US Pat. No. 10,397,888

PRECODED CSI-RS FOR PHASE SYNCHRONIZATION FOR RECIPROCITY-BASED COMP JOINT TRANSMISSION

QUALCOMM Incorporated, S...

1. A method of wireless communication, comprising:transmitting, by a user equipment (UE), sound reference signals (SRS) to a plurality of base stations in a coordinated multipoint (CoMP) group serving the UE;
detecting, at the UE, a phase synchronization reference signal from each of the plurality of base stations, wherein each of the phase synchronization reference signals is modulated with an uplink channel estimate between the UE and a corresponding base station of the plurality of base stations;
measuring, by the UE, a phase drift for each of the phase synchronization reference signals; and
reporting, by the UE, the phase drift to at least one of the plurality of base stations.

US Pat. No. 10,397,885

TERMINAL THAT TRANSMITS REPORTING INFORMATION AND COMMUNICATION CONTROL METHOD OF TRANSMITTING REPORTING INFORMATION IN MOBILE COMMUNICATION SYSTEM

NTT DOCOMO, INC., Tokyo ...

1. A terminal which communicates with a base station in a mobile communication system that supports carrier aggregation, the terminal comprising:a processor that calculates reporting information to be transmitted to the base station based on at least one specific predetermined time unit shared by the base station and the terminal; and
a transmitter that transmits the reporting information to the base station,
wherein the carrier aggregation is provided by a first cell that uses a first predetermined time unit and a second cell that uses a second predetermined time unit of which a time interval of the second predetermined time unit is less than a time interval of the first predetermined time unit,
wherein multiple second predetermined time units of the second cell correspond to the first predetermined time unit, and
wherein the at least one specific predetermined time unit is at least one of the multiple second predetermined time units.

US Pat. No. 10,397,845

SELECTING A CHANNEL BASED ON BACKHAUL BANDWIDTH

T-Mobile USA, Inc., Bell...

1. A method performed by one or more processors configured with specific instructions, the method comprising:receiving, by a base station, a request to select an operating channel for a computing device;
performing, by the base station, a scan of at least a portion of an unlicensed spectrum;
selecting, by the base station, a band in the unlicensed spectrum based at least partly on the scan;
determining, by the base station, a set of channel widths, wherein individual channel widths of the set of channel widths correspond to individual channels of a set of channels in the band;
selecting, by the base station, the operating channel from the set of channels in the band based at least partly on a channel width of the operating channel;
determining that a characteristic associated with the operating channel has fallen below a predetermined threshold;
performing a second scan of at least the unlicensed spectrum;
selecting a second band in the unlicensed spectrum based at least partly on the second scan;
determining a second set of channel widths, wherein individual ones of the second set of channel widths correspond to individual channels in a second set of channels associated with the second band; and
selecting a new operating channel from the second set of channels associated with the second band based at least partly on the second set of channel widths.

US Pat. No. 10,397,841

NETWORK NODE AND METHOD FOR HANDLING NETWORK CONNECTIONS

Telefonaktiebolaget LM Er...

1. A method performed by a Wireless Local Area Network, WLAN, node for assisting a Station, STA, in selecting a WLAN connection for the STA, wherein the WLAN node provides a first WLAN and a second WLAN with overlapping coverage, the first WLAN providing connections for a first number of STAs and the second WLAN providing connections for a second number of STAs, whereby the second number of STAs is a subset of the first number of STAs, the second number of STAs being authorized to connect to the second WLAN, the method comprising:detecting that the STA trying to connect to the first WLAN of the WLAN node is authorized to access the second WLAN of the WLAN node,
responsive to detecting the STA is authorized to access the second WLAN, sending a message to the STA comprising an indication to the STA to connect to the second WLAN of the WLAN node to prevent the STA from connecting to the first WLAN,
wherein the indication comprises an identification of the second WLAN of the WLAN node.

US Pat. No. 10,397,837

METHOD AND DEVICE FOR PERFORMING SESSION HANDOVER IN WIRELESS COMMUNICATION SYSTEM

LG Electronics Inc., Seo...

1. A method for performing session handover by a first device in a wireless communication system, the method comprising:establishing an application service platform (ASP) session with a second device through a first connection method;
transmitting, to the second device, a session handover request message;
receiving, from the second device, a session handover response message,
wherein the session handover request message and the session handover response message are exchanged based on the first connection method, and
wherein when the session handover response message is received from the second device, the established ASP session is handed over through a second connection method,
transmitting, to the second device, a session handover confirm message based on the second connection method,
wherein the first connection method is different from the second connection method, and
wherein each of the first and the second connection method is one of a peer-to-peer (P2P) connection method and a WLAN infrastructure connection method.

US Pat. No. 10,397,833

METHOD AND APPARATUS FOR PERFORMING EDT

LG ELECTRONICS INC., Seo...

1. A method for performing, by a user equipment (UE) in an radio resource control (RRC) IDLE state, early data transmission (EDT) in a wireless communication, the method comprising:receiving system information including a threshold for the EDT, from a base station (BS);
transmitting a random access preamble to the BS;
receiving a random access response message from the BS;
determining whether or not a condition for initiating the EDT is satisfied, by comparing the threshold for the EDT with a size of uplink data for transmission; and
if the condition is satisfied, in response to the random access response message, transmitting a message including the uplink data to the BS during a random access procedure.

US Pat. No. 10,397,822

METHOD AND APPARATUS FOR DISTRIBUTING SERVICES AND DATA

1. A system, comprising:a processing system including a processor; and
a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, comprising:
determining a first location of a first communication device and a first trajectory of the first communication device responsive to receiving a request for content from the first communication device;
predicting whether a second communication device capable of providing the content to the first communication device will come into a peer-to-peer communication range of the first communication device based on the first location and the first trajectory and based on a second location and a second trajectory of the second communication device;
receiving communication metric information according to testing of peer-to-peer communications between the second communication device and the first communication device;
determining, according to the communication metric information, whether to distribute the content to the first communication device via the second communication device; and
transmitting the content to the second communication device for distribution to the first communication device responsive to the determining to distribute the content to the first communication device via the second communication device.

US Pat. No. 10,397,777

METHOD AND SYSTEM TO PROVIDE MULTI-FACTOR AUTHENTICATION FOR NETWORK ACCESS USING LIGHT

Cisco Technology, Inc., ...

1. A method comprising:receiving an initial request from a device requesting access to a network, wherein access to the network is restricted only to devices physically located within a secure room;
determining a physical location of the device based on wireless signals received by the device;
determining which one or more network lighting endpoints of a plurality of network lighting endpoints, each having an associated light fixture, is to be controlled to transmit a code in light, based on the physical location of the device;
evaluating the initial request from the device to determine if the device is authenticated for access to the network;
upon determining that the device is authenticated for access to the network, causing the code to be transmitted in light emitted by one or more light fixtures associated with the one or more network lighting endpoints within the secure room;
receiving information from the device requesting access to the network; and
determining whether to permit the device access to the network based on authenticating the received initial request and based on whether the information received from the device is derived the from the code transmitted by the one or more light fixtures indicates that the device is physically located within the same secure room as the one or more light fixtures.

US Pat. No. 10,397,760

USER TERMINAL DEVICE AND METHOD FOR PROVIDING WEB SERVICE THEREOF

Samsung Electronics Co., ...

1. A method for providing a web service including a user terminal device, the method comprising:connecting the user terminal device to a plurality of Internet of Things (IoT) devices, and to a web server which provides a plurality of web services;
setting, via the user terminal device, at least one of the plurality of web services provided by the web server based on a received user command;
identifying at least one IoT device, of the plurality of IoT devices, corresponding to the set web service;
transmitting, from the user terminal device, information on an address of the set web service to the identified IoT device;
wherein the IoT device connects to the web server based on the address information and downloads script information corresponding to the web service from the web server not via the user terminal;
wherein the IoT device, in response to sensing a predetermined state of the IoT device among a plurality of predetermined states included in the script information regarding the IoT device, transmits Uniform Resource Locator (URL) information corresponding to the predetermined state to the user terminal to perform a web service corresponding to the sensed predetermined state; and
wherein the user terminal, in response to receiving the URL information from the IoT device, provides the web service based on the received URL information.

US Pat. No. 10,397,755

GROUP MESSAGING CANCELLATION METHOD IN WIRELESS COMMUNICATION SYSTEM AND DEVICE THEREFOR

LG ELECTRONICS INC., Seo...

1. A method for cancelling a group messaging performed by a network node in a wireless communication system, comprising:receiving a group messaging cancellation request message that includes a group messaging identifier for a group messaging requested to be cancelled and cancellation indication information;
stopping a transmission of the group messaging that corresponds to the group messaging identifier, and transmitting the group messaging identifier to a user equipment,
wherein cancellation of the group messaging is rejected, in order not to transmit the group messaging identifier, when a time window has already expired after a point in time of transmitting the group messaging; and
transmitting an RRC Connection Reject message when an RRC Connection Request message that includes the group messaging identifier is received.

US Pat. No. 10,397,752

REAL-TIME DISCOVERY OF INTERESTS OF INDIVIDUALS AND ORGANIZATIONS PARTICIPATING IN A PHYSICAL EVENT

INTERNATIONAL BUSINESS MA...

1. A system comprising:one or more computer inputs configured to receive input signals from at least a room entrance monitor and a room exit monitor, the input signals identifying locations of one or more participants in a venue, the venue having one or more sessions, wherein the one or more computer inputs are configured to identify a respective session location of the venue for each session attended to by the one or more participants;
a timer coupled for communication to the one or more computer inputs, wherein the timer is configured to determine a respective session attendance time for each of the one or more participants for each session attended to by the one or more participants, wherein the session attendance times are determined based on the identified locations of the one or more participants and on the identified session locations of the venue;
an aggregator coupled for communication to the one or more computer inputs and to the timer, the aggregator configured to determine one or more interests of each of the one or more participants by aggregating common session characteristics with participant behavioral characteristics and ranking a degree of interests for each of the one or more participants, wherein the participant behavioral characteristics includes the session attendance times;
a matcher coupled for communication to the aggregator and configured to receive one or more interest group ranked lists of interest group interests for each of one or more interest groups, each of the one or more interest groups including at least one representative, the matcher further configured to match one or more of the one or more interest groups to one or more of the one or more participants by matching the degree of interests for each of the one or more participants to the interest group interests based, at least in part, on: (a) a topics relevancy ranking for each of the one or more participants, (b) a ratio between a session attendance time of each of the one or more participants and a total duration of a session, (c) a session weight, and (d) a number of co-occurrences of the same topic among sessions attended to by the one or more participants, wherein the topics relevancy ranking for each of the one or more participants is adjusted based on the ratio; and
a signal output coupled for communication to the matcher, the signal output being configured to transmit an output signal to the at least one representative based on a relevancy parameter between the degree of interests of one of the one or more participants and the one or more interest groups associated with the at least one representative is above a threshold.

US Pat. No. 10,397,750

METHOD, CONTROLLER, TELEPRESENCE ROBOT, AND STORAGE MEDIUM FOR CONTROLLING COMMUNICATIONS BETWEEN FIRST COMMUNICATION DEVICE AND SECOND COMMUNICATION DEVICES

PANASONIC INTELLECTUAL PR...

1. A method for controlling communications between a first communication device and second communication devices, the method comprising:(A) receiving, from the second communication devices, device identification information items for identifying the second communication devices, and situation information items for grasping situations around the second communication devices;
(B) when at least one of the received situation information items includes an information item on a user, updating a neighborhood information database indicating which second communication device is around the user, based on the information item on the user and the at least one of the device identification information items;
(C) when receiving a request for connection to the user from the first communication device, selecting, from among the second communication devices, a second communication device present around the user with reference to the neighborhood information database; and
(D) communicably connecting the selected second communication device and the first communication device.

US Pat. No. 10,397,713

EARPIECE FOR A HEARING DEVICE AND A HEARING DEVICE

1. An earpiece for a hearing device, the earpiece comprising:an earpiece housing comprising an ear canal part and an intermediate part, wherein the ear canal part extends along an ear canal axis of the earpiece, with an ear canal plane of the earpiece being perpendicular to the ear canal axis, the ear canal part configured to output sound along a sound output direction, the intermediate part having a first end and a second end and extending along an intermediate axis; and
a cable with a first end connected to the intermediate part, the cable exiting the intermediate part along a cable exit axis, the cable exit axis forming a first exit angle with respect to the ear canal plane, wherein the first exit angle is in a range from 5 to 45 degrees, wherein an exiting direction of the cable has a directional component that is (1) parallel to the ear canal axis of the earpiece and (2) opposite from the sound output direction of the ear canal part.

US Pat. No. 10,397,708

PIEZOELECTRIC ELEMENT, PIEZOELECTRIC MICROPHONE, PIEZOELECTRIC RESONATOR AND METHOD FOR MANUFACTURING PIEZOELECTRIC ELEMENT

MURATA MANUFACTURING CO.,...

1. A piezoelectric device, comprising:a support defining a space; and
four triangular-shaped piezoelectric elements supported by the support, each of the four triangular-shaped piezoelectric elements including:
a first piezoelectric layer;
a second piezoelectric layer on the first piezoelectric layer;
a first electrode on a side of the first piezoelectric layer opposite from the second piezoelectric; and
a second electrode on a side of the second piezoelectric layer opposite from the first piezoelectric layer,
wherein each of the each of the four triangular-shaped piezoelectric elements are separated from each other by slits extending contiguous with the space such that each of the four triangular-shaped piezoelectric elements has an open end portion not fixed by the support and a fixed end opposite the open end portion, each of the slits having a respective notch at an end thereof proximal to the fixed end, each respective notch having a width greater than that of the slit.

US Pat. No. 10,397,686

DETECTION OF MOVEMENT ADJACENT AN EARPIECE DEVICE

1. An earpiece comprising:an earpiece housing;
a processor disposed within the housing; and
a sensor system associated with the earpiece housing, the sensor system operatively connected to the processor, wherein the sensor system comprises an emitter and a detector;
wherein the sensor system is configured to detect skin touches on skin of a user, the skin touches proximate to, but not touching, the sensor system;
wherein the processor is configured to interpret data from the sensor system to identify occurrences of the skin touches on the skin of the user.

US Pat. No. 10,397,642

TRANSMISSION DEVICE, TRANSMISSION METHOD, AND RECEPTION DEVICE

SONY CORPORATION, Tokyo ...

1. A transmission device, comprising:an image encoding circuit that generates a basic video stream including encoded image data of basic format image data and an extended video stream including encoded image data of each of a predetermined number of pieces of high-quality format image data; and
a transmitter that transmits a container of a predetermined format including the basic video stream and the extended video stream, wherein
the image encoding circuit inserts identification information into a header of the encoded image data of the basic format image data and a header of the encoded image data of each of the predetermined number of pieces of high-quality format image data,
the identification information in the header of the encoded image data of the basic format image data indicates a basic format, and
the identification information in the header of the encoded imaged data of each of the predetermined number of pieces of high-quality format image data indicates one of a plurality of different high-quality formats, wherein the identification information in the header of the encoded imaged data of each of the predetermined number of pieces of high-quality format image data indicates which of a plurality of different extension components are included in the container.

US Pat. No. 10,397,633

RECEIVER APPARATUS AND SYNCHRONIZATION PROCESSING METHOD THEREOF

Saturn Licensing LLC, Ne...

1. A receiver apparatus, comprising:circuitry configured to:
generate criterion time;
receive a first image stream from a broadcast transmission, a first time code comprised in each first unit of the first image stream and decode the first image stream based on the generated criterion time;
obtain an instruction to synchronize the first image stream with a second image stream received via a network, a second time code being comprised in at least each first unit of the second image stream;
upon obtaining the instruction to synchronize, obtain a first time code received in the received first image stream after the instruction to synchronize is obtained and a second time code received in the second image stream after the instruction to synchronize is obtained, and calculate an amount of delay of the obtained corresponding second time code behind the obtained first time code;
adjust the criterion time based on the amount of delay; and
pause decoding of the first image stream when the instruction to synchronize is obtained until the adjusted criterion time is reached and, when the adjusted criterion time is reached, resume decoding the first image stream and begin decoding the second image stream in synchronization with the first image stream, wherein
the obtained first time code is a chronologically first time code included in the first image stream after the instruction to synchronize is obtained, and
the obtained second time code is a chronologically first time code included in the second image stream after the instruction to synchronize is obtained.

US Pat. No. 10,397,632

TOUCH GESTURE CONTROL OF VIDEO PLAYBACK

GOOGLE LLC, Mountain Vie...

1. A method, comprising:providing, by a processing device, a video item for playback;
receiving an indication of a touch gesture made by a user with respect to a touchscreen of a user device;
determining whether the touch gesture with respect to the touchscreen of the user device qualifies as a swipe gesture that corresponds to a straight line in a particular direction that at least starts within a portion of a user interface (UI) comprising a media player to play the video item, wherein another portion of the UI that is outside the portion of the UI comprising the media player is located at a side of or below the portion of the UI comprising the media player; and
in response to determining the touch gesture with respect to the touchscreen of the user device qualifies as the swipe gesture that corresponds to the straight line in the particular direction that at least starts within the portion of the UI comprising the media player, moving the playback of the video item from a first point in time to a second point in time by a predetermined amount of time irrespective of a length of the qualified touch gesture that at least starts within the portion of the UI comprising the media player and without additional user input to select the second point in time for the playback of the video item, wherein the predetermined amount of time for moving the playback of the video is a same fixed time for any video items, independent of a length of the any video items, and independent of a user selection of the predetermined amount of time.

US Pat. No. 10,397,631

METHOD AND APPARATUS FOR FLEXIBLE CONSUMPTION OF MEDIA CONTENT

1. A device comprising:a memory to store executable instructions; and
a processing system including a processor communicatively coupled to the memory, wherein the processor, responsive to executing the executable instructions, performs operations comprising:
receiving from a content providing network, a playlist of media content, wherein the playlist of media content is an aggregation of a first service providing subscription-based media content and a second service providing non-subscription-based media content, wherein the playlist of media content is generated based on preferences of a user of the device, first prior media consumption that is associated with a subscription television service, and second prior media consumption that is associated with an internet-based service, and wherein the playlist of the media content excludes content not compatible with a plurality of viewing devices for viewing media content;
presenting the playlist at a first display of the device;
receiving a first selection of first media content from the playlist;
determining an availability of the plurality of viewing devices for receiving the first selection as a plurality of available devices;
presenting, at the first display, a menu of the plurality of available devices for viewing the media content responsive to the receiving of the first selection;
receiving a second selection of a first viewing device for the first media content from the menu of the plurality of available devices;
transmitting the first selection and the second selection to the content providing network responsive to the receiving of the second selection;
receiving the first media content from the content providing network wherein the content providing network selects a first communication path of a first plurality of communication paths between the content providing network and the device according to a first communication factor, wherein the first communication factor includes a first availability of the first communication path among the first plurality of communication paths and a subscription status of an account for the user;
streaming the first media content to the first viewing device for presentation of the first media content at a second display of the first viewing device, wherein the first viewing device comprises a computer device associated with the second display;
receiving supplementary content from the content providing network responsive to the transmitting of the first selection and the second selection, wherein the supplementary content comprises internet-based content that is associated with the first media content;
presenting, at the first display, the supplementary content and a set of controls to remotely control presentation of the first media content at the first viewing device as a companion page;
receiving a third selection of a first control of the set of controls from the companion page;
responsive to receiving the third selection of the first control, swapping presentation of the first media content to the first display and presentation of the supplementary content to the first viewing device; and
selecting a second communication path of a second plurality of communication paths between the device and the first viewing device according to a second communication factor, wherein the second communication factor includes a bandwidth of the second communication path among the second plurality of communication paths, a second availability of the second communication path among the second plurality of communication paths, and the subscription status of the account for the user; and
forwarding the supplementary content to the first viewing device via the second communication path.

US Pat. No. 10,397,629

BROADCAST TRANSITION CHANNEL

SATURN LICENSING LLC, Ne...

1. A reception apparatus comprising:an input interface configured to receive a selection of one of a plurality of broadcast television services broadcast from a distribution system and provided from a plurality of different broadcast providers on a broadcast channel in a first predetermined frequency range that is different from a second predetermined frequency range in which the broadcast providers broadcast a further plurality of broadcast television services;
a tuner tunable to the broadcast channel and at least one further broadcast channel in the second predetermined frequency range;
a decoder configured to decode the selected one of the plurality of broadcast television services on the tuned broadcast channel; and
a display interface configured to output the selected one of the plurality of broadcast television services on the broadcast channel for display, wherein
the plurality of broadcast television services corresponds to next generation broadcast television (NGBT) services and the further plurality of broadcast television services corresponds to existing non-NGBT broadcast services, and
the reception apparatus is configured to receive at least one television program in the plurality of broadcast television services that is the same as a television program in the further plurality of broadcast television services.

US Pat. No. 10,397,628

EDGE OPTIMIZED TRANSRATING SYSTEM

ORCKIT IP, LLC, Dover, D...

1. A system for carrying video data from a video source to a video display over first and second networks, the first network is a packet-based network, the system comprising:a first device connectable between the video source and the first network for receiving a first video stream in a data format from the video source, the first device comprises a multirater or a transrater for translating the first video stream to one or more second video stream having a lower bit rate and the data format, the first device operative for transmitting the first and second video streams to the first network;
a second device connectable between the first network and the second network for receiving the video streams from the first network, for selecting one of the first and the second video stream, and for transmitting the selected video stream to the second network; and
a third device connectable between the second network and the video display for receiving the selected video stream from the second network and for transmitting the selected video stream to the video display to be displayed thereon.

US Pat. No. 10,397,626

SYSTEMS AND METHODS FOR PROVIDING ACCESS TO RIGHTS HOLDER DEFINED VIDEO CLIPS

IPAR, LLC, San Francisco...

1. A computer-implemented method of providing access to a portion of a video to a requesting user, comprising:providing, by a server system comprising one or more hardware servers using one or more data processors, a media content over a network to a licensee that is granted permission to define media content clips from the media content;
receiving, at the system, from the licensee, over the network, a starting point within the media content and an ending point within the media content to define a media content clip located between the starting point and the ending point; and
determining, by the system, based on rights definitions contained in a rights enabler data store of the system whether the licensee is permitted to distribute the media content clip, based on criteria of:
whether the licensee has defined more than a threshold number of clips for access by parties other than the licensee based on a rights definition in the data store that identifies the threshold number of clips; and
whether the media content clip for access by parties other than the licensee is greater than a threshold length based on a rights definition in the data store that identifies the threshold length; and
whether the media content clip for access by parties other than the licensee includes a predetermined portion of the media content based on a rights definition in the data store that identifies the predetermined portion that is not permitted to be included in a permitted media content clip;
when the determining concludes that the licensee is permitted to distribute the clip:
storing, by the system, a definition of the media content clip in the clip rights enabler data store; and
automatically transmitting, by the system, over the network a link from the clip rights enabler data store to a plurality of pre-identified third party users by which a third party requesting user is provided access to the media content clip according to the definition, wherein the third party requesting user is provided access by accessing, over the network, the clip rights enabler data store of the server system to access the definition of the media content clip and providing the media content clip to the third party requesting user according to the definition, such that the third party requesting user is provided access over the network to only the portion of the video between the starting point and the ending point; and
after the determining, receiving, by the system, an instruction from a licensor of the media content to adjust the rights definitions contained in the rights enabler data store;
adjusting, by the system, the rights definitions contained in the rights enabler data store in accordance with the received instruction from the licensor;
receiving, by the system, from the licensee, over the network, another starting point within the media content and another ending point within the media content to define another media content clip located between said another starting point and another ending point; and
determining, by the system, based on adjusted rights definitions contained in the rights enabler data store whether the licensee is permitted to distribute said another media content clip based on the criteria.

US Pat. No. 10,397,625

MOVING-IMAGE PARAMETER SELECTION DEVICE, MOVING-IMAGE PARAMETER SELECTION METHOD, AND PROGRAM

NIPPON TELEGRAPH AND TELE...

1. A moving-image parameter selection device, comprising:a memory configured, for each distribution of a video in a past, to associate a combination of values of moving-image parameters used for the distribution, with a Key Performance Indicator (KPI) related to the distribution, to store the associated combination; and
processing circuitry configured, for each of the combinations, to
calculate an average of the KPI, to execute a significance test for each of the averages of the KPIs with respect to one of the averages of the KPIs of the combinations, and based on results of the significance tests, to select a part of combinations among the combinations, and
output the selected part of combinations to a service provider which controls distribution of the video in real time based on the selected part of combinations,
wherein the moving image parameters for the selected part of combinations includes at least one of a video bit rate, audio bit rate, video encoding scheme identification, an audio encoding scheme identification, frame size, and framerate, and types of the moving-image parameters and values for the moving-image parameters used when distributing the video depend on a service design of the service provider, and are selected by the service provider, and
the average of the KPI is based on at least one of values among an average of viewing and listening time, an average of viewing and listening completion rate, an average of website dwell time, an average of application dwell time, and an average of rating of the video, and types of the averages to be based on depend on the service design of the service provider, and are selected by the service provider.

