US Pat. No. 10,397,287

AUDIO DATA TRANSMISSION USING FREQUENCY HOPPING

Microsoft Technology Lice...

1. A method comprising:obtaining data representing an ordered sequence of multiple characters;
determining a code for each character in the ordered sequence of multiple characters, wherein each character in the ordered sequence of multiple characters corresponds to a different code identifying the character and sequence position of the character in the ordered sequence of multiple characters;
identifying a set of audio frequencies for the ordered sequence of multiple characters, wherein each determined code corresponds to a different audio frequency and wherein each audio frequency uniquely indicates a combination of a respective character and a respective sequence position of the respective character; and
transmitting the set of audio frequencies to a receiver, wherein each respective audio frequency of the set of audio frequencies is used by the receiver to reconstruct the ordered sequence of multiple characters independent of a sequence of the transmitting of the set of audio frequencies.

US Pat. No. 10,397,286

ESTIMATING NETWORK DATA STREAMING RATE

1. A method, comprising:intercepting a data packet from a data streaming session conducted between a first device and a second device connected over a network;
calculating a size of a file segment from information contained in the data packet, wherein the file segment corresponds to a portion of an item of multimedia content being delivered via the data streaming session, wherein the size of the file segment is calculated as a total number of bytes delivered via the data streaming session divided by a total number of file segments delivered via the data streaming session; and
calculating an encoding rate of the data streaming session, based at least in part on the size of the file segment.

US Pat. No. 10,397,285

EARLY-MEDIA SERVICE CONTROL DEVICE, EARLY-MEDIA SERVICE CONTROL METHOD, AND STORAGE MEDIUM HAVING PROGRAM STORED THEREON

NEC CORPORATION, Tokyo (...

1. An early-media service control device comprising:a communication unit;
a resource reservation status determination unit that determines whether or not a value of a parameter indicating resource reservation status of a session-start-request-transmitting terminal device is a value indicating reserved, the parameter being included in a session start request transmitted by the session-start-request-transmitting terminal device and received by the communication unit, the session-start-request-transmitting terminal device being based on an early media scheme of starting early-media service execution with receipt of a calling-in-progress notification as one requirement;
a parameter value rewriting unit that, when the resource reservation status determination unit determines that the value of the parameter is a value indicating reserved, rewrites the value of the parameter to a value indicating resource unreserved;
a session start request transmission control unit that, when the resource reservation status determination unit determines that the value of the parameter is a value indicating reserved, controls the communication unit in such a way that the communication unit transmits, to a session-start-request-receiving network, a session start request in which a value of a parameter is rewritten by the parameter value rewriting unit, and when the resource reservation status determination unit determines that the value of the parameter is not a value indicating reserved, controls the communication unit in such a way that the communication unit transmits, to a session-start-request-receiving network, a session start request received from the session-start-request-transmitting terminal device; and
a calling-in-progress notification transmission control unit that, when the communication unit receives a response indicating resource reserved in a session-start-request-receiving terminal device, controls the communication unit in such a way that the communication unit transmits the calling-in-progress notification to the session-start-request-transmitting terminal device, the response being transmitted in response to the session start request transmitted to the session-start-request-receiving network by the communication unit.

US Pat. No. 10,397,283

USING SYMMETRIC AND ASYMMETRIC FLOW RESPONSE PATHS FROM AN AUTONOMOUS SYSTEM

Oracle International Corp...

1. One or more non-transitory machine readable media storing instructions, which when executed by one or more processors, cause:receiving, by a first gateway in an Autonomous System (AS), a first packet originating at a virtual machine that is internal to the AS and allocated to a particular tenant of a plurality of tenants of the AS,
wherein the first packet is to be transmitted out of the AS to an Internet address external to the AS,
wherein the Internet address external to the AS is accessible via a plurality of egress gateways in the AS, each of the plurality of egress gateways being configured for transmitting packets out of the AS to the Internet;
determining a plurality of dropped packet rates associated, respectively, with the plurality of egress gateways;
determining, based on a comparison of the plurality of dropped packet rates, that a first egress gateway of the plurality of egress gateways is associated with a lowest dropped packet rate of the plurality of dropped packet rates;
determining that a first packet priority associated with the first packet satisfies a threshold criterion;
based at least on (a) the first egress gateway being associated with the lowest dropped packet rate and (b) the first packet priority satisfying the threshold criterion: selecting, by the first gateway, the first egress gateway for transmission of the first packet out of the AS to the Internet;
encapsulating, by the first gateway, the first packet within a second packet addressed to the first egress gateway;
transmitting, by the first gateway, the second packet toward the first egress gateway;
prior to the first gateway receiving the first packet:
receiving, by the first gateway from the first egress gateway, a third packet encapsulating an inner fourth packet, wherein a header of the third packet identifies a destination in an overlay network for forwarding the fourth packet;
modifying a destination of the fourth packet to the destination in the overlay network identified in the header of the third packet, to obtain a fifth packet; and
transmitting the fifth packet by the first gateway to the destination in the overlay network.

US Pat. No. 10,397,282

PROVIDING SESSION INITIATION PROTOCOL REQUEST CONTENTS METHOD AND SYSTEM

BlackBerry Limited, Wate...

1. An Application Server (AS) for obtaining information regarding a first entity, the AS comprising:a processor configured to receive a session initiation protocol (SIP) message from a second entity, the SIP message including a first message that was received by the second entity from the first entity or a second message that was sent from the second entity towards the first entity,
wherein the processor is further configured to obtain the information that was included by the first entity from the first message or that was sent towards the first entity in the second message,
wherein at least one of the first message or the second message comprises a first request uniform resource identifier (Request URI), the first Request URI comprising a SIP registrar address, and wherein the SIP message comprises a second Request URI, the second Request URI comprising an address of the AS.

US Pat. No. 10,397,281

METHOD, SYSTEM AND SERVER FOR SELF-HEALING OF ELECTRONIC APPARATUS

Wistron Corporation, New...

1. A self-healing method of an electronic apparatus, adapted to execute self-healing when at least one component in an electronic apparatus is updated, and comprising:obtaining a clone of components installed in the electronic apparatus;
for each of the components in the clone:
in response to the component in the clone having an update, executing the update to the component in the clone; and
updating the component corresponding to the update in the electronic apparatus by using the clone in response to a sanity of the update being confirmed;
executing a self-diagnosis on the updated electronic apparatus to produce a diagnosis result;
obtaining at least one policy based on the diagnosis result for healing the electronic apparatus; and
transforming the at least one policy into at least one rule adapted for the electronic apparatus, and performing the self-healing according to the rules.

US Pat. No. 10,397,280

TECHNOLOGIES FOR SCALABLE SECURITY ARCHITECTURE OF VIRTUALIZED NETWORKS

Intel Corporation, Santa...

1. A computing node of a network functions virtualization (NFV) security architecture for managing security monitoring services of the NFV security architecture, the computing node comprising:one or more processors; and
one or more memory devices having stored therein a plurality of instructions that, when executed by the one or more processors, cause the computing node to:
instantiate an NFV security services agent on a virtual network function (VNF) instance of the computing node, wherein the NFV security services agent has access to monitor and collect telemetry data associated with a service being performed by the VNF instance, and wherein the service being performed does not have access to the telemetry data collected by the instantiated NFV security services agent;
receive, by the NFV security services agent, via an NFV security services controller of the NFV security architecture, credentials usable to (i) securely package data and (ii) establish secure communication channels;
receive, by the NFV security services agent via the NFV security services controller, a security monitoring policy from an NFV services provider of a virtualization interface manager communicatively coupled to the NFV security services agent and the NFV security services controller, the security monitoring policy including monitoring rules usable to identify which telemetry data of the NFV security architecture is to be monitored;
monitor, by the NFV security services agent, in a secure environment of the computing node, telemetry data of the VNF instance based on the received security monitoring policy;
securely package, in the secure environment by the NFV security services agent and using the received credentials, at least a portion of the monitored telemetry data based on the received security monitoring policy;
establish, by the NFV security services agent and using the received credentials, a secure communication channel between the NFV security services agent and an NFV security monitoring analytics system of the NFV security architecture;
securely transmit, by the NFV security services agent and via the secure communication channel, the packaged telemetry data to the NFV security monitoring analytics system for analysis based on the received security monitoring policy;
apply a timestamp to the packaged telemetry data; and
transmit the timestamp with the packaged telemetry data.

US Pat. No. 10,397,279

DIRECTING AUDITED DATA TRAFFIC TO SPECIFIC REPOSITORIES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for auditing data traffic, the computer-implemented process comprising:monitoring data traffic on a network and collecting data access elements thereof;
comparing the collected data access elements to security rules;
sending a first audit data collection to a first repository based on a first security rule of the security rules,
wherein the first security rule:
defines a first condition based on a first data access element of the collected data access elements,
defines the first audit data collection,
designates the first audit data collection as a default audit data collection for a first user, and
designates the first repository as a default repository for the first user,
wherein the first audit data collection includes a second data access element of the collected data access elements and
wherein the sending occurs in response to one or more of the collected data access elements of a data access by the first user matching the first condition in the first security rule and the sending directs the first audit data collection to the first repository responsive to the designation of the first repository in the first security rule; and
sending, for the data access by the first user, a second audit data collection to a second repository based on a second security rule of the security rules,
wherein the second security rule:
defines a second condition based on a third data access element of the collected data access elements,
defines the second audit data collection and
designates the second repository as a repository for the second audit data collection,
wherein the second audit data collection includes a fourth data access element of the collected data access elements and
wherein the sending the second audit data collection to the second repository occurs in response to one or more of the collected data access elements of the data access by the first user matching the second condition in the second security rule and the sending the second audit data collection directs the second audit data collection to the second repository responsive to the designation of the second repository in the second security rule,
wherein the third data access element is different than the fourth data access element, and
wherein the third data access element is a database table name and the fourth data access element is an IP address from which the database table is accessed.

US Pat. No. 10,397,277

DYNAMIC DATA SOCKET DESCRIPTOR MIRRORING MECHANISM AND USE FOR SECURITY ANALYTICS

AVOCADO SYSTEMS INC., Sa...

1. A computer-implemented method, comprising:receiving, at a first host on which an application instance is operating, an application or data security policy for a first data socket descriptor indicating to perform one or more actions, the one or more actions including mirroring one or more payloads received or transmitted by the first data socket descriptor of the application instance; and
in response to the indication by the application and data security policy to perform the one or more actions, performing, by the application on the first host, the mirroring and at least one additional action selected from the group consisting of:
allow;
allow-and-analyze;
allow_analyze;
drop;
drop-and-analyze;
drop_analyze;
rate limit; and
combinations thereof;
wherein performing the additional action allow comprises allowing the application instance to receive a payload of a packet received via the first data socket descriptor;
wherein performing the additional action allow-and-analyze comprises:
allowing the application instance to receive the payload of the packet received via the first data socket descriptor; and
retaining statistics relating to the packet;
wherein performing the additional action allow analyze comprises:
allowing the application instance to receive the payload of the packet; and
mirroring the packet to an external security analytics application;
wherein performing the additional action drop comprises:
dropping the packet;
retaining statistics relating to the packet; and
logging the drop of the packet;
wherein performing the additional action drop-and-analyze comprises:
dropping the packet;
retaining statistics relating to the packet; and
mirroring the packet to the external security analytics application;
wherein performing the additional action drop analyze comprises:
dropping the payload of the packet; and
mirroring the packet to the external security analytics application; and
wherein performing the additional action rate limit comprises: limiting an amount of data transmitted via the first data socket descriptor based on the received application or data security policy.

US Pat. No. 10,397,276

SECURE ELEMENT MANAGEMENT METHOD AND TERMINAL

HUAWEI DEVICE CO., LTD., ...

1. A terminal, comprising:a processing circuit; and
at least two secure element interfaces, wherein
the processing circuit is connected to the at least two secure element interfaces, and
the processing circuit is configured to:
acquire identification information of a first secure element when the first secure element is connected to the secure element interfaces;
acquire preset identification information, wherein the preset identification information is used to identify an exclusive secure element that, when being connected to the terminal, is configured to operate while excluding any other secure element connected to the terminal from being accessed by an external device;
determine whether the identification information of the first secure element matches the preset identification information; and
in response to a determination that the identification information of the first secure element matches the preset identification information, set the first secure element to a normal working state, and set one or more other secure elements connected to the terminal to a non-normal working state,
wherein, when setting the first secure element to the normal working state, the processing circuit is configured to:
send an instruction to a near field communication (NFC) controller;
set the first secure element to an enabled state;
create a logical channel between the processing circuit and the NFC controller, wherein the logical channel is used for communication between the processing circuit and the first secure element; and
configure routing information of an application installed on the first secure element into a routing table of the NFC controller,
wherein the processing circuit is further configured to set the first secure element and the one or more other secure elements to the normal working state when the identification information of the first secure element does not match the preset identification information and identification information of the one or more other secure elements does not match the preset identification information.

US Pat. No. 10,397,275

CREATING AND USING REMOTE DEVICE MANAGEMENT ATTRIBUTE RULE DATA STORE

NICIRA, INC., Palo Alto,...

1. A method of processing rules at a network element, the method comprising:receiving a larger, first set of rules with each rule in the first set comprising a rule identifier
including a set of remote device management (RDM) attributes;
for a plurality of RDM attributes belonging to a plurality of rule identifiers of the first set of rules, generating an index structure that identifies the rules that are associated with the plurality of the RDM attributes;
in response to receiving from a remote device a data message associated with an RDM attribute set, using at the network element the index structure to identify, from the larger first set of rules, a smaller second set of rules that potentially match the data message by identifying and selecting for the second set of rules each rule in the first set that matches at least one RDM attribute of the RDM attribute set associated with the received data message;
comparing the RDM attribute set associated with the received data message with the RDM attribute set of at least one rule in the identified second rule set to determine that the rule matches the message and hence should be used to process the message; and
using the matching rule to perform a middlebox service operation on the message.

US Pat. No. 10,397,274

PACKET INSPECTION AND FORENSICS IN AN ENCRYPTED NETWORK

salesforce.com, inc., Sa...

1. A method comprising:providing, by a first computing device to a first node of a network, a request to access network traffic of the network;
in response to receiving access to the network traffic from the first node, writing, by the first computing device, first data from the network traffic to at least a first data store of a plurality of data stores in communication with the first computing device, the first data comprising first encrypted data and a first plurality of key exchange events;
receiving, by the first computing device, a request from a second computing device that is distinct from the first computing device to access encrypted data transmitted over the network;
in response to the receipt of the request from the second computing device, authenticating, by the first computing device, the second computing device;
identifying, by the first computing device based on a time range included in the request from the second computing device, a first portion of the first encrypted data and a first key exchange event of the first plurality of key exchange events;
calculating, by the first computing device, a first encryption key based on data included in the first key exchange event; and
providing, by the first computing device to the second computing device, the first encryption key and access to the first portion of the first encrypted data written on at least the first data store.

US Pat. No. 10,397,272

SYSTEMS AND METHODS OF DETECTING EMAIL-BASED ATTACKS THROUGH MACHINE LEARNING

CAPITAL ONE SERVICES, LLC...

1. A system comprising:at least one processor; and
at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to:
receive an email addressed to a user;
separate the email into a plurality of email components, the email components comprising a first link;
analyze, using machine-learning techniques, each of the plurality of email components, by:
virtually navigating to an end-point of the first link;
tracking re-routing by the first link between a starting point and the end-point;
receiving an automatic download triggered by the virtual navigation;
isolating the automatic download;
analyzing the automatic download; and
analyzing a content of the end-point; and
provide the analysis of each of the plurality of email components into a stacked ensemble analyzer; and
based on an output of the stacked ensemble analyzer, determine that the email is potentially malicious.

US Pat. No. 10,397,268

METHOD AND APPARATUS FOR PROVIDING NOTIFICATION OF DETECTED ERROR CONDITIONS IN A NETWORK

1. A first endpoint for managing a communication session, the first endpoint comprising:a processor; and
a non-transitory computer-readable medium storing instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising:
detecting an error condition associated with the communication session, wherein the first endpoint and a second endpoint are participating in the communication session, wherein the error condition comprises an attack on the communication session, wherein the attack comprises an invalid re-anchor request;
sending a notification of the error condition to the second endpoint using a first transport layer session management message of a transport layer session, wherein the communication session includes the transport layer session, wherein a header of the first transport layer session management message includes a record type, wherein the record type indicates that a payload of the first transport layer session management message contains session management information; and
receiving a communication from the second endpoint via a second transport layer session management message of the transport layer session, the communication proposing a response to the error condition.

US Pat. No. 10,397,266

VERIFYING THAT THE INFLUENCE OF A USER DATA POINT HAS BEEN REMOVED FROM A MACHINE LEARNING CLASSIFIER

SYMANTEC CORPORATION, Mo...

1. A computer-implemented method for verifying that influence of a user data point has been removed from a machine learning classifier, at least a portion of the method being performed by a network device comprising one or more processors, the method comprising:training, by a network device, a machine learning classifier using a training set of data points that includes a user data point;
calculating, by the network device, a first loss of the machine learning classifier;
updating, by the network device, the machine learning classifier by updating parameters of the machine learning classifier to remove influence of the user data point using an influence function without retraining the machine learning classifier;
calculating, by the network device, a second loss of the machine learning classifier;
calculating, by the network device using an influence function, an expected difference in loss of the machine learning classifier due to removal of the influence of the user data point from the machine learning classifier; and
verifying that the influence of the user data point has been removed from the machine learning classifier by determining, by the network device, that the difference between the first loss and the second loss is within a threshold of the expected difference in loss.

US Pat. No. 10,397,265

MITIGATING SECURITY VULNERABILITIES IN WEB CONTENT

SHAPE SECURITY, INC., Mo...

1. A computer system comprising:one or more hardware processors;
at least one memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to:
receive source code corresponding to a web page requested by a client device from a server device;
process the source code to identify one or more specified resources that are accessed by the source code;
determine that a particular resource of the one or more specified resources is subject to a mixed content vulnerability, the mixed content vulnerability comprising the source code allowing use of an unsecure channel with respect to the particular resource;
in response to determining that the particular resource is subject to the mixed content vulnerability, modify the source code to specify a security directive instructing a browser on the client device to enforce the security directive when the source code is executed on the client device;
cause transmission of the modified source code to the client device.

US Pat. No. 10,397,264

DIGITAL DYE PACKS

PayPal, Inc., San Jose, ...

1. A system, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
receiving a user input from a user device in connection with conducting an electronic transaction;
determining that the user input comprises a modified identifier modified from an identifier associated with a user;
determining, from a plurality of identifier modifications, an identifier modification that corresponds to the modified identifier, wherein each identifier modification in the plurality of identifier modifications corresponds to an action;
obtaining, from the user device, external data representative of a context in which the user input was provided to the user device;
determining a risk associated with the transaction based on the identifier modification and the external data; and
tracking the electronic transaction based on the determined risk.

US Pat. No. 10,397,263

HIERARCHICAL PATTERN MATCHING FOR DEEP PACKET ANALYSIS

Futurewei Technologies, I...

1. An apparatus, comprising:a first content addressable memory (CAM) storing a substring of a string of a regular expression as a plurality of bits that are individually searchable;
a memory comprising executable instructions; and
one or more processors coupled to the memory wherein the one or more processors execute the instructions to:
receive a data packet comprising a plurality of bits;
search the received data packet at a first hierarchical level using, at least in part, the first CAM and compare in parallel the plurality of bits of the received data packet to the plurality of bits of the substring to determine whether the substring of the string of the regular expression exists in the received data packet;
search the received data packet at a second hierarchical level when the search of the received data packet at the first hierarchical level finds a match, to determine whether the string of the regular expression exists in the received data packet; and
transmit the received data packet to a next network element along an original path of the received data packet without searching the received data packet at a third hierarchical level when the search of the received data packet at the first or second hierarchical level does not find a match.

US Pat. No. 10,397,257

MULTI-MODE BOUNDARY SELECTION FOR THREAT DETECTION IN INDUSTRIAL ASSET CONTROL SYSTEM

GENERAL ELECTRIC COMPANY,...

1. A system to protect an industrial asset control system, comprising:a plurality of real-time monitoring node signal inputs to receive streams of monitoring node signal values over time that represent a current operation of the industrial asset control system; and
a threat detection computer platform, coupled to the plurality of real-time monitoring node signal inputs and an operating mode classification database, including a storage medium with programming instructions and a computer processor to:
(i) receive the streams of monitoring node signal values,
(ii) receive a current operating mode of the industrial asset control system,
(iii) based on the current operating mode and information in the operating mode classification database, determine that a first operating mode group is a current operating mode group, the first operating mode group being selected from a set of potential operating mode groups, wherein the first operating mode group corresponds to a first plurality of different operating modes of the industrial asset control system and is associated with a first decision boundary separating a normal state from an abnormal state, and a second operating mode group corresponds to a second plurality of different operating modes of the industrial asset control system and is associated with a second decision boundary different than the first decision boundary,
(iv) based on the streams of monitoring node signal values, generate at least one current monitoring node feature vector,
(v) based on the current operating mode group, select the first decision boundary as an appropriate decision boundary,
(vi) compare the at least one generated current monitoring node feature vector with the first decision boundary, and
(vii) automatically transmit a threat alert signal based on a result of said comparison.

US Pat. No. 10,397,256

SPAM CLASSIFICATION SYSTEM BASED ON NETWORK FLOW DATA

Microsoft Technology Lice...

1. A computer-implemented method for sharing data between at least an email service provider and a cloud service provider in order to identify network spamming message patterns without accessing spamming message content, the method comprising:obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP address how many spam and non-spam messages have been received;
obtaining network data features from a cloud service provider;
providing the labels and the network data features to a machine learning application, wherein the machine learning application identifies correlations between IP addresses associated with the labels and IP addresses associated with the network data features, the correlations being used to facilitate the machine learning application in generating a prediction model to detect spamming hosts that generate spamming messages;
generating the prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; and
after an unlabeled message, which has not yet been characterized as spam or not as spam, is generated by a computing device of the cloud service provider and after the unlabeled message is received at a router of the cloud service provider in preparation for transmittal to a recipient computing device, applying the prediction model to the unlabeled message to determine whether the unlabeled message is spam or is not spam,
wherein the network data features from the cloud service provider include descriptors of connections between the computing device that generated the unlabeled message and the recipient computing device, the descriptors including information describing a source and destination IP address, source and destination ports, a protocol type, and a union of TCP flags.

US Pat. No. 10,397,253

COGNITIVE AND CONTEXTUAL DETECTION OF MALICIOUS DNS

INTERNATIONAL BUSINESS MA...

