stores one or more encryption algorithms and wherein the at least one first processor is configured to:
encrypt a message using at least one of the encryption algorithms and at least one quantum encryption keys that are generated using a first quantum particle state, and
initiate communication of the message to a predetermined message recipient,
wherein in response to at least an attempt to access the message during communication of the message to the predetermined recipient, the quantum particle state changes from the first quantum particle state to a second quantum particle state; and
a second computing apparatus in control of the predetermined message recipient and having a second memory and at least one second processor, wherein the second memory stores one or more decryption algorithms and wherein the at least one second processor is configured to:
receive the message,
attempt to decrypt the message using at least one of the decryption algorithms and at least one quantum decryption keys that are generated using the first quantum particle state; and
in response to failing to decrypt the message as a result of the quantum particle state changing from the first quantum particle state to a second particle state, determine the type of unauthorized access that occurred during communication of the message.

US Pat. No. 10,432,661

SCORE BOOSTING STRATEGIES FOR CAPTURING DOMAIN-SPECIFIC BIASES IN ANOMALY DETECTION SYSTEMS

Cisco Technology, Inc., ...

1. A method comprising:detecting, by a device in a network, an anomaly in the network using an anomaly detector, wherein the anomaly corresponds to an anomalous behavior exhibited by one or more nodes in the network;
computing, by the device, an anomaly score for the anomaly that represents a measure of the anomalous behavior;
once the anomaly score has been computed, adjusting, by the device, the anomaly score using a boost score, wherein the boost score is generated by a boosting function that accounts for domain-specific biases of the anomaly detector and multiplies the anomaly score by a factor based the domain specific biases of the anomaly detector; and
reporting, by the device, the anomaly to a supervisory device based on whether the adjusted anomaly score exceeds a reporting threshold.

US Pat. No. 10,432,655

IOT AND POS ANTI-MALWARE STRATEGY

Mcafee, LLC, Santa Clara...

1. A device for providing device security, the device comprising:one or more processors; and
memory including instructions which, when executed, cause the one or more processors to at least:
detect a combination of function calls;
determine whether the combination of function calls is a forbidden combination of function calls for the device based on a limited intended functionality of the device, the forbidden combination of function calls including a first function call and a second function call, the first function call allowed in isolation from the second function call, the second function call allowed in isolation from the first function call; and
in response to determining that the combination of function calls is forbidden for the device, perform a responsive action.

US Pat. No. 10,432,653

METHOD AND APPARATUS FOR DETECTING ANOMALY TRAFFIC

PENTA SECURITY SYSTEMS IN...

1. A method for detecting anomaly traffic, comprising:generating a plurality of different encoders on the basis of traffic data for learning;
generating a plurality of pieces of image data on the basis of traffic data for each session, which is a detection target;
determining whether the traffic data for each session is abnormal based on binary cross entropy (BCE) of the plurality of pieces of image data and a preset threshold value;
generating data clusters according to each of the plurality of different encoders using a clustering algorithm based on the traffic data for learning and the plurality of different encoders when the traffic data for each session is determined normal based on the BCE;
generating output data by inputting the plurality of image data to each of the plurality of different encoders for each image data sequentially; and
re-determining whether the traffic data for each session is abnormal based on whether the output data included in the data cluster according to each of the different encoders;
wherein the plurality of different encoders outputs different data for one image data, and wherein the generating a plurality of pieces of image data comprises:
converting each character constituting a character string included in the traffic data for each session into a plurality of one-hot vectors in a reverse order;
generating a matrix by combining the plurality of one-hot vectors; and
generating an image representing the location of each character in the matrix.

US Pat. No. 10,432,652

METHODS FOR DETECTING AND MITIGATING MALICIOUS NETWORK BEHAVIOR AND DEVICES THEREOF

F5 Networks, Inc., Seatt...

1. A method for network security implemented by a network traffic management system comprising one or more anomaly detection apparatuses, server devices, or client devices, the method comprising:receiving a first set of network traffic;
applying a web application model and an anomaly detection model to the received first set of network traffic to generate, respectively, one or more likelihood scores and at least one flow score based on the likelihood scores, wherein sub-models of the web application model are associated with one or more browsing patterns for a web application to which the first set of network traffic is directed;
determining when the flow score exceeds a threshold; and
initiating, based on a stored policy, a mitigation action with respect to the first set of network traffic, when the determination indicates that the flow score exceeds the threshold.

US Pat. No. 10,432,651

SYSTEMS AND METHODS TO DETECT AND MONITOR DNS TUNNELING

Zscaler, Inc., San Jose,...

1. A method of detecting Domain Name System (DNS) tunneling, the method comprising:obtaining data related to DNS traffic between a plurality of DNS nameservers and a plurality of clients over a period of time, wherein the step of obtaining data is performed by a distributed security system with one or more cloud nodes operating as DNS proxies for the clients;
logging, in a log node, the data related to the DNS traffic obtained over the period of time;
fetching, from the log node, the data related to the DNS traffic obtained over the period of time;
for each DNS nameserver, processing the data fetched from the log node to determine a score based on the data related to the DNS traffic for the respective DNS nameserver, the score configured to characterize DNS queries from one or more clients of the plurality of clients to the respective DNS nameserver over the period of time, wherein each score incorporates all DNS queries associated with the respective DNS nameserver over the period of time;
analyzing the scores of the plurality of DNS nameservers to determine if one or more of the plurality of DNS nameservers has a score indicating that the respective DNS nameserver is suspected of being subjected to DNS tunneling;
further monitoring the one or more DNS nameservers suspected of being subjected to DNS tunneling to determine if DNS tunneling is actually occurring on the one or more DNS nameservers; and
blocking the DNS tunneling through the distributed security system.

US Pat. No. 10,432,650

SYSTEM AND METHOD TO PROTECT A WEBSERVER AGAINST APPLICATION EXPLOITS AND ATTACKS

1. A method of protecting, from packet data communication exploits, a target computer server system having a request handling interface that responds to a data processing request of a packet data communication, the method comprising:receiving over a data communication network a plurality of data processing requests;
identifying as being anomalous, by an automated anomaly analyzer, a first data processing request of the plurality of data processing requests, the first data processing request having been transmitted by a first packet data protocol sending device,
wherein in response to the identifying as being anomalous, the automated anomaly analyzer:
(1) directs the first data processing request to a first diagnostic instrumented module configured to provide virtualization of the request handling interface in processing the first data processing request and to determine an anomaly severity of the first data processing request, and
(2) performs a second data processing comprising:
(a) transmitting, to the first packet data protocol remote sending device, a packet data protocol redirect request for accessing the target computer server system,
(b) transmitting, to the first packet data protocol sending device, a response to the first data processing request at a reduced content data byte per second rate compared with the rate of the response to the second data processing request, and
(c) transmitting, to the first packet data protocol sending device, a response including invoking code requesting additional data from a network server resource other than the first packet data protocol sending device; and
identifying as being non-anomalous, by the automated anomaly analyzer, a second data processing request of the plurality of data processing requests,
wherein in response to the identifying as being non-anomalous, the automated anomaly analyzer transmits the second data processing request to the target computer server system.

US Pat. No. 10,432,649

SYSTEM AND METHOD FOR CLASSIFYING AN OBJECT BASED ON AN AGGREGATED BEHAVIOR RESULTS

FireEye, Inc., Milpitas,...

1. A computer-implemented method for detecting malicious behavior, comprising:processing an object within a virtual machine;
receiving a response object resulting from or created in response to the processing of the object within the virtual machine;
parsing the response object by at least subdividing the response object into a plurality of sub-objects, the plurality of sub-objects including a first sub-object and a second sub-object;
determining a first behavior match result based, at least in part, on whether information associated with the first sub-object corresponds to at least one of a first plurality of identifiers associated with malicious activity;
determining a second behavior match result based, at least in part, on whether information associated with the second sub-object corresponds to at least one of a second plurality of identifiers associated with malicious activity;
aggregating at least the first behavior match result with the second behavior match result to produce an aggregated result, wherein a malicious behavior score is calculated based, at least in part, on the aggregated result; and
classifying the object according to the malicious behavior score.