US Pat. No. 10,397,618

METHOD, AN APPARATUS AND A COMPUTER READABLE STORAGE MEDIUM FOR VIDEO STREAMING

Nokia Technologies Oy, E...

1. A method comprising:requesting, by a client, an independently coded first representation of a video content component from a server;
receiving and playing a first set of data units of the independently coded first representation;
requesting, by the client, a second set of data units of a second representation, the second set of data units being dependently coded on one or more requested or buffered data units of the first set;
requesting, by the client, a third set of independently coded data units of a third representation; and
parsing, by the client, the third representation to be equivalent to the second representation in terms of a represented view, a picture quality, and a spatial resolution.

US Pat. No. 10,397,617

GRAPHICAL DISPLAY CONTENT MONITOR

NXP USA, Inc., Austin, T...

1. A display system, comprising:a display screen;
a frame buffer to store an original image frame of a sequence of image frames;
a difference injector coupled to the frame buffer to modify the original image frame by a known image artifact to generate a modified original image frame;
a display controller coupled to the display screen to sequentially display the original image frame and the modified original image frame at the display screen;
a power measurement circuit configured to measure an original frame power characteristic indicative of power consumed by the display screen during display of the original image frame, and to measure a modified frame power characteristic of power consumed by the display during display of the modified original image frame;
an arithmetic controller to determine an original differential power characteristic between the original frame power characteristic and the modified original frame power characteristic; and
an error detector to determine, based upon the original differential power characteristic, whether the known image artifact has been displayed on the display.

US Pat. No. 10,397,615

STRONG DEBLOCKING FILTERING DECISIONS

TELEFONAKTIEBOLAGET LM ER...

1. A deblocking filter control method comprising:a) checking whether pixels values of four pixels in a line of pixels in a block of pixels form an approximate line;
b) checking whether pixel values of four pixels in said line of pixels in a neighboring block of pixels form an approximate line; and
selecting to apply strong deblocking filtering to pixel values in said line of pixels in said block of pixels and said neighboring block of pixels if said pixel values of said four pixels in said block of pixels form an approximate line and if said pixel values of said four pixels in said neighboring block of pixels form an approximate line,
wherein said approximate lines formed by said four pixels in said block of pixels and in said neighboring block of pixels are ramp-shaped,wherein:a) checking whether said pixel values form an approximate line comprises:
a1) checking whether pixel values of a first pixel, a second pixel and a third pixel, relative to a block boundary between said block of pixels and said neighboring block of pixels, in said line of pixels in said block of pixels form an approximate line; and
a2) checking whether pixel values of said second pixel, said third pixel and a fourth pixel, relative to said block boundary, in said line of pixels in said block of pixels form an approximate line;
b) checking whether said pixel values form an approximate line comprises:
b1) checking whether pixel values of a first pixel, a second pixel and a third pixel, relative to said block boundary, in said line of pixels in said neighboring block of pixels form an approximate line; and
b2) checking whether pixel values of said second pixel, said third pixel and a fourth pixel, relative to said block boundary, in said line of pixels in said neighboring block of pixels form an approximate line; and
selecting to apply strong deblocking filtering comprises selecting to apply strong deblocking filtering if said pixel values of said first pixel, said second pixel and said third pixel in said block of pixels form an approximate line, if said pixel values of said second pixel, said third pixel and said fourth pixel in said block of pixels form an approximate line, if said pixel values of said first pixel, said second pixel and said third pixel in said neighboring block of pixels form an approximate line, and if said pixel values of said second pixel, said third pixel and said fourth pixel in said neighboring block of pixels form an approximate linewherein,a) checking whether said pixel values form an approximate line comprises:
a1) calculating dpi=|p2i?2×p1i+p0i|, wherein p0i denotes a pixel value of said first pixel in said line of pixels in said block of pixels, p1i denotes a pixel value of said second pixel in said line of pixels in said block of pixels, and p2i denotes a pixel value of said third pixel in said line of pixels in said block of pixels; and
a2) calculating dpi_side=|p3i?2×p2i+p1i|, wherein p3i denotes a pixel value of said fourth pixel in said line of pixels in said block of pixels;
b) checking whether said pixel values form an approximate line comprises:
b1) calculating dqi=|q2i?2×q1i+q0i|, wherein q0i denotes a pixel value of said first pixel in said line of pixels in said neighboring block of pixels, q1i denotes a pixel value of said second pixel in said line of pixels in said neighboring block of pixels, and q2i denotes a pixel value of said third pixel in said line of pixels in said neighboring block of pixels; and
b2) calculating dqi_side=|q3i?2×q2i+q1i|, wherein q3i denotes a pixel value of said fourth pixel in said line of pixels in said neighboring block of pixels; and
selecting to apply strong deblocking filtering comprises selecting to apply strong deblocking filtering if (dpi+dqi)

US Pat. No. 10,397,614

IMAGE PROCESSING APPARATUS AND METHOD

SONY CORPORATION, Tokyo ...

1. An image processing apparatus, comprising:a central processing unit (CPU) configured to:
encode image data in which a plurality of images are separated on a pixel by pixel basis,
wherein the image data has same type of color filters allocated in RAW data before a demosaicing process on the plurality of images, and
wherein the separated plurality of images are in a particular data unit; and
generate a bit stream including the encoded image data and information indicating:
a type of the particular data unit that includes the plurality of images, and
whether to perform a bit stream constraint included in the bit stream,
wherein a CFAP_bitstream_constraint_indication_flag indicates 1 when the CPU performs the bit stream constraint.

US Pat. No. 10,397,613

METHOD FOR DERIVING A MOTION VECTOR

Velos Media, LLC, Plano,...

1. A method for deriving a motion vector of a current block in a current frame, the method comprising:deriving at least one first motion vector used for a pixel prediction located in one or more blocks adjacent to the current block in the current frame;
deriving an intermediate position of the current block by using a top-left position of the current block, a horizontal size of the current block and a vertical size of the current block;
deriving a modified position by performing an arithmetic left shift operation of 4 units after an arithmetic right shift operation of 4 units to the intermediate position;
deriving a second motion vector used for a pixel prediction located at the modified position in a previous frame;
generating a motion vector predictor candidate list comprising the at least one first motion vector and the second motion vector;
selecting a motion vector predictor from the motion vector predictor candidate list; and
deriving the motion vector of the current block by using the motion vector predictor.

US Pat. No. 10,397,612

THREE-DIMENSIONAL VIDEO ENCODING METHOD, THREE-DIMENSIONAL VIDEO DECODING METHOD, AND RELATED APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A method, comprising:decoding a video bitstream to obtain a single sample flag bit corresponding to a current image block in a current depth map, a size of the current image block being n*n, and n being a positive even number;
performing detection on an upper adjacent pixel of a ((n+2)/2)th pixel on an upper edge of the current image block and a left adjacent pixel of a ((n+2)/2)th pixel on a left edge of the current image block in the current depth map in response to the single sample flag bit indicating that a decoding mode corresponding to the current image block is a single depth intra-frame mode (SDM), available adjacent prediction sampling points of the current image block comprising only the upper adjacent pixel and the left adjacent pixel;
in response to the upper adjacent pixel being available and the left adjacent pixel being available:
setting a depth value of the upper adjacent pixel into a first index location corresponding to the current image block; and
setting a depth value of the left adjacent pixel into a second index location corresponding to the current image block;
in response to the upper adjacent pixel available and the left adjacent pixel being unavailable doing at least one of the following four actions:
setting the depth value of the upper adjacent pixel into the first index location corresponding to the current image block and setting the depth value of the upper adjacent pixel into the second index location corresponding to the current image block;
setting the depth value of the upper adjacent pixel into the first index location corresponding to the current image block and setting a second depth value obtained by adding the depth value of the upper adjacent pixel to a first adjustment value into the second index location corresponding to the current image block;
setting the depth value of the upper adjacent pixel into the first index location corresponding to the current image block and setting a third depth value obtained by subtracting a second adjustment value from the depth value of the upper adjacent pixel into the second index location corresponding to the current image block; or
setting the depth value of the upper adjacent pixel into the first index location corresponding to the current image block and using a second preset depth value as a candidate value recorded in the second index location corresponding to the current image block;
in response to the upper adjacent pixel being unavailable and the left adjacent pixel being unavailable:
using a first preset depth value as a candidate value recorded in a first index location corresponding to the current image block; and
using the second preset depth value as the candidate value recorded in the second index location corresponding to the current image block;
in response to the upper adjacent pixel being unavailable and the left adjacent pixel being available doing at least one of the following four actions:
setting the depth value of the left adjacent pixel into the first index location corresponding to the current image block and setting the depth value of the left adjacent pixel into the second index location corresponding to the current image block;
setting the depth value of the left adjacent pixel into the first index location corresponding to the current image block and setting a fourth depth value obtained by adding the depth value of the left adjacent pixel to the first adjustment value into the second index location corresponding to the current image block;
setting the depth value of the left adjacent pixel into the first index location corresponding to the current image block and setting a fifth depth value obtained by subtracting the second adjustment value from the depth value of the left adjacent pixel into the second index location corresponding to the current image block; or
setting the depth value of the left adjacent pixel into the first index location corresponding to the current image block and using the second preset depth value as the candidate value recorded in the second index location corresponding to the current image block;
decoding the video bitstream to obtain a single sample index flag bit corresponding to the current image block;
obtaining a candidate depth value located in an index location that is indicated by the single sample index flag bit according to the index location indicated by the single sample index flag bit obtained by decoding;
using the candidate depth value as a prediction sample value of at least one of a plurality of pixels of the current image block; and
reconstructing the current image block using the prediction sample value of the at least one of the pixels of the current image block.

US Pat. No. 10,397,611

METHOD AND DEVICE FOR ENCODING/DECODING 3D VIDEO

LG ELECTRONICS INC., Seo...

1. A method for decoding a 3D video, the method comprising:receiving a single depth mode (SDM) flag information indicating whether the SDM for an intra prediction is applied to a current block and index information for the SDM;
determining, when the SDM is applied to the current block, a first candidate and a second candidate based on neighboring reference samples of the current block;
generating a prediction sample of the current block based on one of the first candidate and the second candidate indicated by the index information; and
reconstructing a current picture of the 3D video comprising the current block based on the generated prediction sample,
wherein the neighboring reference samples comprise a first neighboring reference sample positioned on a coordinate of (?1, n/2) and a second neighboring reference sample positioned on a coordinate of (n/2, ?1),
wherein the n represents a length of one side of the current block and a top-left sample of the current block is positioned on a coordinate of (0, 0), and
wherein the number of the neighboring reference samples is two, and the first neighboring reference sample positioned on the coordinate of (?1, n/2) is adjacent to left boundary of the current block and the second neighboring reference sample positioned on the coordinate of (n/2, ?1) is adjacent to upper boundary of the current block.

US Pat. No. 10,397,609

METHOD AND APPARATUS FOR PREDICTING RESIDUAL

1. A method for predicting a residual, characterized in that the method is applied to three-dimensional video encoding or multi-visual angle video encoding, the method comprising:searching, when performing inter frame image prediction encoding on a prediction unit, a corresponding unit of the prediction unit in an adjacent visual angle encoded at the same time; and
predicting a time domain predicted residual of the prediction unit based on a time domain predicted residual of the corresponding unit in the encoded adjacent visual angle, the predicting including predicting the time domain predicted residual of the prediction unit based on a weighted time domain predicted residual of the corresponding unit in the encoded adjacent visual angle when the prediction unit adopts a bi-directional prediction and a first one of two prediction blocks of the prediction unit is a time domain prediction block and a second one of the two prediction blocks is an adjacent visual prediction block;
the searching including:
judging, when performing inter frame image prediction encoding on the prediction unit, whether the prediction unit adopts a time domain prediction; and
searching, if it is determined the prediction unit adopts the time domain prediction, the corresponding unit of the prediction unit in the adjacent visual angle encoded at the same time; and
the judging including:
judging, according to a flag bit of an encoding unit level, whether a mode adopted by the prediction unit is a mode without residual prediction or a mode with residual prediction; and
further judging, if the prediction unit adopts the mode with residual prediction, whether the prediction unit adopts the time domain prediction.

US Pat. No. 10,397,608

LOW-COMPLEXITY INTRA PREDICTION FOR VIDEO CODING

NTT DOCOMO, INC., Tokyo ...

1. A video encoding method executed by a processor of a video encoder, comprising:a step of retrieving at least some pixels from an array of vertical boundary pixels;
a step of adding the retrieved pixels to an array of horizontal boundary pixels, to extend the array of horizontal boundary pixels; and
a step of performing intra prediction based on the extended array of horizontal boundary pixels,
wherein the step of retrieving includes:
obtaining InvAngle from a look-up table which lists values of InvAngle in relation to values of angle* representing a prediction direction; and
identifying the at least some pixels among the vertical boundary pixels, by using a vertical pixel identifier which is expressed by a function using [col×InvAngle], where col is a counter which is decremented by 1 from ?1 to (size×angle*/rangelimit), where the size is a size of a target block and the rangelimit defines the range of angle*, and
wherein the step of adding includes:
adding a pixel identified by the vertical pixel identifier to the horizontal boundary pixels at a location identified by a horizontal pixel identifier [col].

US Pat. No. 10,397,607

COLOR RESIDUAL PREDICTION FOR VIDEO CODING

QUALCOMM Incorporated, S...

1. A method of decoding encoded video data, the method comprising:based on each respective transform unit size of respective transform unit sizes of a first set of blocks of a picture of the encoded video data being greater than 4×4, decoding each respective block of the first set of blocks of the picture to produce a respective block of reconstructed luma residual values and a respective block of predicted chroma residual values, wherein each respective block of the first set of blocks of the picture has one of a 4:2:0 or a 4:2:2 chroma sub-sampling format;
based on each of the respective transform unit sizes of the first set of blocks being greater than 4×4, performing a color residual prediction process to reconstruct a respective block of chroma residual values for each respective block of the first set of blocks of the picture using a subset of the reconstructed luma residual values for the respective block as luma predictors for the respective block of predicted chroma residual values;
based on each respective transform unit size of respective transform unit sizes of a second set of blocks of the picture being less than or equal to 4×4, decoding each respective block of the second set of blocks of the picture without performing color residual prediction;
decoding a luma coded block flag for a first block of the second set of blocks of the picture of the encoded video data, wherein the first block of the second set of blocks has one of a 4:2:0 or a 4:2:2 chroma sub-sampling format and
decoding the first block of the second set of blocks of the picture without performing color residual prediction based on the luma coded block flag indicating that the first block of the picture has no non-zero luma transform coefficients.

US Pat. No. 10,397,604

METHOD AND APPARATUS FOR IMAGE ENCODING/DECODING

Electronics and Telecommu...

1. A method for image decoding that supports multiple layers performed by an image decoding apparatus, the method comprising:analyzing a first layer dependency on a current layer based on a video parameter set (VPS) extension;
analyzing a second layer dependency on a current slice based on information encoded in a slice unit, wherein analyzing the second layer dependency on the current slice comprises
determining whether the current slice uses the first layer dependency of the VPS extension or the second layer dependency of the slice unit,
obtaining, in response to a determination that the current slice uses the second layer dependency of the slice unit, first information indicating the number of reference pictures for inter-layer prediction of the current slice and second information identifying reference layers to which the reference pictures belong, the first information and the second information being signaled in the slice unit, and
analyzing the second layer dependency on the current slice based on the first information and the second information;
constructing a reference picture list for the current slice based on at least one of the first layer dependency on the current layer and the second layer dependency on the current slice; and
performing prediction to generate a prediction block of a current block to be decoded.

US Pat. No. 10,397,578

NESTED ENTROPY ENCODING

Dolby International AB, ...

1. A method for decoding a motion vector predictor of a current block in a picture of a sequence of pictures, the method comprising:accessing a current block in the picture;
identifying a first block and a second block that are each adjacent to the current block in the picture;
conditioned on determining that a motion vector of the first block is not equal to a motion vector of the second block, including, in a motion vector predictor candidate set for the current block, the motion vector of the first block and the motion vector of the second block;
conditioned on determining that the motion vector of the first block is equal to the motion vector of the second block, including, in the motion vector predictor candidate set for the current block, one of the motion vector of the first block or the motion vector of the second block;
receiving a flag from a bitstream, the flag indicating whether a temporally-located motion vector can be used as a motion vector predictor;
conditioned on determining that the flag indicates that a temporally-located motion vector can be used as a motion vector predictor, including a motion vector of a block in another picture in the motion vector predictor candidate set for the current block;
conditioned on determining that the flag indicates that a temporally-located motion vector cannot be used as a motion vector predictor, excluding, from the motion vector predictor candidate set for the current block, the motion vector of the block in the other picture;
selecting a motion vector from the motion vector predictor candidate set as the motion vector predictor of the current block;
deriving a motion vector for the current block based on the selected motion vector predictor and a motion vector differential; and
generating a residual block as a difference between the current block and a reference block identified by the motion vector for the current block.

US Pat. No. 10,397,573

METHOD AND SYSTEM FOR GENERATING A TRANSFORM SIZE SYNTAX ELEMENT FOR VIDEO DECODING

Dolby Laboratories Licens...

1. A method for video signal processing, the method comprising:receiving an intra-predicted macroblock;
receiving a macroblock type of the intra-predicted macroblock indicating a transform size;
receiving a transform syntax element generated based on the transform size that indicates an inverse transform size for use with the intra-predicted macroblock,
deriving, based on the macroblock type, a flag indicating whether a sub-partition of the intra-predicted macroblock uses a size other than 8×8;
selecting a transform size based on the macroblock type, transform syntax element and the flag;
re-scaling and inverse transforming the received macroblock based on the selected inverse transform size to generate an inverse transformed macroblock;
reconstructing a reconstructed macroblock based on the inverse transformed macroblock; and
deblock filtering the reconstructed macroblock,
wherein selecting the transform size includes selecting an N×N transform size when the macroblock type is an N×N macroblock type and selecting an M×M transform size when the macroblock type is an M×M macroblock type, wherein N and M are integer values and M is greater than N.

US Pat. No. 10,397,535

OPTICAL MICRO-PROJECTION SYSTEM AND PROJECTION METHOD

North Inc., Kitchener, O...

1. A system comprising:a photodiode to receive a reflection of a light beam emitted by a light source onto a projection field;
a processor coupled to the photodiode and the light source; and
a memory coupled to the processor, the memory comprising instructions that when executed by the processor cause the processor to:
receive, from the photodiode, an indication of the reflection of the emitted light beam;
detect, based on the reflection, an object proximate to the projection field;
determine a distance between the light source and the object at a plurality of points on the object;
determine a volume of the object based at least in part on the determined distances; and
cause the light source to emit the light beam to project an image around the object.

US Pat. No. 10,397,528

PROVIDING STATUS INFORMATION FOR SECONDARY DEVICES WITH VIDEO FOOTAGE FROM AUDIO/VIDEO RECORDING AND COMMUNICATION DEVICES

Amazon Technologies, Inc....

1. An audio/video recording and communication device (A/V device) comprising:a camera configured to capture image data;
a communication module; and
a processing module operatively connected to the camera and the communication module, wherein the processing module is in network communication with at least one secondary device via the communication module, the processing module comprising:
a processor; and
one or more computer-readable media storing a device status check application comprising instructions that, when executed by the processor cause the processor to perform operations including:
receiving a secondary device state request signal from a server via the communication module, wherein the server is in network communication with the A/V device;
checking a status of the at least one secondary device in network communication with the processing module;
generating a secondary device status update signal, wherein the secondary device status update signal provides the status of the at least one secondary device based on the checked status; and
transmitting the secondary device status update signal to the server using the communication module.

US Pat. No. 10,397,493

DUAL LENS SYSTEM HAVING A LIGHT SPLITTER

SZ DJI TECHNOLOGY CO., LT...

1. A system for capturing images, said system comprising:an optical element configured to separate light into a first light beam and a second light beam;
a first lens module configured to focus the first light beam;
a second lens module configured to focus the second light beam;
a first sensor having a first sensor size and configured to capture a first image from the first light beam focused by the first lens module onto the first sensor;
a second sensor having a second sensor size and configured to capture a second image from the second light beam focused by the second lens module onto the second sensor, wherein the second sensor size is different from the first sensor size; and
one or more processors configured to:
modify the first image or the second image based on the first sensor size and the second sensor size to generate a modified image; and
generate a combined image based on the modified image, wherein the first sensor size is a first pixel size and the second sensor size is a second pixel size, and wherein modifying the first image comprises scaling the first image by

 and modifying the second image comprises scaling the second image by

US Pat. No. 10,397,483

IMAGE PROCESSING DEVICE, IMAGE PROCESSING SYSTEM AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING PROGRAM

FUJI XEROX CO., LTD., Mi...

1. An image processing device comprising:a computer-readable memory having stored therein program instructions; and
a processor configured to execute the program instructions, that when executed implement:
an acceptance unit that accepts an image information pair composed of image information before color conversion and image information after color conversion;
an accuracy output unit that outputs accuracy of a color conversion property from a plurality of the image information pairs accepted by the acceptance unit;
a color conversion property creation unit that creates the color conversion property from a plurality of the image information pairs accepted by the acceptance unit; and
a display control unit that, when the acceptance unit accepts a new image information pair, controls to display, on a display device, at least image information created by color conversion of image information of the new image information pair before color conversion based on the color conversion property created by the color conversion property creation unit from the image information pair that has already been accepted by the acceptance unit and image information of the new image information pair after color conversion.

US Pat. No. 10,397,471

IMAGE PROCESSING APPARATUS, LOCATION INFORMATION ADDING METHOD

SONY CORPORATION, Tokyo ...

1. A first information processing apparatus, comprising:a control unit configured to:
determine a condition that first information of the first information processing apparatus is undetected;
acquire captured image data;
control a display screen to display an information input image based on the acquired captured image data,
wherein the control of the display screen is based on the determination that the first information of the first information processing apparatus is undetected;
receive an input based on an instruction related to the information input image; and
extract the first information based on the received input,
wherein the display screen is controlled to set a timing of the input to one of a timing before an imaging operation of the captured image data, a timing during the imaging operation of the captured image data, or a timing after the imaging operation of the captured image data,
wherein a setting screen, displayed on the display screen, comprises a plurality of user selectable items to set the timing of the input, and
wherein the plurality of user selectable items comprise a user selectable item to set the timing of the input to the timing during the imaging operation of the captured image data.

US Pat. No. 10,397,467

IMAGING APPARATUS, IMAGE PROCESSING DEVICE, IMAGING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM

OLYMPUS CORPORATION, Tok...

1. An imaging apparatus comprising:an imaging unit configured to continuously capture images to sequentially generate image data;
a combining unit configured to combine a plurality of sets of the image data generated by the imaging unit to generate composite image data;
a display unit configured to display a composite image corresponding to the composite image data generated by the combining unit;
an operating unit configured to receive an operation for the image data to be left in the composite image selected from among a plurality of sets of the image data combined into the composite image displayed by the display unit;
a control unit configured to cause the combining unit to combine at least two sets of the image data selected in accordance with the operation of the operating unit to generate a new set of the composite image data; and
a display control unit configured to cause the display unit to display a last image overlaid on the composite image, whenever the imaging unit generates the image data, the last image corresponding to a last set of the image data generated by the imaging unit, the composite image being generated by the combining unit,
wherein the display control unit causes the display unit to display the composite image and the last image, in slow motion.

US Pat. No. 10,397,453

ELECTRONIC DEVICE INCLUDING CAMERA

Samsung Electronics Co., ...

1. An electronic device comprising:an upper cover unit including at least one first camera that faces a first direction;
a plurality of second camera pairs disposed to face a second direction, and second cameras included in each of the second camera pairs being arranged to face directions that intersect each other;
a housing including a plurality of first openings, to which the plurality of second camera pairs are coupled to be exposed to an outside;
a first support member disposed in an accommodation space inside the housing, and providing a seating space for a printed circuit unit electrically connected with a connector of the upper cover unit; and
a bracket coupled to a first opening in the housing to be at least partially exposed to the outside, and including at least one pair of second openings in each of which a pair of second cameras are seated; and
a first sealing member disposed between the housing and the bracket.

US Pat. No. 10,397,452

VEHICULAR CAMERA APPARATUS

DENSO CORPORATION, Kariy...

1. A vehicular camera apparatus to be fixed to a windshield of a vehicle from a passenger compartment side, the camera apparatus comprising:a camera module including a lens and an imaging element;
a camera case to be fixed to the windshield of the vehicle, the camera case having the camera module received therein; and
a hood provided below the lens,
wherein
the hood includes both a rib structure and a hole structure,
the rib structure comprises a plurality of ribs that each protrude upward from a bottom wall of the hood and are arrayed in an optical axis direction of the lens, each of the ribs having a front surface on an opposite side to the lens and a rear surface on the lens side, the front surface making an acute angle with an imaginary plane that contains an upper surface of the bottom wall of the hood, the rear surface making an obtuse angle with the imaginary plane, and
the hole structure comprises a plurality of holes that are formed in the bottom wall of the hood and extend through the bottom wall of the hood in a direction perpendicular to the imaginary plane, each of the holes being formed along a corresponding one of the ribs and including, at least, a projection of the front surface of the corresponding rib on the imaginary plane that contains the upper surface of the bottom wall.