1. A method comprising:constructing, from a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature;
computing, using the packet, a metadata item supporting the input feature;
computing a set of weights corresponding to a set of nodes in a recurrent neural network (RNN) by passing a term and a set of words to a function, wherein the term and the set of words are parsed from a payload of the record in the packet;
applying the set of weights to the set of nodes in the RNN to output an entity of the term, a co-reference of the term, and a class of the term;
computing a confidence value corresponding to the entity of the term, the co-reference of the term, or the class of the term;
classifying, using a processor and a memory to execute a cognitive classification model, and by supplying the input feature and the metadata item as inputs to the cognitive classification model, a transmission of the packet as malicious use of DNS tunneling between the DNS client and the DNS server, the classifying using the confidence value and one of the entity of the term, the co-reference of the term, or the class of the term;
outputting, from the cognitive classification model, a classification of the packet as malicious, and the confidence value in the malicious classification; and
causing, by generating a notification, the DNS client to cease the malicious use of the DNS tunneling.

US Pat. No. 10,397,252

DYNAMIC DETECTION OF UNAUTHORIZED ACTIVITY IN MULTI-CHANNEL SYSTEM

Bank of America Corporati...

1. A dynamic unauthorized activity detection computing platform, comprising:at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the dynamic unauthorized activity detection computing platform to:
receive first data from a first communication channel;
format the first data received from the first communication channel;
analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content;
receive second data from a second communication channel different from the first communication channel;
format the second data received from the second communication channel;
analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content;
evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity;
responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and
responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel.

US Pat. No. 10,397,251

SYSTEM AND METHOD FOR SECURING AN ELECTRONIC CIRCUIT

1. A system for securing an electronic circuit comprising:plural regions, activity of which may be individually controlled;
a plurality of sensors integrated into the electronic circuit, each sensor being sensitive to variations in manufacturing process and configured to provide a measurement representative of a local activity of the electronic circuit;
a processor comprising an integrity verification circuit configured to:
deactivate all regions of the electronic circuit and make an acquisition of the measurements supplied by the sensors;
activate a single region of the electronic circuit one by one, and make an acquisition of the measurements supplied by the sensors;
for each region, and for each sensor, compare the measurement made by the sensor when only the region is activated with the measurement made by the sensor when all of the regions are deactivated;
determine, from the compared measurements, and for each of the regions, a partition of the sensors between sensors affected and sensors not affected by an activation of the region;
compare each of the partitions with a model partition to detect possible presence of a hardware Trojan horse liable to infect the electronic circuit.

US Pat. No. 10,397,249

INTRUSION DETECTION BASED ON LOGIN ATTEMPTS

salesforce.com, inc., Sa...

1. A system comprising:one or more processors; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:
identify an attempt by a user to login to a destination server from a source server, the destination and source server coupled to an enterprise computer network having a plurality of destination servers;
determine a destination score based on a count of attempts by the user to login to the destination server, and a count of attempts by the user to login to all of the destination servers;
determine a source given destination score based on a count of attempts by the user to login from the source server to the destination server, and a count of attempts by the user to login to the destination server;
determine one of a success rate score based on a success rate of attempts by the user to login to all of the destination servers and a login attempt frequency score based on a frequency of attempts by the user to login to all of the destination servers, the attempts being made during a time period and an extended time period;
determine an outlier score based on values associated with the destination score, the source given destination score and one of the success rate score and the login attempt frequency score; and
cause an alert to be outputted in response to a determination that the outlier score satisfies a threshold.

US Pat. No. 10,397,248

METHOD AND APPARATUS FOR MONITORING NETWORK

FUJITSU LIMITED, Kawasak...

1. A network monitoring apparatus, comprising:a memory; and
a processor configured to use the memory and execute a process, the process comprising:
specifying, for each of a plurality of packet groups and from the plurality of packet groups, a feature value relating to a targeted attack, wherein each of the plurality of packet groups includes a plurality of packets that were communicated between an internal terminal and an external terminal on a connection between the internal terminal and the external terminal;
calculating, for the plurality of packet groups, a value of a standard deviation of feature values specified for the plurality of packet groups;
determining whether the calculated value is equal to or greater than a predetermined threshold value as an indication of the targeted attack; and
outputting an alert regarding the targeted attack, after determining that the calculated value is equal to or greater than the predetermined threshold value,
wherein the feature value includes at least one of a number of packets included in a packet group of the plurality of packet groups, a size of one or more packets included in the packet group, a time interval between the packet group and another packet group immediately before the packet group, and a value related to contents of data part of the plurality of packets included in the packet group,
wherein the calculating is executed, when an IP address of a connection source of the connection is an IP address in an internal network, an IP address of a connection destination of the connection is an IP address in an external network, and a port number of the connection destination of the connection is a port number representing access to a web server.

US Pat. No. 10,397,247

SMART INTRUSION PREVENTION POLICY

International Business Ma...

1. A method for prioritizing intrusion events that enhances the efficiency of signature matching of malicious activity, the method comprising:determining, by one or more computer processors, whether a new connection corresponding to a data packet is detected, wherein the data packet is transmitted using the new connection;
responsive to determining that the new connection is detected, adding, by one or more computer processors, a connection context associated with the new connection to a current connection context in a dynamic event table,
wherein: the connection context is based on one or more of: an operating system type associated with the connection, an operating system version associated with the connection, and a computer application responsible for sending the data packet associated with the connection, and the dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of two or more events, wherein each event of the two or more events is a malicious activity and is associated with a respective data packet, and wherein each event in the listing of two or more events is retrieved from a repository; calculating, by one or more computer processors, a score for each event of two or more events in the dynamic event table based on the current connection context;
generating, by one or more computer processors, an order for the two or more events according to the calculated score for each respective event, wherein the event with a highest score receives a highest order;
performing, by one or more computer processors, a signature check of each event having a score greater than or equal to a threshold value among the two or more events according to the generated order; and
responsive to determining that a signature was found for an event among the two or more events, preventing, by one or more computer processors, intrusion of the data packet associated with the event.

US Pat. No. 10,397,246

SYSTEM AND METHODS FOR MALWARE DETECTION USING LOG BASED CROWDSOURCING ANALYSIS

Radware, Ltd., Tel Aviv ...

1. A crowdsourcing log analysis system for protecting a plurality of client networks from security threats, each of said plurality of client networks is associated with a set of network entities, said crowdsourcing log analysis system comprising:a plurality of server machines, each of said plurality of server machines comprising logic configured to execute a third-party security product and log associated third-party assessment attributes of at least one suspect entity into at least one log file; and
each of said plurality of client networks comprising logic configured to connect with at least one of said plurality of server machines to receive at least one log file;
at least one breach detection platform comprising logic configured to receive a plurality of log files from said plurality of client networks via a communication network, said at least one log file being one of the plurality of log files;
wherein said crowdsourcing log analysis system is configured to generate a risk factor for said at least one suspect entity based upon at least a plurality of said third party assessment attributes; and
wherein said crowdsourcing log analysis system causes blocking of communication for said at least one suspect entity based upon at least said risk factor being indicative of said at least one suspect network entity being a security threat.

US Pat. No. 10,397,244

SYSTEM AND METHOD FOR DETECTING ATTACK WHEN SENSOR AND TRAFFIC INFORMATION ARE INCONSISTENT

TOYOTA JIDOSHA KABUSHIKI ...

1. A system for detecting an attack, comprising a server and a plurality of vehicles capable of wirelessly communicating with each other,each of the plurality of vehicles including:
a sensor; and
a vehicle processor configured to act as:
a sensor information acquisition interface adapted to acquire sensor information from the sensor; and
a traffic information reception interface adapted to receive traffic information through wireless communication, wherein the traffic information is information that describes a road condition around the vehicle and is sent from an outside of the vehicle,
wherein a cryptographic processor is configured to verify electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from the server; and
a transmitter adapted to transmit the sensor information and the traffic information to the server, and
the server including:
a server processor configured to act as:
a specification controller to specify to at least any of the plurality of vehicles signature information indicating the characteristics of the invalid traffic information
a reception controller adapted to receive the sensor information and the traffic information from at least any of the plurality of vehicles;
a verification controller adapted to verify whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match; and
a notification controller adapted to notify, when the sensor information and the traffic information are inconsistent with each other, at least any of the plurality of vehicles of the inconsistency between the sensor information and the traffic information.

US Pat. No. 10,397,243

CONDITION CHECKING FOR PAGE INTEGRATION OF THIRD PARTY SERVICES

SAP SE, Walldorf (DE)

1. A system comprising:at least one processor; and
instructions that, when executed by the at least one processor, cause the at least one processor to provide:
a widget generator configured to provide, to a browser application, a functionally disabled widget in conjunction with downloading, by the browser application, of an untrusted third party page that specifies the widget for inclusion in the untrusted third party page; and
a protection manager configured to provide, to the browser application, in conjunction with the widget generator providing the widget, a protection script instance for inclusion within the widget, the protection script instance being executable within a page context of the untrusted third party page, the page context being separate from a widget context of the widget,
wherein the protection script instance requests execution within the page context of the untrusted third party page to determine whether a condition associated with a frame node of a document object mode (DOM) of the widget has been met, and sends an authenticated POST message to enable the widget when the condition is met, and to exclude the widget from the untrusted third party page or keep the widget disabled when the condition is not met, wherein the condition includes a visibility condition requiring that the widget be visible within the page when rendered, wherein a change monitor is configured to continuously monitor the visibility condition after an initial determination by a condition inspector and prevent alteration of the visibility condition upon detection of execution of a malicious page violating the visibility condition, the condition inspector is configured to modify the visibility condition in response to the execution of the malicious page.

US Pat. No. 10,397,242

ENHANCING INTEGRITY OF DATA CENTER SPECIFIC INFORMATION

NOKIA SOLUTIONS AND NETWO...

1. A method comprising:receiving, by an apparatus of a data center, a request message from an on-line server computer of the data center, wherein on-line refers to a working mode where a cloud-based software application of a customer is running and providing an intended service, the apparatus and the server computer being physically separate entities communicatively coupled with each other, said message requesting data center specific information stored in a memory area of the apparatus;
initiating, by the apparatus, deciphering of the request message in response to receiving the request message; and
as a response to successfully deciphering the request message, transmitting, by the apparatus, a response message to the server computer, said message comprising the data center specific information acquired from the memory area of the apparatus,
the data center specific information comprising at least one of a jurisdiction identifier, a data center identifier uniquely identifying the data center, and pre-stored geolocation data, the data center specific information being stored in a read-only memory area of the apparatus, the read-only memory being a write once memory area before the data center specific information is stored in said memory,
wherein the data center comprises a plurality of on-line server computers each communicatively coupled with the apparatus, the apparatus configured to provide said data center specific information to each of the plurality of server computers.

US Pat. No. 10,397,241

SYSTEMS AND METHODS FOR INTEGRATION OF DIRECTORY SERVICE WITH MANAGEMENT CONTROLLERS

Dell Products L.P., Roun...

1. An information handling system comprising:a hardware processor;
a directory service application comprising a program of instructions embodied in non-transitory, computer-readable media accessible to the hardware processor, the directory service application configured to:
enumerate a plurality of management controller categories for management controllers configured to provide out-of-band management of a plurality of information handling systems communicatively coupled to one another via a network, wherein the management controller categories specify different types of management controllers, and wherein at least one of the plurality of management controller categories includes a plurality of the management controllers; and
create a directory service device object for each of the plurality of management controller categories;
wherein the directory service application is configured not to create directory service device objects for individual ones of the management controllers.

US Pat. No. 10,397,240

VERSATILE AUTOSCALING FOR CONTAINERS

Amazon Technologies, Inc....

1. A system, comprising:a scaling service that includes one or more processors and first memory including first instructions that, as a result of execution by the one or more processors, cause the scaling service to:
register, as a scalable target, a scalable dimension of a resource of a resource service, the resource service comprising a software container service, a database service, or a messaging service;
in response to receipt of a notification associated with a stored policy, wherein the policy includes a set of parameters and a scaling action to perform to the scalable target, the policy specifying, in the set of parameters, a security role that authorizes fulfillment of requests:
obtain the policy from storage;
submit a first request to a resource service, the first request being a request to perform the scaling action to the scalable target in accordance with the set of parameters;
submit a second request to the resource service, the second request being a request for data from which a determination can be made whether the scalable target has been scaled in accordance with the policy; and
determine, based at least in part on a response to the second request, whether the first request has been fulfilled; and
the resource service that includes one or more processors and second memory including second instructions that, as a result of execution by the one or more processors, cause the resource service to:
initiate performance of the scaling action in accordance with the set of parameters; and
submit, to the scaling service, the response that includes the data.

US Pat. No. 10,397,238

SYSTEMS AND METHODS FOR MANAGING ELECTRONIC TOKENS FOR DEVICE INTERACTIONS

Capital One Services, LLC...

1. A device, comprising:one or more processors; and
a non-transitory memory containing instructions that when executed by the one or more processors cause the device to perform operations comprising:
installing a token generation application received from a token server, the token generation application being a web browser application;
linking the installed token generation application to an account managed by the token server by transmitting information identifying the installed token generation application to the token server;
displaying an interface including a control panel for configuring the token generation application, wherein:
the control panel comprises a switch for activating or deactivating a plurality of tokens, the tokens being linked to the account;
the interface further includes one or more settings for one of more restrictions on continued usage of the tokens; and
the one or more restrictions can be both applied to and removed from activated ones of the tokens at any time;
initiating, using the token generation application, generation of a first one of the tokens, the first one of the tokens comprising a pointer to the account according to configuration information received through the interface, the first one of the tokens being specific to a designated merchant; and
providing the first one of the tokens to a server of the designated merchant to complete a transaction with the merchant, wherein authorization of the transaction initiated using the first one of the tokens will be denied if received from a merchant other than the designated merchant, and further wherein authorization of the transaction initiated using the first token will be denied if received from a browser other than a provisioned browser.

US Pat. No. 10,397,237

AUTOMATICALLY PROVISIONING NEW ACCOUNTS ON MANAGED TARGETS BY PATTERN RECOGNITION OF EXISTING ACCOUNT ATTRIBUTES

International Business Ma...

10. An apparatus, comprising:a processor;
computer memory holding computer program instructions executed by the processor to reduce risk associated with recertification of an account having an access entitlement, the computer program instructions comprising:
program code operative to retrieve a set of existing account information belonging to respective user accounts of a first set of users;
an attribute pattern discovery component to perform pattern matching on the retrieved set of existing account information to discover attribute patterns in the retrieved set of existing account information, wherein a first pattern matching process extracts user attribute information in the retrieved set of existing account information and a second pattern matching process discovers at least a first attribute pattern within the extracted user attribute information;
program code operative to generate an account template according to the first discovered attribute pattern;
program code operative to use the generated account template to create a new account on the first target for a first user, the first user not a member of the first set of users; and
program code operative to grant the first user access to the first target using the created new account.

US Pat. No. 10,397,236

ANAMOLY DETECTION AND RECOVERY OF A CORRUPTED COMPUTING RESOURCE

Amazon Technologies, Inc....

1. A method of detecting corruption of a resource in a compute service provider environment, the method comprising:generating one or more profiles including resource profiles or user profiles;
setting one or more thresholds representing an acceptable deviation from the one or more profiles;
receiving a request to delete data within the compute service provider;
marking the data as deleted, without releasing the data for reuse, but rejecting requests for access to the data so that it appears to a customer as though the data is deleted, wherein the data is associated with a resource in the compute service provider environment and the marking of the data results in the resource being unavailable to the customer to access and being unavailable for reuse within the compute service provider environment;
searching through log data for requests to delete data;
detecting the request to delete the data and determining whether the request exceeds the one or more thresholds associated with the profiles;
transmitting an alert to the customer informing the customer of the request to delete the data; and
restoring the data at the customer's request by removing the marking.

US Pat. No. 10,397,235

EVENT PROCESSING VIA INDUSTRIAL ASSET CLOUD COMPUTING SYSTEM

General Electric Company,...

1. A method comprising:receiving, at a server computer associated with an industrial asset cloud computing system, a command representing an event, from a mobile device of a plurality of mobile devices, the command comprising instructions for changing a data object in a data domain;
determining, by the server computer, that a session is established that is associated with the mobile device;
storing, by the server computer, the command in a cache associated with the server computer;
determining, by the server computer, a command processor responsible for processing the command;
routing, by the server computer, the command to the command processor responsible for processing the command, wherein the command processor accesses the data domain associated with the command to change the data object in the data domain according to the instructions of the command;
detecting, by the server computer, a state change in the data domain indicating that the data object has been changed;
storing, by the server computer, the changed data object in the cache associated with the server computer; and
preparing, by the server computer, the changed data object to be consumed by mobile devices operated by users authorized to access the data object such that the mobile devices receive the changed data object and the data is updated on local databases of the mobile devices.

US Pat. No. 10,397,234

METHOD AND DEVICE FOR CONTROLLING ACCESS TO DATA IN NETWORK SERVICE PROVIDER SYSTEM

Huawei Technologies Co., ...

1. A method, comprising:receiving an access request for accessing data in a network service provider system, the network service provider system comprising a plurality of data areas, a network service provider-usable data area of the plurality of data areas storing network service provider-usable data, a network service provider-unusable data area of the plurality of data areas storing network service provider-unusable data, the network service provider-usable data area being independent from the network service provider-unusable data area; and
in response to determining that the access request is a user access instruction, acquiring, from the network service provider-usable data of the network service provider-usable data area or the network service provider-unusable data of the network service provider-unusable data area, data requested by the user access instruction; or
in response to determining that the access request is a non-user access instruction, acquiring, from the network service provider-usable data of the network service provider-usable data area, data requested by the non-user access instruction.

US Pat. No. 10,397,232

CONTROLLING USER ACCESS TO COMMAND EXECUTION

Amazon Technologies, Inc....

1. A computer-implemented method comprising:receiving, by a shell aggregator executing on one or more computing systems, a request from a user indicating a command to be executed by each of a plurality of computing nodes that are provided by a network-accessible service for use by the user and that are each executing one or more programs on behalf of the user, wherein execution of the command by each corresponding computing node of the plurality of computing nodes causes each corresponding computing node to gather information regarding itself;
determining, by the shell aggregator and based at least in part on permissions information stored externally to the plurality of computing nodes, that the user is authorized to have the command be executed by each of the plurality of computing nodes;
initiating, by the shell aggregator and in response to the determining, execution of the command by each of the plurality of computing nodes to gather the information, including:
executing the command by a first computing node of the plurality of computing nodes for the user; and
denying execution of the command for the user by a second computing node of the plurality of computing nodes based on additional security information stored locally on the second computing node;
receiving, by the shell aggregator, results including the gathered information from the execution of the command by each of the plurality of computing nodes;
aggregating, by the shell aggregator, the received results to generate aggregated results; and
returning the aggregated results to the user.

US Pat. No. 10,397,231

DIFFERENTIATED CONTAINERIZATION AND EXECUTION OF WEB CONTENT BASED ON TRUST LEVEL AND OTHER ATTRIBUTES

Intel Corporation, Santa...

1. A computing system comprising:network circuitry to access program code from a network;
a storage device to store instructions; and
processor circuitry to execute the instructions to:
determine a level of trust for the program code;
based on the level of trust for the program code, assign at least one of a plurality of containers to store the program code from the network, a first container of the plurality of containers associated with a first level of trust, a second container of the plurality of containers associated with a second level of trust, the second level of trust different from the first level of trust; and
allocate compute resources to execute the program code based on which one of the at least one of the plurality of containers is assigned to store the program code.

US Pat. No. 10,397,230

SERVICE PROCESSOR AND SYSTEM WITH SECURE BOOTING AND MONITORING OF SERVICE PROCESSOR INTEGRITY

International Business Ma...

1. A service processor, comprising:a processor;
a memory coupled to the processor and comprising instructions for executing an operating system kernel having an integrity management subsystem;
secure boot firmware;
an event log storage; and
a tamper-resistant secure trusted dedicated microprocessor, wherein:
the service processor operates to manage a host computing system;
the secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor;
the secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor;
the operating system kernel enables the integrity management subsystem;
the integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor;
the integrity management subsystem records third measurements of boot software executed in the host computing system, in the one or more registers;
the operating system kernel records one or more entries, in the event log storage, identifying one or more events causing at least one of the recording of the first measurements, the recording of the second measurements, or the recording of the third measurements, wherein at least one entry in the one or more entries identifies an event causing the recording of a third measurement associated with boot software executed in the host computing system; and
each entry of the one or more entries comprises an identifier of a corresponding register within the one or more registers where corresponding measurement information is stored for that entry, wherein the entries in the event log storage comprise a register identifier identifying a register where a corresponding measurement is stored, a file hash of an executable file that caused the corresponding measurement to be recorded, and a hint of the full path and filename of the executable file that caused the corresponding measurement to be recorded.

US Pat. No. 10,397,229

CONTROLLING USER CREATION OF DATA RESOURCES ON A DATA PROCESSING PLATFORM

Palantir Technologies, In...

1. A computer system comprising:one or more processors;
one or more non-transitory computer-readable storage media coupled to the one or more processors and storing one or more sequences of instructions which when executed cause performing:
receiving a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource, a user identifier associated with said user, and an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link;
performing verification using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions;
responsive to verifying said user, creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
verifying that said user is permitted to allow access to the data resource by external users;
responsive to verifying that said user is so permitted, creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.

US Pat. No. 10,397,228

SELECTIVELY RESTRICTING COMMUNICATIONS FROM THIRD PARTY APPLICATIONS/DEVICES TO ELECTRONIC DEVICES

Google LLC, Mountain Vie...

1. A method of message rate limiting by a smart-home device, the method comprising:determining, by the smart-home device, one or more device operation status parameters of the smart home device comprising:
a battery level of the smart-home device;
a battery charging rate of the smart-home device;
an age of the smart-home device;
a planned lifespan of the smart-home device;
a recent wireless usage of the smart-home device;
an internal temperature of the smart-home; or
any of the above in relation to an intervening device over which communication to the smart-home device travels; or
any combination thereof;
receiving, by the smart-home device while the smart-home device is in a low-power mode, an incoming communication directed to the smart-home device from a server;
based at least in part on the one or more device operation status parameters, determining, by the smart-home device while the smart-home device is in the low-power mode, to:
transition to a high-power mode; and
consume the received communication;
or:
remain in the low-power mode; and
ignore the communication.

US Pat. No. 10,397,227

TRANSACTION SECURITY SYSTEMS AND METHODS

CUPP Computing AS, Olso ...