US Pat. No. 10,432,648

AUTOMATED MALWARE FAMILY SIGNATURE GENERATION

Palo Alto Networks, Inc.,...

15. A method, comprising:receiving a set of metadata associated with a plurality of samples;
clustering the samples;
determining, for members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster; and
evaluating the similarities for suitability as a malware family signature, including by generating a query encompassing the similarities and performing the query against a malware repository.

US Pat. No. 10,432,647

MALICIOUS INDUSTRIAL INTERNET OF THINGS NODE ACTIVITY DETECTION FOR CONNECTED PLANTS

Honeywell International I...

1. A method for identifying malicious activity in an IIoT ecosystem utilizing a unified architecture (UA) transport protocol comprising:retrieving, by an intelligent security agent, historical communication data from a UA log related to communications between a UA server and a plurality of UA clients in the IIoT ecosystem;
clustering, by the intelligent security agent, the historical communication data to group communications of the historical communication data based on a combination of an unsupervised clustering algorithm and a supervised classifier algorithm;
identifying a plurality of patterns that indicate the malicious activity based on the grouped communications;
receiving current communication data;
determining whether the current communication data matches the one of the plurality of patterns; and
responsive to a grouped element of the grouped communications matching the pattern, identifying a group of communications between the UA server and the plurality of UA clients as the malicious activity.

US Pat. No. 10,432,646

PROTECTION AGAINST MALICIOUS ATTACKS

F-Secure Corporation, He...

1. A computer-implemented method for protecting a computer from malicious attacks, comprising executing on a processor the steps of:a) monitoring network traffic from a first device configured to provide DNS-based address resolution functionality for the network traffic, wherein the network traffic comprises DNS (Domain Name System) name-to-IP resolution related network traffic comprising domain name-to-IP key value pairs;
b) monitoring further network traffic from a further device that is not configured to provide for DNS-based address resolution functionality for the further network traffic, wherein the further network traffic comprises name-to-IP resolution related network traffic that is targeting routable IP (Internet Protocol) addresses;
c) determining that the monitored further name-to-IP resolution related network traffic is related to a domain name;
d) based on the monitored further name-to-IP resolution related network traffic determined to be related to a domain name, searching for and finding a domain name associated with the monitored DNS related network traffic and identifying that the domain name related to the monitored further name-to-IP resolution related network traffic and the domain name associated with the monitored DNS related network traffic are matching domain names;
e) based on the matching domain names being found in the searching, determining that IP addresses related to the matching domain names do not match, and based on determining that the IP addresses do not match, determining that an internal name-to-IP resolution from a local configuration file of the computer is used for the domain name; and
f) based on determining that the internal name-to-IP resolution from the local configuration file of the computer is used for the domain name and that the IP addresses related to the matching domain names do not match, preventing or restricting communication related to the domain name.

US Pat. No. 10,432,644

ACCESS CONTROL SYSTEM FOR ENTERPRISE CLOUD STORAGE

Box, Inc., Redwood City,...

1. A computer-implemented method for rule-based access control, the method comprising:receiving from a client device a request to perform an operation with respect to a resource stored in a cloud storage environment, the request comprising a plurality of attributes associated with the resource being requested and the client device;
identifying at least one set of rules applicable to the operation, the at least one set of rules performing access control of the resource in the cloud storage environment, the at least one set of rules comprises a combination of primitives arranged to dynamically evaluate two types of attributes, wherein a first type of attribute corresponds to a first set of attributes from the plurality of attributes associated with the resource being requested and a second type of attribute corresponds to a second set of attributes from the plurality of attributes associated with the client device;
determining that evaluation of a first one of the rules includes a first call to an external service to retrieve first information for evaluating the first rule;
determining that evaluation of a second one of the rules includes a second call to the external service to retrieve second information for evaluating the second rule;
combining the first call and the second call to form a batched call to the external service;
evaluating the at least one set of rules by:
performing the batched call to the external service,
receiving, in response to the batched call, the first information to evaluate the first rule and the second information to evaluate the second rule, and
determining whether the first rule is satisfied based at least in part on the first information, and determining whether the second rule is satisfied based at least in part on the second information, wherein the at least one set of rules corresponds to the primitives that correlate to a combination of the two types of attributes; and
determining an action to perform with respect to the resource based on a result of the evaluation of the at least one set of rules.

US Pat. No. 10,432,643

SYSTEM AND METHOD FOR VALIDATING USERS USING SOCIAL NETWORK INFORMATION

Zoosk, Inc., San Francis...

1. A method of granting at least one privilege to a user on a first web site, comprising:receiving a user identifier that is asserted to be used to access information from the user's account on a second web site;
at least attempting to retrieve the information from the user's account on the second web site responsive to the user identifier received;
responsive to the attempt to retrieve the information, causing the information to be retrieved:
generating a score using the information retrieved;
comparing the score to a plurality of thresholds to determine whether the score is in a first range, a second range or a third range;
responsive to the score being in the first range, granting the user the at least one privilege on the first web site without further monitoring the user;
responsive to the score being in the second range, not granting the user the at least one privilege on the first web site; and
responsive to the score being in the third range between the first range and the second range, granting the user the at least one privilege on the first web site while further monitoring the user; and
responsive to the attempting not causing the information to be retrieved, not granting the user the at least one privilege on the first web site.

US Pat. No. 10,432,642

SECURE DATA CORRIDORS FOR DATA FEEDS

T-Mobile USA, Inc., Bell...

1. A computing device configured to provide a secure data corridor, the computing device comprising:a processor;
a network interface communicatively coupled to the processor and configured to enable communications with a mobile traffic network;
a storage device for content and programming;
a security application stored in the storage device, wherein execution of the security application by the processor configures the computing device to perform acts comprising:
receiving a request from a subject for at least one data element of a data feed;
identifying a use-case for the data feed;
assigning a security label to the use-case that includes a data sensitivity rating of the use-case;
comparing a clearance of the subject to the security label of the use-case;
upon determining that the clearance of the subject is at or above the data sensitivity rating of the use-case, allowing the subject access privilege to the data feed via the secure data corridor; and
assigning an additional data sensitivity rating to the secure data corridor that corresponds with or is substantially similar to a particular data sensitivity rating of the data feed that is transmitted through the secure data corridor.

US Pat. No. 10,432,641

SECURE DATA CORRIDORS

T-Mobile USA, Inc., Bell...

1. A computing device configured to provide a secure data corridor between a source and at least one secure data container, the computing device comprising:a processor;
a network interface communicatively coupled to the processor and configured to enable communications with a mobile traffic network;
a storage device for content and programming;
a security application stored in the storage device, wherein execution of the security application by the processor configures the computing device to perform acts comprising:
receiving a request from a subject for a data feed comprising at least one data element included in the at least one secure data container;
identifying a use-case for the data feed;
determining a data sensitivity rating of the data feed;
determining a security level of each data element of the data feed;
determining, for each data element of the data feed, one or more security controls that are mapped to the data element;
assigning a security label to the use-case;
comparing a clearance of the subject to the security label of the use-case;
upon determining that a clearance of the subject is at or above the security label of the use-case, allowing the subject privilege to the data feed via the secure data corridor;
upon determining that the clearance of the subject is below the security label of the use-case, denying the subject privilege to the data feed via the secure data corridor; and
associating an additional data sensitivity rating to the secure data corridor based on one or more incoming data feeds transmitted from the source into the at least one secure data container.

US Pat. No. 10,432,640

GENOME SHARING

23andMe, Inc., Mountain ...