US Pat. No. 10,397,448

INTRODUCING VISUAL NOISE IN A FLAT TINT AREA OF A PRINTED IMAGE

Hewlett-Packard Developme...

1. An apparatus, comprising:a color conversion module for converting page description language describing an image into rasterized image data; and
a visual noise module for recalculating pixel values in an area of flat tint detected in the rasterized image data to introduce visual noise in the area of flat tint.

US Pat. No. 10,397,441

INFORMATION EQUIPMENT MANAGEMENT SYSTEM FOR MANAGING USE APPROVAL/DISAPPROVAL INFORMATION, INFORMATION EQUIPMENT, PERSONAL IDENTIFICATION APPARATUS, AND RECORDING MEDIUM

Konica Minolta, Inc., Ch...

1. An information equipment management system, comprising:a personal identification apparatus which is portable and configured to acquire biometric information of a carrying person thereof to identify said carrying person;
an information equipment; and
an information equipment management server for managing use approval/disapproval information which is management information on approval or disapproval of use of said information equipment,
wherein said personal identification apparatus comprises:
an acquisition part for acquiring use approval/disapproval information of said information equipment relating to said carrying person, which is use approval/disapproval information managed by said information equipment management server, from said information equipment management server; and
a storage part for storing therein said use approval/disapproval information acquired from said information equipment management server, and wherein said information equipment controls an operation of said information equipment by using said use approval/disapproval information previously stored in said storage part of said personal identification apparatus.

US Pat. No. 10,397,421

IMAGE FORMING DEVICE, IMAGE FORMING SYSTEM, AND COMPUTER-READABLE NON-TRANSITORY STORAGE MEDIUM STORING CONTROL PROGRAM EXECUTED BY COMPUTER FOR CONTROLLING ADDITIONAL PRINTING

Konica Minolta, Inc., Ch...

1. An image forming device that performs printing, comprising:a storage that stores information about a plurality of alignment images printed on a transfer medium;
an image forming unit that prints a first additional image and a second additional image on the transfer medium, the first additional image being different from the second additional image;
a reader unit that reads the alignment image printed on the transfer medium on an upstream side of the image forming unit along the transfer direction of the transfer medium; and
a control unit that distinguishes multiple alignment images upon reception of reading results from the reader unit, wherein
the control unit performs control of storing adjustment information for adjusting the positions of the first and second additional images to be formed, according to multiple alignment images, in the storage, and
the control unit performs control of associating, with each alignment image, a respective job for printing to cause the image forming unit to print the first additional image a plurality of times and then to print the second additional image a plurality of times.

US Pat. No. 10,397,389

METHOD, APPARATUS AND SYSTEM FOR EXCHANGING A DATA COMMUNICATION VIA AN AUDIO CONNECTOR

INTEL CORPORATION, Santa...

1. An apparatus comprising:an audio connector to couple the apparatus to a microphone input of a mobile device;
a plurality of sensors, wherein at least one of the sensors is an audio sensor configured to generate audio information and the other sensor configured to generate sensor information related to a detected state of a user or an environment of the user;
signal processor logic comprising circuitry configured to receive the sensor information and to generate encoded signals to represent the sensor information as non-audio information in a first frequency range and to generate non-encoded signals to represent the audio information, wherein the first frequency range is outside of a telephony frequency range for telephone voice communication of the mobile device; and
transmitter circuitry to transmit the encoded signals representing the sensor information and non-encoded signals representing the audio information to the mobile device via the audio connector and microphone input of the mobile device, and
wherein the encoded signals representing the sensor information do not interfere with telephone voice communication of the mobile device.

US Pat. No. 10,397,364

SKILLS ENDORSEMENTS

Microsoft Technology Lice...

1. A method comprising:using one or more computer processors:
receiving an indication that a first user with a first member profile has visited a member profile page of a second user with a second member profile;
selecting at least one particular skill corresponding to the first member profile and the second member profile that is one of a predetermined number of highest ranked skills for both the first and second member, the highest ranked skills based upon the first and second member profiles;
presenting a graphical user interface to the first member, the graphical user interface configured for the first member to include an indication requesting, from the first member, an endorsement of the second member for the particular skill, the graphical user interface including a first selectable control to endorse the second member for the particular skill and at least a second selectable control to rate a quantified proficiency of the second member in the skill, the endorsement indicating that the first member thinks that the second member possesses the particular skill with a proficiency indicated by the rated quantified proficiency; and
updating the second member profile based upon a selection by the first member of the second selectable control.

US Pat. No. 10,397,350

TRACKING WEARABLES OR OTHER DEVICES FOR EMOJI STORIES

Disney Enterprises, Inc.,...

1. A method, comprising:determining, based on interaction data stored in a first profile, that a first toy device communicated with a second toy device, wherein the first and second toy devices are within a predefined distance during the communication;
determining at least one emotion reflected in an emotion data of the first profile;
determining at least one activity reflected in an activity data of the first profile; and
generating, based on the interaction data, the emotion data, and the activity data, a story depicting a plurality of emoji, wherein the plurality of emoji comprise a first emoji reflecting the first toy device communicating with the second toy device, a second emoji reflecting the at least one emotion, and a third emoji reflecting the at least one activity.

US Pat. No. 10,397,346

PREFETCHING PLACES

Facebook, Inc., Menlo Pa...

1. A method comprising:by a client computing device, automatically determining, in response to a determination that a user is generating social-network content for display on the social network and contemporaneous with the user's generation of the social-network content, a current location of the user, the social network comprising a plurality of nodes and a plurality of edges connecting the nodes, at least one node corresponding to the user;
by the client computing device, sending, automatically and without requiring further user input and before the social-network content is posted to the social network, the current location to an external server computing device;
by the client computing device, receiving from the server an identification of one or more places corresponding to the current location; and
by the client computing device, presenting at least one of the places to the user in association with the user-generated content.

US Pat. No. 10,397,337

INDEPENDENT INTERNET CONNECTION GENERATION

International Business Ma...

1. An automated Internet connection method comprising:receiving, by a processor of a server from a first communication hardware device of a first user, a first telephone number and a first Internet protocol (IP) address associated with said first communication hardware device, wherein said first communication hardware device is communicatively connected to a second communication hardware device of a second user;
receiving, by said processor from said second communication hardware device, a second telephone number and a second Internet protocol (IP) address associated with said second communication hardware device, wherein said first communication hardware device is communicatively connected to said second communication hardware device via a telecommunications link;
receiving, by said processor from said first user via said first communication hardware device, a request for connecting said first communication hardware device to said second communication hardware device via an Internet connection, wherein said request comprises said first telephone number and said second telephone number;
determining, by said processor, that said second telephone number is registered with said server;
determining, by said processor, that said second communication hardware device is currently communicatively connected to said first communication hardware device;
transmitting, by said processor to said second communication hardware device, said request, wherein said second user approves said request via said second communication device;
automatically transmitting to said first communication device, by said processor based on said second user approving said request, said second IP address;
generating, by said processor via said first IP address and said second IP address, a secure private ad-hoc Internet link between said first communication hardware device and said second communication hardware device;
disconnecting, by said processor, said second communication hardware device from said first communication hardware device via said secure private ad-hoc Internet link such that said first communication hardware device is unable to reconnect to said second communication hardware device via said secure private ad-hoc Internet link;
receiving, by said processor from said first communication hardware device and said second communication hardware device, a removal request for removing said first telephone number, said first IP address, said second telephone number, and said second IP address from said server; and
automatically deleting, by said processor in response to said receiving said removal request, said first telephone number, said first IP address, said second telephone number, and said second IP address from said server.

US Pat. No. 10,397,327

SYSTEMS AND METHODS FOR DATA DISTRIBUTION USING A PUBLICATION SUBSCRIBER MODEL WITH A FEDERATION OF TRUSTED DATA DISTRIBUTION NETWORKS

1. A method for publishing data from a first data distribution system having a first data feed management subsystem, a first identity management subsystem, a first data movement infrastructure and a data provider A, to a data subscriber B in a second data distribution system having a second data feed management subsystem, a second identity management subsystem and a second data movement infrastructure, the method comprising:creating, using the data provider A in the first data distribution network, a first data feed F in the first data feed management subsystem;
creating, using data provider A, a second data feed F?, related to the first data feed F, in the second data feed management subsystem;
associating a first data access policy with the second data feed F? wherein the access data policy specifies whether a given authenticated ID is allowed to modify the second data feed F?, publish to the second data feed F? or subscribe to the second data feed F?;
accessing, using data provider A, the first data feed management subsystem to create a data subscriber A? to the first data feed F;
forwarding information about subscriber A? from the first data feed management subsystem to the first data movement infrastructure;
creating, using the second data feed management subsystem, a publisher P for the second data feed F? in the second data distribution network wherein the publisher P is accessible to a plurality of subscribers in the second data distribution network;
forwarding information about the publisher P from the second data feed management subsystem to the second data movement infrastructure; and
using the second data feed management subsystem to subscribe the data subscriber B to the second data feed F?, whereby connectivity between the first data distribution network and the second data distribution network is provided between the first data movement infrastructure and the second data movement infrastructure.

US Pat. No. 10,397,324

METHODS AND SYSTEMS FOR MANAGING A RESOURCE IN A NETWORKED STORAGE ENVIRONMENT

NETAPP, INC., Sunnyvale,...

1. A method comprising:determining, by a processor, a first relationship between latency and utilization of a resource from among a plurality of resources in a networked storage system processing requests for storing and retrieving data from storage devices of the networked storage system, the first relationship determined by an observation based technique that uses current and historical latency and utilization data of the resource to determine the first relationship;
determining, by the processor, a second relationship between latency and utilization of the resource, the second relationship determined by a model based technique using inter-arrival-times and service times for the resource for processing requests, where inter-arrival times indicate arrival times of the requests at the resource and service times indicate durations for servicing the requests;
selecting, by the processor, between the first and the second relationship based on a confidence factor indicating a confidence level for the first and the second relationship;
receiving, by an application programming interface (API), an expected latency for a service level objective (SLO) for processing input/output (I/O) requests, the SLO indicating a service level for a client device to store and retrieve data from the networked storage system;
generating, by the API, a service level headroom for the resource, based on the expected latency, an effective optimal point and a current operational point of the selected either the first or the second relationship, the service level headroom providing available performance capacity of the resource for meeting the SLO, wherein the effective optimal point provides a predicted utilization for the expected latency and the current operational point indicates a current utilization of the resource; and
provisioning, by the processor, a storage volume to a different resource for processing requests to store and retrieve data in the networked storage system, when the service level headroom has reached a threshold value indicating that the SLO will not be met for the client device.

US Pat. No. 10,397,312

AUTOMATED SERVER DEPLOYMENT PLATFORM

Visa International Servic...

1. A server apparatus comprising:one or more processors; and
a memory including instructions that, when executed by the one or more processors, cause the server apparatus to:
receive an indication of set of servers;
identify, for each of the servers in the set of servers, a set of applications running on the server;
select a sample of servers from the set of servers;
identify, for each of the servers in the sample of servers, a number of applications executing on the server;
assign, to each of the number of applications executing on the server, a commonality that corresponds to a number of servers from the sample of servers on which that application is being executed;
determine, based on the commonality of each application of the number of applications with respect to the sample of servers, a status for the application;
determine, for each server in the set of servers, a deactivation score based on the status for each of the applications in the set of applications for that server; and
generate, based on the deactivation score for each server in the set of servers, a list of servers.

US Pat. No. 10,397,311

DATA COLLECTION AND ESTIMATION USING AN INTERNET OF THINGS

CA, Inc., New York, NY (...

1. A method performed by a computing device operating in an electronic communication network, the computing device including a processor and a communication interface, the method comprising:receiving, at the communication interface, a thing-sourcing project request from a requestor device over the electronic communication network, the thing-sourcing project request including requirements for a thing-sourcing task that requires data input by a thing-sourcing device operating in the electronic communication network;
determining whether real-time data is needed in order to complete the thing-sourcing task;
in response to determining that real-time data is not needed in order to complete the thing-sourcing task, determining whether a similar thing-sourcing task has been previously completed;
in response to determining that the similar thing-sourcing task has not been previously completed, determining whether the thing-sourcing task can be completed using pre-existing data;
in response to determining that the thing-sourcing task can be completed using pre-existing data, searching a data archive for relevant pre-existing data that can be used to complete the thing-sourcing task;
completing the thing-sourcing task using the relevant pre-existing data; and
transmitting a response to the thing-sourcing project request to the requestor device over the electronic communication network.

US Pat. No. 10,397,310

METHOD, CONFIGURATION, USE OF THE METHOD AND COMPUTER PROGRAM PRODUCT FOR EVALUATING ENERGY ENGINEERING DATA

Siemens Aktiengesellschaf...

1. A method for evaluating power engineering data, which comprises the steps of:providing a cloud-based data processing configuration for producing a data request having a coupling data format, producing the data request having the coupling data format by means of evaluation devices that can be added, removed or altered in a course of operation of the cloud-based data processing configuration;
transmitting the data request to a coupling device via a first communication link;
converting, via the coupling device, the data request in the coupling data format into at least one further data request in a device-specific data format that is specific to an energy engineering device, the energy engineering device being selected from the group consisting field devices, station controllers, grid controllers, electricity meter data management controllers, electricity meters, and energy management controllers;
transmitting the at least one further data request to the energy engineering device via a second communication link;
transmitting, via the energy engineering device, power engineering data of the energy engineering device, requested by the further data request, to the coupling device via the second communication link, wherein the energy engineering data are in a data format that is specific to the energy engineering device; and
converting, via the coupling device, all the power engineering data requested by means of further data requests into a data response having the coupling data format and transmitting the data response to the cloud-based data processing configuration via the first communication link.

US Pat. No. 10,397,309

SYSTEMS AND METHODS OF IMPLEMENTING TRACKING OF RESOURCE USAGE FOR A CLOUD-BASED SYSTEM

SALESFORCE.COM, INC., Sa...

1. A method comprising:setting filters to control a scope of tracking at least one of service entry data and service exit data, across multiple services running on multiple hardware instances, wherein the setting the filters comprises configuring transaction invocations to invoke cascading service invocations of the multiple services;
running an interpreter, configured to be run as an instance on the multiple hardware instances, to specify a profiled service, profiled method, or profiled class, corresponding to the service entry data or the service exit data for tracking as set in the filters, to receive a transaction ID among the multiple services, and to spawn an autonomous log unit upon entry or exit of any of the multiple services that correspond to the profiled service, profiled method, or profiled class, at an event boundary corresponding to the entrance or the exit;
applying the filters so that the autonomous log unit records at least one of the entry and exit of the multiple services corresponding to the profiled service, profiled method, or profiled class,
wherein, as a result of a given transaction invocation of the transaction invocations, the data captured by the autonomous log unit comprises:
a transaction ID configured to span services and classes invoked following the given transaction invocation,
a URI for the given transaction invocation,
an identifier for the service or class entered or exited,
a time stamp of a given service entry of the service entries or a given service exit of the service exits; and
a CPU time corresponding to the given transaction invocation;
analyzing performance of at least some of the transaction invocations by organizing the data captured by the autonomous log unit across the multiple services, organizing the autonomous log unit into nested service invocations by corresponding transaction IDs of the transaction invocations, and generating a single profile view of performance metrics of the cascading service invocations;
persisting results of the analyzing;
implementing service protection process that comprises determining, based on the single profile view, that the CPU time corresponding to the given transaction invocation exceeds a maximum CPU time corresponding to the given transaction; and
upon the determining that the CPU time corresponding to the given transaction invocation exceeds a maximum CPU time corresponding to the given transaction invocation, enforcing the governor limit for the given transaction invocation via the interpreter, wherein the maximum CPU time is determined based at least in part on whether the given transaction invocation corresponds to a synchronous process or to an asynchronous process.

US Pat. No. 10,397,308

FILE TRANSFER BY MOBILE USER COLLABORATION

Telefonaktiebolaget LM Er...

1. A method of operation of a first wireless device for uploading a data file as a plurality of pieces to a destination network node in a wireless communications network comprising:dividing the data file into the plurality of pieces;
sending one or more pieces of the plurality of pieces to one or more second wireless devices to be uploaded to the destination network node; and
uploading the one or more pieces of the plurality of pieces via a Coordinated Multi-Point, CoMP, set of cooperating nodes in the wireless communication network.

US Pat. No. 10,397,307

NETWORK-AWARE STRUCTURED CONTENT DOWNLOADS

INTERNATIONAL BUSINESS MA...

1. A method, comprising:receiving, at a content server via a first network connection from a client device, a request for a root document that is structured using markup language, and that comprises a plurality of individual portions of content with at least one portion of the content syntactically configured within markup language syntax of the markup language of the root document with one or more syntactically assigned download constraints that specify network characteristics under which the respective at least one portion of the content is individually downloadable;
determining, as part of providing improved real-time server-based content security and content control of download of the individual portions of the content within the root document, to defer from download the at least one portion of the content within the root document for download via a different network connection other than the first network connection based upon a network characteristic of the first network connection not satisfying a configured download constraint syntactically assigned within the markup language syntax of the root document to the at least one portion of the content, where the determining comprises:
comparing the configured download constraint syntactically assigned within the markup language syntax of the root document to the at least one portion of the content to the network characteristic of the first network connection; and
determining that the configured download constraint identifies a network download characteristic greater than the network characteristic of the first network connection; andwhere the method further comprises:sending a modified version of the root document with each deferred portion of the content omitted from the root document and replaced with a content stub within the markup language syntax of the modified version of the root document, where each content stub within the markup language syntax of the modified version of the root document comprises (i) a deferred content portion identifier that syntactically identifies the respective deferred portion of the content and (ii) markup language syntax that specifies the configured download constraint that allows the download of the respective deferred portion of the content.

US Pat. No. 10,397,306

SYSTEM AND METHOD FOR TRANSLATING VERSIONED DATA SERVICE REQUESTS AND RESPONSES

AMERICAN EXPRESS TRAVEL R...

1. A method, comprising:receiving, by a processor of a computer based system in electronic communication with a service module, a service request,
wherein the service request comprises a service version request format and a service version response format,
wherein the service version request format comprises a first request group ID set comprising a first plurality of request group IDs, each first request group ID including a first data request field, and
wherein the service version response format comprises a first response group ID set comprising a first plurality of response group IDs, each first response group ID including a first data response field;
retrieving, by the processor and via a service version database, a baseline request format and a baseline response format,
wherein the baseline request format comprises a second request group ID set comprising a second plurality of request group IDs, each second request group ID including a second data request field, and
wherein the baseline response format comprises a second response group ID set comprising a second plurality of response group IDs, each second response group ID including a second data response field;
comparing, by the processor and via a validation engine, the first request group ID set of the service version request format to the second request group ID set of the baseline request format to determine whether either comprises a request group ID that the other does not comprise;
reformatting, by the processor and via a versioning architecture module, the service request directly into the baseline request format, in response to the service version request format being different than the baseline request format,
wherein the service request is reformatted by at least one of adding the request group ID from the baseline request format that is not comprised in the service version request format into the service request or removing the request group ID from the service version request format that is not comprised in the baseline request format from the service request;
retrieving, by the processor and via the service module, a data response entry from a records database by executing the service request reformatted into the baseline request format, wherein the data response entry is retrieved based on each of the second data request fields of the second request group ID set; and
generating, by the processor and via the service module, a service request response,
wherein the service request response comprises the data response entry and is formatted into the baseline response format.

US Pat. No. 10,397,294

BANDWIDTH ADAPTATION FOR DYNAMIC ADAPTIVE TRANSFERRING OF MULTIMEDIA

Dolby Laboratories Licens...

1. A method for controlling adjustment of quality level of media content adapted to be transferred over a network link, comprising:receiving, at a client device, an indication of availability that lists available content from one or more content sources, the indication of availability comprising at least: a description of two or more first quality level segments of a particular media content item and a description of two or more second quality level segments of the particular media content item, wherein at least one or more first quality level segments of the two or more first quality level segments represent a same content portion of the particular media content item as at least one or more second quality level segments of the two or more second quality level segments, wherein the two or more first quality level segments of the particular media content item require a first data rate, wherein the two or more second quality level segments of the particular media content item require a second data rate;
requesting, by the client device, from a content source of the one or more content sources selected from the indication of availability a first segment of the two or more first quality segments of the particular media content item;
receiving, at the client device, the first segment of the two or more first quality segments of the particular media content item over a network connection;
periodically measuring, by the client device, available bandwidth over the network connection;
based on the measurement of the available bandwidth, the client device requesting a next segment from a next content source to dynamically adapt to the measurement of available bandwidth by performing one of:
i) based on a determination by the client device that the available bandwidth is sufficient to accommodate the second data rate and the second data rate is greater than the first data rate, requesting, by the client device, from the next content source of the one or more content sources selected from the indication of availability, the next segment from the two or more second quality level segments;
ii) based on a determination by the client device that the available bandwidth is less than the first data rate and the second data rate is less than the first data rate, requesting, by the client device, from the next content source of the one or more content sources selected from the indication of availability, the next segment from the two or more second quality level segments; or
iii) else, requesting, by the client device, from the next content source of the one or more content sources selected from the indication of availability, the next segment from the two or more first quality level segments.

US Pat. No. 10,397,289

HTTP LIVE STREAMING (HLS) VIDEO CLIENT SYNCHRONIZATION

ARRIS Enterprises LLC, S...

1. A method for delivering streaming media content from a streaming media server to at least two client devices through a common gateway so that the streaming media content is presented simultaneously by the client devices, comprising:(i) determining that a request received by the common gateway from a first client device is a request to receive from a streaming media server the streaming media content that is to be synchronized with a presentation of the streaming media content by a second client device that receives the streaming media content through the common gateway, the first and second client devices being of a common type that process streaming media in a common manner, wherein the streaming media content is live content streamed in accordance with HTTP Live Streaming (HLS);
(ii) sending the request from the gateway to the streaming media server;
(iii) responsive to the request from the gateway, receiving at the gateway an initial manifest associated with the streaming media content, the initial manifest including a sequence of media segment URLs indicating an ordering of the media segments that create a representation of a portion of the streaming media content;
(iv) sending one or more additional requests from the gateway to the streaming media server to receive an updated version of the initial manifest, the one or more additional requests being sent at time intervals that are less than a duration of the media segments in the initial manifest;
(v) forwarding the updated version of the initial manifest and not the initial manifest itself to the first client device immediately upon receiving the updated version of the initial manifest at the gateway, wherein delivery of the updated version of the initial manifest is delayed with a given delay to enable forwarding of the updated version of the initial manifest immediately;
(vi) receiving a request from the first client device to receive a selected media segment specified in the updated version of the initial manifest;
(vii) forwarding the request for the selected media segment to the server and receiving the selected media segment in response;
(viii) forwarding the selected media content to the first client device at a transmission rate greater than a rate at which the media segment plays out in real-time and less than a transmission rate available over a slower of a first or second transmission link, the first transmission link being between the gateway and the first client device and the second transmission link being between the gateway and the second client device, the transmission rate selected to create the given delay to enable synchronization of the media content to the first client device and the second client device; and
(ix) repeating steps (i)-(viii) for the second client device.

US Pat. No. 10,397,287

AUDIO DATA TRANSMISSION USING FREQUENCY HOPPING

Microsoft Technology Lice...

1. A method comprising:obtaining data representing an ordered sequence of multiple characters;
determining a code for each character in the ordered sequence of multiple characters, wherein each character in the ordered sequence of multiple characters corresponds to a different code identifying the character and sequence position of the character in the ordered sequence of multiple characters;
identifying a set of audio frequencies for the ordered sequence of multiple characters, wherein each determined code corresponds to a different audio frequency and wherein each audio frequency uniquely indicates a combination of a respective character and a respective sequence position of the respective character; and
transmitting the set of audio frequencies to a receiver, wherein each respective audio frequency of the set of audio frequencies is used by the receiver to reconstruct the ordered sequence of multiple characters independent of a sequence of the transmitting of the set of audio frequencies.

US Pat. No. 10,397,286

ESTIMATING NETWORK DATA STREAMING RATE

1. A method, comprising:intercepting a data packet from a data streaming session conducted between a first device and a second device connected over a network;
calculating a size of a file segment from information contained in the data packet, wherein the file segment corresponds to a portion of an item of multimedia content being delivered via the data streaming session, wherein the size of the file segment is calculated as a total number of bytes delivered via the data streaming session divided by a total number of file segments delivered via the data streaming session; and
calculating an encoding rate of the data streaming session, based at least in part on the size of the file segment.

US Pat. No. 10,397,285

EARLY-MEDIA SERVICE CONTROL DEVICE, EARLY-MEDIA SERVICE CONTROL METHOD, AND STORAGE MEDIUM HAVING PROGRAM STORED THEREON

NEC CORPORATION, Tokyo (...