1. A method comprising:detecting that a secure transaction device has been coupled to a host system, the host system having a plurality of applications and a first network interface for communicating with a network, the secure transaction device having a second network interface different than the first network interface;
configuring the secure transaction device with network parameters specific to the host system to which the secure transaction device has been coupled, so that when network traffic is communicated via the second network interface the secure transaction device mimics the host system and renders the secure transaction device transparent to the network;
receiving a request from a particular application of the plurality of applications to access a network resource on the network, the network resource being remote from the host system and from the secure transaction device;
if the network resource is an unsecured network resource, then allowing the host system to communicate with the unsecured network resource via the first network interface without requiring the host system to communicate with the unsecured network resource via the second network interface;
if the network resource is a secured network resource, then
configuring the host system to redirect all network traffic to the secure transaction device so that the secure transaction device can manage all the network traffic through the second network interface, thereby preventing the plurality of applications from accessing the network via the first network interface without requiring the host system to communicate with the unsecured network resource via the second network interface;
using a security policy to authenticate the particular application of the plurality of applications as a trusted application authorized to access the secured network resource on the network;
establishing a secure tunnel via the second network interface to the secured network resource on the network;
allowing the trusted application to use the secure tunnel to access the secured network resource; and
preventing untrusted applications of the plurality of applications from accessing the secure tunnel.

US Pat. No. 10,397,226

METHODS AND SYSTEMS USING TRUST-BUT-VERIFY DYNAMIC QUALITY-OF-SERVICE (QOS)

Cisco Technology, Inc., ...

8. A method to provide QoS operations, the method comprising:in response to receipt, at a network port of a first computing device, one or more first inbound traffic associated with a first flow from a second computing device, the one or more first inbound traffic being determined to have a voice or a video component, i) classifying each of the one or more first inbound traffic with an initial high QoS (Quality of Service) PHB (Per-Hop Behavior) marking and ii) transmitting to a third computing device in the network the one or more first inbound traffic with the initial high QoS PHB markings; and
initiating authentication of the first flow as being a preferential flow,
wherein, in response to receiving, during the authentication process, one or more subsequent inbound traffic associated with the first flow from the second computing device, i) classifying the one or more subsequent inbound traffic with the initial high QoS PHB markings and ii) transmitting to the third network device the one or more subsequent inbound traffic with the initial high QoS PHB markings.

US Pat. No. 10,397,225

SYSTEM AND METHOD FOR NETWORK ACCESS CONTROL

Worcester Polytechnic Ins...

1. In an access controller, a method for providing access to a network resource on a computer network, comprising:receiving, by the access controller, a network access request and user interaction information associated with the network access request from a client device, the user access information received with the network access request from the client device over the computer network, the client device being distinct from the access controller on the computer network;
wherein receiving user interaction information associated with the network access request from the client device over the computer network comprises receiving, by the access controller, macroevent information associated with the network access request from the client device, the macroevent information identifying user intent associated with the network access request;
wherein receiving macroevent information associated with the network access request from the client device further comprises receiving, by the access controller, microevent information associated with the network access request from the client device, the microevent information related to the macroevent information via the user interaction information and identifying at least one user-generated event associated with the macroevent information and the microevent information comprising input and output (I/O) control flow commands identifying user-initiated interaction, including at least one of I/O patterns and I/O statistics, between the client device and at least one of a hardware device associated with the client device and a graphical user interface associated with the client device;
identifying, by the access controller, a policy corresponding to the macroevent information and the microevent information; and
based upon the identified policy corresponding to the macroevent information and the microevent information, one of providing communication, by the access controller, between the client device and the network resource associated with the network access request, providing, by the access controller, the network access request to a network router, and diverting, by the access controller, traffic associated with the client device through a security monitor.

US Pat. No. 10,397,224

NETWORK PERSONAL DIGITAL VIDEO RECORDER SYSTEM (NPDVR)

Oath Inc., Dulles, VA (U...

1. A computer-implemented method comprising the following operations performed by at least one processor:receiving, from a client system, a request to transfer a first file stored on a host server to a database system, wherein the transfer request is transmitted to a proxy server for isolating the transfer request via a proxy server process, wherein the transfer request is further transmitted to a load balancer for transmitting the transfer request to a least-loaded host server, wherein the transfer request includes an identifier that identifies the first file and an identifier of a user of the client system, and wherein the database system being located remotely from the host server and the client system;
transferring, using a communications network, the first file from the host server to the database system, the database system being adapted to store the first file in a storage area allocated to the identified user of the client system;
receiving, from the client system, a request to access the first file stored on the database system, the request to access the first file including authentication data associated with the user;
verifying the authenticating data associated with the user; and
permitting, in response to verifying the user, the client system to access the first file stored on the database system.

US Pat. No. 10,397,223

METHOD FOR ESTABLISHING AN AUTHORIZED COMMUNICATION BETWEEN A PHYSICAL OBJECT AND A COMMUNICATION DEVICE ENABLING A WRITE ACCESS

Alcatel Lucent, Nozay (F...

1. A method for establishing an authorized communication between a physical object and a communication device, wherein the physical object and the communication device both comprise a data processing unit, a contact communication interface and a wide area network interface, the method comprising:establishing a physical connection between the physical object and the communication device through the contact communication interface of the physical object and the contact interface of the communication device,
transmitting authorization data between the physical object and the communication device through the physical connection to grant access rights over the physical object to the communication device using the authorization data,
wherein the access rights enable the communication device to make a write access to protected data of the physical object through the wide area network interface of the physical object and the wide area network interface of the communication device, wherein the protected data comprise an extension module, and wherein the access rights enable the communication device to install a software module in the extension module of the physical object through the wide area network interface, the software module being adapted to provide to the physical object a function associated with hardware capabilities of the physical object,
wherein the method further comprises transmitting the software module from the communication device to the physical object to be installed in the extension module, wherein, in order to install the software module, the communication device identifies a matching software module in a software database.

US Pat. No. 10,397,222

AUTHENTICATING A LIMITED INPUT DEVICE VIA AN AUTHENTICATED APPLICATION

GoPro, Inc., San Mateo, ...

1. A system, comprising:an authenticated application executing on a first device;
a camera paired with the authenticated application using a first device identifier, the authenticated application configured to enable a user to control one or more camera functions of the camera by interacting with the authenticated application; and
a computer program product comprising a non-transitory computer-readable storage medium having instructions encoded thereon that, when executed by a processor, causes the processor to:
in response to receiving a request including the first device identifier from the authenticated application for a one-time authorization code, transmit the one-time authorization code to the authenticated application,
receive a request for an access token from the camera, the request including the one-time authorization code and a second device identifier,
in response to verifying the one-time authorization code by determining that the second device identifier matches the first device identifier, authenticate the camera by providing the camera with the access token,
associate the access token with a user account,
receive one or more images associated with the user account from the camera, and
in response to determining that the access token has expired, receive a refresh token from the camera and provide a new access token to the camera.

US Pat. No. 10,397,220

FACIAL PROFILE PASSWORD TO MODIFY USER ACCOUNT DATA FOR HANDS-FREE TRANSACTIONS

GOOGLE LLC, Mountain Vie...

1. A computer-implemented method to enable updates to user account information in response to facial image verification of users located at service system locations, comprising, by one or more computing devices operated by an account management system:receiving, from a user computing device, an account identifier corresponding to a user account associated with a user associated with the user computing device and a beacon device identifier, the user computing device retransmitting the beacon device identifier received via a network from a beacon device at a location associated with the beacon device identifier;
retrieving, an existing facial template associated with the user account based on the account identifier corresponding to the user account;
adding, the retrieved existing facial template to a current customer log of one or more existing facial templates corresponding to user computing devices that retransmitted the beacon device identifier to the one or more computing devices;
receiving, from a service computing device, a request for the current customer log;
transmitting, to the service computing device, the current customer log, the current customer log comprising the retrieved existing facial template associated with the user account, the service computing device identifying the user account based on determining that a degree of similarity between a facial template generated based on a capture of a facial image of the user and the retrieved existing facial template is greater than or equal to a predetermined threshold amount;
receiving, from the service computing device at the location, the account identifier corresponding to the user account, updated account data, and a request to update existing account data in the user account;
and replacing one or more items of the existing account data in the user account with the updated account data.

US Pat. No. 10,397,216

SYSTEMS AND METHODS FOR PERFORMING SECURE BACKUP OPERATIONS

Veritas Technologies LLC,...

1. A computer-implemented method for performing secure backup operations, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:determining a trust level of a backup client by identifying at least one security characteristic of the backup client;
deploying a signed certificate on the backup client that enables the backup client to facilitate backup operations with a security level that corresponds to the trust level of the backup client;
identifying a backup server that has been designated to perform a backup task for the backup client;
prior to facilitating the backup task on the backup client:
identifying a type of signed certificate deployed on the designated backup server;
determining, based on a security level with which the type of signed certificate enables the designated backup server to perform backup operations, a trust level of the designated backup server;
identifying a sensitivity level of the backup task based at least in part on a type of data involved in the backup task; and
determining whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task; and
facilitating the backup task on the backup client based on at least one of:
the determination of whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task; and
a determination of whether the security level of the signed certificate deployed on the backup client is appropriate for the sensitivity level of the backup task.

US Pat. No. 10,397,214

COLLABORATIVE SIGN-ON

INTERNATIONAL BUSINESS MA...

1. A method, comprising:responsive to a user providing at least one authentication credential to a second system during an attempt to log into a first online account hosted by the second system, receiving, by a first system comprising at least one processor, an authentication approval request from the second system;
responsive to receiving the authentication approval request from the second system, determining, by the first system, whether the user is required to be logged into at least a second online account hosted by at least a third system unrelated to the second system in order to approve the authentication approval request;
responsive to determining that the user is required to be logged into at least the second online account hosted by at least the third system in order to approve the authentication approval request, determining, by the first system, whether the user presently is logged into at least the second online account hosted by at least the third system in at least one presently active user session;
responsive to determining that the user presently is logged into at least the second online account hosted by at least the third system in at least one presently active user session, communicating to the second system a response to the authentication approval request indicating that the user is approved for authentication with the second system to log into the first online account hosted by the second system;
responsive to the user providing at least one authentication credential to a fourth system during an attempt to log into a third online account hosted by the fourth system, receiving, by the first system, a second authentication approval request from the fourth system;
responsive to receiving the second authentication approval request from the fourth system, determining, by the first system, whether the user is required to be logged into at least a fourth online account hosted by at least a fifth system unrelated to the fourth system in order to approve the second authentication approval request;
responsive to determining that the user is required to be logged into at least the fourth online account hosted by at least the fifth system in order to approve the authentication approval request, determining, by the first system, whether the user presently is logged into at least the fourth online account hosted by at least the fifth system in at least one presently active user session; and
responsive to determining that the user presently is not logged into at least the fourth online account hosted by the at least the fifth system in at least one presently active user session, communicating to the fourth system a response to the authentication approval request indicating that the user is not approved for authentication with the fourth system to log into the third online account hosted by the fourth system.

US Pat. No. 10,397,212

INFORMATION DEVICE, DATA PROCESSING SYSTEM, DATA PROCESSING METHOD, AND NON-TRANSITORY STORAGE MEDIUM FOR EXECUTING CONTENT UPON AUTHENTICATION

PANASONIC INTELLECTUAL PR...

1. An information device comprising:a reader that reads, from a removable medium, ticket data provided from a server, the ticket data being provided from the server upon successful authentication, and the ticket data including information representing an executable content that is to be executable upon the successful authentication; and
a data processor that
executes the executable content represented in the ticket data, and
stores, in the removable medium, first identification information of the information device and additional data having a value that differs depending on a timing, wherein the ticket data further includes
information representing a number of times that the executable content is permitted to be executed or a period during which the executable content is permitted to be executed,
the additional data and second identification information set by the server based on the first identification information, and
first ticket data and second ticket data that differs from the first ticket data,
wherein the additional data includes first additional data and second additional data that differs from the first additional data, and
wherein the data processor
executes the executable content within the number of times that the executable content is permitted to be executed or within the period during which the executable content is permitted to be executed, when the second identification information included in the ticket data matches the first identification information,
links, when the executable content is executed based on the first ticket data, first information regarding a number of times the executable content is executed to the first additional data included in the first ticket data, and records the first information, and
links, when the executable content is executed based on the second ticket data, second information regarding a number of times the executable content is executed to the second additional data included in the second ticket data, and records the second information.

US Pat. No. 10,397,210

METHOD, DEVICE, CLIENT AND SERVER FOR INTERACTION

TENCENT TECHNOLOGY (SHENZ...

1. An interaction method, comprising:scanning, by a client, a target two-dimensional code to acquire a uniform resource locator(URL) in the target two-dimensional code;
sending, by the client, the URL to a third-party server;
receiving, by the client, multifunction interaction information that is returned from the third-party server according to the URL, wherein each piece of the multifunction interaction information comprises interaction type information; and
interacting, by the client, with the third-party server based on the multifunction interaction information,
wherein the interaction type information comprises information indicating at least one of an interaction application and a webpage application developed by a third party, the method further comprising:
sending, by the client, to an interconnection server at least one of an interaction application identifier and a signature file of the third party included in the multifunction interaction information;
based on a result of authentication of the third party by the interconnection server according to the at least one of the interaction application identifier and the signature file of the third party, sending, by the client, to the third-party server a request for opening a jump URL corresponding to an application indicated by the interaction type information and an authorization token; and
receiving and displaying, by the client, a jump webpage, which contains a login state of a user of the client, returned from the third-party server, the login state of the user of the client being obtained from the interconnection server according to the request and the authorization token.

US Pat. No. 10,397,209

RISK-AWARE MULTIPLE FACTOR AUTHENTICATION BASED ON PATTERN RECOGNITION AND CALENDAR

International Business Ma...

1. A method comprising:storing in a database security questions and corresponding user response data;
determining an accuracy score for each of a plurality of security questions previously answered by the user, the accuracy score being based in part on at least one of an amount of queries for a particular security question and a number of correct responses by the user;
ranking the security questions based on the accuracy scores;
receiving by an interface a login name from a user;
determining whether a state of the user is impaired;
selecting by a processor at least one security question regarding recent activity performed by the user, said selecting of the at least one security question includes selecting at least one impaired security question when a cognitive state of the user is impaired, the impaired security question having an accuracy score below a predetermined threshold;
receiving by the interface an answer to the at least one security question from the user;
determining by the processor whether the answer matches data stored in a user transaction database that is associated with the login name of the user.

US Pat. No. 10,397,208

AUTHENTICATION VIA ITEM RECOGNITION

PayPal, Inc., San Jose, ...

1. A system for authenticating a user, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
receiving, from a mobile device of a user, a request for accessing a user account;
in response to receiving the request, obtaining an image captured by a camera of the mobile device;
applying one or more image recognition algorithms to the captured image to extract a first set of features related to a first item in the captured image;
comparing the first set of features to stored features associated with a plurality of reference items designated for authenticating the user of the user account to determine that the first item in the captured image matches a first reference item in the plurality of reference items;
applying the one or more image recognition algorithms to the captured image to extract a second set of features related to a second item in the captured image;
comparing the second set of features to the stored features associated with the plurality of reference items designated for authenticating the user of the user account to determine that the second item in the captured image matches a second reference item in the plurality of reference items, wherein the first and second reference items are associated with a reference location;
determining a color of a third item in the captured image;
determining that a location of the mobile device corresponds to the reference location associated with the first and second reference items based at least in part on the color of the third item in the captured image;
determining, based on analyzing the captured image, that the first item and the second item are within a geographical boundary associated with the location of the mobile device;
in response to determining that the location of the mobile device corresponds to the reference location and that the first item and the second item are within the geographical boundary, granting the mobile device access to the user account according to a first access level;
retrieving additional descriptions of the first reference item, wherein the additional descriptions represent one or more characters or symbols appearing on the first reference item;
applying at least one of an optical character recognition algorithm or a pattern recognition algorithm to a portion of the captured image representing the first item to extract a third set of features related specifically to the first item, wherein the third set of features comprises at least one of a character or a symbol that appears on the first item;
comparing the third set of features against the additional descriptions associated with the first reference item to determine that the third set of features matches the additional descriptions; and
in response to determining that the third set of features matches the additional descriptions, granting the mobile device access to the user account according to a second access level that is less restrictive than the first access level.

US Pat. No. 10,397,207

AUTOMATIC CREDENTIAL ROTATION

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, from a client device associated with a user, a first request for access to one or more resources in a resource provider environment, the first request including a first credential string and a first iteration number, the first iteration number corresponding to a first random number, the first credential string corresponding to the output of a key stretching algorithm operated on a user access credential for a number of iterations corresponding to the first iteration number;
storing the first credential string and the first iteration number;
receiving, from the client device, a second credential string and a second random number, a second iteration number corresponding to a sum of the first iteration number and the second random number, the second credential string corresponding to the output of the key stretching algorithm operated on the user access credential for a number of iterations corresponding to the second iteration number;
generating a local copy of the second credential string using the first credential string processed a further number of iterations of the key stretching algorithm corresponding to the second random number, wherein the local copy has undergone a total of the second iteration number of the key stretching algorithm with respect to the user access credential;
determining that the second credential string, received from the client device, is the same as the local copy of the second credential string;
granting, in response to the second request, access to the one or more resources.

US Pat. No. 10,397,206

SYMMETRIC ENCRYPTION KEY GENERATION/DISTRIBUTION

Red Hat, Inc., Raleigh, ...

1. A method for exchanging encrypted information between a first computing device and a second computing device comprising:both computing devices having input parameters including: a shared secret, a prime bounding integer, a generator, a first group constant, and a second group constant, wherein the input parameters are respectively used to generate a first private key, a second private key, a first public key, and a second public key;
the second computing device receiving an encrypted message from the first computing device;
the second computing device generating the second private key;
the second computing device generating the second public key, using the generator, the shared secret, the first group constant, and the second private key;
the second computing device sending the second public key to the first computing device;
the first computing device using the second public key from the second computing device, the first group constant, the shared secret, the first private key, and the second constant to generate the first public key;
the second computing device receiving the first public key from the first computing device;
the second computing device using the first public key, the shared secret, the second group constant, and the second private key to calculate a session key; and
the second computing device decrypting the encrypted message with the session key.

US Pat. No. 10,397,203

RECEPTION DEVICE AND RECEPTION METHOD

FUJITSU LIMITED, Kawasak...

1. A reception device comprising:a memory which stores, for each of at least one function handling confidential information, a stored program module implementing a corresponding function, and first and second stored version numbers of the stored program module;
a receiver configured to receive a conditional access system program being encrypted and used to execute a process related to the confidential information, and a notification signal notifying of delivery of the conditional access system program and including delivery destination information identifying a delivery destination of the conditional access system program which includes, for each received program module in the conditional access system program, first and second received version numbers of the received program module;
a processor configured to
determine whether the reception device is a delivery target of the conditional access system program on the basis of the delivery destination information included in the notification signal, and
prepare for receiving the conditional access system program when the reception device is the delivery target of the conditional access system program; and
an information protection circuit configured to
determine whether the reception device is a use target of the conditional access system program with reference to the identification information included in the conditional access system program, and
decrypt the conditional access system program when the reception device is the use target of the conditional access system program, including when either of the first and second received version numbers of the received program module in the conditional access system program is larger than the first and second stored version numbers, respectively, of the stored program module corresponding thereto, decrypt the received program module to obtain a decrypted program module,
delete the stored program module in the memory corresponding to the received program module in the conditional access system program only when the second received version number of the received program module is larger than the second stored version number of the stored program module in the memory corresponding thereto; and
store the decrypted program module in the memory.

US Pat. No. 10,397,202

SECURE COMMUNICATION CHANNELS

BlackBerry Limited, Wate...

1. A method of negotiating a secure device-to-device communications channel between a first computing device and a second computing device, the first computing device being associated with a first user and the second computing device being associated with a second user, the method comprising:receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with a first computing device, the first connection request being received over a first secure communications channel;
receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with a second computing device, the second connection request being received over a second secure communications channel; and
determining, on the basis of an identity of the first user and an identity of the second user, that the secure device-to-device communication channel is permitted and, dependent on a determination that the secure device-to-device communication channel is permitted:
sending, from the server, first connection data to the first computing device over the first secure communications channel; and
sending, from the server, second connection data to the second computing device over the second secure communications channel; and
wherein the first connection data comprises the second address data and second cryptographic key, and the second connection data comprises the first address data and first cryptographic key, the first and second connection data being for use in enabling establishment of a secure device-to-device communications channel between the first computing device and the second computing device.

US Pat. No. 10,397,201

SENDING ENCRYPTED DATA TO A SERVICE PROVIDER

ENTIT SOFTWARE LLC, Sunn...

1. A computer program product for sending encrypted data to a service provider, comprising:a non-transitory computer readable storage medium, said non-transitory computer readable storage medium comprising computer readable program code embodied therewith, said computer readable program code comprising program instructions that, when executed, causes a processor to:
exchange an encryption key between an entity and a service provider without retaining said encryption key and while hiding an identity of said entity from said service provider; and
forward encrypted data based on said encryption key to said service provider from said entity while hiding said identity of said entity from said service provider.

US Pat. No. 10,397,199

INTEGRATED CONSENT SYSTEM

MICROSOFT TECHNOLOGY LICE...

1. A method performed by a computing system for creating an account for a user with an identity provider, the method comprising:receiving a request to create an identity provider account with the identity provider for use in logging onto a third-party system;
generating one or more display pages for providing an integrated-consent user experience that includes at least one of the one or more display pages for collecting both new-account information and scope-of-consent information for consenting to share account information with the third-party system;
receiving, from the user and through the one or more display pages, the new-account information that includes user credentials for the identity provider account and a scope of consent to share account information of the identity provider account with the third-party system;
based on receipt of the new-account information and a consent by the user to share account information as noted by the scope of consent, creating for the user, the identity provider account; and
recording an indication of the scope of consent, wherein when the user subsequently signs in to the third-party system using the user credentials for the identity provider account, the third-party system accesses account information of the identity provider account based on the user having provided the scope of consent.

US Pat. No. 10,397,195

METHOD AND SYSTEM FOR SHARED KEY AND MESSAGE AUTHENTICATION OVER AN INSECURE SHARED COMMUNICATION MEDIUM

Robert Bosch GmbH, Stutt...