1. A method for sharing genetic data, comprising:providing an account database comprising records for a plurality of users of an application, a genotype database comprising genotype records associated with the plurality of users, and a phenotype database comprising phenotype records associated with the plurality of users;
receiving, from a first account, a request to share non-public data with a second account in the application, wherein:
the first account comprises a first account profile of a first user, one or more first user phenotype records, and one or more first user genotype records,
the one or more first user phenotype records are stored in the phenotype database, are uniquely associated with the first account profile of the first user, and comprise phenotype information of the first user,
the one or more first user genotype records are stored in the genotype database, are uniquely associated with the first account profile of the first user, and comprise genotype information of the first user,
the second account comprises a second account profile of a second user, one or more second user phenotype records, and one or more second user genotype records,
the one or more second user phenotype records are stored in the phenotype database, are uniquely associated with the second account profile of the second user, and comprise phenotype information of the second user,
the one or more second user genotype records are stored in the genotype database, are uniquely associated with the second account profile of the second user, and comprise genotype information of the second user,
the request comprises an indication of the non-public data associated with the first account to share with the second account;
in response to receiving the request from the first account, notifying the second account of the request from the first account;
in response to notifying the second account of the request from the first account, receiving, from the second account, an acceptance of the request to share non-public data through the application, wherein:
the acceptance comprises an indication of the non-public data associated with the second account to share with the first account;
in response to receiving, from the second account, the acceptance of the request, establishing sharing from the first account profile to the second account and sharing from the second account profile to the first account, wherein establishing sharing comprises the application retrieving information from the genotype database and the phenotype database; and
after establishing sharing, storing sharing information comprising, for a shared profile, information pertaining to an account to which the shared profile is shared.

US Pat. No. 10,432,639

SECURITY MANAGEMENT FOR GRAPH ANALYTICS

Amazon Technologies, Inc....

1. A method, comprising:performing, by one or more processors and memory:
generating a bit vector representing one or more access permissions associated with respective vertices of a graph data set;
reading at least a portion of the bit vector;
performing a first graph analytics algorithm, wherein the performing the algorithm includes determining, based at least in part on a portion of the bit vector, whether access permission to one or more vertices of the graph data set is granted; and
transmitting to a client, via a network, results of execution of the algorithm based on the one or more vertices of the graph data set to which the access permission was granted.

US Pat. No. 10,432,638

INFRASTRUCTURE AWARE ADAPTIVE RESOURCE ALLOCATION

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving, by a resource manager of a network, a request to allocate a first container instance in the network;
determining, by the resource manager, a set of candidate computing nodes in the network that are capable of hosting the first container instance;
requesting, from an infrastructure monitor with infrastructure data from the network, health metrics for the set of candidate computing nodes with each candidate computing node in the set of candidate computing nodes classified in one of three classifications;
selecting, by the resource manager, based on the health metrics for the set of candidate computing nodes, an optimal computing node to host the first container instance; and
allocating the first container instance on the optimal computing node,
wherein,
the three classifications include a white list, a grey list, and a black list,
the white list indicates one or more of the candidate computing node are not experiencing a major problem,
the grey list indicates one or more of the candidate computing node are experiencing a minor problem, and
the black list indicates one or more of the candidate computing node are experiencing the major problem.

US Pat. No. 10,432,637

USING SOCIAL NETWORKING THRESHOLDS IN ACCESS CONTROL DECISIONS

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for controlling access to privileged content, stored within a computer system, of a first user by a second user, comprising:receiving a computer request, by the second user, to access the privileged content of the first user;
determining whether the second user is included within a list designating a privilege right for the privileged content;
retrieving, based upon the second user not being included within the list, a threshold criteria;
permitting, within the computer system, the second user to access the privilege content based upon a comparison between the threshold criteria and social network statistics associated with the second user, wherein
the threshold criteria comprises the second user being listed on a friends list by a predetermined number of users listed as friends by the first user for a predetermined period of time, and
the method improves upon computer technology by providing a series of machine logic based rules that selectively permit and deny the second user to access to the privileged content.

US Pat. No. 10,432,636

SECURING MDNS IN ENTERPRISE NETWORKS

Extreme Networks, Inc., ...

1. A computer implemented method for securing a multicast domain name system in an enterprise network, the method comprising:receiving at a network device, multicast domain name system (mDNS) packets comprising one or more service advertisement records of a service; and
in response to receiving the mDNS packets comprising the one or more service advertisement records of the service:
transmitting, by the network device to a server with valid service records of known services, a request for an indication of whether the service is valid;
in response to receiving, from the server, a response that indicates that the service is valid, validating, at the network device, the one or more service advertisement records by including the one or more service advertisement records in the mDNS packets;
in response to receiving, from the server, a response that indicates that the service is not valid, excluding the one or more service advertisement records from the mDNS packets; and
sending, by the network device, the mDNS packets to a client device.

US Pat. No. 10,432,635

INTER-APPLICATION MANAGEMENT OF USER CREDENTIAL DATA

salesforce.com, inc., Sa...

1. A method, comprising:providing, with a hardware computing device, at least one of two security framework configurations, wherein a first configuration utilizes a cookie and a second configuration utilizes server-side storage;
performing user authorization, with the hardware computing device, using at least one of the two security framework configurations, wherein performing the user authorization with the server-side storage includes storing developer-defined user information (DDUI) in a shared session cache;
wherein either the user is recognized because a cookie or a session context containing a security token was provided, or the user is not recognized and diverted to a security handshake, or a token request is utilized to obtain a session identifier, API endpoint and authentication token;
wherein when using the server-side storage, the hardware computing device is configured to not write locally to an application memory, but instead to access a shared session cache, where each of a plurality of servers are to be given access to a specific session cache; and
wherein performing the user authorization is done through a client web application executed by a hardware computing device to allow access to an on-demand database service.

US Pat. No. 10,432,634

GATING OF FULL NETWORK ACCESS PENDING DELIVERY OF NOTIFICATION INFORMATION

International Business Ma...

1. A method for execution by one or more processing modules of an access point of a network, the method comprises:receiving notification information indicating a required user action for network access compliance;
storing the notification information for provisioning, via a notification message, to one or more target client devices accessing or attempting to access network resources via the access point; receiving target criteria for use in identifying the one or more target client devices; receiving compliance information relating to the notification information; establishing, based on the compliance information, a compliance condition relating to the notification message;
receiving network resource access level information relating to the compliance condition, the network resource access level information specifying a permitted network resource access level applicable to non-compliance with the compliance condition by the one or more target client devices;
identifying, based on the target criteria, a target client device; and
transmitting the notification message for receipt by the identified target client device, the notification message including the stored notification information.

US Pat. No. 10,432,633

REPLACING UNAUTHORIZED MEDIA ITEMS WITH AUTHORIZED MEDIA ITEMS ACROSS PLATFORMS

Google LLC, Mountain Vie...

8. A system comprising:a memory; and
a processing device of a user device, operatively coupled to the memory, to:
provide, to a content sharing platform, a request to send, to a third-party platform that is separate from the content sharing platform, a notice pertaining to an unauthorized media item, the unauthorized media item being an unauthorized copy of an authorized media item of a user associated with the user device, the user being a rights holder of the unauthorized media item and the authorized media item;
receive, from the content sharing platform, a user interface identifying a set of versions of the authorized media item; and
provide a selection of one or more of the set of versions of the authorized media item via the user interface to the content sharing platform, wherein providing the selection of the one or more of the set of versions of the authorized media item causes the content sharing platform to generate a notice identifying the unauthorized media item to the third-party platform, the notice further identifying the one or more of the set of versions of the authorized media item that are to be presented by the third-party platform in place of the unauthorized media item.

US Pat. No. 10,432,632

METHOD FOR ESTABLISHING NETWORK CONNECTION, GATEWAY, AND TERMINAL

Huawei Technologies Co., ...