1. An early-media service control device comprising:a communication unit;
a resource reservation status determination unit that determines whether or not a value of a parameter indicating resource reservation status of a session-start-request-transmitting terminal device is a value indicating reserved, the parameter being included in a session start request transmitted by the session-start-request-transmitting terminal device and received by the communication unit, the session-start-request-transmitting terminal device being based on an early media scheme of starting early-media service execution with receipt of a calling-in-progress notification as one requirement;
a parameter value rewriting unit that, when the resource reservation status determination unit determines that the value of the parameter is a value indicating reserved, rewrites the value of the parameter to a value indicating resource unreserved;
a session start request transmission control unit that, when the resource reservation status determination unit determines that the value of the parameter is a value indicating reserved, controls the communication unit in such a way that the communication unit transmits, to a session-start-request-receiving network, a session start request in which a value of a parameter is rewritten by the parameter value rewriting unit, and when the resource reservation status determination unit determines that the value of the parameter is not a value indicating reserved, controls the communication unit in such a way that the communication unit transmits, to a session-start-request-receiving network, a session start request received from the session-start-request-transmitting terminal device; and
a calling-in-progress notification transmission control unit that, when the communication unit receives a response indicating resource reserved in a session-start-request-receiving terminal device, controls the communication unit in such a way that the communication unit transmits the calling-in-progress notification to the session-start-request-transmitting terminal device, the response being transmitted in response to the session start request transmitted to the session-start-request-receiving network by the communication unit.

US Pat. No. 10,397,283

USING SYMMETRIC AND ASYMMETRIC FLOW RESPONSE PATHS FROM AN AUTONOMOUS SYSTEM

Oracle International Corp...

1. One or more non-transitory machine readable media storing instructions, which when executed by one or more processors, cause:receiving, by a first gateway in an Autonomous System (AS), a first packet originating at a virtual machine that is internal to the AS and allocated to a particular tenant of a plurality of tenants of the AS,
wherein the first packet is to be transmitted out of the AS to an Internet address external to the AS,
wherein the Internet address external to the AS is accessible via a plurality of egress gateways in the AS, each of the plurality of egress gateways being configured for transmitting packets out of the AS to the Internet;
determining a plurality of dropped packet rates associated, respectively, with the plurality of egress gateways;
determining, based on a comparison of the plurality of dropped packet rates, that a first egress gateway of the plurality of egress gateways is associated with a lowest dropped packet rate of the plurality of dropped packet rates;
determining that a first packet priority associated with the first packet satisfies a threshold criterion;
based at least on (a) the first egress gateway being associated with the lowest dropped packet rate and (b) the first packet priority satisfying the threshold criterion: selecting, by the first gateway, the first egress gateway for transmission of the first packet out of the AS to the Internet;
encapsulating, by the first gateway, the first packet within a second packet addressed to the first egress gateway;
transmitting, by the first gateway, the second packet toward the first egress gateway;
prior to the first gateway receiving the first packet:
receiving, by the first gateway from the first egress gateway, a third packet encapsulating an inner fourth packet, wherein a header of the third packet identifies a destination in an overlay network for forwarding the fourth packet;
modifying a destination of the fourth packet to the destination in the overlay network identified in the header of the third packet, to obtain a fifth packet; and
transmitting the fifth packet by the first gateway to the destination in the overlay network.

US Pat. No. 10,397,282

PROVIDING SESSION INITIATION PROTOCOL REQUEST CONTENTS METHOD AND SYSTEM

BlackBerry Limited, Wate...

1. An Application Server (AS) for obtaining information regarding a first entity, the AS comprising:a processor configured to receive a session initiation protocol (SIP) message from a second entity, the SIP message including a first message that was received by the second entity from the first entity or a second message that was sent from the second entity towards the first entity,
wherein the processor is further configured to obtain the information that was included by the first entity from the first message or that was sent towards the first entity in the second message,
wherein at least one of the first message or the second message comprises a first request uniform resource identifier (Request URI), the first Request URI comprising a SIP registrar address, and wherein the SIP message comprises a second Request URI, the second Request URI comprising an address of the AS.

US Pat. No. 10,397,281

METHOD, SYSTEM AND SERVER FOR SELF-HEALING OF ELECTRONIC APPARATUS

Wistron Corporation, New...

1. A self-healing method of an electronic apparatus, adapted to execute self-healing when at least one component in an electronic apparatus is updated, and comprising:obtaining a clone of components installed in the electronic apparatus;
for each of the components in the clone:
in response to the component in the clone having an update, executing the update to the component in the clone; and
updating the component corresponding to the update in the electronic apparatus by using the clone in response to a sanity of the update being confirmed;
executing a self-diagnosis on the updated electronic apparatus to produce a diagnosis result;
obtaining at least one policy based on the diagnosis result for healing the electronic apparatus; and
transforming the at least one policy into at least one rule adapted for the electronic apparatus, and performing the self-healing according to the rules.

US Pat. No. 10,397,280

TECHNOLOGIES FOR SCALABLE SECURITY ARCHITECTURE OF VIRTUALIZED NETWORKS

Intel Corporation, Santa...

1. A computing node of a network functions virtualization (NFV) security architecture for managing security monitoring services of the NFV security architecture, the computing node comprising:one or more processors; and
one or more memory devices having stored therein a plurality of instructions that, when executed by the one or more processors, cause the computing node to:
instantiate an NFV security services agent on a virtual network function (VNF) instance of the computing node, wherein the NFV security services agent has access to monitor and collect telemetry data associated with a service being performed by the VNF instance, and wherein the service being performed does not have access to the telemetry data collected by the instantiated NFV security services agent;
receive, by the NFV security services agent, via an NFV security services controller of the NFV security architecture, credentials usable to (i) securely package data and (ii) establish secure communication channels;
receive, by the NFV security services agent via the NFV security services controller, a security monitoring policy from an NFV services provider of a virtualization interface manager communicatively coupled to the NFV security services agent and the NFV security services controller, the security monitoring policy including monitoring rules usable to identify which telemetry data of the NFV security architecture is to be monitored;
monitor, by the NFV security services agent, in a secure environment of the computing node, telemetry data of the VNF instance based on the received security monitoring policy;
securely package, in the secure environment by the NFV security services agent and using the received credentials, at least a portion of the monitored telemetry data based on the received security monitoring policy;
establish, by the NFV security services agent and using the received credentials, a secure communication channel between the NFV security services agent and an NFV security monitoring analytics system of the NFV security architecture;
securely transmit, by the NFV security services agent and via the secure communication channel, the packaged telemetry data to the NFV security monitoring analytics system for analysis based on the received security monitoring policy;
apply a timestamp to the packaged telemetry data; and
transmit the timestamp with the packaged telemetry data.

US Pat. No. 10,397,279

DIRECTING AUDITED DATA TRAFFIC TO SPECIFIC REPOSITORIES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for auditing data traffic, the computer-implemented process comprising:monitoring data traffic on a network and collecting data access elements thereof;
comparing the collected data access elements to security rules;
sending a first audit data collection to a first repository based on a first security rule of the security rules,
wherein the first security rule:
defines a first condition based on a first data access element of the collected data access elements,
defines the first audit data collection,
designates the first audit data collection as a default audit data collection for a first user, and
designates the first repository as a default repository for the first user,
wherein the first audit data collection includes a second data access element of the collected data access elements and
wherein the sending occurs in response to one or more of the collected data access elements of a data access by the first user matching the first condition in the first security rule and the sending directs the first audit data collection to the first repository responsive to the designation of the first repository in the first security rule; and
sending, for the data access by the first user, a second audit data collection to a second repository based on a second security rule of the security rules,
wherein the second security rule:
defines a second condition based on a third data access element of the collected data access elements,
defines the second audit data collection and
designates the second repository as a repository for the second audit data collection,
wherein the second audit data collection includes a fourth data access element of the collected data access elements and
wherein the sending the second audit data collection to the second repository occurs in response to one or more of the collected data access elements of the data access by the first user matching the second condition in the second security rule and the sending the second audit data collection directs the second audit data collection to the second repository responsive to the designation of the second repository in the second security rule,
wherein the third data access element is different than the fourth data access element, and
wherein the third data access element is a database table name and the fourth data access element is an IP address from which the database table is accessed.

US Pat. No. 10,397,277

DYNAMIC DATA SOCKET DESCRIPTOR MIRRORING MECHANISM AND USE FOR SECURITY ANALYTICS

AVOCADO SYSTEMS INC., Sa...

1. A computer-implemented method, comprising:receiving, at a first host on which an application instance is operating, an application or data security policy for a first data socket descriptor indicating to perform one or more actions, the one or more actions including mirroring one or more payloads received or transmitted by the first data socket descriptor of the application instance; and
in response to the indication by the application and data security policy to perform the one or more actions, performing, by the application on the first host, the mirroring and at least one additional action selected from the group consisting of:
allow;
allow-and-analyze;
allow_analyze;
drop;
drop-and-analyze;
drop_analyze;
rate limit; and
combinations thereof;
wherein performing the additional action allow comprises allowing the application instance to receive a payload of a packet received via the first data socket descriptor;
wherein performing the additional action allow-and-analyze comprises:
allowing the application instance to receive the payload of the packet received via the first data socket descriptor; and
retaining statistics relating to the packet;
wherein performing the additional action allow analyze comprises:
allowing the application instance to receive the payload of the packet; and
mirroring the packet to an external security analytics application;
wherein performing the additional action drop comprises:
dropping the packet;
retaining statistics relating to the packet; and
logging the drop of the packet;
wherein performing the additional action drop-and-analyze comprises:
dropping the packet;
retaining statistics relating to the packet; and
mirroring the packet to the external security analytics application;
wherein performing the additional action drop analyze comprises:
dropping the payload of the packet; and
mirroring the packet to the external security analytics application; and
wherein performing the additional action rate limit comprises: limiting an amount of data transmitted via the first data socket descriptor based on the received application or data security policy.

US Pat. No. 10,397,276

SECURE ELEMENT MANAGEMENT METHOD AND TERMINAL

HUAWEI DEVICE CO., LTD., ...

1. A terminal, comprising:a processing circuit; and
at least two secure element interfaces, wherein
the processing circuit is connected to the at least two secure element interfaces, and
the processing circuit is configured to:
acquire identification information of a first secure element when the first secure element is connected to the secure element interfaces;
acquire preset identification information, wherein the preset identification information is used to identify an exclusive secure element that, when being connected to the terminal, is configured to operate while excluding any other secure element connected to the terminal from being accessed by an external device;
determine whether the identification information of the first secure element matches the preset identification information; and
in response to a determination that the identification information of the first secure element matches the preset identification information, set the first secure element to a normal working state, and set one or more other secure elements connected to the terminal to a non-normal working state,
wherein, when setting the first secure element to the normal working state, the processing circuit is configured to:
send an instruction to a near field communication (NFC) controller;
set the first secure element to an enabled state;
create a logical channel between the processing circuit and the NFC controller, wherein the logical channel is used for communication between the processing circuit and the first secure element; and
configure routing information of an application installed on the first secure element into a routing table of the NFC controller,
wherein the processing circuit is further configured to set the first secure element and the one or more other secure elements to the normal working state when the identification information of the first secure element does not match the preset identification information and identification information of the one or more other secure elements does not match the preset identification information.

US Pat. No. 10,397,275

CREATING AND USING REMOTE DEVICE MANAGEMENT ATTRIBUTE RULE DATA STORE

NICIRA, INC., Palo Alto,...

1. A method of processing rules at a network element, the method comprising:receiving a larger, first set of rules with each rule in the first set comprising a rule identifier
including a set of remote device management (RDM) attributes;
for a plurality of RDM attributes belonging to a plurality of rule identifiers of the first set of rules, generating an index structure that identifies the rules that are associated with the plurality of the RDM attributes;
in response to receiving from a remote device a data message associated with an RDM attribute set, using at the network element the index structure to identify, from the larger first set of rules, a smaller second set of rules that potentially match the data message by identifying and selecting for the second set of rules each rule in the first set that matches at least one RDM attribute of the RDM attribute set associated with the received data message;
comparing the RDM attribute set associated with the received data message with the RDM attribute set of at least one rule in the identified second rule set to determine that the rule matches the message and hence should be used to process the message; and
using the matching rule to perform a middlebox service operation on the message.

US Pat. No. 10,397,274

PACKET INSPECTION AND FORENSICS IN AN ENCRYPTED NETWORK

salesforce.com, inc., Sa...

1. A method comprising:providing, by a first computing device to a first node of a network, a request to access network traffic of the network;
in response to receiving access to the network traffic from the first node, writing, by the first computing device, first data from the network traffic to at least a first data store of a plurality of data stores in communication with the first computing device, the first data comprising first encrypted data and a first plurality of key exchange events;
receiving, by the first computing device, a request from a second computing device that is distinct from the first computing device to access encrypted data transmitted over the network;
in response to the receipt of the request from the second computing device, authenticating, by the first computing device, the second computing device;
identifying, by the first computing device based on a time range included in the request from the second computing device, a first portion of the first encrypted data and a first key exchange event of the first plurality of key exchange events;
calculating, by the first computing device, a first encryption key based on data included in the first key exchange event; and
providing, by the first computing device to the second computing device, the first encryption key and access to the first portion of the first encrypted data written on at least the first data store.

US Pat. No. 10,397,272

SYSTEMS AND METHODS OF DETECTING EMAIL-BASED ATTACKS THROUGH MACHINE LEARNING

CAPITAL ONE SERVICES, LLC...

1. A system comprising:at least one processor; and
at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to:
receive an email addressed to a user;
separate the email into a plurality of email components, the email components comprising a first link;
analyze, using machine-learning techniques, each of the plurality of email components, by:
virtually navigating to an end-point of the first link;
tracking re-routing by the first link between a starting point and the end-point;
receiving an automatic download triggered by the virtual navigation;
isolating the automatic download;
analyzing the automatic download; and
analyzing a content of the end-point; and
provide the analysis of each of the plurality of email components into a stacked ensemble analyzer; and
based on an output of the stacked ensemble analyzer, determine that the email is potentially malicious.

US Pat. No. 10,397,268

METHOD AND APPARATUS FOR PROVIDING NOTIFICATION OF DETECTED ERROR CONDITIONS IN A NETWORK

1. A first endpoint for managing a communication session, the first endpoint comprising:a processor; and
a non-transitory computer-readable medium storing instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising:
detecting an error condition associated with the communication session, wherein the first endpoint and a second endpoint are participating in the communication session, wherein the error condition comprises an attack on the communication session, wherein the attack comprises an invalid re-anchor request;
sending a notification of the error condition to the second endpoint using a first transport layer session management message of a transport layer session, wherein the communication session includes the transport layer session, wherein a header of the first transport layer session management message includes a record type, wherein the record type indicates that a payload of the first transport layer session management message contains session management information; and
receiving a communication from the second endpoint via a second transport layer session management message of the transport layer session, the communication proposing a response to the error condition.

US Pat. No. 10,397,266

VERIFYING THAT THE INFLUENCE OF A USER DATA POINT HAS BEEN REMOVED FROM A MACHINE LEARNING CLASSIFIER

SYMANTEC CORPORATION, Mo...

1. A computer-implemented method for verifying that influence of a user data point has been removed from a machine learning classifier, at least a portion of the method being performed by a network device comprising one or more processors, the method comprising:training, by a network device, a machine learning classifier using a training set of data points that includes a user data point;
calculating, by the network device, a first loss of the machine learning classifier;
updating, by the network device, the machine learning classifier by updating parameters of the machine learning classifier to remove influence of the user data point using an influence function without retraining the machine learning classifier;
calculating, by the network device, a second loss of the machine learning classifier;
calculating, by the network device using an influence function, an expected difference in loss of the machine learning classifier due to removal of the influence of the user data point from the machine learning classifier; and
verifying that the influence of the user data point has been removed from the machine learning classifier by determining, by the network device, that the difference between the first loss and the second loss is within a threshold of the expected difference in loss.

US Pat. No. 10,397,265

MITIGATING SECURITY VULNERABILITIES IN WEB CONTENT

SHAPE SECURITY, INC., Mo...

1. A computer system comprising:one or more hardware processors;
at least one memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to:
receive source code corresponding to a web page requested by a client device from a server device;
process the source code to identify one or more specified resources that are accessed by the source code;
determine that a particular resource of the one or more specified resources is subject to a mixed content vulnerability, the mixed content vulnerability comprising the source code allowing use of an unsecure channel with respect to the particular resource;
in response to determining that the particular resource is subject to the mixed content vulnerability, modify the source code to specify a security directive instructing a browser on the client device to enforce the security directive when the source code is executed on the client device;
cause transmission of the modified source code to the client device.

US Pat. No. 10,397,264

DIGITAL DYE PACKS

PayPal, Inc., San Jose, ...

1. A system, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
receiving a user input from a user device in connection with conducting an electronic transaction;
determining that the user input comprises a modified identifier modified from an identifier associated with a user;
determining, from a plurality of identifier modifications, an identifier modification that corresponds to the modified identifier, wherein each identifier modification in the plurality of identifier modifications corresponds to an action;
obtaining, from the user device, external data representative of a context in which the user input was provided to the user device;
determining a risk associated with the transaction based on the identifier modification and the external data; and
tracking the electronic transaction based on the determined risk.

US Pat. No. 10,397,263

HIERARCHICAL PATTERN MATCHING FOR DEEP PACKET ANALYSIS

Futurewei Technologies, I...

1. An apparatus, comprising:a first content addressable memory (CAM) storing a substring of a string of a regular expression as a plurality of bits that are individually searchable;
a memory comprising executable instructions; and
one or more processors coupled to the memory wherein the one or more processors execute the instructions to:
receive a data packet comprising a plurality of bits;
search the received data packet at a first hierarchical level using, at least in part, the first CAM and compare in parallel the plurality of bits of the received data packet to the plurality of bits of the substring to determine whether the substring of the string of the regular expression exists in the received data packet;
search the received data packet at a second hierarchical level when the search of the received data packet at the first hierarchical level finds a match, to determine whether the string of the regular expression exists in the received data packet; and
transmit the received data packet to a next network element along an original path of the received data packet without searching the received data packet at a third hierarchical level when the search of the received data packet at the first or second hierarchical level does not find a match.

US Pat. No. 10,397,257

MULTI-MODE BOUNDARY SELECTION FOR THREAT DETECTION IN INDUSTRIAL ASSET CONTROL SYSTEM

GENERAL ELECTRIC COMPANY,...

1. A system to protect an industrial asset control system, comprising:a plurality of real-time monitoring node signal inputs to receive streams of monitoring node signal values over time that represent a current operation of the industrial asset control system; and
a threat detection computer platform, coupled to the plurality of real-time monitoring node signal inputs and an operating mode classification database, including a storage medium with programming instructions and a computer processor to:
(i) receive the streams of monitoring node signal values,
(ii) receive a current operating mode of the industrial asset control system,
(iii) based on the current operating mode and information in the operating mode classification database, determine that a first operating mode group is a current operating mode group, the first operating mode group being selected from a set of potential operating mode groups, wherein the first operating mode group corresponds to a first plurality of different operating modes of the industrial asset control system and is associated with a first decision boundary separating a normal state from an abnormal state, and a second operating mode group corresponds to a second plurality of different operating modes of the industrial asset control system and is associated with a second decision boundary different than the first decision boundary,
(iv) based on the streams of monitoring node signal values, generate at least one current monitoring node feature vector,
(v) based on the current operating mode group, select the first decision boundary as an appropriate decision boundary,
(vi) compare the at least one generated current monitoring node feature vector with the first decision boundary, and
(vii) automatically transmit a threat alert signal based on a result of said comparison.

US Pat. No. 10,397,256

SPAM CLASSIFICATION SYSTEM BASED ON NETWORK FLOW DATA

Microsoft Technology Lice...

1. A computer-implemented method for sharing data between at least an email service provider and a cloud service provider in order to identify network spamming message patterns without accessing spamming message content, the method comprising:obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP address how many spam and non-spam messages have been received;
obtaining network data features from a cloud service provider;
providing the labels and the network data features to a machine learning application, wherein the machine learning application identifies correlations between IP addresses associated with the labels and IP addresses associated with the network data features, the correlations being used to facilitate the machine learning application in generating a prediction model to detect spamming hosts that generate spamming messages;
generating the prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; and
after an unlabeled message, which has not yet been characterized as spam or not as spam, is generated by a computing device of the cloud service provider and after the unlabeled message is received at a router of the cloud service provider in preparation for transmittal to a recipient computing device, applying the prediction model to the unlabeled message to determine whether the unlabeled message is spam or is not spam,
wherein the network data features from the cloud service provider include descriptors of connections between the computing device that generated the unlabeled message and the recipient computing device, the descriptors including information describing a source and destination IP address, source and destination ports, a protocol type, and a union of TCP flags.

US Pat. No. 10,397,253

COGNITIVE AND CONTEXTUAL DETECTION OF MALICIOUS DNS

INTERNATIONAL BUSINESS MA...

1. A method comprising:constructing, from a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature;
computing, using the packet, a metadata item supporting the input feature;
computing a set of weights corresponding to a set of nodes in a recurrent neural network (RNN) by passing a term and a set of words to a function, wherein the term and the set of words are parsed from a payload of the record in the packet;
applying the set of weights to the set of nodes in the RNN to output an entity of the term, a co-reference of the term, and a class of the term;
computing a confidence value corresponding to the entity of the term, the co-reference of the term, or the class of the term;
classifying, using a processor and a memory to execute a cognitive classification model, and by supplying the input feature and the metadata item as inputs to the cognitive classification model, a transmission of the packet as malicious use of DNS tunneling between the DNS client and the DNS server, the classifying using the confidence value and one of the entity of the term, the co-reference of the term, or the class of the term;
outputting, from the cognitive classification model, a classification of the packet as malicious, and the confidence value in the malicious classification; and
causing, by generating a notification, the DNS client to cease the malicious use of the DNS tunneling.

US Pat. No. 10,397,252

DYNAMIC DETECTION OF UNAUTHORIZED ACTIVITY IN MULTI-CHANNEL SYSTEM

Bank of America Corporati...

1. A dynamic unauthorized activity detection computing platform, comprising:at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the dynamic unauthorized activity detection computing platform to:
receive first data from a first communication channel;
format the first data received from the first communication channel;
analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content;
receive second data from a second communication channel different from the first communication channel;
format the second data received from the second communication channel;
analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content;
evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity;
responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and
responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel.

US Pat. No. 10,397,251

SYSTEM AND METHOD FOR SECURING AN ELECTRONIC CIRCUIT

1. A system for securing an electronic circuit comprising:plural regions, activity of which may be individually controlled;
a plurality of sensors integrated into the electronic circuit, each sensor being sensitive to variations in manufacturing process and configured to provide a measurement representative of a local activity of the electronic circuit;
a processor comprising an integrity verification circuit configured to:
deactivate all regions of the electronic circuit and make an acquisition of the measurements supplied by the sensors;
activate a single region of the electronic circuit one by one, and make an acquisition of the measurements supplied by the sensors;
for each region, and for each sensor, compare the measurement made by the sensor when only the region is activated with the measurement made by the sensor when all of the regions are deactivated;
determine, from the compared measurements, and for each of the regions, a partition of the sensors between sensors affected and sensors not affected by an activation of the region;
compare each of the partitions with a model partition to detect possible presence of a hardware Trojan horse liable to infect the electronic circuit.

US Pat. No. 10,397,249

INTRUSION DETECTION BASED ON LOGIN ATTEMPTS

salesforce.com, inc., Sa...

1. A system comprising:one or more processors; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:
identify an attempt by a user to login to a destination server from a source server, the destination and source server coupled to an enterprise computer network having a plurality of destination servers;
determine a destination score based on a count of attempts by the user to login to the destination server, and a count of attempts by the user to login to all of the destination servers;
determine a source given destination score based on a count of attempts by the user to login from the source server to the destination server, and a count of attempts by the user to login to the destination server;
determine one of a success rate score based on a success rate of attempts by the user to login to all of the destination servers and a login attempt frequency score based on a frequency of attempts by the user to login to all of the destination servers, the attempts being made during a time period and an extended time period;
determine an outlier score based on values associated with the destination score, the source given destination score and one of the success rate score and the login attempt frequency score; and
cause an alert to be outputted in response to a determination that the outlier score satisfies a threshold.

US Pat. No. 10,397,248

METHOD AND APPARATUS FOR MONITORING NETWORK

FUJITSU LIMITED, Kawasak...