1. A method for shared key generation with authentication comprising:generating, with a processor in a gateway node communicatively connected to a first node and a second node through a shared communication medium, a first set of pseudo-random data corresponding to expected transmissions from the first node based on a predetermined one-way function applied to a first shared key between the first node and the gateway node;
identifying, with the processor in the gateway node, a plurality of bits transmitted from the second node based on a plurality of signals received by a transceiver in the gateway node communicatively connected to the shared communication medium, the plurality of signals corresponding to a plurality of simultaneous transmissions from the first node and the second node to generate a shared key between the first node and the second node, each simultaneous transmission including the first node transmitting at least one first bit at a transmit time and the second node transmitting at least one second bit at the transmit time, wherein the at least one first bit and the at least one second bit are transmitted through the shared communication medium at the same time;
identifying, with the processor in the gateway node, a plurality of expected bit values for at least a portion of the second plurality of bits transmitted from the second node based at least in part on applying the predetermined one-way function to a combination of shared secret data between the gateway node and the second node stored in a memory of the gateway node with another set of random data generated by the second node;
authenticating, with the processor in the gateway node, the second node in response to the plurality of bits transmitted from the second node matching the plurality of expected bit values;
generating, with a random number generator in the gateway node, a plurality of random bits of data;
exchanging, with the transceiver in the gateway node the plurality of random bits with the first node by transmitting the plurality of random bits while receiving another plurality of random bits during simultaneous transmissions from the first node to produce a plurality of shared bits between the gateway node and the first node;
generating, with the processor in the gateway node, the first shared key between the gateway node and the first node by applying the one-way function to a combination of shared secret data between the gateway node and the first node stored in the memory of the gateway node and the plurality of shared bits between the gateway node and the first node;
generating, with the random number generator in the gateway node, a nonce value;
generating, with the processor in the gateway node, an encrypted version of the nonce value using the first shared key;
transmitting, with the transceiver in the gateway node, the encrypted version of the nonce value to the first node;
receiving, with the transceiver in the gateway node, a transformed nonce value from the first node, the transformed nonce corresponding to a predetermined numeric transformation applied to the nonce value by the first node after the first node decrypts the encrypted version of the nonce using the first shared key; and
authenticating, with the processor in the gateway node, the first node in response to the transformed nonce value received from the first node matching another transformed nonce value generated by the processor in the gateway node applying the predetermined numeric transformation to the nonce value generated by the random number generator in the gateway node.

US Pat. No. 10,397,194

DYNAMIC TRANSMISSION OF ENCRYPTED DATA

eBay Inc., San Jose, CA ...

1. A system comprising:a processor;
a communication interface coupled to the processor;
memory coupled to the processor and storing instructions that, when executed by the processor, cause the system to perform operations comprising:
receiving, via the communication interface, a data packet comprising encrypted data, the system not being located within a transmission range of a source computing device when the encrypted data packet is received by the system;
establishing, subsequent to receiving the encrypted data packet and in response to the system moving within the transmission range of the source computing device, communication with the source computing device via the communication interface;
in response to establishing communication with the source computing device, transmitting to the source computing device, via the communication interface, a request for decryption information for decrypting the encrypted data packet; and
based on receiving the decryption information from the source computing device, decrypting the encrypted data packet based on the decryption information.

US Pat. No. 10,397,193

BLIND CLOUD DATA LEAK PROTECTION

SONICWALL INC., Milpitas...

1. A method for blind data leak prevention, the method comprising:receiving at a first computing device that is external to a secure network:
a rule sent from a second computing device inside the secure network and encrypted based on a first encryption key, wherein the first encryption key is accessible to the second computing device but not accessible to the first computing device; and
encrypted data from the second computing device, wherein the received encrypted data is encrypted based on the first encryption key by:
identifying that the encryption based on the first encryption key occurs in byte groups of a predetermined number of bytes in size, and
applying the encryption a number of times corresponding to a predetermined number of bytes and resulting in a plurality of encrypted versions, each encrypted version beginning at an offset of a different number of bytes up to the predetermined number of bytes by:
identifying a final number of bytes in a last byte group of each encryption,
identifying that the identified final number of byes does not yet equal the predetermined number of bytes; and
prepending one or more preceding bytes to the last byte group until the final number of bytes equal the predetermined number of bytes; and
executing instructions stored in memory of the first computing device, wherein execution of the instructions by a processor of the first computing device:
evaluates the received encrypted data to identify that the received encrypted data corresponds to the rule, wherein the received encrypted data remains encrypted during the evaluation; and
processes the received encrypted data based on the identification that the received encrypted data corresponds to the rule, wherein the received encrypted data remains encrypted during processing.

US Pat. No. 10,397,191

PASSING CONTENT SECURELY FROM WEB BROWSERS TO COMPUTER APPLICATIONS

Adobe Inc., San Jose, CA...

1. A method of securing digital content passed between a web browser, a server, and a local application by extracting information embedded within digital file names, comprising:selecting, via a client device, one or more digital files from a remote server, the remote server requiring login credentials to access the one or more digital files and the one or more digital files corresponding to a native software application that requires access credentials to access the native software application;
upon providing the login credentials, receiving the one or more digital files, the one or more digital files comprising an identifier embedded within a file name of the one or more digital files;
in response to accessing the one or more digital files via the client device, utilizing the identifier embedded within the file name to automatically access the native software application by:
extracting the identifier embedded within the file name of the one or more digital files;
sending the identifier extracted from within the file name of the one or more digital files to one or more servers to obtain the access credentials required to access the native software application associated with the one or more digital files; and
using the access credentials to automatically access the native software application corresponding to the one or more digital files.

US Pat. No. 10,397,190

SYSTEM AND METHOD FOR GENERATING AN OBFUSCATED OPTICAL SIGNAL

HUAWEI TECHNOLOGIES CO., ...

1. A method performed at an optical transmitter comprising:receiving an optical signal carrying data for transmission;
performing a time-varying modification of the optical signal carrying the data to generate an obfuscated optical signal; and
transmitting the obfuscated optical signal;
wherein the time-varying modification is performed in accordance with a plurality of values corresponding to a respective plurality of values for use in at least partially deobfuscating the obfuscated optical signal to allow for detection of the data carried by the received optical signal; and
wherein the optical signal has a first polarization and a second polarization, and wherein performing the time-varying modification of the optical signal comprises applying a first time-varying modification to the first polarization, and when applying the first time-varying modification to the first polarization, either: applying no modification to the second polarization or applying a second modification, different from the first time-varying modification, to the second polarization.

US Pat. No. 10,397,189

PEERED VIRTUAL PRIVATE NETWORK ENDPOINT NODES

Amazon Technologies, Inc....

1. A system, comprising:a plurality of computing devices within a provider network to execute a plurality of virtual machines; and
one or more computing devices within the provider network and configured to execute a provisioning service and a health monitoring service;
wherein, in response to a request to a first application programming interface (API), the provisioning service is configured to launch a first fault tolerant virtual private network endpoint (VPNe) node as a pair of VPNe virtual machines on separate host computers within the provider network, wherein a first of the virtual machines within the pair is configured to communicate encrypted packets over a secure tunnel and a second virtual machine in the pair is synchronized to an encryption key used by the first virtual machine for encryption and decryption of packets sent and received over the secure tunnel;
wherein, in response to a request to a second API, the provisioning service is configured to create a second fault tolerant VPNe node as a pair of VPNe virtual machines on separate host computers and to peer the second fault tolerant VPNe node to the first fault tolerant VPNe node via the secure tunnel over a public network; and
wherein the health monitoring service is configured to determine a health status of the each of the virtual machines in each pair of virtual machines of the first and second fault tolerant VPNe nodes and, upon determination of a failure of a virtual machine of a given pair that is implementing the secure tunnel, initiate a fail-over to the other VPNe virtual machine of the pair.

US Pat. No. 10,397,188

ACCESS CONTROL APPARATUS, SYSTEM, AND METHOD

Huawei Technologies Co., ...

1. An apparatus comprising:a receiver configured to:
receive a first service chain forwarding rule from a controller, wherein the first service chain forwarding rule comprises a first service chain identifier corresponding to a terminal, and a first identifier of a first access network element, wherein the first identifier of the first access network element corresponds to the first service chain identifier; and
receive a first packet from a classifier, wherein the first packet carries a service chain identifier;
a processor configured to:
when the service chain identifier carried in the first packet matches the first service chain identifier in the first service chain forwarding rule, determine, according to the first identifier of the first access network element, that the first packet is to be sent to the first access network element; and
a transmitter configured to forward the first packet to the first access network element.

US Pat. No. 10,397,187

BLOCKING AUTOMATED ATTACKS WITH FORCED USER INTERACTION

SHAPE SECURITY, INC., Mo...

1. A method comprising:obtaining an API function associated with a service provided by a supporting server computer system;
generating a modified API function corresponding to the API function that also requires a unique end-point identifier (UEIN) argument;
managing UEIN data for a plurality of UEINs, each UEIN of the plurality of UEINs associated with a specific computing device of a plurality of authorized computing devices;
receiving, from a first computing device, a first modified API call corresponding to the modified API function, the first modified API call comprising a first UEIN associated with a first authorized computing device of the plurality of authorized computing devices;
verifying that the first computing device corresponding to the first modified API call is the first authorized computing device associated with the first UEIN;
in response to verifying that the first computing device is the first verified computing device, forwarding the first modified API call to the supporting server computer system by making a first API call corresponding to the API function to the supporting server computer system;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,397,186

METHODS FOR INTERNET COMMUNICATION SECURITY

Stealthpath, Inc., Resto...

1. A product for securing communication between at least two networked computing devices, the product comprising at least one non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code when executed on the at least two networked computing devices performs communication management operations on the at least two networked computing devices, the communication management operations comprising:i) forming a configured communication pathway by configuring a pre-established communication pathway to be limited to dedicated communication of application data between a networked first user-application on a first computing device and a second user-application on a networked second computing device via a series of transport layer ports that are dedicated to communication of the application data, the first user-application operated by a first user and the second user-application operated by a second user, the configuring comprising:
a) executing application space commands by the first user-application on the first computing device, comprising:
I) causing a network stack of the first computing device to send a first configuration packet from the first user-application to the second computing device via the pre-established communication pathway, the first configuration packet containing a nonpublic first device identifier for the first computing device in an application layer portion of the first configuration packet;
II) receiving, after the network stack sends the first configuration packet, a second configuration packet from the second computing device, the second configuration packet containing a nonpublic second device identifier for the second computing device in an application layer portion of the second configuration packet;
III) confirming that the second computing device is authorized to communicate with the first user-application, comprising: matching the nonpublic second device identifier to a preconfigured nonpublic second device code for the second computing device;
IV) further causing the network stack to send a third configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the third configuration packet containing a nonpublic first user-application identifier in an application layer portion of the third configuration packet, wherein the nonpublic first user-application identifier is unique to the first user-application, the first user, one or more content requirements for the application data, and a series of port numbers assigned to the series of dedicated transport layer ports;
V) further receiving, after the network stack sends the third configuration packet, a fourth configuration packet from the second computing device, the fourth configuration packet containing a nonpublic second user-application identifier in an application layer portion of the fourth configuration packet; and
VI) further confirming that the second user-application is authorized to receive the application data from the first user-application, comprising: further matching the nonpublic second user-application identifier to a preconfigured nonpublic second user-application code, wherein the preconfigured nonpublic second user-application code is unique to the second user-application, the second user, the one or more content requirements for the application data, and the series of port numbers; and
b) further executing kernel space commands on the second computing device to verify that the second user-application is authorized to receive the application data from the first user-application, comprising: obtaining the nonpublic first user-application identifier from the application layer portion of the third configuration packet and matching the obtained nonpublic first user-application identifier to a preconfigured nonpublic first user-application code; and
ii) transmitting the application data via the configured communication pathway from the first user-application to the second user-application.

US Pat. No. 10,397,185

SCALABLE CLOUD HOSTED METADATA SERVICE

EMC IP HOLDING COMPANY LL...

1. A system for protecting data in a cloud environment, the system comprising: one or more hardware processors; and a plurality of services comprising computer-executable instructions that, when executed by one or more hardware processors, protect the data, the services including: a gateway service configured to receive a request from a client; a plurality of queues, the plurality of queues including a global request queue and a session request queue; a stream service configured to receive the request from the gateway service, wherein the stream service is configured to evaluate headers included in the request and place the request in one of the plurality of queues based on the header; and a plurality of workers, wherein any of the plurality of workers can service the request when the request is placed in the global request queue and wherein only a particular worker associated with a session associated with the session request queue can service the request when the request is in the session request queue.

US Pat. No. 10,397,184

MOBILITY MANAGEMENT USING IDENTIFIER-LOCATOR ADDRESSING (ILA)

Verizon Patent and Licens...

1. A device, comprising:one or more processors to:
receive, from a network device, a request to establish an internet protocol (IP) session for a user device;
allocate at least one of:
an IP address for the user device, or
a first tunnel endpoint identifier associated with a tunnel that is to be used during the IP session,
the IP address including:
 a first set of bits associated with a location identifier, and
 a second set of bits associated with a device identifier;
provide a response to the network device to cause the network device to establish an uplink portion of the IP session,
the response including at least one of:
the IP address, or
the first tunnel endpoint identifier;
receive, from the network device, a request that includes a second tunnel endpoint identifier associated with the tunnel,
where the second tunnel endpoint identifier is associated with establishing a downlink portion of the IP session;
provide at least one of the IP address, the first tunnel endpoint identifier, or the second tunnel endpoint identifier to be stored using a data structure;
provide a response to the network device to cause the network device to establish the downlink portion of the IP session; and
perform one or more actions associated with managing the IP session,
where one or more of the IP address, the first tunnel endpoint identifier, or the second tunnel endpoint identifier are used to make routing decisions during the IP session.

US Pat. No. 10,397,183

METHOD AND SYSTEM FOR ENABLING MEDIA OPTIMIZATION IN A CLOUD CONFERENCE

Cisco Technology, Inc., ...

1. An endpoint operable with a network device and a conference controller, the endpoint comprising:a processor; and
a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, cause the processor to:
send a relay address allocation request comprising a unique session identifier to the network device, wherein the unique session identifier identifies a conference session joined by the endpoint for media streaming;
receive a relay address allocation response from the network device in response to sending the relay address allocation request, wherein the relay address allocation response comprises at least a relay candidate that includes a relay transport address allocated to the endpoint and is mapped with the unique session identifier;
send a session offer message to the conference controller, wherein the session offer message comprises at least the relay transport address to be used as a destination address for the endpoint;
receive a session response message from the conference controller in response to sending the session offer message, wherein the session response message comprises an IP address of the conference controller mapped with the relay candidate;
send a create permission request to the network device, wherein the create permission request comprises the IP address of the conference controller as source address for receiving the one or more media stream packets by the network device;
receive a permission response from the network device confirming the validity of the IP address of the conference controller as source IP address;
send a channelbind request to the network device, wherein the channelbind request comprises a unique channel number of a channel available for binding;
receive a channelbind response from the network device indicating binding of the channel having the unique channel number for receiving the one or more media stream packets from the network device; and
receive one or more media stream packets relayed from the network device via the destination address identified by the unique session identifier.

US Pat. No. 10,397,182

METHOD AND PROCEDURE TO IDENTIFY A SOURCE ACROSS A NETWORK ADDRESS TRANSLATION DEVICE

Sprint Communications Com...

1. A computerized method carried out by at least one server having one or more processors for identifying, to an external device, a client device having an external IP address assigned by a Network Address Translation (NAT) device, the method comprising:receiving, at a NAT device, a request from a client device to access an external device;
providing, by the NAT device, an external IP address assigned to the client to access the external device;
communicating, by the NAT device, an internal IP address assigned to the client device and placed in an option field of the external IP address;
providing, by the NAT device, a second external IP address assigned to the client to access the external device;
communicating, by the NAT device, the internal IP address assigned to the client device in the option field of the external IP address;
receiving, at the NAT device, a second request from the external device to communicate with the client device, the second request including the internal IP address assigned to the client device;
receiving the second request, at the client mapping repository, for the identification of the client device; and
communicating, from the client mapping repository, the identification of the client device.

US Pat. No. 10,397,180

DNS RENDEZVOUS LOCALIZATION

Level 3 Communications, L...

1. A method of serving content comprising:obtaining a portional use relationship between a plurality of client devices within a first autonomous system and a plurality of resolvers within the first autonomous system;
obtaining a distance relationship between the plurality of client devices and a plurality of content serving locations in a second autonomous system, the distance relationship with respect to at least one egress gateway of the second autonomous system and to which content from at least one of the content serving devices egresses to the first autonomous system; and
obtaining a network relationship between the plurality of resolvers and the plurality of content serving locations using the portional use relationship and the distance relationship, the relationship used to resolve a content request from the plurality of client devices.

US Pat. No. 10,397,178

INTERNET INFRASTRUCTURE SURVEY

Citrix Systems, Inc., Fo...

1. A method for surveying Internet access quality, comprising:receiving at a DNS nameserver a DNS query for the resolution of a pseudo-hostname, wherein the pseudo-hostname is a fully qualified domain name (FQDN) that comprises an indicator of an access quality measurement and a parameter identifying an infrastructure associated with the access quality measurement;
extracting, from the pseudo-hostname, data including the indicator of the access quality measurement and the parameter identifying the infrastructure associated with the access quality measurement; and
generating an access quality profile using the extracted data.

US Pat. No. 10,397,177

MATTER MESSAGE NOTIFICATION METHOD, APPARATUS, AND DEVICE

TENCENT TECHNOLOGY (SHENZ...

1. An event message notification method performed at a terminal having one or more processors and memory storing one or more programs to be executed by the one or more processors, the method comprising:displaying a group chat interface in an instant messaging application, the group chat interface including an affordance for opening an event message editing interface;
in response to detecting a triggering event associated with the affordance:
displaying the event message editing interface, the event message editing interface including an editing item used for editing event content, an editing item used for adding a target user, and an editing item used for adding a file;
generating an event message in accordance with user-provided event content through the editing item used for editing the event content, one or more user-selected target users selected from participants of the group chat through the editing item used for adding a target user, and one or more user-selected files through the editing item used for adding a file;
adding a confirmation tag to the generated event message to indicate that only the user-selected target users are prompted to instantly view and confirm receipt of the event message;
sending the event message and the confirmation tag to a server, wherein the server performs steps including:
sending, by the server, the event message with a prompting tag corresponding to the confirmation tag to only the user-selected target users so that the user-selected target users are prompted to instantly view and confirm receipt of the event message; and
sending, by the server, the event message without the prompting tag to participants other than the user-selected target users in the group chat; and
receiving, by the server, acknowledgement notifications from each of the user-selected target users, wherein a respective acknowledgement notification is received by the server from a corresponding user-selected target user after the corresponding user-selected target user opens and acknowledges receipt of the event message; and
receiving, by the terminal from the server, a notification indicating all the user-selected target users have opened and acknowledged the receipt of the event message.

US Pat. No. 10,397,175

COMMUNICATION CHANNEL SELECTION AND USAGE

INTERNATIONAL BUSINESS MA...

1. A method of electronic communication between a plurality of devices, comprising:determining, using a processor, a required answer time for an electronic message;
determining, using the processor, a plurality of expected response times, wherein each expected response time is specific to a recipient of the electronic message and is specific to one of a plurality of different communication channels;
matching, using the processor, the required answer time to an expected response time;
selecting, using the processor, a communication channel from the plurality of different communication channels based upon the matching; and
initiating sending, using the processor, of the electronic message to a device of the recipient using the selected communication channel.

US Pat. No. 10,397,174

MESSAGE DELIVERY IN A MESSAGE SYSTEM

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of controlling message delivery from a publisher application to one or more subscriber applications of a messaging system, the one or more subscriber applications having a plurality of subscriptions registered with a broker application of the messaging system, the method comprising:generating a unified subscription description representing the plurality of registered subscriptions based on at least one stored intermediate subscription description, wherein each intermediate subscription description represents one or more registered subscriptions;
determining that a particular subscription of the plurality of subscriptions has been registered, unregistered, or altered;
generating a new intermediate subscription description, the new intermediate subscription description representing at least the particular subscription;
determining that a stored intermediate subscription description represents at least one same subscription as the new intermediate subscription description,
replace the stored intermediate subscription description with the new intermediate subscription description without altering any other stored intermediate subscription description;
generating an updated unified subscription description based at least in part on the new intermediate subscription description; and
communicating the updated unified subscription description to the publisher application.

US Pat. No. 10,397,173

TAGGED MESSAGES TO FACILITATE ADMINISTRATION OF A VIRTUALIZATION INFRASTRUCTURE

VMware, Inc., Palo Alto,...

1. A computer-implemented method to facilitate administration of a virtualization infrastructure, the computer-implemented method comprising:providing members of the virtualization infrastructure with access to a shared message stream of a social network such that the members of the virtualization infrastructure are able to monitor messages generated by other members of the virtualization infrastructure posted to the shared message stream, wherein at least some of the messages are indicative of operational conditions of particular other members which generated the messages, wherein the members of the virtualization infrastructure comprise a plurality of virtual machines, and wherein the members of the virtualization infrastructure are arranged in a hierarchy within the social network based on a parent/child relationship of the members;
displaying posted messages of non-human members of the virtualization infrastructure within the shared message stream, the non-human members comprising the plurality of virtual machines, wherein the posted messages comprise tags identifying operational conditions of the non-human members of the virtualization infrastructure, and wherein at least one posted message comprises an association with an indication that at least one non-human member identifies with the specific operational condition of the posted message; and
responsive to a selection of a particular tag, displaying the non-human members of the virtualization infrastructure that posted a message comprising the particular tag.

US Pat. No. 10,397,172

SYSTEM AND METHOD FOR SOCIAL AWARENESS TEXTILES

International Business Ma...

1. A computer-implemented method comprising:identifying attribute information of at least a first wearable associated with an outfit of a user;
receiving, via a user interface, an indication designating the first wearable as a master arbiter, wherein the master arbiter is a predetermined focus of the outfit and determines whether one or more portions of the outfit associated with at least a second wearable are recommended for wearing with a portion of the outfit associated with the master arbiter;
receiving information about an event, wherein the information about the event is based upon, at least in part, a location of the event and a crime rate associated with the location of the event, wherein the crime rate is received via a national crime data store; and
sending an electronic message to the user when at least a portion of the outfit is not recommended for wearing at the event based upon, at least in part, the attribute information of the first wearable, the second wearable, and the information about the event,
wherein sending the electronic message to the user when the one or more portions of the outfit is not recommended for wearing at the event is based upon, at least in part,
the location of the event and the crime rate associated with the location of the event,
identifying that the user is inclined to travel a specific route and take a specific mode of transportation to the event, and the crime rate associated with the specific route and the specific mode of transportation to the event,
identifying the one or more portions of the outfit that would make the user vulnerable to a robbery at, at least one of, the event, the specific route to the event, and the specific mode of transportation to the event, and
whether the one or more portions of the outfit are likely targets to the robbery.