1. A method for establishing a network connection, wherein the method comprises:performing, by a gateway, authentication on a terminal that requests to access a first wireless local area network (WLAN) that corresponds to a first WLAN access point (AP);
if authentication succeeds, performing, by the gateway, authorization on the terminal, and sending, by the gateway, a first terminal address to the terminal, so that the terminal accesses the first WLAN corresponding to the first WLAN AP, and transmitting, between the terminal and the first WLAN, a packet identified by using the first terminal address;
obtaining, by the gateway, from an initial service network, a terminal address that is assigned to the terminal to access the initial service network;
establishing, by the gateway, a user plane connection to the terminal, wherein the terminal accesses the first WLAN;
receiving, by the gateway, by using the established user plane connection, a connection selection request sent by the terminal, wherein the connection selection request comprises connection selection information;
when the terminal disconnects from the first WLAN corresponding to a first WLAN AP, and re-chooses to access a second WLAN corresponding to a second WLAN AP, performing, by the gateway, authentication on the terminal;
if authentication succeeds, performing, by the gateway, authorization on the terminal, and sending, by the gateway, a second terminal address to the terminal, so that the terminal accesses the second WLAN corresponding to the second WLAN AP, and transmitting, between the terminal and the second WLAN, a packet identified by using the second terminal address;
determining, by the gateway, according to the connection selection information in the connection selection request, a service network selected by the terminal; and
establishing, by the gateway, a connection between the terminal and the service network selected by the terminal.

US Pat. No. 10,432,631

SYSTEM AND METHOD FOR PROVIDING A UNIVERSAL SECURITY HANDLER FOR A CLOUD-BASED INTEGRATION PLATFORM

ORACLE INTERNATIONAL CORP...

1. A system for configuring connections in a cloud-based integration platform, the system comprising:a microprocessor;
a memory device;
a cloud-based integration platform executing on the microprocessor, wherein the cloud-based integration platform comprises a web interface operating to configure connections used to access protected resources on cloud services that implement security protocols for permitting access to the protected resources;
a universal security configuration interface in the web interface, wherein the universal security configuration interface is configured to:
receive a resource selection from an associated user of the system for access to a protected resource on a specified cloud service;
in response to the resource selection, display a plurality of interfaces prompting the associated user to provide custom credential information for satisfying a plurality of security properties of a security protocol of the specified cloud service comprising custom values, syntaxes, and/or grammars for a set of security properties for an authorization flow particular to the specified cloud service for permitting the access to the protected resource using an access token in a step of a plurality of ordered steps of the authorization flow particular to the specified cloud service; and
receive the custom credential information for satisfying the plurality of security properties of the security protocol of the specified cloud service to permit the access to the protected resource using the access token in the step of the plurality of ordered steps of the authorization flow of the security protocol particular to the specified cloud service; and
store the received custom credential information in the memory device; and
a plurality of software components in the cloud-based integration platform, wherein the plurality of software components operate to:
receive a request from an application associated with the connection for access to a selected protected resource on the specified cloud service;
retrieve the custom credential information from the universal security configuration interface;
use the custom credential information retrieved from the universal security configuration interface to obtain the access token from the cloud service, for use by the application to access the selected protected resource in accordance with the authorization flow particular to the specified cloud service; and
provide the token and the custom credential information to the application for access by the application to the selected protected resource using the access token in the step of the authorization flow of the security protocol particular to the specified cloud service.

US Pat. No. 10,432,630

INFORMATION PROCESSING APPARATUS, RECORDING MEDIUM, AND COMMUNICATION CONTROLLING METHOD

RICOH COMPANY, LTD., Tok...

1. A system for connection to a first network and to a second network, the system comprising:a conference managing device; and
a network connection controlling device,
the conference managing device including,
first memory storing first computer-executable instructions, and
one or more first processors configured to execute the first computer-executable instructions such that the one or more first processors are configured to, store device information in which a first device connected to the first network is registered,
authenticate an information terminal connected to the second network based on authentication information transmitted from the information terminal, and
register identification information about the information terminal in registration information in response to successful authentication of the information terminal,
the network connection controlling device including, second memory storing second computer-executable instructions, and one or more second processors configured to execute the second computer-executable instructions such that the one or more second processors are configured to, receive, from the second network, a request for transition to a communication controlled states,
in response to receiving the request, transition to the communication controlled state, and in response to transitioning to the communication controlled state, restrict transmission of information from the second network to the first network while allowing the information terminal registered in the registration information to transmit information to the first device that is registered in the device information.

US Pat. No. 10,432,629

ONE STEP SECURITY SYSTEM IN A NETWORK STORAGE SYSTEM

Apple Inc., Cupertino, C...

1. A method for managing access to resources stored on a network storage system, the method comprising, at a master device:managing a plurality of computing devices that form the network storage system, wherein the network storage system enables the plurality of computing devices to access at least one resource provided by at least one computing device of the plurality of computing devices;
receiving, from a first computing device of the plurality of computing devices, a selection of the at least one resource to be shared with a second computing device of the plurality of computing devices; and
in response to determining that the second computing device is unknown to the master device:
generating a set of access credentials associated with the at least one resource,
identifying, among the plurality of computing devices, a computing device that manages the at least one resource,
causing the computing device to bind the set of access credentials to the at least one resource,
causing the set of access credentials to be installed on the second computing device, and
providing lookup information for the at least one resource to the second computing device to enable the second computing device to access the at least one resource.

US Pat. No. 10,432,627

SECURE SENSOR DATA TRANSPORT AND PROCESSING

Intel Corporation, Santa...

1. A device including sensor-based security, comprising:one or more secured resources;
sensor circuitry to generate sensor data;
a trusted execution environment comprising access control circuitry to control access to the secured resources based on the generated sensor data, the access control circuitry including:
matching circuitry to compare the generated sensor data to previously captured sensor data associated with one or more authorized users permitted to access the one or more secured resources; and
output circuitry to, based at least in part on results of the comparison:
permit a user of the device to access the one or more secured resources; or
prevent the user of the device from accessing the one or more secured resources; and
processing circuitry to:
initiate a temporary suspension of execution in the device; and
during the temporary suspension, transfer the generated sensor data from memory circuitry associated with the sensor circuitry to the trusted execution environment.

US Pat. No. 10,432,626

OPTICAL NETWORK UNIT ONU REGISTRATION METHOD, APPARATUS, AND SYSTEM

Huawei Technologies Co., ...

1. An optical line terminal (OLT), wherein the OLT comprises:a passive optical network (PON) port, wherein the PON port is connected to a first group of optical network units (ONUs) and a second group of ONUs, wherein the first group of ONUs comprises at least one ONU and the second group of ONUs comprises at least one ONU, wherein a backpressure priority of the first group of ONUs is lower than a backpressure priority of the second group of ONUs;
a non-transitory memory comprising instructions; and
a processor coupled to the non-transitory memory;
wherein the instructions, when executed by the processor, facilitate:
when upstream service congestion occurs, reducing a value of total uplink bandwidth allocated by the PON port to the first group of ONUs.

US Pat. No. 10,432,625

ALLOWING BEACON DEVICE TO ACCESS MESH NETWORK USING AUTHENTICATION KEY

SK Planet Co., Ltd., Seo...

1. A service device comprising:a communication circuit configured to communicate with one or more beacon devices or mobile communication terminals via a network, and to receive location information of a mobile communication terminal device mapped to a beacon device; and
a control circuit configured to:
set a particular spatial range as a criterion for forming a mesh network,
set and store an authentication key required for accessing the mesh network,
perform, when the beacon device attempts to access the mesh network, a first authentication operation including receiving an authentication key of the beacon device through the communication circuit and comparing the received authentication key with the stored authentication key to determine whether the received authentication key is identical to the stored authentication key,
perform, when the received authentication key is identical to the stored authentication key, a second authentication operation including receiving location information of the beacon device through the communication circuit and determining, using the received location information as location information of the beacon device for the second authentication operation, whether a location of the beacon device is within the particular spatial range, and
allow the beacon device to access the mesh network when the beacon device passes both the first authentication operation and the second authentication operation.

US Pat. No. 10,432,624

IDENTITY VERIFICATION METHOD, TERMINAL, AND SERVER

TENCENT TECHNOLOGY (SHENZ...