1. A network monitoring apparatus, comprising:a memory; and
a processor configured to use the memory and execute a process, the process comprising:
specifying, for each of a plurality of packet groups and from the plurality of packet groups, a feature value relating to a targeted attack, wherein each of the plurality of packet groups includes a plurality of packets that were communicated between an internal terminal and an external terminal on a connection between the internal terminal and the external terminal;
calculating, for the plurality of packet groups, a value of a standard deviation of feature values specified for the plurality of packet groups;
determining whether the calculated value is equal to or greater than a predetermined threshold value as an indication of the targeted attack; and
outputting an alert regarding the targeted attack, after determining that the calculated value is equal to or greater than the predetermined threshold value,
wherein the feature value includes at least one of a number of packets included in a packet group of the plurality of packet groups, a size of one or more packets included in the packet group, a time interval between the packet group and another packet group immediately before the packet group, and a value related to contents of data part of the plurality of packets included in the packet group,
wherein the calculating is executed, when an IP address of a connection source of the connection is an IP address in an internal network, an IP address of a connection destination of the connection is an IP address in an external network, and a port number of the connection destination of the connection is a port number representing access to a web server.

US Pat. No. 10,397,247

SMART INTRUSION PREVENTION POLICY

International Business Ma...

1. A method for prioritizing intrusion events that enhances the efficiency of signature matching of malicious activity, the method comprising:determining, by one or more computer processors, whether a new connection corresponding to a data packet is detected, wherein the data packet is transmitted using the new connection;
responsive to determining that the new connection is detected, adding, by one or more computer processors, a connection context associated with the new connection to a current connection context in a dynamic event table,
wherein: the connection context is based on one or more of: an operating system type associated with the connection, an operating system version associated with the connection, and a computer application responsible for sending the data packet associated with the connection, and the dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of two or more events, wherein each event of the two or more events is a malicious activity and is associated with a respective data packet, and wherein each event in the listing of two or more events is retrieved from a repository; calculating, by one or more computer processors, a score for each event of two or more events in the dynamic event table based on the current connection context;
generating, by one or more computer processors, an order for the two or more events according to the calculated score for each respective event, wherein the event with a highest score receives a highest order;
performing, by one or more computer processors, a signature check of each event having a score greater than or equal to a threshold value among the two or more events according to the generated order; and
responsive to determining that a signature was found for an event among the two or more events, preventing, by one or more computer processors, intrusion of the data packet associated with the event.

US Pat. No. 10,397,246

SYSTEM AND METHODS FOR MALWARE DETECTION USING LOG BASED CROWDSOURCING ANALYSIS

Radware, Ltd., Tel Aviv ...

1. A crowdsourcing log analysis system for protecting a plurality of client networks from security threats, each of said plurality of client networks is associated with a set of network entities, said crowdsourcing log analysis system comprising:a plurality of server machines, each of said plurality of server machines comprising logic configured to execute a third-party security product and log associated third-party assessment attributes of at least one suspect entity into at least one log file; and
each of said plurality of client networks comprising logic configured to connect with at least one of said plurality of server machines to receive at least one log file;
at least one breach detection platform comprising logic configured to receive a plurality of log files from said plurality of client networks via a communication network, said at least one log file being one of the plurality of log files;
wherein said crowdsourcing log analysis system is configured to generate a risk factor for said at least one suspect entity based upon at least a plurality of said third party assessment attributes; and
wherein said crowdsourcing log analysis system causes blocking of communication for said at least one suspect entity based upon at least said risk factor being indicative of said at least one suspect network entity being a security threat.

US Pat. No. 10,397,244

SYSTEM AND METHOD FOR DETECTING ATTACK WHEN SENSOR AND TRAFFIC INFORMATION ARE INCONSISTENT

TOYOTA JIDOSHA KABUSHIKI ...

1. A system for detecting an attack, comprising a server and a plurality of vehicles capable of wirelessly communicating with each other,each of the plurality of vehicles including:
a sensor; and
a vehicle processor configured to act as:
a sensor information acquisition interface adapted to acquire sensor information from the sensor; and
a traffic information reception interface adapted to receive traffic information through wireless communication, wherein the traffic information is information that describes a road condition around the vehicle and is sent from an outside of the vehicle,
wherein a cryptographic processor is configured to verify electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from the server; and
a transmitter adapted to transmit the sensor information and the traffic information to the server, and
the server including:
a server processor configured to act as:
a specification controller to specify to at least any of the plurality of vehicles signature information indicating the characteristics of the invalid traffic information
a reception controller adapted to receive the sensor information and the traffic information from at least any of the plurality of vehicles;
a verification controller adapted to verify whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match; and
a notification controller adapted to notify, when the sensor information and the traffic information are inconsistent with each other, at least any of the plurality of vehicles of the inconsistency between the sensor information and the traffic information.

US Pat. No. 10,397,243

CONDITION CHECKING FOR PAGE INTEGRATION OF THIRD PARTY SERVICES

SAP SE, Walldorf (DE)

1. A system comprising:at least one processor; and
instructions that, when executed by the at least one processor, cause the at least one processor to provide:
a widget generator configured to provide, to a browser application, a functionally disabled widget in conjunction with downloading, by the browser application, of an untrusted third party page that specifies the widget for inclusion in the untrusted third party page; and
a protection manager configured to provide, to the browser application, in conjunction with the widget generator providing the widget, a protection script instance for inclusion within the widget, the protection script instance being executable within a page context of the untrusted third party page, the page context being separate from a widget context of the widget,
wherein the protection script instance requests execution within the page context of the untrusted third party page to determine whether a condition associated with a frame node of a document object mode (DOM) of the widget has been met, and sends an authenticated POST message to enable the widget when the condition is met, and to exclude the widget from the untrusted third party page or keep the widget disabled when the condition is not met, wherein the condition includes a visibility condition requiring that the widget be visible within the page when rendered, wherein a change monitor is configured to continuously monitor the visibility condition after an initial determination by a condition inspector and prevent alteration of the visibility condition upon detection of execution of a malicious page violating the visibility condition, the condition inspector is configured to modify the visibility condition in response to the execution of the malicious page.

US Pat. No. 10,397,242

ENHANCING INTEGRITY OF DATA CENTER SPECIFIC INFORMATION

NOKIA SOLUTIONS AND NETWO...

1. A method comprising:receiving, by an apparatus of a data center, a request message from an on-line server computer of the data center, wherein on-line refers to a working mode where a cloud-based software application of a customer is running and providing an intended service, the apparatus and the server computer being physically separate entities communicatively coupled with each other, said message requesting data center specific information stored in a memory area of the apparatus;
initiating, by the apparatus, deciphering of the request message in response to receiving the request message; and
as a response to successfully deciphering the request message, transmitting, by the apparatus, a response message to the server computer, said message comprising the data center specific information acquired from the memory area of the apparatus,
the data center specific information comprising at least one of a jurisdiction identifier, a data center identifier uniquely identifying the data center, and pre-stored geolocation data, the data center specific information being stored in a read-only memory area of the apparatus, the read-only memory being a write once memory area before the data center specific information is stored in said memory,
wherein the data center comprises a plurality of on-line server computers each communicatively coupled with the apparatus, the apparatus configured to provide said data center specific information to each of the plurality of server computers.

US Pat. No. 10,397,241

SYSTEMS AND METHODS FOR INTEGRATION OF DIRECTORY SERVICE WITH MANAGEMENT CONTROLLERS

Dell Products L.P., Roun...

1. An information handling system comprising:a hardware processor;
a directory service application comprising a program of instructions embodied in non-transitory, computer-readable media accessible to the hardware processor, the directory service application configured to:
enumerate a plurality of management controller categories for management controllers configured to provide out-of-band management of a plurality of information handling systems communicatively coupled to one another via a network, wherein the management controller categories specify different types of management controllers, and wherein at least one of the plurality of management controller categories includes a plurality of the management controllers; and
create a directory service device object for each of the plurality of management controller categories;
wherein the directory service application is configured not to create directory service device objects for individual ones of the management controllers.

US Pat. No. 10,397,240

VERSATILE AUTOSCALING FOR CONTAINERS

Amazon Technologies, Inc....

1. A system, comprising:a scaling service that includes one or more processors and first memory including first instructions that, as a result of execution by the one or more processors, cause the scaling service to:
register, as a scalable target, a scalable dimension of a resource of a resource service, the resource service comprising a software container service, a database service, or a messaging service;
in response to receipt of a notification associated with a stored policy, wherein the policy includes a set of parameters and a scaling action to perform to the scalable target, the policy specifying, in the set of parameters, a security role that authorizes fulfillment of requests:
obtain the policy from storage;
submit a first request to a resource service, the first request being a request to perform the scaling action to the scalable target in accordance with the set of parameters;
submit a second request to the resource service, the second request being a request for data from which a determination can be made whether the scalable target has been scaled in accordance with the policy; and
determine, based at least in part on a response to the second request, whether the first request has been fulfilled; and
the resource service that includes one or more processors and second memory including second instructions that, as a result of execution by the one or more processors, cause the resource service to:
initiate performance of the scaling action in accordance with the set of parameters; and
submit, to the scaling service, the response that includes the data.

US Pat. No. 10,397,238

SYSTEMS AND METHODS FOR MANAGING ELECTRONIC TOKENS FOR DEVICE INTERACTIONS

Capital One Services, LLC...

1. A device, comprising:one or more processors; and
a non-transitory memory containing instructions that when executed by the one or more processors cause the device to perform operations comprising:
installing a token generation application received from a token server, the token generation application being a web browser application;
linking the installed token generation application to an account managed by the token server by transmitting information identifying the installed token generation application to the token server;
displaying an interface including a control panel for configuring the token generation application, wherein:
the control panel comprises a switch for activating or deactivating a plurality of tokens, the tokens being linked to the account;
the interface further includes one or more settings for one of more restrictions on continued usage of the tokens; and
the one or more restrictions can be both applied to and removed from activated ones of the tokens at any time;
initiating, using the token generation application, generation of a first one of the tokens, the first one of the tokens comprising a pointer to the account according to configuration information received through the interface, the first one of the tokens being specific to a designated merchant; and
providing the first one of the tokens to a server of the designated merchant to complete a transaction with the merchant, wherein authorization of the transaction initiated using the first one of the tokens will be denied if received from a merchant other than the designated merchant, and further wherein authorization of the transaction initiated using the first token will be denied if received from a browser other than a provisioned browser.

US Pat. No. 10,397,237

AUTOMATICALLY PROVISIONING NEW ACCOUNTS ON MANAGED TARGETS BY PATTERN RECOGNITION OF EXISTING ACCOUNT ATTRIBUTES

International Business Ma...

10. An apparatus, comprising:a processor;
computer memory holding computer program instructions executed by the processor to reduce risk associated with recertification of an account having an access entitlement, the computer program instructions comprising:
program code operative to retrieve a set of existing account information belonging to respective user accounts of a first set of users;
an attribute pattern discovery component to perform pattern matching on the retrieved set of existing account information to discover attribute patterns in the retrieved set of existing account information, wherein a first pattern matching process extracts user attribute information in the retrieved set of existing account information and a second pattern matching process discovers at least a first attribute pattern within the extracted user attribute information;
program code operative to generate an account template according to the first discovered attribute pattern;
program code operative to use the generated account template to create a new account on the first target for a first user, the first user not a member of the first set of users; and
program code operative to grant the first user access to the first target using the created new account.

US Pat. No. 10,397,236

ANAMOLY DETECTION AND RECOVERY OF A CORRUPTED COMPUTING RESOURCE

Amazon Technologies, Inc....

1. A method of detecting corruption of a resource in a compute service provider environment, the method comprising:generating one or more profiles including resource profiles or user profiles;
setting one or more thresholds representing an acceptable deviation from the one or more profiles;
receiving a request to delete data within the compute service provider;
marking the data as deleted, without releasing the data for reuse, but rejecting requests for access to the data so that it appears to a customer as though the data is deleted, wherein the data is associated with a resource in the compute service provider environment and the marking of the data results in the resource being unavailable to the customer to access and being unavailable for reuse within the compute service provider environment;
searching through log data for requests to delete data;
detecting the request to delete the data and determining whether the request exceeds the one or more thresholds associated with the profiles;
transmitting an alert to the customer informing the customer of the request to delete the data; and
restoring the data at the customer's request by removing the marking.

US Pat. No. 10,397,235

EVENT PROCESSING VIA INDUSTRIAL ASSET CLOUD COMPUTING SYSTEM

General Electric Company,...

1. A method comprising:receiving, at a server computer associated with an industrial asset cloud computing system, a command representing an event, from a mobile device of a plurality of mobile devices, the command comprising instructions for changing a data object in a data domain;
determining, by the server computer, that a session is established that is associated with the mobile device;
storing, by the server computer, the command in a cache associated with the server computer;
determining, by the server computer, a command processor responsible for processing the command;
routing, by the server computer, the command to the command processor responsible for processing the command, wherein the command processor accesses the data domain associated with the command to change the data object in the data domain according to the instructions of the command;
detecting, by the server computer, a state change in the data domain indicating that the data object has been changed;
storing, by the server computer, the changed data object in the cache associated with the server computer; and
preparing, by the server computer, the changed data object to be consumed by mobile devices operated by users authorized to access the data object such that the mobile devices receive the changed data object and the data is updated on local databases of the mobile devices.

US Pat. No. 10,397,234

METHOD AND DEVICE FOR CONTROLLING ACCESS TO DATA IN NETWORK SERVICE PROVIDER SYSTEM

Huawei Technologies Co., ...

1. A method, comprising:receiving an access request for accessing data in a network service provider system, the network service provider system comprising a plurality of data areas, a network service provider-usable data area of the plurality of data areas storing network service provider-usable data, a network service provider-unusable data area of the plurality of data areas storing network service provider-unusable data, the network service provider-usable data area being independent from the network service provider-unusable data area; and
in response to determining that the access request is a user access instruction, acquiring, from the network service provider-usable data of the network service provider-usable data area or the network service provider-unusable data of the network service provider-unusable data area, data requested by the user access instruction; or
in response to determining that the access request is a non-user access instruction, acquiring, from the network service provider-usable data of the network service provider-usable data area, data requested by the non-user access instruction.

US Pat. No. 10,397,232

CONTROLLING USER ACCESS TO COMMAND EXECUTION

Amazon Technologies, Inc....

1. A computer-implemented method comprising:receiving, by a shell aggregator executing on one or more computing systems, a request from a user indicating a command to be executed by each of a plurality of computing nodes that are provided by a network-accessible service for use by the user and that are each executing one or more programs on behalf of the user, wherein execution of the command by each corresponding computing node of the plurality of computing nodes causes each corresponding computing node to gather information regarding itself;
determining, by the shell aggregator and based at least in part on permissions information stored externally to the plurality of computing nodes, that the user is authorized to have the command be executed by each of the plurality of computing nodes;
initiating, by the shell aggregator and in response to the determining, execution of the command by each of the plurality of computing nodes to gather the information, including:
executing the command by a first computing node of the plurality of computing nodes for the user; and
denying execution of the command for the user by a second computing node of the plurality of computing nodes based on additional security information stored locally on the second computing node;
receiving, by the shell aggregator, results including the gathered information from the execution of the command by each of the plurality of computing nodes;
aggregating, by the shell aggregator, the received results to generate aggregated results; and
returning the aggregated results to the user.

US Pat. No. 10,397,231

DIFFERENTIATED CONTAINERIZATION AND EXECUTION OF WEB CONTENT BASED ON TRUST LEVEL AND OTHER ATTRIBUTES

Intel Corporation, Santa...

1. A computing system comprising:network circuitry to access program code from a network;
a storage device to store instructions; and
processor circuitry to execute the instructions to:
determine a level of trust for the program code;
based on the level of trust for the program code, assign at least one of a plurality of containers to store the program code from the network, a first container of the plurality of containers associated with a first level of trust, a second container of the plurality of containers associated with a second level of trust, the second level of trust different from the first level of trust; and
allocate compute resources to execute the program code based on which one of the at least one of the plurality of containers is assigned to store the program code.

US Pat. No. 10,397,230

SERVICE PROCESSOR AND SYSTEM WITH SECURE BOOTING AND MONITORING OF SERVICE PROCESSOR INTEGRITY

International Business Ma...

1. A service processor, comprising:a processor;
a memory coupled to the processor and comprising instructions for executing an operating system kernel having an integrity management subsystem;
secure boot firmware;
an event log storage; and
a tamper-resistant secure trusted dedicated microprocessor, wherein:
the service processor operates to manage a host computing system;
the secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor;
the secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor;
the operating system kernel enables the integrity management subsystem;
the integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor;
the integrity management subsystem records third measurements of boot software executed in the host computing system, in the one or more registers;
the operating system kernel records one or more entries, in the event log storage, identifying one or more events causing at least one of the recording of the first measurements, the recording of the second measurements, or the recording of the third measurements, wherein at least one entry in the one or more entries identifies an event causing the recording of a third measurement associated with boot software executed in the host computing system; and
each entry of the one or more entries comprises an identifier of a corresponding register within the one or more registers where corresponding measurement information is stored for that entry, wherein the entries in the event log storage comprise a register identifier identifying a register where a corresponding measurement is stored, a file hash of an executable file that caused the corresponding measurement to be recorded, and a hint of the full path and filename of the executable file that caused the corresponding measurement to be recorded.

US Pat. No. 10,397,229

CONTROLLING USER CREATION OF DATA RESOURCES ON A DATA PROCESSING PLATFORM

Palantir Technologies, In...

1. A computer system comprising:one or more processors;
one or more non-transitory computer-readable storage media coupled to the one or more processors and storing one or more sequences of instructions which when executed cause performing:
receiving a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource, a user identifier associated with said user, and an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link;
performing verification using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions;
responsive to verifying said user, creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
verifying that said user is permitted to allow access to the data resource by external users;
responsive to verifying that said user is so permitted, creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.

US Pat. No. 10,397,228

SELECTIVELY RESTRICTING COMMUNICATIONS FROM THIRD PARTY APPLICATIONS/DEVICES TO ELECTRONIC DEVICES

Google LLC, Mountain Vie...

1. A method of message rate limiting by a smart-home device, the method comprising:determining, by the smart-home device, one or more device operation status parameters of the smart home device comprising:
a battery level of the smart-home device;
a battery charging rate of the smart-home device;
an age of the smart-home device;
a planned lifespan of the smart-home device;
a recent wireless usage of the smart-home device;
an internal temperature of the smart-home; or
any of the above in relation to an intervening device over which communication to the smart-home device travels; or
any combination thereof;
receiving, by the smart-home device while the smart-home device is in a low-power mode, an incoming communication directed to the smart-home device from a server;
based at least in part on the one or more device operation status parameters, determining, by the smart-home device while the smart-home device is in the low-power mode, to:
transition to a high-power mode; and
consume the received communication;
or:
remain in the low-power mode; and
ignore the communication.

US Pat. No. 10,397,227

TRANSACTION SECURITY SYSTEMS AND METHODS

CUPP Computing AS, Olso ...

1. A method comprising:detecting that a secure transaction device has been coupled to a host system, the host system having a plurality of applications and a first network interface for communicating with a network, the secure transaction device having a second network interface different than the first network interface;
configuring the secure transaction device with network parameters specific to the host system to which the secure transaction device has been coupled, so that when network traffic is communicated via the second network interface the secure transaction device mimics the host system and renders the secure transaction device transparent to the network;
receiving a request from a particular application of the plurality of applications to access a network resource on the network, the network resource being remote from the host system and from the secure transaction device;
if the network resource is an unsecured network resource, then allowing the host system to communicate with the unsecured network resource via the first network interface without requiring the host system to communicate with the unsecured network resource via the second network interface;
if the network resource is a secured network resource, then
configuring the host system to redirect all network traffic to the secure transaction device so that the secure transaction device can manage all the network traffic through the second network interface, thereby preventing the plurality of applications from accessing the network via the first network interface without requiring the host system to communicate with the unsecured network resource via the second network interface;
using a security policy to authenticate the particular application of the plurality of applications as a trusted application authorized to access the secured network resource on the network;
establishing a secure tunnel via the second network interface to the secured network resource on the network;
allowing the trusted application to use the secure tunnel to access the secured network resource; and
preventing untrusted applications of the plurality of applications from accessing the secure tunnel.

US Pat. No. 10,397,226

METHODS AND SYSTEMS USING TRUST-BUT-VERIFY DYNAMIC QUALITY-OF-SERVICE (QOS)

Cisco Technology, Inc., ...

8. A method to provide QoS operations, the method comprising:in response to receipt, at a network port of a first computing device, one or more first inbound traffic associated with a first flow from a second computing device, the one or more first inbound traffic being determined to have a voice or a video component, i) classifying each of the one or more first inbound traffic with an initial high QoS (Quality of Service) PHB (Per-Hop Behavior) marking and ii) transmitting to a third computing device in the network the one or more first inbound traffic with the initial high QoS PHB markings; and
initiating authentication of the first flow as being a preferential flow,
wherein, in response to receiving, during the authentication process, one or more subsequent inbound traffic associated with the first flow from the second computing device, i) classifying the one or more subsequent inbound traffic with the initial high QoS PHB markings and ii) transmitting to the third network device the one or more subsequent inbound traffic with the initial high QoS PHB markings.

US Pat. No. 10,397,225

SYSTEM AND METHOD FOR NETWORK ACCESS CONTROL

Worcester Polytechnic Ins...

1. In an access controller, a method for providing access to a network resource on a computer network, comprising:receiving, by the access controller, a network access request and user interaction information associated with the network access request from a client device, the user access information received with the network access request from the client device over the computer network, the client device being distinct from the access controller on the computer network;
wherein receiving user interaction information associated with the network access request from the client device over the computer network comprises receiving, by the access controller, macroevent information associated with the network access request from the client device, the macroevent information identifying user intent associated with the network access request;
wherein receiving macroevent information associated with the network access request from the client device further comprises receiving, by the access controller, microevent information associated with the network access request from the client device, the microevent information related to the macroevent information via the user interaction information and identifying at least one user-generated event associated with the macroevent information and the microevent information comprising input and output (I/O) control flow commands identifying user-initiated interaction, including at least one of I/O patterns and I/O statistics, between the client device and at least one of a hardware device associated with the client device and a graphical user interface associated with the client device;
identifying, by the access controller, a policy corresponding to the macroevent information and the microevent information; and
based upon the identified policy corresponding to the macroevent information and the microevent information, one of providing communication, by the access controller, between the client device and the network resource associated with the network access request, providing, by the access controller, the network access request to a network router, and diverting, by the access controller, traffic associated with the client device through a security monitor.

US Pat. No. 10,397,224

NETWORK PERSONAL DIGITAL VIDEO RECORDER SYSTEM (NPDVR)

Oath Inc., Dulles, VA (U...

1. A computer-implemented method comprising the following operations performed by at least one processor:receiving, from a client system, a request to transfer a first file stored on a host server to a database system, wherein the transfer request is transmitted to a proxy server for isolating the transfer request via a proxy server process, wherein the transfer request is further transmitted to a load balancer for transmitting the transfer request to a least-loaded host server, wherein the transfer request includes an identifier that identifies the first file and an identifier of a user of the client system, and wherein the database system being located remotely from the host server and the client system;
transferring, using a communications network, the first file from the host server to the database system, the database system being adapted to store the first file in a storage area allocated to the identified user of the client system;
receiving, from the client system, a request to access the first file stored on the database system, the request to access the first file including authentication data associated with the user;
verifying the authenticating data associated with the user; and
permitting, in response to verifying the user, the client system to access the first file stored on the database system.

US Pat. No. 10,397,223

METHOD FOR ESTABLISHING AN AUTHORIZED COMMUNICATION BETWEEN A PHYSICAL OBJECT AND A COMMUNICATION DEVICE ENABLING A WRITE ACCESS

Alcatel Lucent, Nozay (F...

1. A method for establishing an authorized communication between a physical object and a communication device, wherein the physical object and the communication device both comprise a data processing unit, a contact communication interface and a wide area network interface, the method comprising:establishing a physical connection between the physical object and the communication device through the contact communication interface of the physical object and the contact interface of the communication device,
transmitting authorization data between the physical object and the communication device through the physical connection to grant access rights over the physical object to the communication device using the authorization data,
wherein the access rights enable the communication device to make a write access to protected data of the physical object through the wide area network interface of the physical object and the wide area network interface of the communication device, wherein the protected data comprise an extension module, and wherein the access rights enable the communication device to install a software module in the extension module of the physical object through the wide area network interface, the software module being adapted to provide to the physical object a function associated with hardware capabilities of the physical object,
wherein the method further comprises transmitting the software module from the communication device to the physical object to be installed in the extension module, wherein, in order to install the software module, the communication device identifies a matching software module in a software database.

US Pat. No. 10,397,222

AUTHENTICATING A LIMITED INPUT DEVICE VIA AN AUTHENTICATED APPLICATION

GoPro, Inc., San Mateo, ...

1. A system, comprising:an authenticated application executing on a first device;
a camera paired with the authenticated application using a first device identifier, the authenticated application configured to enable a user to control one or more camera functions of the camera by interacting with the authenticated application; and
a computer program product comprising a non-transitory computer-readable storage medium having instructions encoded thereon that, when executed by a processor, causes the processor to:
in response to receiving a request including the first device identifier from the authenticated application for a one-time authorization code, transmit the one-time authorization code to the authenticated application,
receive a request for an access token from the camera, the request including the one-time authorization code and a second device identifier,
in response to verifying the one-time authorization code by determining that the second device identifier matches the first device identifier, authenticate the camera by providing the camera with the access token,
associate the access token with a user account,
receive one or more images associated with the user account from the camera, and
in response to determining that the access token has expired, receive a refresh token from the camera and provide a new access token to the camera.