US Pat. No. 10,397,171

MANAGING CONTENT DISCLOSURE ON SOCIAL NETWORKING SITES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for managing content disclosure on social networking sites, the method comprising:monitoring, using a processor, user-generated content and one or more social network connections of a user viewing or listening to the user-generated content, the one or more social network connections comprising a first connection and a second connection;
classifying, using the processor, the user-generated content into one or more content types;
determining, using the processor, a positive mood of the first connection based on a reaction of the first connection to the user-generated content and a negative mood of the second connection based on a reaction of the second connection to the user-generated content;
associating, using the processor, the first connection with a first label indicative of the positive mood and the second connection with a second label indicative of the negative mood;
receiving, using the processor, further user-generated content;
determining, using the processor, one or more further content types from the further user-generated content;
generating, using the processor, a recommendation to share the further content with the first connection, wherein the recommendation is based on the first label and the determined one or more further content types; and
generating, using the processor, a recommendation to not share the further content with the second connection, wherein the recommendation is based on the second label and the determined one or more further content types.

US Pat. No. 10,397,170

COMMUNICATION INVERSION FOR ONLINE COMMUNITIES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method, comprising:detecting, by a computing device, that one or more parameters indicating a vitality of an online community are below a predetermined threshold value, indicating that the online community has an unacceptable vitality, wherein the online community enables communication between a first group of participants;
determining, by the computing device and based on the detecting that the online community has the unacceptable vitality, an existing related online community is associated with the online community, wherein the existing related online community enables communication between a second group of participants;
detecting, by the computing device, a participant communication within the related online community;
redirecting, by the computing device, the participant communication to the online community based on the determining that the online community has the unacceptable vitality;
detecting, by the computing device, that a predetermined rule is met indicating that the redirecting of communications should end, wherein the predetermined rule is a rule to end the redirecting of communications when the computer device no longer detects that the online community has the unacceptable vitality or after a predetermined period of time has elapsed; and
ending, by the computing device, the redirecting of participant communications from the related online community to the online community.

US Pat. No. 10,397,169

SYSTEMS AND METHODS FOR PROVIDING COMMUNICATION ITEMS FROM AN ENTITY ASSOCIATED WITH A SOCIAL NETWORKING SYSTEM

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:defining, by a computing system, a communication item associated with a social networking system, including a plurality of parameters that are each associated with one or more possible values;
generating, by the computing system, a plurality of variants of the communication item on the social networking system based on a full factorial combination of values associated with the plurality of parameters;
determining, by the computing system, a first set of weights associated with the plurality of variants, each weight in the first set of weights associated with a variant of the plurality of variants;
providing, by the computing system, each variant of the plurality of variants to a proportion of a first group of users that corresponds to a weight in the first set of weights associated with the variant;
obtaining, by the computing system, data relating to performance of each variant on a corresponding proportion of the first group;
determining, by the computing system, a second set of weights associated with the plurality of variants, each weight in the second set of weights associated with a variant of the plurality of variants and a weight in the first set of weights associated with the variant, wherein each weight in the second set is determined based on the associated weight in the first set of weights and the performance of the associated variant from the first group of users; and
providing, by the computing system, each variant of the plurality of variants on the social networking system to a proportion of a second group of users that corresponds to a weight in the second set of weights associated with the variant.

US Pat. No. 10,397,168

CONFUSION REDUCTION IN AN ONLINE SOCIAL NETWORK

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method comprising:identifying elements in social media message content, the social media message content comprising a posted message posted to a social media platform;
determining whether the social media message content is indefinite as to an audience being targeted, the determining whether the social media message content is indefinite as to an audience being targeted comprising predicting a likelihood of confusion based on the social media message content, wherein the prediction of the likelihood of confusion is based on an age of the posted message, in which the older the post, the higher the predicted likelihood of confusion;
determining, based on the identified elements, a plurality of different candidate audiences to which the social media message content is potentially targeted, each candidate audience of the plurality of difference candidate audiences ascertained based on a respective corresponding contextual understanding, of a plurality of different contextual understandings, given to the social media message content, wherein the determining the plurality of different candidate audiences comprises:
building a respective dictionary for each user of a plurality of users of a social media platform in which the social media message content is composed, wherein a dictionary for a given user of the plurality of users comprises elements include in prior-composed social media messages composed by the given user;
ascertaining a frequency of the elements included in prior-composed social media messages composed by each user;
building a clustered representation of the social media platform using k-means against the frequency of the elements;
querying a message space for social media messages based on the social media message content; and
identifying dense k-clusters based on the social media message content, the dense k-clusters corresponding to the plurality of different candidate audiences;
indicating to a user the plurality of candidate audiences and, for each candidate audience of the plurality of different candidate audiences, a suggested one or more additional elements to apply to the social media message content to provide additional context for the social media message content and thereby tailor the social media message content to an audience of the plurality of different candidate audiences and corresponding contextual understanding; and
modifying the social media message content with the one or more additional elements for a target audience of the plurality of different candidate audiences, the modifying adding the one or more additional elements to the social media message content and targeting the social media message content to the target audience.

US Pat. No. 10,397,167

LIVE SOCIAL MODULES ON ONLINE SOCIAL NETWORKS

Facebook, Inc., Menlo Pa...

1. A method comprising, by one or more computing devices:receiving, at the one or more computing devices from a client system associated with an author-user of an online social network, instructions for publishing a first post composed by the author-user, the first post comprising a content of the first post and a metadata associated with the first post;
extracting, by the one or more computing devices, one or more n-grams from the content of the first post and the metadata associated with the first post;
determining, by the one or more computing devices, whether the first post is associated with a topic based on whether one or more of the extracted n-grams are associated with the topic;
identifying, by the one or more computing devices, a plurality of second users of the online social network, wherein each second user is a first-degree connection of the author-user within the online social network;
identifying, by the one or more computing devices, one or more of the second users as a subscribing user to the topic based on a determination that the second user is accessing a page associated with the topic;
generating, by the one or more computing devices, for each identified second user, a live social module associated with the topic for presenting, in real-time, posts shared on the online social network;
sending, by the one or more computing devices, to a respective client system of each identified second user, information configured to render a search-results page comprising the live social module, wherein the live social module is configured to be rendered in conjunction with a link associated with the topic, and wherein the live social module comprises an interface that displays, in real-time responsive to the receiving of the first post:
the content of the first post, and
identifying information that is associated with the author-user;
receiving, by the one or more computing devices, a plurality of additional posts composed by users of the online social network, each additional post being associated with the topic;
pushing, in response to receiving the plurality of additional posts, at a first time interval, by the one or more computing devices to the respective client system of each second user, information configured to display content of one or more of the additional posts in the interface of the live social module; and
sending, at each of a plurality of subsequent time intervals, by the one or more computing devices to the respective client system of each second user, information configured to refresh, in real-time responsive to the pushing of the one or more additional posts, the interface of the live social module with another post associated with the topic.

US Pat. No. 10,397,166

SAVING COMMUNICATION CONTENT TO A SOCIAL NETWORK ENVIRONMENT

International Business Ma...

1. A method for making individual communication content accessible to an organizational community, comprising the computer-implemented steps of:receiving, over a network, communication data from a plurality of input source streams in a chat session, wherein the communication data includes a temporal sequence of communications between at least two participants;
removing from a text-based content of the communication data an excluded message based on a designation from a participant of the at least two participants;
automatically generating one or more tags based on the text-based content of the communication data based on frequency of words used after excluding a predefined list of words and automatically tagging individual elements within the text-based content with the one or more tags that enable searching of the individual elements;
automatically saving, in response to a conclusion of the chat session, communication content from the chat session with the one or more automatically generated tags persisted therein directly to a social network profile in a social network of the organizational community, the social network being unrelated to the plurality of input source streams, wherein the communication content is derived from the communication data and includes a copy of an entirety of the text-based content that has not been excluded that is tagged with the one or more tags; and
transforming the communication content in the social network to a trusted source by time stamping the communication content in a non-editable format.

US Pat. No. 10,397,165

TECHNIQUES FOR RELIABLE MESSAGING FOR AN INTERMEDIARY IN A NETWORK COMMUNICATION ENVIRONMENT

Oracle International Corp...

1. A method comprising:receiving, by an intermediary communication system, from a source, a first message to send to a destination, wherein the first message includes a first message identifier or information to generate the first message identifier;
sending, by the intermediary communication system, the first message to the destination;
storing, by the intermediary communication system, the first message identifier for the first message;
receiving, by the intermediary communication system, from the source, a second message to send to a destination, wherein the second message includes a second message identifier or information to generate the second message identifier;
determining, by the intermediary communication system, a message sequence number of the second message, wherein the message sequence number is based on a sequence of communication of the second message using a communication protocol;
determining, by the intermediary communication system, based upon a comparison of the first message identifier of the first message to the second message identifier of the second message, whether the second message is a duplicate of the first message;
upon determining that the second message is not a duplicate of the first message, generating, by the intermediary communication system, a new message identifier to be associated with the second message based on the message sequence number and the second message identifier, sending, by the intermediary communication system, the message to the destination, and storing, by the intermediary communication system, the new message identifier for the second message;
upon determining that the second message is a duplicate of the first message, determining, by the intermediary communication system, a delivery status associated with the first message based upon the first message identifier;
upon determining the delivery status includes an acknowledgement by the destination that the first message was received by the destination, notifying, by the intermediary communication system, the source of the delivery status and preventing, by the intermediary communication system, the second message from being sent to the destination; and
upon determining the delivery status does not include an acknowledgement by the destination that the first message was received by the destination, performing, by the intermediary communication system, one or more actions related to facilitating the first message being sent to the destination.

US Pat. No. 10,397,163

THIRD PARTY APPLICATION CONFIGURATION FOR ISSUING NOTIFICATIONS

Google LLC, Mountain Vie...

1. A computer-implemented method comprising:transmitting, by one or more processors, a request to register a user device and an application configured to be executed by the user device with one or more data sources, the request comprising timing permissions indicating when content is to be received for the application and data format information indicating a particular data format to be used for information provided to the application;
determining one or more trigger events associated with the registered application based on a type of the application;
receiving event information from the one or more data sources, and
determining that one of the one or more trigger events associated with the registered application has occurred based on the event information received from the one or more data sources;
in response to determining that one of the one or more trigger events has occurred, determining, by the one or more processors and using one or more neural networks, whether to output a notification including data corresponding to the event information based on one or more criteria, the one or more criteria including the timing permissions, the particular data format, and the user preferences;
in response to determining that the one or more criteria is satisfied, determining to output the notification including data corresponding to the event information; and
providing, by the one or more processors, the notification including the data corresponding to the event information to a display of a user device.

US Pat. No. 10,397,162

SENDING NOTIFICATIONS TO MEMBERS OF SOCIAL GROUP IN A SOCIAL NETWORKING SYSTEM

Facebook, Inc., Menlo Pa...

1. A computer implemented method comprising:maintaining, by a social networking system, a group having a plurality of members, each member being one of a plurality of users of the social networking system, the group being a subset of the plurality of users of the social networking system;
receiving one or more posts from one or more members of the group, the posts directed to the group;
identifying a subject user from the plurality of members of the group for sending a notification to the subject user about one or more of the received posts;
determining whether to send the notification about one or more of the received posts to the subject user based on at least a seniority of the subject user in the group, the seniority of the subject user is measured as a rank of the subject user based on a number of members who joined the group before the subject user, the determination comprising:
responsive to the rank of the subject user exceeding a threshold value, determining to send the notification about one or more of the received posts to the subject user based on whether of the member sending the one or more posts is connected to the subject user in the social networking system; and
responsive to determining to send the notification about one or more of the received posts to the subject user:
generating the notification about one or more of the received posts, and
sending the generated notification about one or more of the received posts to the subject user.

US Pat. No. 10,397,160

METHOD TO PRE-SELECT FOLDERS TO SYNCHRONIZE DURING INITIAL EMAIL ACTIVATION ON A MOBILE DEVICE

BLACKBERRY LIMITED, Wate...

1. A method implemented by a processor of a mobile device for synchronizing the mobile device with an email mailbox on a mail server, the method comprising:generating a search query for execution at the mail server to identify a predetermined number of most recently received email messages that are currently stored on the mail server and that were previously moved from an inbox folder associated with the email mailbox to be filed in at least one non-inbox folder of the email mailbox, the search query being set to exclude messages currently stored in the inbox folder;
transmitting the search query to the mail server;
selecting one or more first non-inbox folders of the email mailbox on the mail server to synchronize locally on the mobile device, the selecting including:
for each of the non-inbox folders, attributing weights to a plurality of usage pattern metrics for that non-inbox folder, the plurality of usage pattern metrics including a count of identified email messages associated with that non-inbox folder and a date of last access for identified email messages associated with that non-inbox folder, and
selecting the one or more first non-inbox folders to synchronize locally based on the weighted usage pattern metrics for the non-inbox folders of the email mailbox;
retrieving, from the mail server, one or more email messages residing in the selected first non-inbox folders on the mail server;
creating account folders for an account corresponding to the email mailbox in a mail client application on the mobile device, the account folders corresponding to the selected first non-inbox folders of the email mailbox on the mail server; and
synchronizing the created account folders with at least portions of the retrieved email messages.

US Pat. No. 10,397,159

SYSTEMS, APPARATUSES, AND METHODS FOR PRESENTING CONTACTS BY PROJECT

1. A method for addressing message recipients in a messaging graphical user interface, the method comprising:displaying a messaging graphical user interface screen including a project selection field, which displays a plurality of project identifiers, a recipients field, and a message input field in which a user creates a message including text;
receiving a user selection of a project identifier from the plurality of project identifiers in the project selection field;
in response to receiving the user selection of the project identifier, retrieving a list of recipients including a first plurality of recipients that play roles on the identified project and a second plurality of recipients that do not play a role on the identified project;
in response to retrieving the list of recipients displaying, in a drop-down list of the recipients field in the messaging graphical user interface screen, the first plurality of recipients and the second plurality of recipients, wherein each recipient in the drop-down list has at least one address, and wherein the first plurality of recipients are arranged in order according to the roles played by the first plurality of recipients on the project and the second plurality of recipients are displayed below the first plurality of recipients in the drop-down list of the recipients field;
for each recipient of the first plurality of recipients listed, displaying a role identifier adjacent to the each recipient's address to indicate the each recipient's played role on the identified project;
receiving a user selection of one or more recipients from the drop-down list of the recipients field; and
adding the address of each selected recipient to the recipients field as the message recipients.

US Pat. No. 10,397,158

E-MAIL PROXY

BlackBerry Limited, Wate...

1. A method performed by a network email entity, the method comprising:receiving, at the network email entity from a sender, a body of a multipart email message destined to an email client and header information for an attachment of the multipart email message but without the attachment itself, wherein the attachment is encoded to prevent exposure of control information in the attachment to one or more servers which pass the email message through the Internet;
processing, at the network email entity, the multipart email message according to a preference, the preference indicating that the attachment be removed from the multipart email message and substituted with a link configured to, when selected, cause retrieval of the attachment from the network email entity;
sending, from the network email entity, a formatted email message to the email client, the formatted email message including the body of the multipart email message and including the link to cause retrieval of the attachment from the network email entity;
receiving, at the network email entity, an indication from the email client after the sending, the indication being a request for retrieval of the attachment according to a selection of the link included in the formatted email message;
in response to the receiving the indication from the email client after the sending the formatted email message, downloading, at the network email entity, the attachment according to the selection of the link included in the formatted email message;
decoding, at the network email entity, the attachment into an original content type of the attachment; and
sending, from the network email entity to the email client, the decoded attachment in a streamed manner without encoding for displaying of the decoded attachment at the email client before an entirety of the decoded attachment is received by the email client.

US Pat. No. 10,397,155

SYSTEM AND METHOD FOR SENDING, DELIVERY AND RECEIVING OF DIGITAL CONTENT

Open Text SA ULC, Halifa...

1. A content delivery system, comprising:a processor;
a non-transitory computer readable memory, comprising instructions executable on the processor for:
implementing a sender to:
receive first content associated with a first destination identifier associated with a first delivery method, wherein a transmission initiator of the content has sent the content to the first destination identifier according to the first delivery method and the first destination identifier identifies a destination according to the first delivery method; and
store the first content at the content delivery system;
implementing a forwarder to:
determine a second destination identifier and a second delivery method associated with the first destination identifier;
determine second content from the first content; and
deliver the second content to the second destination identifier according to the second delivery method by providing a location from which the content may be accessed and sending the location to the second destination identifier, wherein the content delivery system is independent of the first destination identifier and the second destination identifier, and the determining and delivering are done independently of the transmission initiator; and
implementing a remote content access module to:
allow a user to access the content at the location.

US Pat. No. 10,397,154

SECURE ELECTRONIC MESSAGE CONVEYANCE

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method performed within a moderating system, comprising:receiving an electronic message originally generated by a first user and including a message header and a message body;
identifying an approval condition associated with an addressee of the electronic message or the message body of the message;
selecting, based upon the approval condition being present in the electronic message, an approval entity from a plurality of approval entities;
receiving, from the selected approval entity, an indication that the electronic message is approved to be forwarded to a second user; and
forwarding, based upon the indication, the electronic message to the second user.

US Pat. No. 10,397,153

ELECTRONIC DEVICE AND METHOD FOR CONTROLLING RECEPTION OF DATA IN ELECTRONIC DEVICE

Samsung Electronics Co., ...

1. A method of an electronic device, the method comprising:displaying a screen including first information which indicates a reception of at least one message;
identifying a user input on second information indicating a reception of a specific message from among the first information;
controlling the second information not to be displayed in the screen, if the identified user input includes a predetermined gesture;
determining an application corresponding to the specific message;
identifying blocking configuration information corresponding to the predetermined gesture, wherein the blocking configuration information includes, based on a gesture included in the user input, information indicating whether to receive at least one message transmitted from the application or whether to display third information indicating a reception of the at least one message transmitted from the application; and
controlling the reception of the at least one message transmitted from the application and controlling a displaying of the third information in the screen based at least in part on the identified blocking configuration information.

US Pat. No. 10,397,152

METHOD AND SYSTEM FOR PREDICTING FUTURE EMAIL

EXCALIBUR IP, LLC, New Y...

1. A method comprising:scanning, by a processor, a plurality of email messages from a plurality of email message inboxes;
identifying, by the processor, patterns based upon an analysis of scanned email messages, wherein a pattern identifies a temporal and causal connection between at least two email messages;
receiving, by the processor, a message sent to a user operating a client device;
determining, by the processor, likely content of a future email message that should be received in an inbox of the client device based on the received email message and based on the patterns, wherein the future email message comprises an email message not yet received and expected to be received by the client device from a third-party email account within a predetermined amount of time from a time associated with the email message based on the patterns; and
transmitting, by the processor, an item of information based on the determined likely content of the future email message, the item of information transmitted to user separate from and prior to actual receipt of the future email message.

US Pat. No. 10,397,151

COORDINATION OF DATA RECEIVED FROM ONE OR MORE SOURCES OVER ONE OR MORE CHANNELS INTO A SINGLE CONTEXT

III HOLDINGS 2, LLC, Wil...

1. A method at a user device comprising:receiving, by the user device, an audio request for information via a multimodal application of the user device, the audio request comprising partial data, the partial data being a fragment of complete data for a computing device to provide complete information corresponding to the audio request;
transmitting, by the user device, the partial data to a remote computer system, the remote computer system comprising a coordination management computer system;
receiving, by the user device from the remote computer system, a request for associated data that is associated with the partial data, wherein the associated data is to be complied with the partial data to provide the complete information corresponding to the audio request;
responsive to the received request for the associated data, transmitting, by the user device, the associated data to the remote computer system;
receiving, by the user device, the complete information corresponding to the audio request, the complete information comprising the associated data combined with the partial data; and
presenting, by the user device, the complete information corresponding to the audio request via at least one interface component of the user device.

US Pat. No. 10,397,149

METHOD, SYSTEM AND TERMINAL FOR DELETING A SENT MESSAGE IN INSTANT MESSAGE COMMUNICATION

TENCENT TECHNOLOGY (SHENZ...

1. A method of deleting a sent instant message in messaging communication performed by a server, comprising:receiving from a first communication terminal, a delete request to delete a sent instant message which has been transmitted from the first communication terminal for forwarding to a second communication terminal, wherein the delete request comprises an identification which identifies the sent instant message to be deleted;
determining, whether the sent instant message to be deleted has already been successfully forwarded to the second communication terminal:
if it is determined that the sent instant message to be deleted has already been successfully forwarded to the second communication terminal, forwarding the delete request to the second communication terminal to facilitate deletion of the sent instant message by the second communication terminal and transmitting a first notification message to the second communication terminal to display that the sent instant message has been successfully deleted,
wherein the determination of the sent instant message to be deleted has already been successfully forwarded to the second communication terminal, comprises:
dividing a storage of the server into a first storage area for storing un-forwarded instant messages and a second storage area for storing already forwarded instant messages;
if it is determined that the sent instant message to be deleted has still not been successfully forwarded to the second communication terminal, cancelling further operation on forwarding the sent instant message to be deleted to the second communication terminal,
wherein after the cancelling of the transmission of the sent instant message to the second communication terminal, transmitting the first notification message to the second communication terminal to display that the sent instant message has been successfully deleted, such that the display of the first notification message replaces the display of the deleted sent instant message.

US Pat. No. 10,397,148

SYSTEM FOR PROCESSING ELECTRONIC MESSAGES

1. A system (10) for processing electronic messages comprising:a first communication interface module (12) in electronic communication arrangement with a first external server (13) to form a first communication channel via the internet, the first external server (13) configured to transmit a first type of electronic messages to the first communication interface module (12), an electronic message conversion module (11) in operative electronic communication arrangement with the first communication interface module (12), the first communication interface module (12) configured to electronically transmit and receive ft the first type of electronic messages which may have attributes of a first attribute set;
a second communication interface module (14) in electronic communication arrangement with a second external server (15) to form a second communication channel via the internet, the second external server (15) configured to transmit a second type of electronic messages to the second communication interface module (14) and the electronic message conversion module (11), the second communication interface module (14) configured to electronically transmit and receive the second type of electronic messages which may have attributes of a second attribute set;
an electronic message processing module (16, 19) in electronic communication arrangement with the electronic message conversion module (11), the electronic message processing module (16) configured to process for a user (17, 20) electronic messages of a standard message type and, in doing so, configured to allocate attributes of a standard attribute set to the processed electronic messages;
the electronic message conversion module (11) configured to facilitate the conversion of electronic messages between the standard messages type and the first and second messages type and vice versa; wherein,
a first allocation table (21) between the standard attribute set and the first attribute set is electronically stored in the first communication interface module (12);
a second allocation table between the standard attribute set and the second attribute set is electronically stored in the communication second interface module (14) and;
the first communication interface module (12) is configured to convert attributes between the first attribute set and the standard attribute set on the basis of the first allocation table;
the second communication interface module (14) is configured to convert attributes between the second attribute set and the standard attribute set on the basis of the second allocation table; and,
the electronic message conversion module (11) is configured so that login information which is required by the first communication interface module (12) or the second communication interface module (14) for transmitting and receiving electronic messages can be passed on.