1. An identity verification method performed at an electronic device having one or more processors and memory storing a plurality of programs, the method comprising:displaying and/or playing in an audio form action guide information selected from a preset action guide information library, and collecting a corresponding set of action images within a preset time window, wherein the action guide information includes mouth shape guide information, and the displaying and/or playing includes displaying the action guide information selected from the preset action guide information library and displaying reading progress information at a speed corresponding to the action guide information;
performing matching detection on the collected set of action images and the action guide information, to obtain a living body detection result indicating whether a living body exists in the collected set of action images;
according to the living body detection result that indicates that a living body exists in the collected set of action images:
collecting user identity information and performing verification according to the collected user identity information, to obtain a user identity information verification result; and
determining the identity verification result according to the user identity information verification result.

US Pat. No. 10,432,623

COMPANION OUT-OF-BAND AUTHENTICATION

Plantronics, Inc., Santa...

1. A method for authenticating a user comprising:establishing a first wireless communication link between a headset and a first computing device and a second wireless communication link concurrent with the first wireless communication link between the headset and a second computing device;
receiving at the first computing device from a secure system over a communication link a user authentication request;
transmitting the user authentication request from the first computing device to the headset over the first wireless communication link; and
transmitting an authentication response from the headset to the second computing device over the second wireless communication link;
transmitting the authentication response from the second computing device to the secure system over a third wireless communication link, the third wireless communication link independent from the communication link, the first wireless communication link, and the second wireless communication link.

US Pat. No. 10,432,622

SECURING BIOMETRIC DATA THROUGH TEMPLATE DISTRIBUTION

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for safeguarding biometric data, the method comprising:receiving, by a processor, a first biometric data unit;
generating a template based upon the first biometric data unit;
sending the template to a plurality of template storage devices external to the processor, each template storage device having a unique device identifier;
generating, by the processor, a biometric query comprising a second biometric data unit;
sending the biometric query to at least some of the plurality of template storage devices external to the processor;
receiving, by the processor, a plurality of match scores from at least some of the plurality of template storage devices external to the processor, wherein the match scores reflect the degree of similarity between the first biometric data unit and the second biometric data unit calculated by a source template storage device;
consolidating the plurality of match scores to generate an authentication score, and comparing the authentication score to an authentication threshold;
comparing the plurality of match scores to an integrity threshold to generate device match scores for the some of the plurality of template storage devices; and
notifying an external system of the need for action regarding one of the some of the plurality of template storage devices when the one of the some of the plurality of template storage devices has a device match score that is lower than the other device match scores for the other of the some of the plurality of template storage devices.

US Pat. No. 10,432,620

BIOMETRIC AUTHENTICATION

MASTERCARD INTERNATIONAL ...

1. A computer-implemented method for operating a user device having at least a trusted application and an external application installed on the user device, the method comprising:operating the trusted application to obtain registration credentials which are configured to be entered by a user to log in to a secured function of the external application, wherein the trusted application is in a Trusted Execution Environment of the user device and the external application is on the user device and outside the Trusted Execution Environment;
causing the trusted application to store the registration credentials with an identifier of the external application and/or the secured function;
receiving an indication that the user requires access to the secured function which can only be accessed following validation of an identity of the user;
performing a biometric validation of the identity of the user based at least in part on data collected from a biometric sensor associated with the user device, the biometric validation being performed within the Trusted Execution Environment; and
in response to said performing the biometric validation, causing authentication credentials to be passed from the trusted application to the secured function of the external application to obtain access to the secured function, wherein the authentication credentials are based on the registration credentials.

US Pat. No. 10,432,619

REMOTE KEYCHAIN FOR MOBILE DEVICES

NetIQ Corporation, Provo...

1. A method, comprising:registering a mobile device for a remote keychain for access to a service;
providing the mobile device an asset token for linking to the service on the mobile device;
instructing the mobile device to remove a credential for access to the service from the mobile device; and
delivering the credential back to the mobile device from the remote keychain upon receipt of the access token from the mobile device indicating the mobile device is attempting access to the service, wherein delivering further includes redirecting an application executing on the mobile device to the service with the credential embedded in a header of a redirected call from the application to the service.

US Pat. No. 10,432,617

ONE TIME PASSCODE

MasterCard International ...

1. A computer implemented one-time passcode authentication system comprising:an authentication server configured to receive authentication requests, the authentication server comprising a first computer processor and a first non-transitory computer-readable medium having a first computer-executable program embedded thereon;
an application server configured to receive access requests, the application server comprising a second computer processor and a second non-transitory computer-readable medium having a second computer-executable program embedded thereon;
wherein the first computer-executable program of the authentication server is configured to receive the authentication request and an identification parameter, and generate a token and an authentication data set based on the authentication request and the identification parameter; and
wherein the second computer-executable program of the application server is configured to receive the access request from the authentication server, query the authentication server to authenticate the token, and enable access to an application if the token is authenticated, and auto-populate a set of login credentials within the application, wherein the set of login credentials are extracted from the access request, and wherein the application is being accessed on the application server.

US Pat. No. 10,432,616

HARDWARE-BASED DEVICE AUTHENTICATION

McAfee, LLC, Santa Clara...

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:request, by a computing device, access to a particular domain of a remote computing system;
receive, using a secured microcontroller of the computing device, a seed from the remote computing system associated with the particular domain;
persistently store the seed in secured memory of the computing device, wherein the secured memory is accessible to the secured microcontroller of the computing device, and wherein the secured memory is inaccessible to resources of an operating system of the computing device;
receive a request, from the particular domain, to establish a secure session between the computing device and the particular domain;
access, in the secured memory of the computing device, the seed corresponding to the particular domain, wherein the seed is accessed in response to the request to establish the secure session between the computing device and the particular domain, and the seed is unique to a pairing of the computing device and the particular domain;
derive, using the secured microcontroller, a hash of the seed and a value known to both the computing device and the particular domain, wherein a different hash is derived each time a secure session between the computing device and the particular domain is requested;
send, using the secured microcontroller, the hash of the seed and the value to another device associated with the particular domain to authenticate the computing device to the particular domain, wherein the hash of the seed and the value is sent independent of a processor and the operating system of the computing device and is used to authenticate the computing device; and
communicate security posture data over a secured channel between the computing device and the particular domain, the security posture data describing attributes of the computing device based, at least in part, on the authentication of the computing device to the particular domain.

US Pat. No. 10,432,614

TECHNIQUES FOR VERIFYING USER INTENT AND SECURELY CONFIGURING COMPUTING DEVICES

Apple Inc., Cupertino, C...

1. A method for enabling a computing device to securely configure a peripheral computing device, the method comprising, at the computing device:approving a request received from the peripheral computing device to engage in a setup procedure for the peripheral computing device;
receiving, from the peripheral computing device:
(1) an audio signal that encodes (i) a password, and (ii) timing information, and
(2) a light signal; and
in response to identifying that the timing information correlates with the light signal:
extracting the password from the audio signal, and
establishing a communication link with the peripheral computing device based on the password.

US Pat. No. 10,432,613

HTTPS ENABLED CLIENT TOOL

Dell Products L. P., Rou...

1. A method comprising:creating, by a computing system, a digital certificate that is self-signed and that:
identifies the computing system as a server for a bi-directional Hypertext Transfer Protocol Secure (HTTPS) communication; and
identifies a remote browser as a client for the bi-directional HTTPS communication;
assigning the digital certificate a validity period of one day;
generating, by the computing system, a unique private key for the digital certificate;
providing, by the computing system, the digital certificate to the remote browser for authentication of the computing system as the server in the HTTPS communication; and
after successful authentication, performing, by the computing system, the bi-directional HTTPS communication with the remote browser;
while performing the bi-directional HTTPS communication, periodically renewing, by the computing system, the digital certificate at a pre-defined time interval within the validity period; and
making the unique private key unavailable in the computing system.

US Pat. No. 10,432,611

TRANSACTION PROCESSING METHOD AND CLIENT BASED ON TRUSTED EXECUTION ENVIRONMENT

Alibaba Group Holding Lim...