US Pat. No. 10,397,220

FACIAL PROFILE PASSWORD TO MODIFY USER ACCOUNT DATA FOR HANDS-FREE TRANSACTIONS

GOOGLE LLC, Mountain Vie...

1. A computer-implemented method to enable updates to user account information in response to facial image verification of users located at service system locations, comprising, by one or more computing devices operated by an account management system:receiving, from a user computing device, an account identifier corresponding to a user account associated with a user associated with the user computing device and a beacon device identifier, the user computing device retransmitting the beacon device identifier received via a network from a beacon device at a location associated with the beacon device identifier;
retrieving, an existing facial template associated with the user account based on the account identifier corresponding to the user account;
adding, the retrieved existing facial template to a current customer log of one or more existing facial templates corresponding to user computing devices that retransmitted the beacon device identifier to the one or more computing devices;
receiving, from a service computing device, a request for the current customer log;
transmitting, to the service computing device, the current customer log, the current customer log comprising the retrieved existing facial template associated with the user account, the service computing device identifying the user account based on determining that a degree of similarity between a facial template generated based on a capture of a facial image of the user and the retrieved existing facial template is greater than or equal to a predetermined threshold amount;
receiving, from the service computing device at the location, the account identifier corresponding to the user account, updated account data, and a request to update existing account data in the user account;
and replacing one or more items of the existing account data in the user account with the updated account data.

US Pat. No. 10,397,216

SYSTEMS AND METHODS FOR PERFORMING SECURE BACKUP OPERATIONS

Veritas Technologies LLC,...

1. A computer-implemented method for performing secure backup operations, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:determining a trust level of a backup client by identifying at least one security characteristic of the backup client;
deploying a signed certificate on the backup client that enables the backup client to facilitate backup operations with a security level that corresponds to the trust level of the backup client;
identifying a backup server that has been designated to perform a backup task for the backup client;
prior to facilitating the backup task on the backup client:
identifying a type of signed certificate deployed on the designated backup server;
determining, based on a security level with which the type of signed certificate enables the designated backup server to perform backup operations, a trust level of the designated backup server;
identifying a sensitivity level of the backup task based at least in part on a type of data involved in the backup task; and
determining whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task; and
facilitating the backup task on the backup client based on at least one of:
the determination of whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task; and
a determination of whether the security level of the signed certificate deployed on the backup client is appropriate for the sensitivity level of the backup task.

US Pat. No. 10,397,214

COLLABORATIVE SIGN-ON

INTERNATIONAL BUSINESS MA...

1. A method, comprising:responsive to a user providing at least one authentication credential to a second system during an attempt to log into a first online account hosted by the second system, receiving, by a first system comprising at least one processor, an authentication approval request from the second system;
responsive to receiving the authentication approval request from the second system, determining, by the first system, whether the user is required to be logged into at least a second online account hosted by at least a third system unrelated to the second system in order to approve the authentication approval request;
responsive to determining that the user is required to be logged into at least the second online account hosted by at least the third system in order to approve the authentication approval request, determining, by the first system, whether the user presently is logged into at least the second online account hosted by at least the third system in at least one presently active user session;
responsive to determining that the user presently is logged into at least the second online account hosted by at least the third system in at least one presently active user session, communicating to the second system a response to the authentication approval request indicating that the user is approved for authentication with the second system to log into the first online account hosted by the second system;
responsive to the user providing at least one authentication credential to a fourth system during an attempt to log into a third online account hosted by the fourth system, receiving, by the first system, a second authentication approval request from the fourth system;
responsive to receiving the second authentication approval request from the fourth system, determining, by the first system, whether the user is required to be logged into at least a fourth online account hosted by at least a fifth system unrelated to the fourth system in order to approve the second authentication approval request;
responsive to determining that the user is required to be logged into at least the fourth online account hosted by at least the fifth system in order to approve the authentication approval request, determining, by the first system, whether the user presently is logged into at least the fourth online account hosted by at least the fifth system in at least one presently active user session; and
responsive to determining that the user presently is not logged into at least the fourth online account hosted by the at least the fifth system in at least one presently active user session, communicating to the fourth system a response to the authentication approval request indicating that the user is not approved for authentication with the fourth system to log into the third online account hosted by the fourth system.

US Pat. No. 10,397,212

INFORMATION DEVICE, DATA PROCESSING SYSTEM, DATA PROCESSING METHOD, AND NON-TRANSITORY STORAGE MEDIUM FOR EXECUTING CONTENT UPON AUTHENTICATION

PANASONIC INTELLECTUAL PR...

1. An information device comprising:a reader that reads, from a removable medium, ticket data provided from a server, the ticket data being provided from the server upon successful authentication, and the ticket data including information representing an executable content that is to be executable upon the successful authentication; and
a data processor that
executes the executable content represented in the ticket data, and
stores, in the removable medium, first identification information of the information device and additional data having a value that differs depending on a timing, wherein the ticket data further includes
information representing a number of times that the executable content is permitted to be executed or a period during which the executable content is permitted to be executed,
the additional data and second identification information set by the server based on the first identification information, and
first ticket data and second ticket data that differs from the first ticket data,
wherein the additional data includes first additional data and second additional data that differs from the first additional data, and
wherein the data processor
executes the executable content within the number of times that the executable content is permitted to be executed or within the period during which the executable content is permitted to be executed, when the second identification information included in the ticket data matches the first identification information,
links, when the executable content is executed based on the first ticket data, first information regarding a number of times the executable content is executed to the first additional data included in the first ticket data, and records the first information, and
links, when the executable content is executed based on the second ticket data, second information regarding a number of times the executable content is executed to the second additional data included in the second ticket data, and records the second information.

US Pat. No. 10,397,210

METHOD, DEVICE, CLIENT AND SERVER FOR INTERACTION

TENCENT TECHNOLOGY (SHENZ...

1. An interaction method, comprising:scanning, by a client, a target two-dimensional code to acquire a uniform resource locator(URL) in the target two-dimensional code;
sending, by the client, the URL to a third-party server;
receiving, by the client, multifunction interaction information that is returned from the third-party server according to the URL, wherein each piece of the multifunction interaction information comprises interaction type information; and
interacting, by the client, with the third-party server based on the multifunction interaction information,
wherein the interaction type information comprises information indicating at least one of an interaction application and a webpage application developed by a third party, the method further comprising:
sending, by the client, to an interconnection server at least one of an interaction application identifier and a signature file of the third party included in the multifunction interaction information;
based on a result of authentication of the third party by the interconnection server according to the at least one of the interaction application identifier and the signature file of the third party, sending, by the client, to the third-party server a request for opening a jump URL corresponding to an application indicated by the interaction type information and an authorization token; and
receiving and displaying, by the client, a jump webpage, which contains a login state of a user of the client, returned from the third-party server, the login state of the user of the client being obtained from the interconnection server according to the request and the authorization token.

US Pat. No. 10,397,209

RISK-AWARE MULTIPLE FACTOR AUTHENTICATION BASED ON PATTERN RECOGNITION AND CALENDAR

International Business Ma...

1. A method comprising:storing in a database security questions and corresponding user response data;
determining an accuracy score for each of a plurality of security questions previously answered by the user, the accuracy score being based in part on at least one of an amount of queries for a particular security question and a number of correct responses by the user;
ranking the security questions based on the accuracy scores;
receiving by an interface a login name from a user;
determining whether a state of the user is impaired;
selecting by a processor at least one security question regarding recent activity performed by the user, said selecting of the at least one security question includes selecting at least one impaired security question when a cognitive state of the user is impaired, the impaired security question having an accuracy score below a predetermined threshold;
receiving by the interface an answer to the at least one security question from the user;
determining by the processor whether the answer matches data stored in a user transaction database that is associated with the login name of the user.

US Pat. No. 10,397,208

AUTHENTICATION VIA ITEM RECOGNITION

PayPal, Inc., San Jose, ...

1. A system for authenticating a user, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
receiving, from a mobile device of a user, a request for accessing a user account;
in response to receiving the request, obtaining an image captured by a camera of the mobile device;
applying one or more image recognition algorithms to the captured image to extract a first set of features related to a first item in the captured image;
comparing the first set of features to stored features associated with a plurality of reference items designated for authenticating the user of the user account to determine that the first item in the captured image matches a first reference item in the plurality of reference items;
applying the one or more image recognition algorithms to the captured image to extract a second set of features related to a second item in the captured image;
comparing the second set of features to the stored features associated with the plurality of reference items designated for authenticating the user of the user account to determine that the second item in the captured image matches a second reference item in the plurality of reference items, wherein the first and second reference items are associated with a reference location;
determining a color of a third item in the captured image;
determining that a location of the mobile device corresponds to the reference location associated with the first and second reference items based at least in part on the color of the third item in the captured image;
determining, based on analyzing the captured image, that the first item and the second item are within a geographical boundary associated with the location of the mobile device;
in response to determining that the location of the mobile device corresponds to the reference location and that the first item and the second item are within the geographical boundary, granting the mobile device access to the user account according to a first access level;
retrieving additional descriptions of the first reference item, wherein the additional descriptions represent one or more characters or symbols appearing on the first reference item;
applying at least one of an optical character recognition algorithm or a pattern recognition algorithm to a portion of the captured image representing the first item to extract a third set of features related specifically to the first item, wherein the third set of features comprises at least one of a character or a symbol that appears on the first item;
comparing the third set of features against the additional descriptions associated with the first reference item to determine that the third set of features matches the additional descriptions; and
in response to determining that the third set of features matches the additional descriptions, granting the mobile device access to the user account according to a second access level that is less restrictive than the first access level.

US Pat. No. 10,397,207

AUTOMATIC CREDENTIAL ROTATION

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, from a client device associated with a user, a first request for access to one or more resources in a resource provider environment, the first request including a first credential string and a first iteration number, the first iteration number corresponding to a first random number, the first credential string corresponding to the output of a key stretching algorithm operated on a user access credential for a number of iterations corresponding to the first iteration number;
storing the first credential string and the first iteration number;
receiving, from the client device, a second credential string and a second random number, a second iteration number corresponding to a sum of the first iteration number and the second random number, the second credential string corresponding to the output of the key stretching algorithm operated on the user access credential for a number of iterations corresponding to the second iteration number;
generating a local copy of the second credential string using the first credential string processed a further number of iterations of the key stretching algorithm corresponding to the second random number, wherein the local copy has undergone a total of the second iteration number of the key stretching algorithm with respect to the user access credential;
determining that the second credential string, received from the client device, is the same as the local copy of the second credential string;
granting, in response to the second request, access to the one or more resources.

US Pat. No. 10,397,206

SYMMETRIC ENCRYPTION KEY GENERATION/DISTRIBUTION

Red Hat, Inc., Raleigh, ...

1. A method for exchanging encrypted information between a first computing device and a second computing device comprising:both computing devices having input parameters including: a shared secret, a prime bounding integer, a generator, a first group constant, and a second group constant, wherein the input parameters are respectively used to generate a first private key, a second private key, a first public key, and a second public key;
the second computing device receiving an encrypted message from the first computing device;
the second computing device generating the second private key;
the second computing device generating the second public key, using the generator, the shared secret, the first group constant, and the second private key;
the second computing device sending the second public key to the first computing device;
the first computing device using the second public key from the second computing device, the first group constant, the shared secret, the first private key, and the second constant to generate the first public key;
the second computing device receiving the first public key from the first computing device;
the second computing device using the first public key, the shared secret, the second group constant, and the second private key to calculate a session key; and
the second computing device decrypting the encrypted message with the session key.

US Pat. No. 10,397,203

RECEPTION DEVICE AND RECEPTION METHOD

FUJITSU LIMITED, Kawasak...

1. A reception device comprising:a memory which stores, for each of at least one function handling confidential information, a stored program module implementing a corresponding function, and first and second stored version numbers of the stored program module;
a receiver configured to receive a conditional access system program being encrypted and used to execute a process related to the confidential information, and a notification signal notifying of delivery of the conditional access system program and including delivery destination information identifying a delivery destination of the conditional access system program which includes, for each received program module in the conditional access system program, first and second received version numbers of the received program module;
a processor configured to
determine whether the reception device is a delivery target of the conditional access system program on the basis of the delivery destination information included in the notification signal, and
prepare for receiving the conditional access system program when the reception device is the delivery target of the conditional access system program; and
an information protection circuit configured to
determine whether the reception device is a use target of the conditional access system program with reference to the identification information included in the conditional access system program, and
decrypt the conditional access system program when the reception device is the use target of the conditional access system program, including when either of the first and second received version numbers of the received program module in the conditional access system program is larger than the first and second stored version numbers, respectively, of the stored program module corresponding thereto, decrypt the received program module to obtain a decrypted program module,
delete the stored program module in the memory corresponding to the received program module in the conditional access system program only when the second received version number of the received program module is larger than the second stored version number of the stored program module in the memory corresponding thereto; and
store the decrypted program module in the memory.

US Pat. No. 10,397,202

SECURE COMMUNICATION CHANNELS

BlackBerry Limited, Wate...

1. A method of negotiating a secure device-to-device communications channel between a first computing device and a second computing device, the first computing device being associated with a first user and the second computing device being associated with a second user, the method comprising:receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with a first computing device, the first connection request being received over a first secure communications channel;
receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with a second computing device, the second connection request being received over a second secure communications channel; and
determining, on the basis of an identity of the first user and an identity of the second user, that the secure device-to-device communication channel is permitted and, dependent on a determination that the secure device-to-device communication channel is permitted:
sending, from the server, first connection data to the first computing device over the first secure communications channel; and
sending, from the server, second connection data to the second computing device over the second secure communications channel; and
wherein the first connection data comprises the second address data and second cryptographic key, and the second connection data comprises the first address data and first cryptographic key, the first and second connection data being for use in enabling establishment of a secure device-to-device communications channel between the first computing device and the second computing device.

US Pat. No. 10,397,201

SENDING ENCRYPTED DATA TO A SERVICE PROVIDER

ENTIT SOFTWARE LLC, Sunn...

1. A computer program product for sending encrypted data to a service provider, comprising:a non-transitory computer readable storage medium, said non-transitory computer readable storage medium comprising computer readable program code embodied therewith, said computer readable program code comprising program instructions that, when executed, causes a processor to:
exchange an encryption key between an entity and a service provider without retaining said encryption key and while hiding an identity of said entity from said service provider; and
forward encrypted data based on said encryption key to said service provider from said entity while hiding said identity of said entity from said service provider.

US Pat. No. 10,397,199

INTEGRATED CONSENT SYSTEM

MICROSOFT TECHNOLOGY LICE...

1. A method performed by a computing system for creating an account for a user with an identity provider, the method comprising:receiving a request to create an identity provider account with the identity provider for use in logging onto a third-party system;
generating one or more display pages for providing an integrated-consent user experience that includes at least one of the one or more display pages for collecting both new-account information and scope-of-consent information for consenting to share account information with the third-party system;
receiving, from the user and through the one or more display pages, the new-account information that includes user credentials for the identity provider account and a scope of consent to share account information of the identity provider account with the third-party system;
based on receipt of the new-account information and a consent by the user to share account information as noted by the scope of consent, creating for the user, the identity provider account; and
recording an indication of the scope of consent, wherein when the user subsequently signs in to the third-party system using the user credentials for the identity provider account, the third-party system accesses account information of the identity provider account based on the user having provided the scope of consent.

US Pat. No. 10,397,195

METHOD AND SYSTEM FOR SHARED KEY AND MESSAGE AUTHENTICATION OVER AN INSECURE SHARED COMMUNICATION MEDIUM

Robert Bosch GmbH, Stutt...

1. A method for shared key generation with authentication comprising:generating, with a processor in a gateway node communicatively connected to a first node and a second node through a shared communication medium, a first set of pseudo-random data corresponding to expected transmissions from the first node based on a predetermined one-way function applied to a first shared key between the first node and the gateway node;
identifying, with the processor in the gateway node, a plurality of bits transmitted from the second node based on a plurality of signals received by a transceiver in the gateway node communicatively connected to the shared communication medium, the plurality of signals corresponding to a plurality of simultaneous transmissions from the first node and the second node to generate a shared key between the first node and the second node, each simultaneous transmission including the first node transmitting at least one first bit at a transmit time and the second node transmitting at least one second bit at the transmit time, wherein the at least one first bit and the at least one second bit are transmitted through the shared communication medium at the same time;
identifying, with the processor in the gateway node, a plurality of expected bit values for at least a portion of the second plurality of bits transmitted from the second node based at least in part on applying the predetermined one-way function to a combination of shared secret data between the gateway node and the second node stored in a memory of the gateway node with another set of random data generated by the second node;
authenticating, with the processor in the gateway node, the second node in response to the plurality of bits transmitted from the second node matching the plurality of expected bit values;
generating, with a random number generator in the gateway node, a plurality of random bits of data;
exchanging, with the transceiver in the gateway node the plurality of random bits with the first node by transmitting the plurality of random bits while receiving another plurality of random bits during simultaneous transmissions from the first node to produce a plurality of shared bits between the gateway node and the first node;
generating, with the processor in the gateway node, the first shared key between the gateway node and the first node by applying the one-way function to a combination of shared secret data between the gateway node and the first node stored in the memory of the gateway node and the plurality of shared bits between the gateway node and the first node;
generating, with the random number generator in the gateway node, a nonce value;
generating, with the processor in the gateway node, an encrypted version of the nonce value using the first shared key;
transmitting, with the transceiver in the gateway node, the encrypted version of the nonce value to the first node;
receiving, with the transceiver in the gateway node, a transformed nonce value from the first node, the transformed nonce corresponding to a predetermined numeric transformation applied to the nonce value by the first node after the first node decrypts the encrypted version of the nonce using the first shared key; and
authenticating, with the processor in the gateway node, the first node in response to the transformed nonce value received from the first node matching another transformed nonce value generated by the processor in the gateway node applying the predetermined numeric transformation to the nonce value generated by the random number generator in the gateway node.

US Pat. No. 10,397,194

DYNAMIC TRANSMISSION OF ENCRYPTED DATA

eBay Inc., San Jose, CA ...

1. A system comprising:a processor;
a communication interface coupled to the processor;
memory coupled to the processor and storing instructions that, when executed by the processor, cause the system to perform operations comprising:
receiving, via the communication interface, a data packet comprising encrypted data, the system not being located within a transmission range of a source computing device when the encrypted data packet is received by the system;
establishing, subsequent to receiving the encrypted data packet and in response to the system moving within the transmission range of the source computing device, communication with the source computing device via the communication interface;
in response to establishing communication with the source computing device, transmitting to the source computing device, via the communication interface, a request for decryption information for decrypting the encrypted data packet; and
based on receiving the decryption information from the source computing device, decrypting the encrypted data packet based on the decryption information.

US Pat. No. 10,397,193

BLIND CLOUD DATA LEAK PROTECTION

SONICWALL INC., Milpitas...

1. A method for blind data leak prevention, the method comprising:receiving at a first computing device that is external to a secure network:
a rule sent from a second computing device inside the secure network and encrypted based on a first encryption key, wherein the first encryption key is accessible to the second computing device but not accessible to the first computing device; and
encrypted data from the second computing device, wherein the received encrypted data is encrypted based on the first encryption key by:
identifying that the encryption based on the first encryption key occurs in byte groups of a predetermined number of bytes in size, and
applying the encryption a number of times corresponding to a predetermined number of bytes and resulting in a plurality of encrypted versions, each encrypted version beginning at an offset of a different number of bytes up to the predetermined number of bytes by:
identifying a final number of bytes in a last byte group of each encryption,
identifying that the identified final number of byes does not yet equal the predetermined number of bytes; and
prepending one or more preceding bytes to the last byte group until the final number of bytes equal the predetermined number of bytes; and
executing instructions stored in memory of the first computing device, wherein execution of the instructions by a processor of the first computing device:
evaluates the received encrypted data to identify that the received encrypted data corresponds to the rule, wherein the received encrypted data remains encrypted during the evaluation; and
processes the received encrypted data based on the identification that the received encrypted data corresponds to the rule, wherein the received encrypted data remains encrypted during processing.

US Pat. No. 10,397,191

PASSING CONTENT SECURELY FROM WEB BROWSERS TO COMPUTER APPLICATIONS

Adobe Inc., San Jose, CA...

1. A method of securing digital content passed between a web browser, a server, and a local application by extracting information embedded within digital file names, comprising:selecting, via a client device, one or more digital files from a remote server, the remote server requiring login credentials to access the one or more digital files and the one or more digital files corresponding to a native software application that requires access credentials to access the native software application;
upon providing the login credentials, receiving the one or more digital files, the one or more digital files comprising an identifier embedded within a file name of the one or more digital files;
in response to accessing the one or more digital files via the client device, utilizing the identifier embedded within the file name to automatically access the native software application by:
extracting the identifier embedded within the file name of the one or more digital files;
sending the identifier extracted from within the file name of the one or more digital files to one or more servers to obtain the access credentials required to access the native software application associated with the one or more digital files; and
using the access credentials to automatically access the native software application corresponding to the one or more digital files.

US Pat. No. 10,397,190

SYSTEM AND METHOD FOR GENERATING AN OBFUSCATED OPTICAL SIGNAL

HUAWEI TECHNOLOGIES CO., ...

1. A method performed at an optical transmitter comprising:receiving an optical signal carrying data for transmission;
performing a time-varying modification of the optical signal carrying the data to generate an obfuscated optical signal; and
transmitting the obfuscated optical signal;
wherein the time-varying modification is performed in accordance with a plurality of values corresponding to a respective plurality of values for use in at least partially deobfuscating the obfuscated optical signal to allow for detection of the data carried by the received optical signal; and
wherein the optical signal has a first polarization and a second polarization, and wherein performing the time-varying modification of the optical signal comprises applying a first time-varying modification to the first polarization, and when applying the first time-varying modification to the first polarization, either: applying no modification to the second polarization or applying a second modification, different from the first time-varying modification, to the second polarization.

US Pat. No. 10,397,189

PEERED VIRTUAL PRIVATE NETWORK ENDPOINT NODES

Amazon Technologies, Inc....

1. A system, comprising:a plurality of computing devices within a provider network to execute a plurality of virtual machines; and
one or more computing devices within the provider network and configured to execute a provisioning service and a health monitoring service;
wherein, in response to a request to a first application programming interface (API), the provisioning service is configured to launch a first fault tolerant virtual private network endpoint (VPNe) node as a pair of VPNe virtual machines on separate host computers within the provider network, wherein a first of the virtual machines within the pair is configured to communicate encrypted packets over a secure tunnel and a second virtual machine in the pair is synchronized to an encryption key used by the first virtual machine for encryption and decryption of packets sent and received over the secure tunnel;
wherein, in response to a request to a second API, the provisioning service is configured to create a second fault tolerant VPNe node as a pair of VPNe virtual machines on separate host computers and to peer the second fault tolerant VPNe node to the first fault tolerant VPNe node via the secure tunnel over a public network; and
wherein the health monitoring service is configured to determine a health status of the each of the virtual machines in each pair of virtual machines of the first and second fault tolerant VPNe nodes and, upon determination of a failure of a virtual machine of a given pair that is implementing the secure tunnel, initiate a fail-over to the other VPNe virtual machine of the pair.

US Pat. No. 10,397,188

ACCESS CONTROL APPARATUS, SYSTEM, AND METHOD

Huawei Technologies Co., ...

1. An apparatus comprising:a receiver configured to:
receive a first service chain forwarding rule from a controller, wherein the first service chain forwarding rule comprises a first service chain identifier corresponding to a terminal, and a first identifier of a first access network element, wherein the first identifier of the first access network element corresponds to the first service chain identifier; and
receive a first packet from a classifier, wherein the first packet carries a service chain identifier;
a processor configured to:
when the service chain identifier carried in the first packet matches the first service chain identifier in the first service chain forwarding rule, determine, according to the first identifier of the first access network element, that the first packet is to be sent to the first access network element; and
a transmitter configured to forward the first packet to the first access network element.

US Pat. No. 10,397,187

BLOCKING AUTOMATED ATTACKS WITH FORCED USER INTERACTION

SHAPE SECURITY, INC., Mo...

1. A method comprising:obtaining an API function associated with a service provided by a supporting server computer system;
generating a modified API function corresponding to the API function that also requires a unique end-point identifier (UEIN) argument;
managing UEIN data for a plurality of UEINs, each UEIN of the plurality of UEINs associated with a specific computing device of a plurality of authorized computing devices;
receiving, from a first computing device, a first modified API call corresponding to the modified API function, the first modified API call comprising a first UEIN associated with a first authorized computing device of the plurality of authorized computing devices;
verifying that the first computing device corresponding to the first modified API call is the first authorized computing device associated with the first UEIN;
in response to verifying that the first computing device is the first verified computing device, forwarding the first modified API call to the supporting server computer system by making a first API call corresponding to the API function to the supporting server computer system;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,397,186

METHODS FOR INTERNET COMMUNICATION SECURITY

Stealthpath, Inc., Resto...