US Pat. No. 10,397,147

METHOD, APPARATUS AND DEVICE FOR EXCHANGING NAME CARD

Tencent Technology (Shenz...

1. A method for exchanging a name card applied to a terminal, comprising:binding, by a contact client running on the terminal, the contact client with a first Instant Messaging (IM) client running on the terminal through an associated account to implement information sharing between the contact client and the first IM client, the contact client comprising a contact and the associated account being a number of the terminal, the contact client being a first type of client operated in the terminal and the IM client being a second type of client operated in the terminal;
receiving, by the contact client running on the terminal, a selecting signal for selecting at least one name card in the contact;
sending, by the contact client running on the terminal, the selected at least one name card to the first IM client bound with the contact client via Software Development Kit (SDK) provided by the first IM client, the first IM client comprising a first user account, and the first user account having a friendship link; and
sharing, by the first IM client running on the terminal, the selected at least one name card through the first user account with at least one second IM client in the friendship link, wherein the second IM client does not directly interact with the contact client;
wherein the sending the selected at least one name card to the first IM client bound with the contact client comprises:
detecting whether the first IM client bound with the contact client is in an on-line state;
selecting a sharing manner according to whether the first IM client is in the on-line state, wherein the sharing manner comprises sharing by the first IM client and sharing by a short message;
when detecting that the first IM client is in the on-line state, sending the selected at least one name card to the first IM client for sharing;
wherein the method further comprises:
obtaining a second user account of the second IM client in the friendship link through the first user account;
receiving a name card of the second user account;
adding the received name card to the contact of the contact client;
sharing with the first IM client bound with the contact client through the associated account the contact which corresponds to the associated account and is synchronized in a contact server;
receiving and restoring a name card in the contact sent by the first IM client;
wherein the name card in the contact is sent to the contact client after the first IM client receives a restoring signal for obtaining a name card in the contact corresponding to the associated account, sends a name card acquiring request to the contact server, and receives the name card in the contact returned by the contact server; and wherein the name card acquiring request is configured to indicate the contact server to return the name card in the contact corresponding to the associated account.

US Pat. No. 10,397,146

MONITORING INSTANT MESSAGING USAGE

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method, comprising:selecting a participant in an instant messaging session between a plurality of participants;
weighting an identified attribute of the instant messaging session;
weighting an identified attribute of the selected participant; and
determining, based upon the weighted attributes of the instant messaging session and the selected participant, an instant messaging usage metric for the selected participant.

US Pat. No. 10,397,145

SYSTEMS AND METHODS FOR AUTOMATICALLY PROVIDING ALERTS OF WEB SITE CONTENT UPDATES

1. A system, comprising:a memory that stores instructions; and
a process that executes the instructions to perform operations, the operations comprising:
transmitting a first message containing a copy of first selected content of web site content to a plurality of visitors of a web site, wherein the plurality of visitors comprise computers;
specifying an option in an update profile of a visitor of the plurality of visitors for ignoring a lack of response to the first message;
ignoring, from the visitor of the plurality of visitors, the lack of response to the first message, wherein the lack of response to the first message is ignored based on the option specified in the update profile of the visitor;
transmitting a second message to the visitor in accordance with the update profile, wherein the second message is associated with updating second selected content of the web site content;
updating the web site content based on a revised copy of the second selected content that is received in response to the second message;
receiving requests from visitors of the plurality of visitors to be notified of an update of the website content;
generating an instant message including an alert message indicating the update of the web site content;
transmitting, after updating the web site content, the instant message including the alert message to each of the plurality of visitors that have requested to be notified of the update of the web site content, wherein the alert message indicates that the update has been performed; and
updating, upon receipt of the revised copy of the second selected content, an update log based on changes to the revised copy of the second selected content and to indicate changes in an automatic update sequence number field of the update log, wherein the update log is contained within a web page of the web site updated based on the revised copy of the second selected content.

US Pat. No. 10,397,143

PREVENTING TRANSMISSION OF ERRORS IN A COMPUTING NETWORK

Amazon Technologies, Inc....

1. A method, implemented by a network device, for preventing transmission of cyclic redundancy check (CRC) errors, the method comprising:maintaining counts of CRC errors for network packets processed by network ports of the network device, wherein the network device supports cut-through forwarding, and wherein cut-through forwarding is enabled on the network ports;
upon detecting a CRC error condition indicated by CRC errors of the network packets increasing above an error threshold:
if the network device supports tracking outbound CRC errors for transmitted network packets:
detecting the CRC error condition for a particular network port of the network device; and
disabling cut-through forwarding on the particular network port so that the particular network port uses store-and-forward processing when processing network packets, wherein disabling cut-through forwarding on the particular network port does not affect whether the other network ports of the network device use cut-through forwarding; and
while cut-through forwarding is disabled on the particular network port, processing network packets via the particular network port using store-and-forward processing; and
otherwise, if the network device does not support tracking outbound CRC errors for transmitted network packets:
detecting the CRC error condition;
disabling cut-through forwarding for all network ports of the network device; and
while cut-through forwarding is disabled on all of the network ports, processing network packets via all of the network ports using store-and-forward network packet processing.

US Pat. No. 10,397,142

MULTI-CHIP STRUCTURE HAVING FLEXIBLE INPUT/OUTPUT CHIPS

MediaTek Inc., Hsin-Chu ...

1. A multi-chip structure, comprising:a switch system on chip (switch SOC) comprising a core circuit, a first multiplexer, and a first de-multiplexer;
a plurality of serializer/deserializer (SerDes) chips, positioned around the switch SOC, wherein at least two of the plurality of SerDes chips are manufactured by different semiconductor processes, and wherein the core circuit is manufactured by a different semiconductor process than that of at least one of the plurality of SerDes chips; and
a plurality of inter-chip interfaces, for connecting the switch SOC to the plurality of SerDes chips, respectively,
wherein a first SerDes chip of the plurality of SerDes chips comprises:
a second de-multiplexer, directly connected to the first de-multiplexer via a first inter-chip interface of the plurality of inter-chip interfaces, configured to convert first serial data to first parallel data and send the first parallel data to the switch SOC; and
a second multiplexer, directly connected to the first multiplexer via a second inter-chip interface of the plurality of inter-chip interfaces, configured to convert second parallel data from the switch SOC to second serial data and sending the second serial data to another chip.

US Pat. No. 10,397,141

ACCESS PORT FOR ONE OR MORE VLANS

Cisco Technology, Inc., ...

1. A network device comprising a memory, a processor, and a plurality of ports, the network device adapted to receive at least one configuring instruction, and adapted, after receipt of any of the at least one configuring instruction, to configure one or more access ports, of the plurality of ports, for endpoint virtual local area network (VLAN) assignment that is in accordance with at least one VLAN assignment algorithm based, at least in part, on available Internet Protocol (IP) addresses for each of a respective subnet of a plurality of subnets associated with each of a respective VLAN of a plurality of VLANs in a network, wherein the at least one VLAN assignment algorithm allows at least two endpoints to be assigned to at least two different respective VLANs of the plurality of VLANs in the network, the at least one VLAN assignment algorithm enabling the at least two endpoints to connect to a same access port of the one or more access ports and provide data which is not VLAN tagged when received at the same access port.

US Pat. No. 10,397,140

MULTI-PROCESSOR COMPUTING SYSTEMS

Hewlett-Packard Developme...

1. A multi-processor computing system comprising:a second processing device to generate outgoing data packets and comprising:
a second network stack to save the outgoing data packets in a second outgoing packet buffer of the second processing device; and
a second network driver to save an outgoing buffer pointer in a second transmission ring of the second processing device, the outgoing buffer pointer corresponding to the second outgoing packet buffer;
a first processing device communicatively coupled to the second processing device, the first processing device comprising a first network driver to move the outgoing buffer pointer from the second transmission ring to a send ring in the first processing device; and
a network interface controller (NIC) communicatively coupled to the first processing device to:
obtain the outgoing buffer pointer from the send ring;
copy, using the outgoing buffer pointer, the outgoing data packets from the second outgoing packet buffer to a transmission queue of the NIC; and
transmit the outgoing data packets to another computing system over a communication network.

US Pat. No. 10,397,139

STORAGE DEVICE IN WHICH FORWARDING-FUNCTION-EQUIPPED MEMORY NODES ARE MUTUALLY CONNECTED AND DATA PROCESSING METHOD

TOSHIBA MEMORY CORPORATIO...

1. A method of controlling a plurality of memory nodes, each of the memory nodes including a plurality of input ports, a plurality of output ports, and a memory in which data is stored, each of the memory nodes being configured to output a packet input to the input port to one of the output ports, the memory nodes being mutually connected at the input ports and the output ports and have addresses, the method comprising;determining a straight line connecting a memory node of a destination address and a memory node of a source address, the destination address indicating an address of a memory node of a target for the packet to be forwarded; and
forwarding a packet to a memory node adjacent to the memory node of a current position address such that the packet proceeds based on the straight line, wherein
while the packet is forwarded from the memory node of the source address to the memory node of the destination address, a trajectory of the packet forwarded from the memory node of the source address to the memory node of the destination address is along the straight line, and the packet proceeds across the straight line at least once.

US Pat. No. 10,397,138

METHOD FOR PROCESSING INFORMATION, FORWARDING PLANE DEVICE AND CONTROL PLANE DEVICE

Huawei Technologies Co., ...

1. A method, comprising:receiving, by a gateway forwarding plane device, a data packet, and extracting the data packet's characteristic information;
buffering the data packet in the gateway forwarding plane device when there is no context information corresponding to the data packet's characteristic information already stored in the gateway forwarding plane device, until receiving the context information returned from a gateway control plane device, wherein the gateway control plane device and the gateway forwarding plane device are both separate and different devices;
before receiving the context information returned from the gateway control plane device, sending, by the gateway forwarding plane device, the data packet's characteristic information to the gateway control plane device, wherein the data packet's characteristic information is used for the gateway control plane device to acquire the context information corresponding to the characteristic information of the data packet;
acquiring, by the gateway control plane device, the context information according to the data packet's characteristic information, and sending, by the gateway control plane device, the context information to the gateway forwarding plane device; and
forwarding by the gateway forwarding plane device, the data packet according to the received context information.

US Pat. No. 10,397,136

MANAGED FORWARDING ELEMENT EXECUTING IN SEPARATE NAMESPACE OF PUBLIC CLOUD DATA COMPUTE NODE THAN WORKLOAD APPLICATION

NICIRA, INC., Palo Alto,...

1. For a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access, a method comprising:identifying a virtual machine, that operates on a host machine in the datacenter, to attach to the logical network, the virtual machine having a network interface with a network address provided by a management system of the datacenter, wherein a workload application executes in a first namespace of the virtual machine; and
distributing configuration data for configuring a managed forwarding element executing in a second namespace of the virtual machine (i) to receive data packets sent from the workload application via an interface pairing between the first and second namespaces and (ii) to perform network security and forwarding processing on the data packets, wherein the data packets sent by the workload application have the provided network address as a source address when received by the managed forwarding element and are encapsulated by the managed forwarding element using the same provided network address as a source address for the encapsulation when sent from the virtual machine.

US Pat. No. 10,397,135

ROUTER FABRIC

GVBB HOLDINGS S.A.R.L., ...

1. A media signal routing system for routing and distributing media content, the media signal routing system comprising:a synchronized media router configured to route a plurality of packetized media signals to at least one output of the media signal routing system, the plurality of packetized media signals including at least one IP packetized video signal; and
a media routing controller configured to control the synchronized media router to synchronously route data packets of the at least one IP packetized video signal in accordance with a system clock, such that the synchronized media router is configured to switch without at least one glitch between outputting the at least one IP packetized video signal and another media signal of the packetized media signals to the at least one output for media content distribution.

US Pat. No. 10,397,134

BANDWIDTH SHARING

International Business Ma...

1. A method for bandwidth sharing to enable communication between users over the Internet, said method comprising:receiving, by an Internet Service Provider (ISP) from a first user after the first user received a second key from a second user: the second key and a directive to transfer bandwidth from the first user to the second user for a finite time duration N,
wherein the bandwidth to be transferred comprises W upload bandwidth,
wherein the ISP previously provided a first key to the first user in conjunction with a first plan in which the first user purchased from the ISP an upload bandwidth of U1 for transmitting data via the Internet and a download bandwidth of D1 for receiving data via the Internet,
wherein the first key is configured to identify the first user, wherein the ISP previously provided the second key to the second user in conjunction with a second plan in which the second user purchased from the ISP an upload bandwidth of U2 for transmitting data via the Internet and a download bandwidth of D2 for receiving data via the Internet,
wherein the second key is configured to identify the second user, and
wherein U1, D1, U2 and D2 differ from one another;
responsive to said receiving the second key from the first user, changing bandwidth, by the ISP for the time duration N, wherein said changing bandwidth comprises changing the second user's upload bandwidth to U2+W and changing the first user's upload bandwidth to U1?W, wherein W is an additional upload bandwidth, and wherein communication between the second user and the first user requires a permitted upload bandwidth greater than U2 and less than U2+W, and
responsive to receiving, by the ISP from the second user within the time duration N, a directive to establish a communication between the second user and the first user to transfer specified data, transferring, by the ISP during the time duration N in accordance with the permitted upload bandwidth, the specified data from the second user to the first user.

US Pat. No. 10,397,132

SYSTEM AND METHOD FOR GRANTING VIRTUALIZED NETWORK FUNCTION LIFE CYCLE MANAGEMENT

FutureWei Technologies, I...

1. A virtualized network function (VNF) life cycle management (LCM) method comprising:sending, by a virtualized network function manager (VNFM), a grant request for a VNF LCM operation to a network functions virtualization orchestrator (NFVO), wherein the grant request comprises a wide area network (WAN) connectivity requirement for connecting multiple sites that virtualized network function components (VNFCs) of the virtualized network function (VNF) instance are placed in, and the VNF to be operated comprises at least two VNFCs placed in different sites;
receiving, by the VNFM, a grant response from the network functions virtualization orchestrator (NFVO), wherein the grant response comprises WAN infrastructure manager (WIM) identifier and a granted WAN connectivity requirement approved by the NFVO, wherein, the granted WAN connectivity requirement describes a granted requirement for managing a WAN connectivity connecting the multiple sites across a WAN; and
sending, by the VNFM, a resource allocation request to the WIM according to the WIM identifier, wherein the resource allocation request comprises requested WAN network resource information derived from the granted WAN connectivity requirement.

US Pat. No. 10,397,131

METHOD AND SYSTEM FOR DETERMINING BANDWIDTH DEMAND

VMware, Inc., Palo Alto,...

1. A method for managing bandwidth allocated to a virtual machine running on a host computer, the method comprising:obtaining current bandwidth for a virtual machine on a host computer over a TCP communication channel;
determining a growth margin based on a growth phase of the TCP communication channel;
wherein while the current bandwidth initially increases exponentially in an exponential growth phase of a TCP slow-start, reducing the size of the growth margin exponentially; and
wherein subsequent to the exponential bandwidth increase and while the current bandwidth increases linearly in a linear growth phase of the TCP slow-start, reducing the size of the growth margin linearly;
determining bandwidth demand of the TCP communication channel for the virtual machine as a function of the current bandwidth of the TCP communication channel and the growth margin; and
increasing a bandwidth cap for the virtual machine based on the determined bandwidth demand such that the bandwidth cap is increased proportionally less at each adjustment increment because, as the current bandwidth increases, the bandwidth demand is calculated using a proportionally smaller sized growth margin;
wherein the bandwidth cap limits a transmission rate for the virtual machine.

US Pat. No. 10,397,129

METHOD AND SYSTEM FOR PROVISIONING COMPUTING RESOURCES

Accenture Global Services...

1. A system comprising:communications interface circuitry configured to:
receive a user query for usage data for a computing resource; and
send an instruction to present a display, via a graphic user interface, of the usage data;
memory configured to store:
a first record of a first event associated with a selected usage of the computing resource; and
a second record of a second event associated with a previous usage of the computing resource, the previous usage occurring before the selected usage on an event timeline for the computing resource; and
event processing circuitry in data communication with the communication interface circuitry and the memory, the event processing circuitry configured to:
access the first record and the second record within the memory;
responsive to the selected usage and the previous usage, determine a change in usage;
compare the selected usage to a usage threshold;
when the selected usage exceeds the usage threshold, generate a notification; and
generate usage data comprising a representation of the selected usage, a representation of the previous usage, the representation of the change in usage, and the notification.

US Pat. No. 10,397,128

ROUTING HANDLER FOR RULE-BASED ACTION TRIGGERING

Amazon Technologies, Inc....

1. A system, comprising:a plurality of computing devices configured to implement a plurality of sub-services and a routing handler, and wherein the routing handler is configured to:
receive, from a client, a request that specifies a particular operation at one or more of the plurality of sub-services, wherein the plurality of sub-services comprise a rules sub-service and an actions sub-service, wherein the rules sub-service comprises one or more operations for defining a plurality of rules using a plurality of triggers and a plurality of actions, wherein individual ones of the rules are defined to bind a respective one or more of the triggers to a respective one or more of the actions, and wherein the actions sub-service comprises one or more operations for performing the actions in a provider network comprising a plurality of resources;
determine the particular operation in the request;
select the one or more sub-services from the plurality of sub services based at least in part on the particular operation in the request, wherein the one or more sub-services includes the rules sub-service and is selected via a lookup in a routing map, wherein the routing map maps individual operations to respective ones of the plurality of sub-services that provide the individual operations and is dynamically loaded from a data store to the routing handler;
route the request to the one or more sub-services including the rules sub-service;
receive one or more responses to the request from the one or more sub-services, including one or more messages from the rules sub-service that describe one or more of the actions specified in one or more of the rules that are triggered by the particular operation;
send one or more additional requests to one or more additional sub-services of the plurality of sub-services including the actions sub-service to perform the one or more actions, wherein the one or more additional sub-services are selected via the routing map; and
return a client response to the client based at least in part on the one or more responses.

US Pat. No. 10,397,127

PRIORITIZED DE-QUEUEING

Cisco Technology, Inc., ...

1. A method, comprising:allocating a first queue;
allocating at least two default queues, wherein the at least two default queues depend from the first queue;
allocating a plurality of local queues that each depend from one of the at least two defaults queues;
receiving data in a data stream;
determining a quality of service (QoS) associated with the data; and
assigning at least a portion of the data to one of the plurality of local queues based on the determined QoS, wherein a specific local queue from the plurality of local queues has a precedence over other local queues that provides that data in the specific local queue is fully dequeued before data in the other local queues is fully dequeued.

US Pat. No. 10,397,126

VXLAN PACKET TRANSMISSION

Hewlett Packard Enterpris...

1. A method for transmitting a Virtual Extensible Local Area Network (VXLAN) packet, includes:receiving, by a Software Defined Network (SDN) controller, a data packet uploaded from a source VXLAN tunnel end point (VTEP), wherein the data packet is to be transmitted from a source node to a destination node;
acquiring, by the SDN controller, a path maximum transmission unit (PMTU) of a VXLAN tunnel from the source VTEP to a destination VTEP of the data packet, wherein acquiring the PMTU of the VXLAN tunnel includes:
distributing, by the SDN controller, a control packet uploading flow entry to the source VTEP, so as to instruct the source VTEP to
upload a received Internet Control Message Protocol (ICMP) error control packet to the SDN controller;
distributing, by the SDN controller, a PMTU detection flow entry to the source VTEP and starting a timer, so as to instruct the source VTEP to
transmit to the destination VTEP a fragmentation-inhibited detection packet with a MTU of a designated length;
redistributing, by the SDN controller, a PMTU detection flow entry to the source VTEP and resetting the timer when an ICMP error control packet indicating that the fragmentation-inhibited detection packet cannot reach the destination VTEP is received from the source VTEP before the timer expires, so as to instruct the source VTEP to
transmit to the destination VTEP a new fragmentation-inhibited detection packet having a MTU which is the same as the MTU carried in the received ICMP error control packet; and
determining, by the SDN controller, the PMTU of the VXLAN tunnel according to
the MTU carried in the last one of the ICMP error control packets uploaded from the source VTEP if one or more ICMP error control packets are received before the timer expires, or
the designated length of the MTU in the fragmentation-inhibited detection packet transmitted from the source VTEP if no ICMP error control packet is received before the timer expires; and
transmitting, by the SDN controller, a control entry to the source VTEP, so as to instruct the source VTEP to
encapsulate the data packet into a VXLAN packet of a length less than a packet length corresponding to the PMTU, and
transmit the VXLAN packet to the destination VTEP through the VXLAN tunnel.

US Pat. No. 10,397,125

METHOD OF CROSS-REGIONAL DATA TRANSMISSION AND SYSTEM THEREOF

Alibaba Group Holding Lim...

1. A method comprising:acquiring metadata information sent by a client device, the metadata information including first data replication progress information of the client device;
sending the metadata information to a first metadata transmission node device;
acquiring to-be-forwarded data information sent by the first metadata transmission node device; and
pushing the to-be-forwarded data information to the client device, the to-be-forwarded data information including second data replication progress information of another client device.

US Pat. No. 10,397,124

SYSTEM AND METHOD TO PREVENT PERSISTENT FULL SWITCH QUEUES IN SOFTWARE DEFINED NETWORKS

Argela Yazilim ve Bilisim...