1. A method implemented by a client including one or more computing devices, the method comprising:downloading a certificate of a server;
storing the certificate of the server into a share buffer in a normal environment, the share buffer being accessible in both the normal environment and a secure environment;
performing verification of a server in the secure environment;
storing a public key of the certificate of the server into a secure buffer in the secure environment after successfully verifying the certificate of the server, the secure buffer being accessible in the secure environment and not accessible in the normal environment;
obtaining the public key in the secure environment;
generating a session key and encrypting the session key using the public key in the secure environment, the session key being generated by the client in a respective session between the client and the server, the session key being terminated after the respective session is ended;
transmitting the encrypted session key to the server in the normal environment;
encrypting pre-obtained transaction information using the session key in the secure environment; and
transmitting the encrypted transaction information to the server in the normal environment.

US Pat. No. 10,432,610

AUTOMATED MONITORING AND MANAGING OF CERTIFICATES

VMware, Inc., Palo Alto,...

1. A computer-implemented method for automated monitoring of certificate expiration and automated provisioning of a signed certificate in a computing system, said computer-implemented method comprising:automatically periodically accessing a plurality of computing nodes in said computing system for said certificate expiration of a certificate of said plurality of computing nodes, wherein said automatically periodically accessing is provided by a centralized management tool of said computing system;
automatically determining said certificate of said plurality of computing nodes has an impending certificate expiration, by said centralized management tool of said computing system;
in response to said determining, automatically generating an alert, by said centralized management tool, that indicates said impending certificate expiration of said certificate;
accessing, by said centralized management tool of said computing system, a certificate signing request from a computing node of said plurality of computing nodes,
wherein said computing node is a host in a virtualization infrastructure that provides underlying hardware for supporting a virtual machine (VM) and a workload of the VM, and wherein said centralized management tool is stored and executed on a single client device communicatively coupled with said computing system;
providing said certificate signing request to a certificate authority by said centralized management tool;
accessing a signed certificate from said certificate authority for said computing node; and
providing said signed certificate to said computing node, by said centralized management tool, such that there is automated provisioning of said signed certificate at said computing node to establish trust of said computing node in said computing system.

US Pat. No. 10,432,609

DEVICE-BOUND CERTIFICATE AUTHENTICATION

Device Authority Ltd., B...

1. A non-transitory computer readable medium useful in association with a computer which includes one or more processors and a memory, the computer readable medium including computer instructions which are configured to cause the computer, by execution of the computer instructions in the one or more processors from the memory, to bind a digital certificate that can be stored on a computer-readable medium to multiple devices by at least:receiving at a server computer a request from a remote device through a computer network wherein the request identifies the certificate and identifies the multiple devices,
retrieving the certificate;
for each of the multiple devices:
retrieving a digital fingerprint of the device; and
including the digital fingerprint in the certificate;
and
sending the certificate with the included digital fingerprints to the remote device through the computer network;
wherein the server computer in response to the request serves a device driver cryptographically signed with the certificate so that any of the devices can install the device driver only upon a condition in which one of the digital fingerprints corresponds to the installing device.

US Pat. No. 10,432,608

SELECTIVELY ENABLING MULTI-FACTOR AUTHENTICATION FOR MANAGED DEVICES

AIRWATCH LLC, Atlanta, G...

1. A non-transitory computer-readable medium containing instructions that, when executed by the at least one computing device, cause the at least one computing device to perform stages comprising:receiving an authentication request from a client device, the authentication request including a first authentication factor corresponding to a single sign-on (“SSO”) credential, wherein the SSO credential is downloaded to the client device, wherein the authentication request originates at a first client application executing on the client device;
determining, at an identity provider service separate from the client device, whether at least one second authentication factor should be requested, including determining that the at least one second authentication factor should be requested based on a version of an application executing on the client device; and
in response to determining that the at least one second authentication factor should be requested:
requesting the at least one second authentication factor from the client device, including determining the first client application does not natively support the at least one second authentication factor and, as a result, requesting the at least one second authentication factor from a second client application;
receiving the at least one second authentication factor from the client device;
after confirming the at least one second authentication factor from the second client application, sending, from the identity provider service, an identity assertion to the first client application, wherein the first client application provides the identity assertion to a service provider that is separate from the identity provider service; and
authenticating the client device in response to verifying the first authentication factor and the at least one second authentication factor.

US Pat. No. 10,432,607

SYSTEM AND METHOD FOR SINGLE SIGN-ON SESSION MANAGEMENT WITHOUT CENTRAL SERVER

JPMORGAN CHASE BANK, N.A....

1. A computer server configured for single sign-on session management, the computer server comprising:at least one communication interface coupled to at least one protected web resource;
one or more computer processors, operatively connected with the at least one communication interface, restricting user access to the at least one protected web resource;
at least one plug-in module residing on the one or more computer processors and being configured to:
receive, from a first client device, a first request to access the at least one protected web resource, the first request comprising first user credentials;
determine, completely within the computer server and independent of any other server, whether the first user credentials can be authenticated;
when the first user credentials cannot be authenticated, deny the first request or perform further authentication;
when the first user credentials are authenticated, authorize the first request, create first session credentials for the first client device, and transmit the created first session credentials to the first client device;
the at least one plug-in module being further configured to:
receive, from the first client device or a second client device, a second request to access the at least one protected web resource, the second request comprising the first session credentials or second session credentials; and
validate, completely within the computer server and independent of any other server, the received first session credentials or the received second session credentials;
when the received first session credentials or the received second session credentials are validated, authorize the second request, and
when the received first session credentials or the received second session credentials cannot be validated, deny the second request or perform further authentication.

US Pat. No. 10,432,606

LAWFUL INTERCEPTION OF ENCRYPTED COMMUNICATIONS

TELEFONAKTIEBOLAGET LM ER...

1. A method of providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency, the method comprising, at a Key Management Server function, by first:storing at a database cryptographic information used to encrypt the communication, the cryptographic information associated with an identifier used to identify the encrypted communication between the sending node and receiving node; then
receiving a request originating from a Law Enforcement Agency for Lawful Intercept, the request including an identity of a target for Lawful Interception and wherein the request is received after the encrypted communication between the sending node and the receiving node has started; then
using the target identity to determine the identifier, and retrieving from the database the cryptographic information associated with the identifier, the cryptographic information usable to decrypt the encrypted communication; and then
sending one of information derived from the cryptographic information and a decrypted communication towards the Law Enforcement Agency.

US Pat. No. 10,432,605

SCALABLE RISK-BASED AUTHENTICATION METHODS AND SYSTEMS

United Services Automobil...

1. A scalable, risk-based authentication system comprising:a memory;
a processor in communication with the memory, the processor operable to execute software modules, the software modules comprising:
a plurality of fraud monitoring engines to:
analyze user data and organization data, and
generate a set of risk factors based on the user data and the organization data;
wherein the plurality of fraud monitoring engines includes:
a batch risk scorer to periodically generate an indication of an overall risk of a user account based on user patterns and previous alerts associated with the user account;
an information security monitoring engine to access alerts relating to enterprise information security; and
a social network analyzer to analyze the user's social network to identify relationships indicating fraud;
a risk aggregator in communication with the plurality of fraud monitoring engines to:
receive the set of risk factors, and
transform the set of risk factors into risk indicators;
wherein the risk factors indicative of the user's behavior include alerts related to the behavior of the user, wherein the alerts are determined by;
comparing the behavior of the user with the behavior of a peer group of the user;
determining whether the behavior of the user deviates from the behavior of the peer group of the user above a threshold level; and
generating an alert when the behavior of the user deviates above the threshold level; and
an authentication engine to:
receive the risk indicators from the risk aggregator, and
rank authentication methods according to a level of invasiveness, wherein the most invasive authentication methods require user-provided information, wherein the least invasive authentication methods no user-provided information;
generate an authentication plan for a requested activity that includes an authentication method, wherein the authentication plan is based on the level of user invasiveness required by the authentication method, the risk indicators and the requested activity.

US Pat. No. 10,432,604

SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS

eBay Inc., San Jose, CA ...