1. A product for securing communication between at least two networked computing devices, the product comprising at least one non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code when executed on the at least two networked computing devices performs communication management operations on the at least two networked computing devices, the communication management operations comprising:i) forming a configured communication pathway by configuring a pre-established communication pathway to be limited to dedicated communication of application data between a networked first user-application on a first computing device and a second user-application on a networked second computing device via a series of transport layer ports that are dedicated to communication of the application data, the first user-application operated by a first user and the second user-application operated by a second user, the configuring comprising:
a) executing application space commands by the first user-application on the first computing device, comprising:
I) causing a network stack of the first computing device to send a first configuration packet from the first user-application to the second computing device via the pre-established communication pathway, the first configuration packet containing a nonpublic first device identifier for the first computing device in an application layer portion of the first configuration packet;
II) receiving, after the network stack sends the first configuration packet, a second configuration packet from the second computing device, the second configuration packet containing a nonpublic second device identifier for the second computing device in an application layer portion of the second configuration packet;
III) confirming that the second computing device is authorized to communicate with the first user-application, comprising: matching the nonpublic second device identifier to a preconfigured nonpublic second device code for the second computing device;
IV) further causing the network stack to send a third configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the third configuration packet containing a nonpublic first user-application identifier in an application layer portion of the third configuration packet, wherein the nonpublic first user-application identifier is unique to the first user-application, the first user, one or more content requirements for the application data, and a series of port numbers assigned to the series of dedicated transport layer ports;
V) further receiving, after the network stack sends the third configuration packet, a fourth configuration packet from the second computing device, the fourth configuration packet containing a nonpublic second user-application identifier in an application layer portion of the fourth configuration packet; and
VI) further confirming that the second user-application is authorized to receive the application data from the first user-application, comprising: further matching the nonpublic second user-application identifier to a preconfigured nonpublic second user-application code, wherein the preconfigured nonpublic second user-application code is unique to the second user-application, the second user, the one or more content requirements for the application data, and the series of port numbers; and
b) further executing kernel space commands on the second computing device to verify that the second user-application is authorized to receive the application data from the first user-application, comprising: obtaining the nonpublic first user-application identifier from the application layer portion of the third configuration packet and matching the obtained nonpublic first user-application identifier to a preconfigured nonpublic first user-application code; and
ii) transmitting the application data via the configured communication pathway from the first user-application to the second user-application.

US Pat. No. 10,397,185

SCALABLE CLOUD HOSTED METADATA SERVICE

EMC IP HOLDING COMPANY LL...

1. A system for protecting data in a cloud environment, the system comprising: one or more hardware processors; and a plurality of services comprising computer-executable instructions that, when executed by one or more hardware processors, protect the data, the services including: a gateway service configured to receive a request from a client; a plurality of queues, the plurality of queues including a global request queue and a session request queue; a stream service configured to receive the request from the gateway service, wherein the stream service is configured to evaluate headers included in the request and place the request in one of the plurality of queues based on the header; and a plurality of workers, wherein any of the plurality of workers can service the request when the request is placed in the global request queue and wherein only a particular worker associated with a session associated with the session request queue can service the request when the request is in the session request queue.

US Pat. No. 10,397,184

MOBILITY MANAGEMENT USING IDENTIFIER-LOCATOR ADDRESSING (ILA)

Verizon Patent and Licens...

1. A device, comprising:one or more processors to:
receive, from a network device, a request to establish an internet protocol (IP) session for a user device;
allocate at least one of:
an IP address for the user device, or
a first tunnel endpoint identifier associated with a tunnel that is to be used during the IP session,
the IP address including:
 a first set of bits associated with a location identifier, and
 a second set of bits associated with a device identifier;
provide a response to the network device to cause the network device to establish an uplink portion of the IP session,
the response including at least one of:
the IP address, or
the first tunnel endpoint identifier;
receive, from the network device, a request that includes a second tunnel endpoint identifier associated with the tunnel,
where the second tunnel endpoint identifier is associated with establishing a downlink portion of the IP session;
provide at least one of the IP address, the first tunnel endpoint identifier, or the second tunnel endpoint identifier to be stored using a data structure;
provide a response to the network device to cause the network device to establish the downlink portion of the IP session; and
perform one or more actions associated with managing the IP session,
where one or more of the IP address, the first tunnel endpoint identifier, or the second tunnel endpoint identifier are used to make routing decisions during the IP session.

US Pat. No. 10,397,183

METHOD AND SYSTEM FOR ENABLING MEDIA OPTIMIZATION IN A CLOUD CONFERENCE

Cisco Technology, Inc., ...

1. An endpoint operable with a network device and a conference controller, the endpoint comprising:a processor; and
a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, cause the processor to:
send a relay address allocation request comprising a unique session identifier to the network device, wherein the unique session identifier identifies a conference session joined by the endpoint for media streaming;
receive a relay address allocation response from the network device in response to sending the relay address allocation request, wherein the relay address allocation response comprises at least a relay candidate that includes a relay transport address allocated to the endpoint and is mapped with the unique session identifier;
send a session offer message to the conference controller, wherein the session offer message comprises at least the relay transport address to be used as a destination address for the endpoint;
receive a session response message from the conference controller in response to sending the session offer message, wherein the session response message comprises an IP address of the conference controller mapped with the relay candidate;
send a create permission request to the network device, wherein the create permission request comprises the IP address of the conference controller as source address for receiving the one or more media stream packets by the network device;
receive a permission response from the network device confirming the validity of the IP address of the conference controller as source IP address;
send a channelbind request to the network device, wherein the channelbind request comprises a unique channel number of a channel available for binding;
receive a channelbind response from the network device indicating binding of the channel having the unique channel number for receiving the one or more media stream packets from the network device; and
receive one or more media stream packets relayed from the network device via the destination address identified by the unique session identifier.

US Pat. No. 10,397,182

METHOD AND PROCEDURE TO IDENTIFY A SOURCE ACROSS A NETWORK ADDRESS TRANSLATION DEVICE

Sprint Communications Com...

1. A computerized method carried out by at least one server having one or more processors for identifying, to an external device, a client device having an external IP address assigned by a Network Address Translation (NAT) device, the method comprising:receiving, at a NAT device, a request from a client device to access an external device;
providing, by the NAT device, an external IP address assigned to the client to access the external device;
communicating, by the NAT device, an internal IP address assigned to the client device and placed in an option field of the external IP address;
providing, by the NAT device, a second external IP address assigned to the client to access the external device;
communicating, by the NAT device, the internal IP address assigned to the client device in the option field of the external IP address;
receiving, at the NAT device, a second request from the external device to communicate with the client device, the second request including the internal IP address assigned to the client device;
receiving the second request, at the client mapping repository, for the identification of the client device; and
communicating, from the client mapping repository, the identification of the client device.

US Pat. No. 10,397,180

DNS RENDEZVOUS LOCALIZATION

Level 3 Communications, L...

1. A method of serving content comprising:obtaining a portional use relationship between a plurality of client devices within a first autonomous system and a plurality of resolvers within the first autonomous system;
obtaining a distance relationship between the plurality of client devices and a plurality of content serving locations in a second autonomous system, the distance relationship with respect to at least one egress gateway of the second autonomous system and to which content from at least one of the content serving devices egresses to the first autonomous system; and
obtaining a network relationship between the plurality of resolvers and the plurality of content serving locations using the portional use relationship and the distance relationship, the relationship used to resolve a content request from the plurality of client devices.

US Pat. No. 10,397,178

INTERNET INFRASTRUCTURE SURVEY

Citrix Systems, Inc., Fo...

1. A method for surveying Internet access quality, comprising:receiving at a DNS nameserver a DNS query for the resolution of a pseudo-hostname, wherein the pseudo-hostname is a fully qualified domain name (FQDN) that comprises an indicator of an access quality measurement and a parameter identifying an infrastructure associated with the access quality measurement;
extracting, from the pseudo-hostname, data including the indicator of the access quality measurement and the parameter identifying the infrastructure associated with the access quality measurement; and
generating an access quality profile using the extracted data.

US Pat. No. 10,397,177

MATTER MESSAGE NOTIFICATION METHOD, APPARATUS, AND DEVICE

TENCENT TECHNOLOGY (SHENZ...

1. An event message notification method performed at a terminal having one or more processors and memory storing one or more programs to be executed by the one or more processors, the method comprising:displaying a group chat interface in an instant messaging application, the group chat interface including an affordance for opening an event message editing interface;
in response to detecting a triggering event associated with the affordance:
displaying the event message editing interface, the event message editing interface including an editing item used for editing event content, an editing item used for adding a target user, and an editing item used for adding a file;
generating an event message in accordance with user-provided event content through the editing item used for editing the event content, one or more user-selected target users selected from participants of the group chat through the editing item used for adding a target user, and one or more user-selected files through the editing item used for adding a file;
adding a confirmation tag to the generated event message to indicate that only the user-selected target users are prompted to instantly view and confirm receipt of the event message;
sending the event message and the confirmation tag to a server, wherein the server performs steps including:
sending, by the server, the event message with a prompting tag corresponding to the confirmation tag to only the user-selected target users so that the user-selected target users are prompted to instantly view and confirm receipt of the event message; and
sending, by the server, the event message without the prompting tag to participants other than the user-selected target users in the group chat; and
receiving, by the server, acknowledgement notifications from each of the user-selected target users, wherein a respective acknowledgement notification is received by the server from a corresponding user-selected target user after the corresponding user-selected target user opens and acknowledges receipt of the event message; and
receiving, by the terminal from the server, a notification indicating all the user-selected target users have opened and acknowledged the receipt of the event message.

US Pat. No. 10,397,175

COMMUNICATION CHANNEL SELECTION AND USAGE

INTERNATIONAL BUSINESS MA...

1. A method of electronic communication between a plurality of devices, comprising:determining, using a processor, a required answer time for an electronic message;
determining, using the processor, a plurality of expected response times, wherein each expected response time is specific to a recipient of the electronic message and is specific to one of a plurality of different communication channels;
matching, using the processor, the required answer time to an expected response time;
selecting, using the processor, a communication channel from the plurality of different communication channels based upon the matching; and
initiating sending, using the processor, of the electronic message to a device of the recipient using the selected communication channel.

US Pat. No. 10,397,174

MESSAGE DELIVERY IN A MESSAGE SYSTEM

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of controlling message delivery from a publisher application to one or more subscriber applications of a messaging system, the one or more subscriber applications having a plurality of subscriptions registered with a broker application of the messaging system, the method comprising:generating a unified subscription description representing the plurality of registered subscriptions based on at least one stored intermediate subscription description, wherein each intermediate subscription description represents one or more registered subscriptions;
determining that a particular subscription of the plurality of subscriptions has been registered, unregistered, or altered;
generating a new intermediate subscription description, the new intermediate subscription description representing at least the particular subscription;
determining that a stored intermediate subscription description represents at least one same subscription as the new intermediate subscription description,
replace the stored intermediate subscription description with the new intermediate subscription description without altering any other stored intermediate subscription description;
generating an updated unified subscription description based at least in part on the new intermediate subscription description; and
communicating the updated unified subscription description to the publisher application.

US Pat. No. 10,397,173

TAGGED MESSAGES TO FACILITATE ADMINISTRATION OF A VIRTUALIZATION INFRASTRUCTURE

VMware, Inc., Palo Alto,...

1. A computer-implemented method to facilitate administration of a virtualization infrastructure, the computer-implemented method comprising:providing members of the virtualization infrastructure with access to a shared message stream of a social network such that the members of the virtualization infrastructure are able to monitor messages generated by other members of the virtualization infrastructure posted to the shared message stream, wherein at least some of the messages are indicative of operational conditions of particular other members which generated the messages, wherein the members of the virtualization infrastructure comprise a plurality of virtual machines, and wherein the members of the virtualization infrastructure are arranged in a hierarchy within the social network based on a parent/child relationship of the members;
displaying posted messages of non-human members of the virtualization infrastructure within the shared message stream, the non-human members comprising the plurality of virtual machines, wherein the posted messages comprise tags identifying operational conditions of the non-human members of the virtualization infrastructure, and wherein at least one posted message comprises an association with an indication that at least one non-human member identifies with the specific operational condition of the posted message; and
responsive to a selection of a particular tag, displaying the non-human members of the virtualization infrastructure that posted a message comprising the particular tag.

US Pat. No. 10,397,172

SYSTEM AND METHOD FOR SOCIAL AWARENESS TEXTILES

International Business Ma...

1. A computer-implemented method comprising:identifying attribute information of at least a first wearable associated with an outfit of a user;
receiving, via a user interface, an indication designating the first wearable as a master arbiter, wherein the master arbiter is a predetermined focus of the outfit and determines whether one or more portions of the outfit associated with at least a second wearable are recommended for wearing with a portion of the outfit associated with the master arbiter;
receiving information about an event, wherein the information about the event is based upon, at least in part, a location of the event and a crime rate associated with the location of the event, wherein the crime rate is received via a national crime data store; and
sending an electronic message to the user when at least a portion of the outfit is not recommended for wearing at the event based upon, at least in part, the attribute information of the first wearable, the second wearable, and the information about the event,
wherein sending the electronic message to the user when the one or more portions of the outfit is not recommended for wearing at the event is based upon, at least in part,
the location of the event and the crime rate associated with the location of the event,
identifying that the user is inclined to travel a specific route and take a specific mode of transportation to the event, and the crime rate associated with the specific route and the specific mode of transportation to the event,
identifying the one or more portions of the outfit that would make the user vulnerable to a robbery at, at least one of, the event, the specific route to the event, and the specific mode of transportation to the event, and
whether the one or more portions of the outfit are likely targets to the robbery.

US Pat. No. 10,397,171

MANAGING CONTENT DISCLOSURE ON SOCIAL NETWORKING SITES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for managing content disclosure on social networking sites, the method comprising:monitoring, using a processor, user-generated content and one or more social network connections of a user viewing or listening to the user-generated content, the one or more social network connections comprising a first connection and a second connection;
classifying, using the processor, the user-generated content into one or more content types;
determining, using the processor, a positive mood of the first connection based on a reaction of the first connection to the user-generated content and a negative mood of the second connection based on a reaction of the second connection to the user-generated content;
associating, using the processor, the first connection with a first label indicative of the positive mood and the second connection with a second label indicative of the negative mood;
receiving, using the processor, further user-generated content;
determining, using the processor, one or more further content types from the further user-generated content;
generating, using the processor, a recommendation to share the further content with the first connection, wherein the recommendation is based on the first label and the determined one or more further content types; and
generating, using the processor, a recommendation to not share the further content with the second connection, wherein the recommendation is based on the second label and the determined one or more further content types.

US Pat. No. 10,397,170

COMMUNICATION INVERSION FOR ONLINE COMMUNITIES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method, comprising:detecting, by a computing device, that one or more parameters indicating a vitality of an online community are below a predetermined threshold value, indicating that the online community has an unacceptable vitality, wherein the online community enables communication between a first group of participants;
determining, by the computing device and based on the detecting that the online community has the unacceptable vitality, an existing related online community is associated with the online community, wherein the existing related online community enables communication between a second group of participants;
detecting, by the computing device, a participant communication within the related online community;
redirecting, by the computing device, the participant communication to the online community based on the determining that the online community has the unacceptable vitality;
detecting, by the computing device, that a predetermined rule is met indicating that the redirecting of communications should end, wherein the predetermined rule is a rule to end the redirecting of communications when the computer device no longer detects that the online community has the unacceptable vitality or after a predetermined period of time has elapsed; and
ending, by the computing device, the redirecting of participant communications from the related online community to the online community.

US Pat. No. 10,397,169

SYSTEMS AND METHODS FOR PROVIDING COMMUNICATION ITEMS FROM AN ENTITY ASSOCIATED WITH A SOCIAL NETWORKING SYSTEM

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:defining, by a computing system, a communication item associated with a social networking system, including a plurality of parameters that are each associated with one or more possible values;
generating, by the computing system, a plurality of variants of the communication item on the social networking system based on a full factorial combination of values associated with the plurality of parameters;
determining, by the computing system, a first set of weights associated with the plurality of variants, each weight in the first set of weights associated with a variant of the plurality of variants;
providing, by the computing system, each variant of the plurality of variants to a proportion of a first group of users that corresponds to a weight in the first set of weights associated with the variant;
obtaining, by the computing system, data relating to performance of each variant on a corresponding proportion of the first group;
determining, by the computing system, a second set of weights associated with the plurality of variants, each weight in the second set of weights associated with a variant of the plurality of variants and a weight in the first set of weights associated with the variant, wherein each weight in the second set is determined based on the associated weight in the first set of weights and the performance of the associated variant from the first group of users; and
providing, by the computing system, each variant of the plurality of variants on the social networking system to a proportion of a second group of users that corresponds to a weight in the second set of weights associated with the variant.

US Pat. No. 10,397,168

CONFUSION REDUCTION IN AN ONLINE SOCIAL NETWORK

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method comprising:identifying elements in social media message content, the social media message content comprising a posted message posted to a social media platform;
determining whether the social media message content is indefinite as to an audience being targeted, the determining whether the social media message content is indefinite as to an audience being targeted comprising predicting a likelihood of confusion based on the social media message content, wherein the prediction of the likelihood of confusion is based on an age of the posted message, in which the older the post, the higher the predicted likelihood of confusion;
determining, based on the identified elements, a plurality of different candidate audiences to which the social media message content is potentially targeted, each candidate audience of the plurality of difference candidate audiences ascertained based on a respective corresponding contextual understanding, of a plurality of different contextual understandings, given to the social media message content, wherein the determining the plurality of different candidate audiences comprises:
building a respective dictionary for each user of a plurality of users of a social media platform in which the social media message content is composed, wherein a dictionary for a given user of the plurality of users comprises elements include in prior-composed social media messages composed by the given user;
ascertaining a frequency of the elements included in prior-composed social media messages composed by each user;
building a clustered representation of the social media platform using k-means against the frequency of the elements;
querying a message space for social media messages based on the social media message content; and
identifying dense k-clusters based on the social media message content, the dense k-clusters corresponding to the plurality of different candidate audiences;
indicating to a user the plurality of candidate audiences and, for each candidate audience of the plurality of different candidate audiences, a suggested one or more additional elements to apply to the social media message content to provide additional context for the social media message content and thereby tailor the social media message content to an audience of the plurality of different candidate audiences and corresponding contextual understanding; and
modifying the social media message content with the one or more additional elements for a target audience of the plurality of different candidate audiences, the modifying adding the one or more additional elements to the social media message content and targeting the social media message content to the target audience.

US Pat. No. 10,397,167

LIVE SOCIAL MODULES ON ONLINE SOCIAL NETWORKS

Facebook, Inc., Menlo Pa...

1. A method comprising, by one or more computing devices:receiving, at the one or more computing devices from a client system associated with an author-user of an online social network, instructions for publishing a first post composed by the author-user, the first post comprising a content of the first post and a metadata associated with the first post;
extracting, by the one or more computing devices, one or more n-grams from the content of the first post and the metadata associated with the first post;
determining, by the one or more computing devices, whether the first post is associated with a topic based on whether one or more of the extracted n-grams are associated with the topic;
identifying, by the one or more computing devices, a plurality of second users of the online social network, wherein each second user is a first-degree connection of the author-user within the online social network;
identifying, by the one or more computing devices, one or more of the second users as a subscribing user to the topic based on a determination that the second user is accessing a page associated with the topic;
generating, by the one or more computing devices, for each identified second user, a live social module associated with the topic for presenting, in real-time, posts shared on the online social network;
sending, by the one or more computing devices, to a respective client system of each identified second user, information configured to render a search-results page comprising the live social module, wherein the live social module is configured to be rendered in conjunction with a link associated with the topic, and wherein the live social module comprises an interface that displays, in real-time responsive to the receiving of the first post:
the content of the first post, and
identifying information that is associated with the author-user;
receiving, by the one or more computing devices, a plurality of additional posts composed by users of the online social network, each additional post being associated with the topic;
pushing, in response to receiving the plurality of additional posts, at a first time interval, by the one or more computing devices to the respective client system of each second user, information configured to display content of one or more of the additional posts in the interface of the live social module; and
sending, at each of a plurality of subsequent time intervals, by the one or more computing devices to the respective client system of each second user, information configured to refresh, in real-time responsive to the pushing of the one or more additional posts, the interface of the live social module with another post associated with the topic.

US Pat. No. 10,397,166

SAVING COMMUNICATION CONTENT TO A SOCIAL NETWORK ENVIRONMENT

International Business Ma...

1. A method for making individual communication content accessible to an organizational community, comprising the computer-implemented steps of:receiving, over a network, communication data from a plurality of input source streams in a chat session, wherein the communication data includes a temporal sequence of communications between at least two participants;
removing from a text-based content of the communication data an excluded message based on a designation from a participant of the at least two participants;
automatically generating one or more tags based on the text-based content of the communication data based on frequency of words used after excluding a predefined list of words and automatically tagging individual elements within the text-based content with the one or more tags that enable searching of the individual elements;
automatically saving, in response to a conclusion of the chat session, communication content from the chat session with the one or more automatically generated tags persisted therein directly to a social network profile in a social network of the organizational community, the social network being unrelated to the plurality of input source streams, wherein the communication content is derived from the communication data and includes a copy of an entirety of the text-based content that has not been excluded that is tagged with the one or more tags; and
transforming the communication content in the social network to a trusted source by time stamping the communication content in a non-editable format.

US Pat. No. 10,397,165

TECHNIQUES FOR RELIABLE MESSAGING FOR AN INTERMEDIARY IN A NETWORK COMMUNICATION ENVIRONMENT

Oracle International Corp...

1. A method comprising:receiving, by an intermediary communication system, from a source, a first message to send to a destination, wherein the first message includes a first message identifier or information to generate the first message identifier;
sending, by the intermediary communication system, the first message to the destination;
storing, by the intermediary communication system, the first message identifier for the first message;
receiving, by the intermediary communication system, from the source, a second message to send to a destination, wherein the second message includes a second message identifier or information to generate the second message identifier;
determining, by the intermediary communication system, a message sequence number of the second message, wherein the message sequence number is based on a sequence of communication of the second message using a communication protocol;
determining, by the intermediary communication system, based upon a comparison of the first message identifier of the first message to the second message identifier of the second message, whether the second message is a duplicate of the first message;
upon determining that the second message is not a duplicate of the first message, generating, by the intermediary communication system, a new message identifier to be associated with the second message based on the message sequence number and the second message identifier, sending, by the intermediary communication system, the message to the destination, and storing, by the intermediary communication system, the new message identifier for the second message;
upon determining that the second message is a duplicate of the first message, determining, by the intermediary communication system, a delivery status associated with the first message based upon the first message identifier;
upon determining the delivery status includes an acknowledgement by the destination that the first message was received by the destination, notifying, by the intermediary communication system, the source of the delivery status and preventing, by the intermediary communication system, the second message from being sent to the destination; and
upon determining the delivery status does not include an acknowledgement by the destination that the first message was received by the destination, performing, by the intermediary communication system, one or more actions related to facilitating the first message being sent to the destination.

US Pat. No. 10,397,163

THIRD PARTY APPLICATION CONFIGURATION FOR ISSUING NOTIFICATIONS

Google LLC, Mountain Vie...

1. A computer-implemented method comprising:transmitting, by one or more processors, a request to register a user device and an application configured to be executed by the user device with one or more data sources, the request comprising timing permissions indicating when content is to be received for the application and data format information indicating a particular data format to be used for information provided to the application;
determining one or more trigger events associated with the registered application based on a type of the application;
receiving event information from the one or more data sources, and
determining that one of the one or more trigger events associated with the registered application has occurred based on the event information received from the one or more data sources;
in response to determining that one of the one or more trigger events has occurred, determining, by the one or more processors and using one or more neural networks, whether to output a notification including data corresponding to the event information based on one or more criteria, the one or more criteria including the timing permissions, the particular data format, and the user preferences;
in response to determining that the one or more criteria is satisfied, determining to output the notification including data corresponding to the event information; and
providing, by the one or more processors, the notification including the data corresponding to the event information to a display of a user device.

US Pat. No. 10,397,162

SENDING NOTIFICATIONS TO MEMBERS OF SOCIAL GROUP IN A SOCIAL NETWORKING SYSTEM

Facebook, Inc., Menlo Pa...