1. A method as implemented in a software defined network (SDN) controller in a SDN, where a packet flow traverses at least a first switch and a second switch that are part of the SDN, the first and second switches communicating with the controller via a first and second control connection, respectively, the method comprising the steps of:a) collecting, via the first control connection, a first data indicative of a congestion at the first switch, and collecting, via the second control connection, a second data indicative of a congestion at the second switch;
b) determining, from collected first and second data, a presence of queue fullness in the second switch;
c) determining when and how much TCP flow control to apply to the packet flow at the first switch based on the determining in (b), the SDN controller, not a receiver host, determining when to apply TCP flow control, the TCP flow control achieved by any of, or a combination of the following: delaying ACK packets of the packet flow or decreasing a receiver window size, rwnd, within a header of ACK packets of the packet flow;
d) sending a forwarding rule to the first switch to intercept ACK packets of the packet flow, wherein the first switch installs the forwarding rule and applies the forwarding rule to matching ACK packets;
e) observing the previously determined queue fullness in the second switch and, upon observing, increasing or reducing the rate of said TCP flow control, until the congestion is completely removed; and
f) observing absence of the previously determined queue fullness in the second switch and, upon observing such absence, removing the forwarding rule from the first switch.

US Pat. No. 10,397,123

METHOD AND SYSTEM FOR MANAGING SERVICE QUALITY ACCORDING TO NETWORK STATUS PREDICTIONS

1. A method comprising:obtaining, by a system including a network server, first performance data of an end user device and second performance data associated with a cell of a wireless network, wherein the first performance data includes a mobility pattern of the end user device, and wherein the second performance data is obtained from an eNodeB associated with the cell;
determining, by the system, a predicted available bandwidth for the end user device according to the first performance data and the second performance data;
providing, by the system, access to the predicted available bandwidth to cause a video bit rate to be determined for a portion of media content according to the predicted available bandwidth for the end user device and according to a buffer occupancy of the end user device; and
facilitating, by the system over the wireless network, streaming of the portion of the media content to the end user device according to the video bit rate.

US Pat. No. 10,397,122

TECHNIQUES FOR STORAGE CONTROLLER QUALITY OF SERVICE MANAGEMENT

International Business Ma...

1. A network controller, comprising:monitor logic configured to monitor a data transfer rate and a data transfer threshold for data transferred between storage and an application that is executing on a data processing system, wherein an initial value of the data transfer threshold is set without consideration of a current actual demand of the application and the data transfer threshold corresponds to a quality of service guarantee, and wherein the data transfer threshold corresponds to a data transfer threshold in a network switch;
collector logic configured to collect feedback on the suitability of the data transfer rate from the application; and
threshold adjuster logic configured to change the data transfer threshold for the application based on the monitored data transfer rate and the collected feedback to achieve a quality of service requirement for the application that reflects the current actual demand of the application, wherein the data transfer threshold is lowered in response to the current actual demand of the application being lower than the initial value and is increased when spare capacity is available in response to the current actual demand of the application being higher than the initial value, and wherein the feedback includes an application programming interface (API) message for indicating that a required performance level has been reached.

US Pat. No. 10,397,120

SERVICE LINK SELECTION CONTROL METHOD AND DEVICE

Huawei Technologies Co., ...

1. A flow classifier, comprising:one or more processors; and
a memory storing program instructions that, when executed by the one or more processors, configure the flow classifier to:
receive a service chain selection control policy from a policy and charging rules function (PCRF) unit, wherein the service chain selection control policy comprises a corresponding relation between an application type and an identifier of a service chain, wherein the service chain selection control policy is associated with policy contextual information and a service chain selection policy, wherein the service chain selection policy is from a cooperation device and comprises a corresponding relation among the policy contextual information, the application type, and the identifier of the service chain, wherein the service chain is a path comprising one or more forwarding devices and a value-added service device, a service flow with the application type needs to pass through the one or more forwarding devices and the value-added service device, and the service flow is from a user matching the policy contextual information; and
determine the service flow with the application type based on the service chain selection control policy.

US Pat. No. 10,397,116

ACCESS CONTROL BASED ON RANGE-MATCHING

Amazon Technologies, Inc....

1. A network device, comprising:a register memory storing indications of a range of values;
a content-addressable memory (CAM) comprising a plurality of portions, each portion comprising one or more access control entries;
memory storing actions to take on network packets;
key assembler circuitry coupled to the register memory and the CAM, the key assembler circuitry configured to:
receive data for a network packet received by the network device, the data including fields;
determine that a value of a first one of the fields is within a first numerical range;
generate a compare key including a first field corresponding to the first numerical range and a second field corresponding to a second numerical range, a first value stored in the first field indicating that the value is within the first numerical range and a second value stored in the second field indicating that the value is not within the second numerical range, the compare key having a pre-determined size; and
provide, to the CAM, the compare key to search for an access control entry in a number of portions of the plurality of portions of the CAM, the number of portions being based on the size of the compare key; and
action control circuitry coupled to the CAM and the memory storing actions, the action control circuitry configured to:
receive, from the CAM, an address of the access control entry found using the compare key;
select, using the access control entry, from the memory, one of the actions to perform on the network packet; and
perform the selected action on the network packet.

US Pat. No. 10,397,115

LONGEST PREFIX MATCHING PROVIDING PACKET PROCESSING AND/OR MEMORY EFFICIENCIES IN PROCESSING OF PACKETS

Cisco Technology, Inc., ...

1. A method, comprising:determining, by a packet switching device, a particular plurality of mask lengths of a particular conforming entry that matches a particular address of a packet via a lookup operation in a mask length data structure, with the mask length data structure including a plurality of stored conforming entries, with each of the plurality of stored conforming entries associated with a corresponding one or more mask lengths for searching an address search space, with the address search space referring to installed prefixes that can match a lookup value, with the plurality of stored conforming entries including the particular conforming entry, and with each mask length in the particular plurality of mask lengths corresponding to a searchable hash table in the address search space;
determining, by the packet switching device, an overall longest matching prefix in the address search space for the particular address, which includes:
for a particular mask length in the particular plurality of mask lengths, performing a hash table lookup operation in said corresponding searchable hash table based on a hash key to identify a particular matching hash table entry storing the hash key and additionally storing one or more indications of corresponding one or more possible matching prefixes that are longer than the particular mask length, with the hash key including the particular address masked to said particular mask length, and
responsive to said indications, matching the particular address against one of said possible matching prefixes to identify the overall longest matching prefix which is a longest matching prefix represented in the particular matching hash table entry; and
processing, by the packet switching device, the particular packet based on processing information associated with the overall longest matching prefix.

US Pat. No. 10,397,114

CLIENT COMMUNICATIONS IN MULTI-TENANT DATA CENTER NETWORKS

Hewlett Packard Enterpris...

1. A method of communication between clients in a multi-tenant data center network, the method comprising:receiving at a source tunnel end-point (TEP) a data packet of a source client for a target client;
determining whether a forwarding table of the source TEP includes a first forwarding table (FT) entry for the target client, the first FT entry indicating that a destination TEP is associated with the target client;
transmitting a first unicast packet with a status indicative of a forwarding table-match in the forwarding table of the source TEP to the destination TEP, in response to the first FT entry for the target client being present in the forwarding table of the source TEP;
updating the first FT entry to indicate a different TEP, responsive to receiving, by the source TEP from the destination TEP in response to the first unicast packet, a response message indicating that the destination TEP has a second FT entry in a forwarding table of the destination TEP, wherein the second FT entry indicates the different TEP is associated with the target client;
transmitting a second unicast packet with a status indicative of a forwarding table-miss in the forwarding table of the source TEP to a plurality of other TEPs, in response to the first FT entry for the target client not being present in the forwarding table of the source TEP.

US Pat. No. 10,397,113

METHOD OF IDENTIFYING INTERNAL DESTINATIONS OF NETWORK PACKETS AND AN APPARATUS THEREOF

Cavium, LLC, Santa Clara...

1. A method of implementing a network chip, comprising:receiving a packet through an ingress chip port of the network chip, wherein the packet enters the network chip from outside the network chip through the ingress chip port;
identifying a unique packet identifier of the packet;
forming a token; and
determining a destination to send the token to based on at least two factors, wherein one of the at least two factors is a network chip port number of the ingress chip port indicating where the packet entered the network chip from outside of the network chip and another one of the factors is the unique packet identifier.

US Pat. No. 10,397,112

INTRA-PLATFORM NETWORKING

Intel Corporation, Santa...

1. A computing device to facilitate communications between local components of the computing device, the computing device comprising:one or more processors; and
one or more memory devices having stored therein a plurality of instructions that, when executed by the one or more processors, cause the computing device to:
intercept, by a platform router of the computing device, a name resolution request from a first local component of the computing device, the name resolution request comprising a hostname of a target destination of a network packet;
resolve, by the platform router, the hostname to obtain a network address assigned to the target destination of the network packet;
transmit, by the platform router, a response to the name resolution request to the first local component, the response comprising the network address assigned to the target destination of the network packet; and
receive, by the platform router, the network packet from the first local component destined for the network address assigned to the target destination of the network packet;
determine, by the platform router, whether the target destination of the network packet comprises a second local component of the computing device as a function of the network address assigned to the target destination of the network packet;
determine, by the platform router, whether the second local component of the computing device supports receipt of the network packet via the platform network in response to a determination that the target destination of the network packet comprises the second local component of the computing device;
translate, by the platform router, the network packet into a message format supported by the second local component in response to a determination that the second local component does not support receipt of the network packet via the platform network; and
transmit, by the platform router and in response to a determination that the target destination of the network packet comprises the second local component of the computing device, (i) the translated network packet to the second local component in the supported message format in response to a determination that the second local component does not support receipt of the network packet via the platform network or (ii) the network packet to the second local component via the platform network without translation in response to a determination that the second local component supports receipt of the network packet via the platform network.

US Pat. No. 10,397,109

ROUTING PACKETS IN OVERLAPPING ADDRESS SPACES

INTERNATIONAL BUSINESS MA...

1. A method comprising:analyzing, at an outbound end of a tunnel from a first data network, a first packet to determine whether the first packet is to be directed to a local target in the first data network or to be sent over the tunnel to a remote target in a second data network, wherein a target address of the first packet is present in both the first data network and the second data network;
changing, responsive to the first packet being directed to the remote target in the second data network, an octet in the target address of the first packet from a first value to a second value, the changing forming a first modified packet;
causing, responsive to storing the second value of the octet, the first modified packet to be sent to the tunnel for delivery to the second data network;
determining a port number associated with the target address;
determining, using an address record, that the port number is used in the second data network; and
concluding that the first packet is directed to the remote target in the second data network.

US Pat. No. 10,397,108

SERVICE FUNCTION CHAINING ACROSS MULTIPLE SUBNETWORKS

Futurewei Technologies, I...

1. A network device, comprising:one or more processors; and
a non-transitory computer readable medium connected to the one or more processor and having stored thereon instructions that, when executed by the one or more processors, cause the network device to:
track ports connected to a virtual switch integration bridge;
add a switch rule to the virtual switch integration bridge;
receive a packet at the virtual switch integration bridge from a service function (SF) that is in a service function chain (SFC) and that is on a first subnetwork;
determine a next SF in the SFC, wherein the next SF is on a second subnetwork;
change at the virtual switch integration bridge, according to the switch rule, a source MAC address of the packet to a MAC address of an interface of a virtual router on the second subnetwork, a destination media access control (MAC) address of the packet to a MAC address of the next SF, and a virtual network identifier (VNI) of the first subnetwork in the packet to a VNI of the second subnetwork, wherein the switch rule is used to instruct the virtual switch integration bridge to change a source MAC address of the packet to a MAC address of an interface of a virtual router on the second subnetwork; and
send the changed packet directly from the virtual switch integration bridge to the next SF.

US Pat. No. 10,397,107

METHOD AND APPARATUS OF ADAPTING AN ASSOCIATION OF PHYSICAL RESOURCES WITH A SUMMARIZED RESOURCE

Telefonaktiebolaget LM Er...

1. A method of adapting an association of physical resources with a plurality of summarized resources corresponding to a virtual topology of a domain in a hierarchical routed network, the method comprising:allocating the physical resources to the plurality of summarized resources in the domain;
monitoring a status of the allocated physical resources within the domain, wherein the monitoring comprises monitoring demand for the allocated physical resources associated with each of the plurality of summarized resources within the domain in the hierarchical routed network; and
redistributing the allocation of physical resources among the plurality of summarized resources in dependence on the monitored demand, wherein the redistributing is performed without allocating previously unallocated physical resources to the plurality of summarized resources.

US Pat. No. 10,397,106

MOBILE CONDITIONS AWARE CONTENT DELIVERY NETWORK

Fastly, Inc., San Franci...

1. A method of operating a communication system, comprising:providing a content delivery network (CDN) having a set of cache nodes (CN) to provide content delivery on behalf of a set of participating content providers, at least one content provider of the set of content providers sourcing content for delivery by the CDN from an origin server;
receiving, by the CDN, a request for content, the request for content coming from a wireless device and requesting content sourced by the origin server;
receiving, by the CDN and from the wireless device, at least one indicator of wireless device conditions related to RF conditions;
determining that the at least one indicator of wireless device conditions indicates an adverse network condition;
determining, at the CDN, that the CDN is not responsible for the adverse network condition; and,
based on the at least one indicator of wireless device conditions, selecting service parameters for delivery of content requested by the wireless device.

US Pat. No. 10,397,105

SYSTEM AND METHOD FOR SCALABLE MULTI-HOMED ROUTING FOR VSWITCH BASED HCA VIRTUALIZATION

ORACLE INTERNATIONAL CORP...

1. A system for supporting multi-homed routing for virtual switch based host channel adapter (HCA) virtualization, comprising:one or more microprocessors; and
a subnet comprising:
one or more switches, the one or more switches comprising at least a leaf switch, wherein each of the one or more switches comprise a plurality of ports;
a plurality of host channel adapters, wherein one or more of the plurality of host channel adapters comprise at least one virtual function, and wherein the plurality of host channel adapters are interconnected via the one or more switches;
a plurality of hypervisors, wherein each of the plurality of hypervisors are associated with at least one host channel adapter of the plurality of host channel adapters that comprise at least one virtual function; and
a plurality of virtual machines, wherein each of the plurality of virtual machines are associated with at least one virtual function;
wherein the plurality of host channel adapters that comprise at least one virtual function is arranged with one or more of a virtual switch with prepopulated local identifiers (LIDs) architecture or a virtual switch with dynamic LID assignment architecture;
wherein at least one of the plurality of host channel adapters that comprise at least one virtual function comprises two virtual switches, wherein the two virtual switches are treated as endpoints of the subnet; and
wherein the subnet is routed via a multi-homed routing mechanism, wherein the multi-homed routing mechanism for the subnet ensures that each of the two virtual switches are routed through independent paths within the subnet such that failure of one of the one or more switches within the subnet does not cause a drop in communication with the at least one of the plurality of host channel adapters.

US Pat. No. 10,397,104

SYSTEM AND METHOD FOR SUPPORTING SMA LEVEL ABSTRACTIONS AT ROUTER PORTS FOR ENABLEMENT OF DATA TRAFFIC IN A HIGH PERFORMANCE COMPUTING ENVIRONMENT

ORACLE INTERNATIONAL CORP...

1. A system for supporting SMA level abstractions at router ports for enablement of data traffic in a high performance computing environment, comprising:one or more microprocessors;
a first subnet, the first subnet comprising
one or more switches of the first subnet, the one or more switches comprising at least a leaf switch, wherein each of the one or more switches comprise a plurality of switch ports,
a plurality of host channel adapters of the first subnet, each host channel adapter comprising at least one host channel adapter port,
a plurality of end nodes of the first subnet, wherein each of the end nodes are associated with at least one host channel adapter of the plurality of host channel adapters, wherein each of the end nodes are associated with a local identifier (LID) of a plurality of local identifiers, and
a subnet manager of the first subnet, the subnet manager running on one of the one or more switches and the plurality of host channel adapters, wherein the subnet manager determines a set of the plurality of the end nodes of the first subnet that are allowed to receive inter-subnet data traffic;
wherein a switch port of the plurality of switch ports on a switch of the one or more switches is configured as a router port;
wherein the switch port configured as the router port is logically connected to a virtual router, wherein the virtual router comprises at least two virtual router ports;
wherein the switch of the one or more switches that comprises the switch port of the plurality of switch ports configured as a router port comprises a data attribute;
wherein the data attribute comprises information about allowed and disallowed end nodes, wherein the data attribute is based upon the determination, by the subnet manager, of the set of the plurality of end nodes of the first subnet that are allowed to receive inter-subnet data traffic; and
wherein the first subnet is interconnected to a second subnet via an intermediate subnet, the intermediate subnet comprising a second virtual router port of the at least two virtual router ports.

US Pat. No. 10,397,102

COMMUNICATION BETWEEN DISTINCT NETWORK DOMAINS

Cisco Technology, Inc., ...

1. A method comprising:enabling, via a controller, routing of packets through all of a plurality of edge network devices connected to the controller by sharing segment information across the plurality of edge network devices, the routing performed via any one of the plurality of edge network devices without reference to any address of any of the packets identifying any of the plurality of edge network devices, the plurality of edge network devices including a first edge network device and a second edge network device;
receiving, at the first edge network device in a first internal network domain, a packet from a first computing device, the packet directed to a second computing device associated with the second edge network device in a second internal network domain;
adding, at the first edge network device, a label to the packet identifying a second border network device located at the border of the second internal network domain and a third network domain located between the first internal network domain and the second internal network domain;
adding, at the first edge network device, another label to the packet identifying a first border network device located at the border of the first internal network domain and the third network domain, the label and the another label forming a label stack or encapsulation of the packet; and
routing the packet to the first border network device.

US Pat. No. 10,397,101

ROUTING METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR MAPPING IDENTIFIERS

SITTING MAN, LLC, Madiso...

1. A non-transitory computer-readable media storing computer instructions that, when executed by one or more processors of a current node configured to be positioned in a network path along which data is capable of being transmitted from a transmitting node to a receiving node in a network, cause the current node to:receive, from a previous node in the network path along which the data is capable of being transmitted from the transmitting node to the receiving node in the network, network path information that is in a header of a packet that is specified according to at least one aspect of a Multiprotocol Label Switching (MPLS) network protocol, the network path information in the header of the packet being for use by the current node in transmitting the data along the network path from the transmitting node to the receiving node in the network, where the network path information in the header of the packet is received based on an identifier in an identifier space that spans within the previous node, and the identifier identifies a particular network interface, a particular node, or a particular region, where the identifier includes a sequence of identifiers, and a last identifier of the sequence, that is preceded by any other one or more identifiers in the sequence, is configured for use in identifying a scope-specific identifier that is in an identifier space specific to another node and that identifies, for the another node: the particular network interface, the particular node, or the particular region;
perform an operation using the network information to identify, as a current identifier, another identifier in another identifier space that spans within the current node, where the another identifier identifies the particular network interface, the particular node, or the particular region; and
transmit, based on the another identifier in the another identifier space that is identified as the current identifier, the data from the current node along the network path.

US Pat. No. 10,397,099

SPANNING TREE PROTOCOL ENABLED N-NODE LINK AGGREGATION SYSTEM

Dell Products L.P., Roun...

1. A spanning tree enabled n-node link aggregation system, comprising:a networking device;
a plurality of link aggregation node devices, wherein a spanning tree protocol runs on each of the plurality of link aggregation node devices, and wherein the plurality of link aggregation node devices include:
a first link aggregation node device that is coupled to the networking device by at least one first link that is part of a Link Aggregation Group (LAG), wherein the first link aggregation node device has been designated as a root bridge via the spanning tree protocol; and
a second link aggregation node device that is coupled to the networking device by at least one second link that is part of the LAG;
a plurality of Inter-Chassis Links (ICLs) coupled to the second link aggregation node device; and
an enhanced spanning tree protocol engine running on the each of the plurality of link aggregation node devices, wherein the enhanced spanning tree protocol engine is configured to:
determine that a first port that is part of one of the plurality of CLs has been designated as a first root port via the spanning tree protocol;
determine that a second port that is part of one of the plurality of ICLs has been designated as an alternate port via the spanning tree protocol; and
redesignate, in response to the first port being part of one of the plurality of ICLs and designated as the first root port and the second port being part of one of the plurality of ICLs and designated as the alternate port, the second port as a second root port, wherein the redesignating the second port as the second root port prevents blocking of the plurality of ICLs via the spanning tree protocol.

US Pat. No. 10,397,098

ESTABLISHING INSTANCE IN SOFTWARE DEFINED NETWORK

Hewlett Packard Enterpris...

1. A method for establishing an instance in a software defined network (SDN), comprising:respectively configuring an instance identification (ID) of an SDN instance for a control device, a first switch device and a second switch device;
receiving, by the control device, a message from the first switch device within an SDN instance managed by the control device, and establishing a connection channel with the first switch device, wherein the message is to inform the control device of attribute information of the first switch device;
transmitting, by the control device, a first link layer discovery protocol (LLDP) packet to the first switch device, when the connection channel is established;
obtaining, by the control device, a topology structure of the SDN corresponding to the SDN instance, based on a second LLDP packet received by the control device, and calculating flow paths based on the obtained topology structure; and
configuring and storing, by the control device, the instance ID of the SDN instance managed, an internet protocol (IP) address and a port number of a managed switch device within the SDN instance, and informing the switch device of the instance ID of the SDN instance, the port number of the managed switch device within the SDN instance, based on the IP address of the switch device.

US Pat. No. 10,397,097

WEIGHTED NEXT HOP SELECTION AT A ROUTER USING AN EQUAL COST MULTIPATH PROCESS

Futurewei Technologies, I...

1. A router, comprising:a non-transitory memory storage comprising instructions and a routing table; and
one or more processors in communication with the memory, wherein the one or more processors execute the instructions to:
receive a packet comprising an IP address prefix;
access the routing table, the routing table identifying a plurality of next hops connected to the router, the routing table comprising a plurality of rows, each row cross referencing an IP address prefix to a binary weight for each next hop of the plurality of next hops indicating whether the next hop is selected or unselected for use with the cross referenced IP address prefix;
identify a row of the plurality of rows comprising the IP address prefix of the packet;
based on binary weights in the row, identify next hops selected for the IP address prefix of the packet, the next hops selected for the IP address prefix of the packet comprising a subset of the plurality of next hops;
selecting a next hop of the subset as a selected next hop based on an equal cost multiple path process, wherein at least two next hops in the subset are selected with different aggregate weights over a time period which involves multiple next hop selections; and
transmit the packet via the selected next hop.

US Pat. No. 10,397,096

PATH RESOLUTION IN INFINIBAND AND ROCE NETWORKS

International Business Ma...