1. A method comprising:receiving, at an authentication authority, an authentication request from a web service provider, the authentication request comprising a service request by a service requestor to the web service provider to access a web service, and a service requestor identifying information;
determining authentication information from the service request sent to the web service, the service request comprising the authentication information;
validating the authentication information using independently verifiable data; and
in response to validating the authentication information meets the independently verifiable data, sending a grant or denial of access to the web service.

US Pat. No. 10,432,603

ACCESS TO DOCUMENTS IN A DOCUMENT MANAGEMENT AND COLLABORATION SYSTEM

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:receiving a first request to provide a user access to a document managed by a document management and collaboration system; and
providing the user with access to the document by at least:
transmitting a notification to a first user device associated with the user indicating access to the document has been provided;
receiving a second request to access the document;
making out-of-band access credentials available to a second user device in response to the second request based at least in part on a login credential associated with the second request provided to the document management and collaboration system;
obtaining the out-of-band access credentials from the first user device; and
providing access to the document by at least:
obtaining the out-of-band access credentials from the first user device; and
determining a confidence score of the out-of-band access credentials, the confidence score determined based at least in part on a number of independent authentication factors including at least the login credential and one or more attributes of the second user device.

US Pat. No. 10,432,602

ELECTRONIC DEVICE FOR PERFORMING PERSONAL AUTHENTICATION AND METHOD THEREOF

Samsung Electronics Co., ...

1. An electronic device comprising:a display;
a sensing circuit; and
a processor configured to:
capture a plurality of authentication images through the sensing circuit during a specific time,
generate a plurality of preview images, wherein each of the plurality of preview images corresponds to a low resolution image of each of the plurality of authentication images,
generate a guide that directs an authentication target, in association with the at least one of the plurality of authentication images, to be in a location for capturing a valid image for an authentication,
control the display to output the at least one of the plurality of preview images and the guide, wherein the at least one of the plurality of preview images and the guide are used by a user to align the authentication target with the sensing circuit,
select at least one first image from the plurality of authentication images based on validity of the plurality of authentication images, wherein a number of images of the selected at least one first image is less than a number of images of the plurality of authentication images,
perform the authentication based on a biometric information in the selected at least one first image, and
apply an image filter to at least one of the plurality of preview images such that sensitive information in the at least one of the plurality of preview images is not recognized,
wherein a resolution of the at least one first image is higher than a resolution of the at least one of the plurality of preview images.

US Pat. No. 10,432,601

CONTENT ACTIVATION VIA INTERACTION-BASED AUTHENTICATION, SYSTEMS AND METHOD

Nant Holdings IP, LLC, C...

1. A method of activating content, the method comprising:enabling an electronic device to access an authentication agent;
obtaining, by the electronic device, a digital representation of an interaction within a physical environment comprising a plurality of physical objects, wherein the digital representation is obtained from a defined perspective of the physical environment;
discriminating at least two different objects from the plurality of physical objects in the physical environment as a first valid authentication object and a second valid authentication object based on the digital representation;
generating a first set of authentication features from the digital representation and associated with the first valid authentication object, and a second set of authentication features from the digital representation and associated with the second valid authentication object, wherein generating comprises using one or more image data analysis techniques to generate the first set of authentication features and the second set of authentication features;
establishing, by the authentication agent, a content access level as a function of a juxtaposition of the first set of authentication features with respect to the second set of authentication features, wherein the juxtaposition is determined when the first set of authentication features and the second set of authentication features represent a difference between an expected and observed centroid of authentication features within a defined set of frames of the digital representation from the defined perspective of the physical environment, and wherein the content access level is derived based on how well the authentication features match salient authentication features mapped to the content access levels and at least one of relative position information or relative orientation information derived from relative positions or relative orientations of the first valid authentication object with respect to the second valid authentication object within the physical environment represented in the digital representation;
activating, by the authentication agent, content based on the content access level; and
configuring an output device to present the content according to the content access level.

US Pat. No. 10,432,600

NETWORK-BASED KEY DISTRIBUTION SYSTEM, METHOD, AND APPARATUS

Uniken, Inc., Chatham To...

1. An apparatus comprising:a first electronic data port configured to transmit electronic data to one or more electronic devices and receive electronic data from the one or more electronic devices;
a second electronic data port configured to transmit electronic data to one or more management servers and receive electronic data from the one or more management servers; and
at least one processor that, when executing one or more network-based key distribution operations, is configured to:
receive, from an electronic device of the one or more electronic devices, a verification message indicating that the electronic device is not corrupt before receiving a unique universal identifier (UUID) from the electronic device,
receive, from the electronic device, the UUID, wherein the UUID is associated with an application stored in a memory of the electronic device,
receive, from a management server of the one or more management servers, a server key stored in a credential store and that is associated with the UUID received from the electronic device, and
establish one or more secure channels for electronic data communication with the electronic device based on the received UUID and the server key.

US Pat. No. 10,432,599

SECURE SOCKET LAYER KEYSTORE AND TRUSTSTORE GENERATION

1. A computer-readable storage medium storing instructions that, when executed by a processor of a computing device, cause the processor to perform operations comprising:requesting a keystore file from a keystore distribution system;
receiving the keystore file from the keystore distribution system, wherein the keystore file comprises a signed public key combined, by the keystore distribution system, with a private key generated by the keystore distribution system, and wherein the signed public key comprises a public key generated by the keystore distribution system that is digitally signed with a private key provided by a certificate authority of the keystore distribution system; and
performing a startup procedure utilizing the keystore file to establish, by the computing device, a secure channel over which to exchange information with at least one client computing device over a network.

US Pat. No. 10,432,598

SYSTEM AND METHOD FOR PROVIDING CONTROLLED APPLICATION PROGRAMMING INTERFACE SECURITY

CAPITAL ONE SERVICES, LLC...

1. A method of providing access to data comprising:creating, by at least one remote server that is remote from a device, a customer data key specific to:
a first application,
a user of the first application, and
the device upon which the first application resides;
sending, to enable storage of the customer data key in the device, the customer data key to the first application via an application programming interface (API) call, wherein the API call is made via an API employed to provide connectivity between the first application and underlying data in the at least one remote server, the API configured to limit access to the underlying data in the at least one remote server in accordance with a user control; and
activating, after creating the customer data key, by the at least one remote server, and via a second application in an out-of-band authentication, the customer data key by:
validating a user credential via the second application;
outputting an alert that the first application is requesting authorization to access the underlying data; and
activating, by the at least one remote server and in response to receiving an authorization, the customer data key to enable access to at least a portion of the underlying data using the activated customer data key via the API.

US Pat. No. 10,432,597

DIGITAL SECURITY BUBBLE

Wickr Inc., Pleasanton, ...

1. A method comprising:receiving, at a first device, a notification of an encrypted encapsulation from a security platform;
obtaining, by the first device, the encrypted encapsulation from the security platform in response to receiving the notification, wherein the encrypted encapsulation includes an encrypted message, an encrypted first key, and a device identifier associated with an intended recipient;
decrypting, by the first device, the encrypted encapsulation;
comparing, by the first device, the received device identifier with a local device identifier;
decrypting, by the first device, the encrypted first key using a private key of the intended recipient in response to a determination that the received device identifier matches the local device identifier;
decrypting, by the first device, the encrypted message using the first key to produce a decrypted message; and
providing, by the first device, the decrypted message to a recipient.

US Pat. No. 10,432,596

SYSTEMS AND METHODS FOR CRYPTOGRAPHY HAVING ASYMMETRIC TO SYMMETRIC KEY AGREEMENT

1. A method for generating data for use in cryptography or secure modulation, the method comprising:generating a public code using a secret key by a processor, wherein the public code includes an interior matrix and a summing matrix, both having a predetermined dimension of rows and columns;
sending the public code and a rule of obfuscation to a first computing device node using a transmitter, wherein the rule of obfuscation includes the predetermined dimension corresponding to the interior matrix and the summing matrix;
generating an obfuscated matrix pattern from the interior matrix using a processor, based upon at least a subset of parameters associated with the rule of obfuscation; and
generating a symmetric code from the summing matrix using a processor, based upon the rule of obfuscation, for use in communication between the first computing device and a second computing device.