1. A computer implemented method comprising:maintaining, by a social networking system, a group having a plurality of members, each member being one of a plurality of users of the social networking system, the group being a subset of the plurality of users of the social networking system;
receiving one or more posts from one or more members of the group, the posts directed to the group;
identifying a subject user from the plurality of members of the group for sending a notification to the subject user about one or more of the received posts;
determining whether to send the notification about one or more of the received posts to the subject user based on at least a seniority of the subject user in the group, the seniority of the subject user is measured as a rank of the subject user based on a number of members who joined the group before the subject user, the determination comprising:
responsive to the rank of the subject user exceeding a threshold value, determining to send the notification about one or more of the received posts to the subject user based on whether of the member sending the one or more posts is connected to the subject user in the social networking system; and
responsive to determining to send the notification about one or more of the received posts to the subject user:
generating the notification about one or more of the received posts, and
sending the generated notification about one or more of the received posts to the subject user.

US Pat. No. 10,397,160

METHOD TO PRE-SELECT FOLDERS TO SYNCHRONIZE DURING INITIAL EMAIL ACTIVATION ON A MOBILE DEVICE

BLACKBERRY LIMITED, Wate...

1. A method implemented by a processor of a mobile device for synchronizing the mobile device with an email mailbox on a mail server, the method comprising:generating a search query for execution at the mail server to identify a predetermined number of most recently received email messages that are currently stored on the mail server and that were previously moved from an inbox folder associated with the email mailbox to be filed in at least one non-inbox folder of the email mailbox, the search query being set to exclude messages currently stored in the inbox folder;
transmitting the search query to the mail server;
selecting one or more first non-inbox folders of the email mailbox on the mail server to synchronize locally on the mobile device, the selecting including:
for each of the non-inbox folders, attributing weights to a plurality of usage pattern metrics for that non-inbox folder, the plurality of usage pattern metrics including a count of identified email messages associated with that non-inbox folder and a date of last access for identified email messages associated with that non-inbox folder, and
selecting the one or more first non-inbox folders to synchronize locally based on the weighted usage pattern metrics for the non-inbox folders of the email mailbox;
retrieving, from the mail server, one or more email messages residing in the selected first non-inbox folders on the mail server;
creating account folders for an account corresponding to the email mailbox in a mail client application on the mobile device, the account folders corresponding to the selected first non-inbox folders of the email mailbox on the mail server; and
synchronizing the created account folders with at least portions of the retrieved email messages.

US Pat. No. 10,397,159

SYSTEMS, APPARATUSES, AND METHODS FOR PRESENTING CONTACTS BY PROJECT

1. A method for addressing message recipients in a messaging graphical user interface, the method comprising:displaying a messaging graphical user interface screen including a project selection field, which displays a plurality of project identifiers, a recipients field, and a message input field in which a user creates a message including text;
receiving a user selection of a project identifier from the plurality of project identifiers in the project selection field;
in response to receiving the user selection of the project identifier, retrieving a list of recipients including a first plurality of recipients that play roles on the identified project and a second plurality of recipients that do not play a role on the identified project;
in response to retrieving the list of recipients displaying, in a drop-down list of the recipients field in the messaging graphical user interface screen, the first plurality of recipients and the second plurality of recipients, wherein each recipient in the drop-down list has at least one address, and wherein the first plurality of recipients are arranged in order according to the roles played by the first plurality of recipients on the project and the second plurality of recipients are displayed below the first plurality of recipients in the drop-down list of the recipients field;
for each recipient of the first plurality of recipients listed, displaying a role identifier adjacent to the each recipient's address to indicate the each recipient's played role on the identified project;
receiving a user selection of one or more recipients from the drop-down list of the recipients field; and
adding the address of each selected recipient to the recipients field as the message recipients.

US Pat. No. 10,397,158

E-MAIL PROXY

BlackBerry Limited, Wate...

1. A method performed by a network email entity, the method comprising:receiving, at the network email entity from a sender, a body of a multipart email message destined to an email client and header information for an attachment of the multipart email message but without the attachment itself, wherein the attachment is encoded to prevent exposure of control information in the attachment to one or more servers which pass the email message through the Internet;
processing, at the network email entity, the multipart email message according to a preference, the preference indicating that the attachment be removed from the multipart email message and substituted with a link configured to, when selected, cause retrieval of the attachment from the network email entity;
sending, from the network email entity, a formatted email message to the email client, the formatted email message including the body of the multipart email message and including the link to cause retrieval of the attachment from the network email entity;
receiving, at the network email entity, an indication from the email client after the sending, the indication being a request for retrieval of the attachment according to a selection of the link included in the formatted email message;
in response to the receiving the indication from the email client after the sending the formatted email message, downloading, at the network email entity, the attachment according to the selection of the link included in the formatted email message;
decoding, at the network email entity, the attachment into an original content type of the attachment; and
sending, from the network email entity to the email client, the decoded attachment in a streamed manner without encoding for displaying of the decoded attachment at the email client before an entirety of the decoded attachment is received by the email client.

US Pat. No. 10,397,155

SYSTEM AND METHOD FOR SENDING, DELIVERY AND RECEIVING OF DIGITAL CONTENT

Open Text SA ULC, Halifa...

1. A content delivery system, comprising:a processor;
a non-transitory computer readable memory, comprising instructions executable on the processor for:
implementing a sender to:
receive first content associated with a first destination identifier associated with a first delivery method, wherein a transmission initiator of the content has sent the content to the first destination identifier according to the first delivery method and the first destination identifier identifies a destination according to the first delivery method; and
store the first content at the content delivery system;
implementing a forwarder to:
determine a second destination identifier and a second delivery method associated with the first destination identifier;
determine second content from the first content; and
deliver the second content to the second destination identifier according to the second delivery method by providing a location from which the content may be accessed and sending the location to the second destination identifier, wherein the content delivery system is independent of the first destination identifier and the second destination identifier, and the determining and delivering are done independently of the transmission initiator; and
implementing a remote content access module to:
allow a user to access the content at the location.

US Pat. No. 10,397,154

SECURE ELECTRONIC MESSAGE CONVEYANCE

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method performed within a moderating system, comprising:receiving an electronic message originally generated by a first user and including a message header and a message body;
identifying an approval condition associated with an addressee of the electronic message or the message body of the message;
selecting, based upon the approval condition being present in the electronic message, an approval entity from a plurality of approval entities;
receiving, from the selected approval entity, an indication that the electronic message is approved to be forwarded to a second user; and
forwarding, based upon the indication, the electronic message to the second user.

US Pat. No. 10,397,153

ELECTRONIC DEVICE AND METHOD FOR CONTROLLING RECEPTION OF DATA IN ELECTRONIC DEVICE

Samsung Electronics Co., ...

1. A method of an electronic device, the method comprising:displaying a screen including first information which indicates a reception of at least one message;
identifying a user input on second information indicating a reception of a specific message from among the first information;
controlling the second information not to be displayed in the screen, if the identified user input includes a predetermined gesture;
determining an application corresponding to the specific message;
identifying blocking configuration information corresponding to the predetermined gesture, wherein the blocking configuration information includes, based on a gesture included in the user input, information indicating whether to receive at least one message transmitted from the application or whether to display third information indicating a reception of the at least one message transmitted from the application; and
controlling the reception of the at least one message transmitted from the application and controlling a displaying of the third information in the screen based at least in part on the identified blocking configuration information.

US Pat. No. 10,397,152

METHOD AND SYSTEM FOR PREDICTING FUTURE EMAIL

EXCALIBUR IP, LLC, New Y...

1. A method comprising:scanning, by a processor, a plurality of email messages from a plurality of email message inboxes;
identifying, by the processor, patterns based upon an analysis of scanned email messages, wherein a pattern identifies a temporal and causal connection between at least two email messages;
receiving, by the processor, a message sent to a user operating a client device;
determining, by the processor, likely content of a future email message that should be received in an inbox of the client device based on the received email message and based on the patterns, wherein the future email message comprises an email message not yet received and expected to be received by the client device from a third-party email account within a predetermined amount of time from a time associated with the email message based on the patterns; and
transmitting, by the processor, an item of information based on the determined likely content of the future email message, the item of information transmitted to user separate from and prior to actual receipt of the future email message.

US Pat. No. 10,397,151

COORDINATION OF DATA RECEIVED FROM ONE OR MORE SOURCES OVER ONE OR MORE CHANNELS INTO A SINGLE CONTEXT

III HOLDINGS 2, LLC, Wil...

1. A method at a user device comprising:receiving, by the user device, an audio request for information via a multimodal application of the user device, the audio request comprising partial data, the partial data being a fragment of complete data for a computing device to provide complete information corresponding to the audio request;
transmitting, by the user device, the partial data to a remote computer system, the remote computer system comprising a coordination management computer system;
receiving, by the user device from the remote computer system, a request for associated data that is associated with the partial data, wherein the associated data is to be complied with the partial data to provide the complete information corresponding to the audio request;
responsive to the received request for the associated data, transmitting, by the user device, the associated data to the remote computer system;
receiving, by the user device, the complete information corresponding to the audio request, the complete information comprising the associated data combined with the partial data; and
presenting, by the user device, the complete information corresponding to the audio request via at least one interface component of the user device.

US Pat. No. 10,397,149

METHOD, SYSTEM AND TERMINAL FOR DELETING A SENT MESSAGE IN INSTANT MESSAGE COMMUNICATION

TENCENT TECHNOLOGY (SHENZ...

1. A method of deleting a sent instant message in messaging communication performed by a server, comprising:receiving from a first communication terminal, a delete request to delete a sent instant message which has been transmitted from the first communication terminal for forwarding to a second communication terminal, wherein the delete request comprises an identification which identifies the sent instant message to be deleted;
determining, whether the sent instant message to be deleted has already been successfully forwarded to the second communication terminal:
if it is determined that the sent instant message to be deleted has already been successfully forwarded to the second communication terminal, forwarding the delete request to the second communication terminal to facilitate deletion of the sent instant message by the second communication terminal and transmitting a first notification message to the second communication terminal to display that the sent instant message has been successfully deleted,
wherein the determination of the sent instant message to be deleted has already been successfully forwarded to the second communication terminal, comprises:
dividing a storage of the server into a first storage area for storing un-forwarded instant messages and a second storage area for storing already forwarded instant messages;
if it is determined that the sent instant message to be deleted has still not been successfully forwarded to the second communication terminal, cancelling further operation on forwarding the sent instant message to be deleted to the second communication terminal,
wherein after the cancelling of the transmission of the sent instant message to the second communication terminal, transmitting the first notification message to the second communication terminal to display that the sent instant message has been successfully deleted, such that the display of the first notification message replaces the display of the deleted sent instant message.

US Pat. No. 10,397,148

SYSTEM FOR PROCESSING ELECTRONIC MESSAGES

1. A system (10) for processing electronic messages comprising:a first communication interface module (12) in electronic communication arrangement with a first external server (13) to form a first communication channel via the internet, the first external server (13) configured to transmit a first type of electronic messages to the first communication interface module (12), an electronic message conversion module (11) in operative electronic communication arrangement with the first communication interface module (12), the first communication interface module (12) configured to electronically transmit and receive ft the first type of electronic messages which may have attributes of a first attribute set;
a second communication interface module (14) in electronic communication arrangement with a second external server (15) to form a second communication channel via the internet, the second external server (15) configured to transmit a second type of electronic messages to the second communication interface module (14) and the electronic message conversion module (11), the second communication interface module (14) configured to electronically transmit and receive the second type of electronic messages which may have attributes of a second attribute set;
an electronic message processing module (16, 19) in electronic communication arrangement with the electronic message conversion module (11), the electronic message processing module (16) configured to process for a user (17, 20) electronic messages of a standard message type and, in doing so, configured to allocate attributes of a standard attribute set to the processed electronic messages;
the electronic message conversion module (11) configured to facilitate the conversion of electronic messages between the standard messages type and the first and second messages type and vice versa; wherein,
a first allocation table (21) between the standard attribute set and the first attribute set is electronically stored in the first communication interface module (12);
a second allocation table between the standard attribute set and the second attribute set is electronically stored in the communication second interface module (14) and;
the first communication interface module (12) is configured to convert attributes between the first attribute set and the standard attribute set on the basis of the first allocation table;
the second communication interface module (14) is configured to convert attributes between the second attribute set and the standard attribute set on the basis of the second allocation table; and,
the electronic message conversion module (11) is configured so that login information which is required by the first communication interface module (12) or the second communication interface module (14) for transmitting and receiving electronic messages can be passed on.

US Pat. No. 10,397,147

METHOD, APPARATUS AND DEVICE FOR EXCHANGING NAME CARD

Tencent Technology (Shenz...

1. A method for exchanging a name card applied to a terminal, comprising:binding, by a contact client running on the terminal, the contact client with a first Instant Messaging (IM) client running on the terminal through an associated account to implement information sharing between the contact client and the first IM client, the contact client comprising a contact and the associated account being a number of the terminal, the contact client being a first type of client operated in the terminal and the IM client being a second type of client operated in the terminal;
receiving, by the contact client running on the terminal, a selecting signal for selecting at least one name card in the contact;
sending, by the contact client running on the terminal, the selected at least one name card to the first IM client bound with the contact client via Software Development Kit (SDK) provided by the first IM client, the first IM client comprising a first user account, and the first user account having a friendship link; and
sharing, by the first IM client running on the terminal, the selected at least one name card through the first user account with at least one second IM client in the friendship link, wherein the second IM client does not directly interact with the contact client;
wherein the sending the selected at least one name card to the first IM client bound with the contact client comprises:
detecting whether the first IM client bound with the contact client is in an on-line state;
selecting a sharing manner according to whether the first IM client is in the on-line state, wherein the sharing manner comprises sharing by the first IM client and sharing by a short message;
when detecting that the first IM client is in the on-line state, sending the selected at least one name card to the first IM client for sharing;
wherein the method further comprises:
obtaining a second user account of the second IM client in the friendship link through the first user account;
receiving a name card of the second user account;
adding the received name card to the contact of the contact client;
sharing with the first IM client bound with the contact client through the associated account the contact which corresponds to the associated account and is synchronized in a contact server;
receiving and restoring a name card in the contact sent by the first IM client;
wherein the name card in the contact is sent to the contact client after the first IM client receives a restoring signal for obtaining a name card in the contact corresponding to the associated account, sends a name card acquiring request to the contact server, and receives the name card in the contact returned by the contact server; and wherein the name card acquiring request is configured to indicate the contact server to return the name card in the contact corresponding to the associated account.

US Pat. No. 10,397,146

MONITORING INSTANT MESSAGING USAGE

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method, comprising:selecting a participant in an instant messaging session between a plurality of participants;
weighting an identified attribute of the instant messaging session;
weighting an identified attribute of the selected participant; and
determining, based upon the weighted attributes of the instant messaging session and the selected participant, an instant messaging usage metric for the selected participant.

US Pat. No. 10,397,145

SYSTEMS AND METHODS FOR AUTOMATICALLY PROVIDING ALERTS OF WEB SITE CONTENT UPDATES

1. A system, comprising:a memory that stores instructions; and
a process that executes the instructions to perform operations, the operations comprising:
transmitting a first message containing a copy of first selected content of web site content to a plurality of visitors of a web site, wherein the plurality of visitors comprise computers;
specifying an option in an update profile of a visitor of the plurality of visitors for ignoring a lack of response to the first message;
ignoring, from the visitor of the plurality of visitors, the lack of response to the first message, wherein the lack of response to the first message is ignored based on the option specified in the update profile of the visitor;
transmitting a second message to the visitor in accordance with the update profile, wherein the second message is associated with updating second selected content of the web site content;
updating the web site content based on a revised copy of the second selected content that is received in response to the second message;
receiving requests from visitors of the plurality of visitors to be notified of an update of the website content;
generating an instant message including an alert message indicating the update of the web site content;
transmitting, after updating the web site content, the instant message including the alert message to each of the plurality of visitors that have requested to be notified of the update of the web site content, wherein the alert message indicates that the update has been performed; and
updating, upon receipt of the revised copy of the second selected content, an update log based on changes to the revised copy of the second selected content and to indicate changes in an automatic update sequence number field of the update log, wherein the update log is contained within a web page of the web site updated based on the revised copy of the second selected content.

US Pat. No. 10,397,143

PREVENTING TRANSMISSION OF ERRORS IN A COMPUTING NETWORK

Amazon Technologies, Inc....

1. A method, implemented by a network device, for preventing transmission of cyclic redundancy check (CRC) errors, the method comprising:maintaining counts of CRC errors for network packets processed by network ports of the network device, wherein the network device supports cut-through forwarding, and wherein cut-through forwarding is enabled on the network ports;
upon detecting a CRC error condition indicated by CRC errors of the network packets increasing above an error threshold:
if the network device supports tracking outbound CRC errors for transmitted network packets:
detecting the CRC error condition for a particular network port of the network device; and
disabling cut-through forwarding on the particular network port so that the particular network port uses store-and-forward processing when processing network packets, wherein disabling cut-through forwarding on the particular network port does not affect whether the other network ports of the network device use cut-through forwarding; and
while cut-through forwarding is disabled on the particular network port, processing network packets via the particular network port using store-and-forward processing; and
otherwise, if the network device does not support tracking outbound CRC errors for transmitted network packets:
detecting the CRC error condition;
disabling cut-through forwarding for all network ports of the network device; and
while cut-through forwarding is disabled on all of the network ports, processing network packets via all of the network ports using store-and-forward network packet processing.

US Pat. No. 10,397,142

MULTI-CHIP STRUCTURE HAVING FLEXIBLE INPUT/OUTPUT CHIPS

MediaTek Inc., Hsin-Chu ...

1. A multi-chip structure, comprising:a switch system on chip (switch SOC) comprising a core circuit, a first multiplexer, and a first de-multiplexer;
a plurality of serializer/deserializer (SerDes) chips, positioned around the switch SOC, wherein at least two of the plurality of SerDes chips are manufactured by different semiconductor processes, and wherein the core circuit is manufactured by a different semiconductor process than that of at least one of the plurality of SerDes chips; and
a plurality of inter-chip interfaces, for connecting the switch SOC to the plurality of SerDes chips, respectively,
wherein a first SerDes chip of the plurality of SerDes chips comprises:
a second de-multiplexer, directly connected to the first de-multiplexer via a first inter-chip interface of the plurality of inter-chip interfaces, configured to convert first serial data to first parallel data and send the first parallel data to the switch SOC; and
a second multiplexer, directly connected to the first multiplexer via a second inter-chip interface of the plurality of inter-chip interfaces, configured to convert second parallel data from the switch SOC to second serial data and sending the second serial data to another chip.

US Pat. No. 10,397,141

ACCESS PORT FOR ONE OR MORE VLANS

Cisco Technology, Inc., ...

1. A network device comprising a memory, a processor, and a plurality of ports, the network device adapted to receive at least one configuring instruction, and adapted, after receipt of any of the at least one configuring instruction, to configure one or more access ports, of the plurality of ports, for endpoint virtual local area network (VLAN) assignment that is in accordance with at least one VLAN assignment algorithm based, at least in part, on available Internet Protocol (IP) addresses for each of a respective subnet of a plurality of subnets associated with each of a respective VLAN of a plurality of VLANs in a network, wherein the at least one VLAN assignment algorithm allows at least two endpoints to be assigned to at least two different respective VLANs of the plurality of VLANs in the network, the at least one VLAN assignment algorithm enabling the at least two endpoints to connect to a same access port of the one or more access ports and provide data which is not VLAN tagged when received at the same access port.

US Pat. No. 10,397,140

MULTI-PROCESSOR COMPUTING SYSTEMS

Hewlett-Packard Developme...

1. A multi-processor computing system comprising:a second processing device to generate outgoing data packets and comprising:
a second network stack to save the outgoing data packets in a second outgoing packet buffer of the second processing device; and
a second network driver to save an outgoing buffer pointer in a second transmission ring of the second processing device, the outgoing buffer pointer corresponding to the second outgoing packet buffer;
a first processing device communicatively coupled to the second processing device, the first processing device comprising a first network driver to move the outgoing buffer pointer from the second transmission ring to a send ring in the first processing device; and
a network interface controller (NIC) communicatively coupled to the first processing device to:
obtain the outgoing buffer pointer from the send ring;
copy, using the outgoing buffer pointer, the outgoing data packets from the second outgoing packet buffer to a transmission queue of the NIC; and
transmit the outgoing data packets to another computing system over a communication network.

US Pat. No. 10,397,139

STORAGE DEVICE IN WHICH FORWARDING-FUNCTION-EQUIPPED MEMORY NODES ARE MUTUALLY CONNECTED AND DATA PROCESSING METHOD

TOSHIBA MEMORY CORPORATIO...

1. A method of controlling a plurality of memory nodes, each of the memory nodes including a plurality of input ports, a plurality of output ports, and a memory in which data is stored, each of the memory nodes being configured to output a packet input to the input port to one of the output ports, the memory nodes being mutually connected at the input ports and the output ports and have addresses, the method comprising;determining a straight line connecting a memory node of a destination address and a memory node of a source address, the destination address indicating an address of a memory node of a target for the packet to be forwarded; and
forwarding a packet to a memory node adjacent to the memory node of a current position address such that the packet proceeds based on the straight line, wherein
while the packet is forwarded from the memory node of the source address to the memory node of the destination address, a trajectory of the packet forwarded from the memory node of the source address to the memory node of the destination address is along the straight line, and the packet proceeds across the straight line at least once.

US Pat. No. 10,397,138

METHOD FOR PROCESSING INFORMATION, FORWARDING PLANE DEVICE AND CONTROL PLANE DEVICE

Huawei Technologies Co., ...

1. A method, comprising:receiving, by a gateway forwarding plane device, a data packet, and extracting the data packet's characteristic information;
buffering the data packet in the gateway forwarding plane device when there is no context information corresponding to the data packet's characteristic information already stored in the gateway forwarding plane device, until receiving the context information returned from a gateway control plane device, wherein the gateway control plane device and the gateway forwarding plane device are both separate and different devices;
before receiving the context information returned from the gateway control plane device, sending, by the gateway forwarding plane device, the data packet's characteristic information to the gateway control plane device, wherein the data packet's characteristic information is used for the gateway control plane device to acquire the context information corresponding to the characteristic information of the data packet;
acquiring, by the gateway control plane device, the context information according to the data packet's characteristic information, and sending, by the gateway control plane device, the context information to the gateway forwarding plane device; and
forwarding by the gateway forwarding plane device, the data packet according to the received context information.

US Pat. No. 10,397,136

MANAGED FORWARDING ELEMENT EXECUTING IN SEPARATE NAMESPACE OF PUBLIC CLOUD DATA COMPUTE NODE THAN WORKLOAD APPLICATION

NICIRA, INC., Palo Alto,...

1. For a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, a method comprising:identifying a virtual machine, that operates on a host machine in the datacenter, to attach to the logical network, the virtual machine having a network interface with a network address provided by a management system of the datacenter, wherein a workload application executes in a first namespace of the virtual machine; and
distributing configuration data for configuring a managed forwarding element executing in a second namespace of the virtual machine (i) to receive data packets sent from the workload application via an interface pairing between the first and second namespaces and (ii) to perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have the provided network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the same provided network address as a source address for the encapsulation when sent from the virtual machine.

US Pat. No. 10,397,135

ROUTER FABRIC

GVBB HOLDINGS S.A.R.L., ...

1. A media signal routing system for routing and distributing media content, the media signal routing system comprising:a synchronized media router configured to route a plurality of packetized media signals to at least one output of the media signal routing system, the plurality of packetized media signals including at least one IP packetized video signal; and
a media routing controller configured to control the synchronized media router to synchronously route data packets of the at least one IP packetized video signal in accordance with a system clock, such that the synchronized media router is configured to switch without at least one glitch between outputting the at least one IP packetized video signal and another media signal of the packetized media signals to the at least one output for media content distribution.

US Pat. No. 10,397,134

BANDWIDTH SHARING

International Business Ma...

1. A method for bandwidth sharing to enable communication between users over the Internet, said method comprising:receiving, by an Internet Service Provider (ISP) from a first user after the first user received a second key from a second user: the second key and a directive to transfer bandwidth from the first user to the second user for a finite time duration N,
wherein the bandwidth to be transferred comprises W upload bandwidth,
wherein the ISP previously provided a first key to the first user in conjunction with a first plan in which the first user purchased from the ISP an upload bandwidth of U1 for transmitting data via the Internet and a download bandwidth of D1 for receiving data via the Internet,
wherein the first key is configured to identify the first user, wherein the ISP previously provided the second key to the second user in conjunction with a second plan in which the second user purchased from the ISP an upload bandwidth of U2 for transmitting data via the Internet and a download bandwidth of D2 for receiving data via the Internet,
wherein the second key is configured to identify the second user, and
wherein U1, D1, U2 and D2 differ from one another;
responsive to said receiving the second key from the first user, changing bandwidth, by the ISP for the time duration N, wherein said changing bandwidth comprises changing the second user's upload bandwidth to U2+W and changing the first user's upload bandwidth to U1?W, wherein W is an additional upload bandwidth, and wherein communication between the second user and the first user requires a permitted upload bandwidth greater than U2 and less than U2+W, and
responsive to receiving, by the ISP from the second user within the time duration N, a directive to establish a communication between the second user and the first user to transfer specified data, transferring, by the ISP during the time duration N in accordance with the permitted upload bandwidth, the specified data from the second user to the first user.