US Pat. No. 10,432,595

SECURE SESSION CREATION SYSTEM UTILILIZING MULTIPLE KEYS

BANK OF AMERICA CORPORATI...

1. A system for creating a secure session utilizing multiple keys, the system comprising:one or more memory devices having computer readable code store thereon; and
one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable code to:
access an organization application, through an organization system or a third party system;
access two or more digital signatures corresponding to the organization application, wherein the two or more digital signatures are included within a single certificate, wherein the two or more digital signatures are validated by two or more certification authorities, and wherein at least two of the two or more certification authorities are separate certification authorities;
attempt to verify at least one of the two or more digital signatures as being signed by a certification authority that is trusted;
receive two or more public keys, wherein at least one of the two or more public keys are associated with the single certificate;
create a symmetric session key for the secure session with the organization application;
encrypt the symmetric session key to create an encrypted symmetric session key using the two or more public keys;
send the encrypted symmetric session key to the organization application, wherein the encrypted symmetric session key is decrypted by the organization application using two or more private keys corresponding to the two or more public keys; and
receive and send information from and to the organization application using the symmetric session key.

US Pat. No. 10,432,594

PRIMITIVE FUNCTIONS FOR USE IN REMOTE COMPUTER MANAGEMENT

KASEYA LIMITED, Dublin (...

1. A non-transitory computer readable storage memory encoded with one or more computer programs being executed to cause a processor to perform:transmitting, from a remote computer management server to a managed computer, a dynamically loaded library (DLL) including one or more sets of instructions that, when implemented by agent software, produce functionality not enabled by the agent software at the time the DLL is transmitted to the managed computer, the functionality performed by the DLL comprising:
transmitting device identification information to the remote computer management server indicating existence of at least one device connected to the managed computer;
receiving at the managed computer another DLL comprising additional commands instructing the agent software to perform management actions responsive to the identification information transmitted, the additional commands identifying a communication protocol to be used by the agent software when communicating with the at least one device; and
transmitting from the managed computer to the remote computer management server a result of the performance of the management action.

US Pat. No. 10,432,593

SECURE SOFTWARE UPDATES

Apple Inc., Cupertino, C...

1. A method for updating software modules installed on electronic devices, the method comprising, at a computing device:storing a latest version identifier for a latest version of a software module stored on a server device;
establishing a connection with an electronic device;
obtaining, from the electronic device, a current version identifier for the software module installed on the electronic device;
comparing the latest version identifier to the current version identifier to determine whether an update is available for the software module; and
in response to determining that the update is available:
transmitting, to the server device, a request for the latest version of the software module stored on the server device,
receiving, from the server device, the latest version of the software module, wherein the latest version of the software module is encrypted using a unique encryption key associated with the electronic device,
providing the latest version of the software module to the electronic device for installation at the electronic device, and
updating a configuration of the electronic device to cause the electronic device to install the latest version of the software module in response to closing the connection with the computing device.

US Pat. No. 10,432,592

PASSWORD ENCRYPTION FOR HYBRID CLOUD SERVICES

Citrix Systems, Inc., Fo...

1. A system comprising:a gateway server, associated with an internal cloud, configured to receive messages from a user device and to forward the messages to a computing device associated with an external cloud different from the internal cloud; and
a workspace cloud connector computing device associated with the internal cloud, wherein the workspace cloud connector computing device is communicatively coupled to the gateway server and different from the user device, the workspace cloud connector computing device configured to:
prevent a first message of the messages being forwarded to the computing device associated with the external cloud, from being delivered to the computing device associated with the external cloud based on detecting that the first message includes plaintext user identity credentials for an internal application;
generate an encryption key;
encrypt the plaintext user identity credentials using the encryption key;
generate a first hash of the encryption key;
transmit a second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud;
in response to transmitting the second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud, receive a routing address of a virtual delivery agent computing device from the computing device associated with the external cloud; and
transmit a third message including the encryption key and the routing address of the virtual delivery agent computing device to the user device.

US Pat. No. 10,432,591

ESTABLISHING A COMMUNICATION EVENT USING SECURE SIGNALING

Microsoft Technology Lice...

11. A communications controller for establishing a communication event between an initiating device and a responding device under the control of the communications controller, the communications controller comprising:a computer-readable storage device having computer-executable instructions stored thereon; and
one or more hardware processors in communication with the computer-readable storage device that, having executed the computer-executable instructions, configure the communications controller to:
establish a first connection with an initiating device using a first communication protocol;
generate a plaintext session key that identifies a communication session;
select a wrapper key and a wrapper key identifier that identifies the requested wrapper key;
encrypt the plaintext session key using the wrapper key to obtain an encrypted session key;
transmit the plaintext session key, the encrypted session key, and the wrapper key identifier to the initiating device;
terminate the first connection with the initiating device;
establish a second connection with the initiating device using a second communication protocol; and
receive a communication event payload and the wrapping key identifier using the second connection.

US Pat. No. 10,432,590

ESTABLISHING A COMMUNICATION EVENT USING SECURE SIGNALLING

Microsoft Technology Lice...

11. An initiating device for establishing a communication event with a responding device under the control of a remote communications controller, the initiating device comprising:a computer-readable storage medium storing computer-executable instructions; and
one or more hardware processors in communication with the computer-readable storage medium that, having executed the computer-executable instructions, configures the initiating device to:
establish a first connection with a communications controller using a first communication protocol;
receive an encrypted session key, a plaintext session key, and a wrapping key identifier using the first connection, wherein the wrapping key identifier identifies a wrapping key used to encrypt the encrypted session key;
terminate the first connection with the communications controller;
encrypt a communication event payload based on the plaintext session key;
establish a second connection with the communications controller using a second communication protocol; and
transmit the communication event payload, the encrypted session key, and the wrapping key identifier to the communications controller using the second connection.

US Pat. No. 10,432,589

SECURE END-TO-END COMMUNICATIONS

Symphony Communication Se...

1. A computer-implemented method performed by a client device of a user, comprising:obtaining, from a communication server, conversation key data for participating in a single, secure conversation between a plurality of users;
deriving a conversation key from the conversation key data, the conversation key generated by an organization system remote from the communication server and administered by an organization different from an organization that administers the communication server,
wherein the conversation key comprises a cryptographic key that permits the plurality of users to participate in the single, secure conversation from a plurality of conversations established by the organization system;
encrypting a message of the user using the conversation key; and
sending the encrypted message to the communication server for delivery to other users of the plurality of users,
wherein the communication server cannot decrypt the encrypted message.

US Pat. No. 10,432,588

SYSTEMS AND METHODS FOR IMPROVING HTTPS SECURITY

Zscaler, Inc., San Jose,...

1. A gateway in a cloud system, configured to implement HyperText Transfer Protocol (HTTP) HTTP Strict Transport Security (HSTS), the gateway comprising:a network interface, a data store, and a processor communicatively coupled to one another; and
memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to
receive a domain request from a user device executing an HSTS application configured to detect the domain request from a browser or application executed on the user device;
transmit a response to the user device with support of HTTP Security (HTTPS) by the domain;
receive an updated domain request with information removed based on the HTTPS support of the domain; and
redirect the user device to the domain.

US Pat. No. 10,432,587

VPN DEEP PACKET INSPECTION

AVENTAIL LLC, San Jose, ...

1. A method for establishing a connection, the method comprising:receiving a packet from a client through a virtual private network (VPN) connection;
determining application information from a the source of the packet;
sending an access request with the application information to a gateway server; and
allowing a proxied VPN session based on results of the access request, wherein a connection identifier for the proxied VPN session is sent to a proxy that allows the proxy to send requests to the gateway server in the same context as the tunnel server and to receive the results, and wherein an administrator views the state of the VPN session at a management console, and the gateway server tracks the state of the VPN session in a data store.