1. A method, in processing system comprising least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a path query cache, the method comprising:responsive to receiving a path query from a process executing in the data processing system, performing a lookup of the path query in the path query cache, wherein the path query identifies a source port and a destination address, wherein the path query cache stores a plurality of entries, each entry comprising a source port, a destination address, source and destination global identifiers, and a good/bad flag indicating whether a path associated with the entry is available or not available;
responsive to the path query cache determining the path query matches a valid entry in the plurality of entries, returning a result to the process, wherein the result comprises the source and destination global identifiers and the good/bad flag from the valid entry; and
responsive to the path query cache determining the path does not match any entry in the plurality of entries, creating a new entry in the path query cache for the path query, sending the path query to the destination address, and adding an identifier of the process to a requester list in the new entry.

US Pat. No. 10,397,095

DETECTING AND MITIGATING LOOPS

Cisco Technology, Inc., ...

1. A method comprising:determining, by a first edge device, that a duplicate host exists on a network between the first edge device and a second edge device;
detecting, by the first edge device in response to determining that the duplicate host exists on the network between the first edge device and a second edge device, a loop, wherein detecting the loop comprises,
sending a message on a plurality of access-side ports of the first edge device, and
receiving, in response to sending the message on the plurality of access-side ports of the first edge device, a response on a first access-side port of the plurality of access-side ports of the first edge device; and
mitigating, by the first edge device, the detected loop in response to receiving the response.

US Pat. No. 10,397,094

MULTICAST ROUTING SYSTEM AND METHOD

BRITISH TELECOMMUNICATION...

1. A method of managing routing paths in a content delivery network, the method comprising:determining a performance cost for a first routing path, the first routing path comprising a shortest path from a host to a rendezvous point or source for a multicast transmission;
determining a performance cost for a second routing path, the second routing path comprising a path from the host to a closest router in an existing multicast transmission tree;
selecting the routing path with a lowest performance cost for joining the multicast transmission; and
delivering content using the selected routing path; wherein:
the performance cost for the first routing path comprises a unicast link cost of the first routing path and a predicted performance cost for the first routing path modified by a first relative weighting factor;
the performance cost for the second routing path comprises a unicast link cost of the second routing path and a predicted performance cost for the second routing path modified by a second relative weighting factor;
the predicted performance cost for each of the first and second routing paths are derived from one or more transmission parameters; and
the routing path with the lowest performance cost is selected by the host for joining the multicast transmission.

US Pat. No. 10,397,093

METHOD FOR ACQUIRING CROSS-DOMAIN SEPARATION PATHS, PATH COMPUTATION ELEMENT AND RELATED STORAGE MEDIUM

ZTE Corporation, Shenzhe...

6. A path computation element, comprising a memory storing instructions and a processor which is arranged to execute the instructions in the memory to:when a cross-domain separation path computation request of a node is received, transmit the cross-domain separation path computation request;
determine a type of an intra-domain path computation request received by itself;
acquire at least one pair of intra-domain paths in a domain administered by itself according to the type and domain boundary nodes carried in the intra-domain path computation request, and transmit the acquired intra-domain paths; and
receive a cross-domain separation path computation result for the cross-domain separation path computation request and transmit the received cross-domain separation path computation result to the node;
wherein,
the processor is arranged to:
when the path computation element is located in a head domain, and when determining that a type of an intra-domain path computation request received by itself is an associated path computation request, compute intra-domain paths in the head domain for each associated path computation request according to an egress boundary node of the head domain carried in the associated path computation request using a preset simultaneous disjoint path algorithm;
when the path computation element is located in a tail domain, and when determining that a type of a received intra-domain path computation request is an associated path computation request, compute intra-domain paths in the tail domain for each associated path computation request according to an ingress boundary node of the tail domain carried in the associated path computation request using the preset simultaneous disjoint path algorithm; and
when the path computation element is located in an intermediate domain and when determining that a type of a received intra-domain path computation request comprises an associated path computation request and a non-associated path computation request, for the associated path computation request, compute disjoint working path and protection path corresponding to the working path in the intermediate domain for each association request according to ingress and egress boundary nodes of the intermediate domain carried in the associated path computation request using the preset simultaneous disjoint path algorithm, and aggregate the working path and the protection path as the intra-domain paths and for the non-associated path computation request, compute a single path in the intermediate domain according to ingress and egress boundary nodes of the intermediate domain carried in the non-association request using a preset shortest path algorithm and/or a K-optimal path algorithm, and use the single path as the intra-domain path.

US Pat. No. 10,397,092

REDUCING FLOODING OF ROUTE UPDATES OF A DYNAMIC ROUTING PROTOCOL

Hewlett Packard Enterpris...

1. A method for reducing flooding of route updates of a dynamic routing protocol, comprising:determining, at a router in a network using the dynamic routing protocol, a number of route updates received by the router from each neighbor router of the router;
classifying each neighbor router into one of a plurality of groups of neighbor routers in such a manner that the number of route updates originating from each group of neighbor routers is approximately same;
determining a first route update interval for each group of neighbor routers for sending a respective first set of future route updates therefrom to the router; and
notifying the respective first route update interval for sending the respective first set of future route updates to respective member routers of each group of neighbor routers.

US Pat. No. 10,397,091

OPTICAL SAFETY AND CONNECTIONS DISCOVERY

Cisco Technology, Inc., ...

1. A method comprising:at a first optical node of an optical communications system:
during a signal initialization phase, receiving a first optical pattern including a prefix indicating a beginning of a signal, a first word, and a first working signal for verifying stability of a connection between the first optical node and a second optical node of the optical communications system;
in response to the receiving, transmitting a second optical pattern including the prefix, a second word different from the first word, and the first working signal;
after transmitting the second optical pattern, receiving a third optical pattern including the prefix, the first word, and a second working signal for verifying stability of the connection between the first optical node and the second optical node;
determining if a duration of the second working signal is greater than a duration of the first working signal plus a predetermined time; and
based on determining that the duration of the second working signal is greater than the duration of the first working signal plus the predetermined time, determining that the second optical node is an adjacent node of the first optical node.

US Pat. No. 10,397,090

SYSTEM AND METHOD TO IMPLEMENT A WIRELESS SNIFFER IN NETWORKS USING A DEDICATED SNIFFER NETWORK

Intel IP Corporation, Sa...

1. An apparatus of a wireless network device, the apparatus comprising:memory;
a clock;
processing circuitry, configured to:
implement a first network control protocol (NCP) MAC layer of the apparatus configured to handle MAC layer communications of the first NCP; and
sniffer edge circuitry configured to:
communicate with the first NCP MAC layer and a second NCP MAC layer of the apparatus, to capture events related to second NCP communications;
communicate the captured events over a dedicated sniffer network including at least two sniffer edge apparatuses and a sniffer concentrator, wherein packet contents communicated between the second NCP MAC layer and the second NCP stack are secure from the sniffer edge circuitry;
receive a distributed common time reference from the sniffer concentrator during an initialization of the sniffer edge circuitry, the distributed common time reference provided to each of the at least two sniffer edge apparatuses;
synchronize the clock to the common time reference; and
timestamp the captured events using the synchronized clock to enable synchronization of the captured events by the sniffer concentrator.

US Pat. No. 10,397,089

METHOD AND APPARATUS FOR USING VIRTUAL PROBE POINTS FOR ROUTING OR NAVIGATION PURPOSES

HERE Global B.V., Eindho...

1. A navigation system comprising at least one processor and at least one memory including computer program instructions, the at least one memory and the computer program instructions, with the at least one processor, causing the navigation system at least to:receive virtual probe data from a plurality of sources, wherein the virtual probe data comprises a plurality of virtual probe points at different respective locations, wherein, for a virtual probe point, the virtual probe data comprises a hashed identifier of a vehicle and a location of the vehicle, wherein the hashed identifiers of the virtual probe data that is received have been subjected to a same hash function by each of the plurality of sources, and wherein the plurality of sources comprise a plurality of data collection devices carried by vehicles that are different than the vehicle to which the virtual probe data relates; and
analyze the hashed identifiers of the virtual probe points provided by different sources to identify a same vehicle at different locations at different times and, based on identification of the same vehicle at different locations at different times, to estimate traffic conditions.

US Pat. No. 10,397,088

FLEXIBLE ETHERNET OPERATIONS, ADMINISTRATION, AND MAINTENANCE SYSTEMS AND METHODS

Ciena Corporation, Hanov...

1. A node configured to support a Flexible Ethernet (FlexE) client service in a network, the node comprising:circuitry configured to interface a FlexE client; and
circuitry configured to monitor and update one or more Operations, Administration, and Maintenance (OAM) fields associated with the FlexE client, wherein the one or more OAM fields comprise a monitoring field that covers 64b/66b codes for a path of the FlexE client,
wherein the one or more OAM fields have a different “O” code from standard Local Fault and Remote Fault information for an associated FlexE group/PHY.

US Pat. No. 10,397,087

STATUS MONITORING SYSTEM AND METHOD

EMC IP Holding Company LL...

1. A computer-implemented method, executed on a computing system, comprising:establishing a data communication channel between a first virtual storage appliance and a second virtual storage appliance within a storage system, wherein the data communication channel includes a network-based data communication path;
establishing a heartbeat communication channel between the first virtual storage appliance and the second virtual storage appliance within the storage system, wherein the heartbeat communication channel includes a network-based heartbeat communication path;
coupling a tie breaker node to the network-based heartbeat communication path to monitor one or more heartbeat signals present on the network-based heartbeat communication path;
sensing a failure of the network-based data communication path; and
determining a level of communication between the first virtual storage appliance, the second virtual storage appliance, and the tie breaker node, wherein, in response to the level of communication, determining whether the first virtual storage appliance or the second virtual storage appliance is partitioned with respect to each other and the tie breaker node.

US Pat. No. 10,397,086

JUST-IN-TIME IDENTIFICATION OF SLOW DRAIN DEVICES IN A FIBRE CHANNEL NETWORK

CISCO TECHNOLOGY, INC., ...

1. A method comprising:periodically polling a first plurality of interface counters associated with an edge port and a first Inter-Switch Link (“ISL”) port of a first fibre channel (“FC”) switch, the edge port connected to a target device;
periodically polling a second plurality of interface counters associated with a second ISL port of a second FC switch, the first ISL port and the second ISL port connected via an ISL;
determining, based on the polling of the first plurality of interface counters and the second plurality of interface counters, whether a first condition has been met, the first condition including that the edge port has experienced buffer exhaustion at least once and has been waiting for a ready signal from the target device for at least a first predetermined time period;
if it is determined that the first condition has been met, determining whether a second condition has been met, the second condition including that at least a first percentage of data frames received over the ISL is being buffered at the first FC switch and that at least a second percentage of data frames buffered at the first FC switch is directed toward the edge port;
if it is determined that the second condition has been met, determining whether a third condition has been met, the third condition including that the second ISL port of the second FC switch has experienced buffer exhaustion at least once; and
if it is determined that the first condition, the second condition, and the third condition have been met a first predetermined number of times, characterizing the edge port as a level 1 slow drain port.

US Pat. No. 10,397,085

OFFLOADING HEARTBEAT RESPONSES MESSAGE PROCESSING TO A KERNEL OF A NETWORK DEVICE

Juniper Networks, Inc., ...

1. In a network having a plurality of network devices, including a first network device, wherein the first network device includes a memory having a health check data structure, the health check data structure including a heartbeat response message field for each respective network device of the plurality of network devices, a method comprising:receiving, by the first network device, heartbeat response messages from two or more of the plurality of network devices, wherein each heartbeat response message respectively corresponds to one network device of the plurality of network devices;
processing the received heartbeat response messages in a kernel space of the first network device, wherein processing includes:
generating a hash value for each heartbeat response message received, each hash value based on identification information in the respective heartbeat response message, the identification information identifying the network device that sent the respective heartbeat response message; and
determining, for each of the plurality of heartbeat response messages and based at least in part on the corresponding hash value generated for the heartbeat response message, an index value, each index value associated with the network device that sent the respective heartbeat response message;
updating the health check data structure at the heartbeat response message fields indicated by the index values to indicate that heartbeat response messages were received from the network devices; and
processing, in a user space of the first network device, information received from at least one of the heartbeat response message fields of the health check data structure to obtain health status associated with one or more of the plurality of network devices.

US Pat. No. 10,397,084

TRANSMISSION DEVICE AND SETTING METHOD

FUJITSU LIMITED, Kawasak...

1. A Discrete Multi-Tone (DMT) transmission device that connects a plurality of DMT transmission devices by a ring network of a one way direction communication, the transmission device comprising a processor, wherein the processor executes a process comprising:generating a DMT test signal;
transmitting the generated DMT test signal to a first DMT transmission device provided immediately downstream in the ring network;
determining whether a transmission characteristic of the DMT transmission device on the basis of the DMT test signal measured by the first DMT transmission device is acquired from a second DMT transmission device provided immediately upstream by rounding the ring network in the one way direction communication;
setting, on the basis of the acquired transmission characteristic when the transmission characteristic of the DMT transmission device is acquired, a control level related to the transmitting;
measuring, when the DMT test signal is received from the DMT second transmission device, the transmission characteristic on the basis of the DMT test signal; and
attaching, to the measured transmission characteristic, identification information of identifying one DMT transmission device that sends out the DMT test signal, wherein the transmitting includes transmitting the transmission characteristic to which the identification information is attached to the first DMT transmission device in order to send, by rounding the ring network in the one way direction communication, the transmission characteristic to the one DMT transmission device that sent out the DMT test signal.

US Pat. No. 10,397,083

TERMINAL DEVICE IDENTIFICATION SYSTEMS, METHODS, AND PROGRAMS

YAHOO JAPAN CORPORATION, ...

1. A terminal device comprising:a memory including a first memory region storing terminal identification that identifies the terminal device, and a second memory region;
an application that is unable to access the second memory region; and
a browser, which is different than the application, that is unable to access the first memory region, wherein:
the application includes an application processor programmed to:
access the first memory region and acquire the terminal identification that identifies the terminal device, and
provide the browser that is instructed by the application to perform a predetermined process with the terminal identification that identifies the terminal device and that is acquired by the application,
the browser includes a browser processor programmed to:
generate cookie information that is associated with a predetermined server device identified by the application, and
send the terminal identification provided by the application and the generated cookie information that is associated with the predetermined server device to the identified predetermined server device, and
the terminal identification is stored in the first memory region, which is inaccessible by the browser, and the cookie information is stored in the second memory region, which is inaccessible by the application.

US Pat. No. 10,397,082

INTERNET INFRASTRUCTURE MEASUREMENT METHOD AND SYSTEM ADAPTED TO SESSION VOLUME

Citrix Systems, Inc., Fo...

1. A method of taking internet infrastructure performance measurements during an internet session, the method variably adapted to session volume in served areas, and comprising:by one or more processors:
determining, for a requesting location of a web client, an average number of the internet infrastructure performance measurements to be taken per session (“MPS”), the average number of the MPS comprising an integer part and a non-zero fractional part;
wherein the internet infrastructure performance measurements are time delays measured by executing a survey code running as part of the internet session and each of the internet infrastructure performance measurements comprises:
sending a network transmission comprising a resource request;
receiving a corresponding response from a target resource hosted by a particular infrastructure; and
obtaining the corresponding measured time delay from the received response; and
wherein the internet session includes delivery of the survey code from a host web based content to a web client;
using the integer part as a base number of the infrastructure performance measurements to take during the internet session;
based on the determining, modifying the survey code to reflect the requesting location;
comparing the fractional part to a random or pseudo random sample value and further determining whether to satisfy the fractional part by taking an additional one of the internet infrastructure performance measurements during the internet session; and
causing the base number of the internet infrastructure performance measurements plus, in at least one case, the additional one internet infrastructure performance measurement, to be taken during the session.

US Pat. No. 10,397,080

SECURE WIRELESS NETWORK USING RADIOMETRIC SIGNATURES

Wisconsin Alumni Research...

1. A radio frequency (RF) transceiver for securely communicating network data, the RF transceiver comprising:an analog radio section configured to receive a radio signal from an antenna, the analog radio section having a phase demodulation circuit configured to demodulate the radio signal to produce analog in-phase (I) and quadrature-phase (Q) signals;
a monitor circuit configured to produce digital radiometric data from the analog I and Q signals, the digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error;
an Analog to Digital Converter (ADC) configured to convert the analog I and Q signals to digital I and Q signals;
a digital radio section configured to receive the digital I and Q signals from the ADC, the digital radio section having a decoder configured to match phases of the digital I and Q signals to symbols for decoding network data; and
a processor executing a program stored in a non-transient medium operable to:
receive each of digital radiometric data comprising an error and network data originating from a device;
compare the digital radiometric data comprising the error to a plurality of radiometric templates corresponding to transceivers of a plurality of devices, each radiometric template comprising digital radiometric data characterizing a modulation parameter of a transceiver of a device, wherein the modulation parameter provides a measure of a difference between ideal and measured values determined with respect to a constellation producing an error, wherein the comparison provides a measure of difference between the error of the device and errors of the templates;
authenticate the device when the digital radiometric data matches a radiometric template of the plurality of radiometric templates as determined by the comparison to within a predetermined threshold;
generate an output indicating a possible security violation when the digital radiometric data fails to match a radiometric template of the plurality of radiometric templates as determined by the comparison to within the predetermined threshold.

US Pat. No. 10,397,078

COMMUNICATING HEALTH STATUS WHEN A MANAGEMENT CONSOLE IS UNAVAILABLE FOR A SERVER IN A MIRROR STORAGE ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A computer program product for monitoring health status of components in a mirror copy storage environment mirroring data between a first storage, managed by a first server, and a second storage, managed by a second server, over a mirroring network, wherein a management console is connected to the first server over a console network, the computer program product comprising a computer readable storage medium having computer readable program code embodied therein that is executable to perform operations, the operations comprising:determining, by the first server, that the management console is unavailable over the console network;
determining, by the first server, a health status at the first server and the first storage in response to determining that the management console cannot be reached over the console network, wherein the health status indicates whether there are errors or no errors at the first server and the first storage; and
transmitting, by the first server, the health status to the second server over the mirroring network, wherein the health status is forwarded to an administrator.

US Pat. No. 10,397,076

PREDICTING HARDWARE FAILURES IN A SERVER

International Business Ma...

1. A method for estimating a remaining life expectancy value for hardware components used in a computing system, the method comprising:detecting a hot reboot of the computing system affecting a life expectancy of a first hardware component during an operation of the computing system;
determining a set of hardware components in the computing system including the first hardware component and a second hardware component, each hardware component of the set of hardware components having a corresponding current life expectancy value affected by the hot reboot;
adjusting the corresponding current life expectancy value of each hardware component in the set of hardware components to a remaining life expectancy value based on a predicted impact of the hot reboot on the life expectancy of each hardware component;
generating a health report for a first hardware component in the set of hardware components, and
determining an allocation of a workload within the computing system according to the remaining life expectancy values of the set of hardware components;
wherein:
at least the determining and adjusting steps are performed by computer software running on computer hardware.

US Pat. No. 10,397,075

NETWORK-TRAFFIC-ANALYSIS-BASED SUGGESTION GENERATION

Facebook, Inc., Menlo Pa...

1. A method comprising:by one or more computer servers, aggregating raw local area network (LAN) traffic data received from one or more listening nodes in one or more LANs, the aggregated LAN traffic data comprising a plurality of entries, each entry comprising at least a MAC address for a networked client device;
by the computer servers, associating a social networking user identifier with each unique MAC address in the aggregated LAN traffic data;
by the computer servers, processing the aggregated LAN traffic data to identify a pattern in relation to a subset of the entries;
by the computer servers, qualifying the identified pattern;
by the computer servers, generating, in response to qualifying the identified pattern, a set of suggestions based on the identified pattern, wherein each suggestion comprises a prompt for a first networked client device to connect with a second networked client device over an online social network, wherein the first networked client device is associated with a first MAC address corresponding to a first one of the plurality of entries, and wherein the second networked client device is associated with a second MAC address corresponding to a second one of the plurality of entries; and
by the computer servers, sending one or more of the generated suggestions to the first networked client device.

US Pat. No. 10,397,074

PROVIDING MESSAGE FLOW ANALYSIS FOR AN ENTERPRISE SERVICE BUS

Red Hat, Inc., Raleigh, ...

1. A method comprising:identifying, by a processing device of a first node of a plurality of interconnected nodes of an enterprise service bus (ESB) system, messages exchanged in the ESB system in a time interval;
examining, by the processing device, message flow of the messages between the plurality of interconnected nodes;
recording, via application of a wedge function to the messages by the processing device:
a first number of the messages exchanged with a client node of the plurality of interconnected nodes; and
a second number of the messages exchanged with a service node of the plurality of interconnected nodes, wherein the wedge function calculates a rate of the message flow during the time interval;
storing, by the processing device in a database stored in memory of the first node, the first number of the messages in relation to a first indicator indicative of the client node and the second number of the messages in relation to a second indicator indicative of the service node;
identifying, by the processing device, a route for the messages in view of a rule applied to content of respective ones of the messages;
routing, by the processing device, each of the messages to the client node or the service node in view of the route;
generating, by the processing device via a graphical user interface, a graph object that translates:
the first number of the messages and the first indicator into a first relational graph illustrative of first quantifiable message flow between the client node and the first node of the plurality of interconnected nodes; and
the second number of the messages and the second indicator into a second relational graph illustrative of second quantifiable message flow between the first node and the service node of the plurality of interconnected nodes; and
delivering, by the processing device, the graph object to a computing device representative of the client node for display in a display device of the computing device.

US Pat. No. 10,397,073

SUPPORTING PROGRAMMABILITY FOR ARBITRARY EVENTS IN A SOFTWARE DEFINED NETWORKING ENVIRONMENT

Cisco Technology, Inc., ...

1. A network device on which network events are processed in a software-defined networking (SDN)-enabled network, the network device comprising:one or more computer processors;
a traffic management component comprising forwarding logic and a network control plane of a shared network infrastructure;
an event monitor component; and
a memory storing a container, independent from the traffic management component and the event monitor component, the container providing an execution space on the network device for hosting a first custom SDN application of a user of the network device;
wherein the event monitor component, when executed by the one or more computer processors, performs an operation comprising:
identifying a definition for a custom network event that is defined by the user of the network device, wherein the definition specifies: (i) an identifier of the custom network event; (ii) an event type of the custom network event; and (iii) one or more functions to execute in the execution space of the container in response to occurrences of the custom network event; wherein the custom network event comprises a compound of distinct network events;
registering a callback function of the first custom SDN application, whereby the first custom SDN application is notified of occurrences of the custom network event;
upon detecting an occurrence of the custom network event, invoking the registered callback function of the first custom SDN application, whereupon the first custom SDN application is configured to cause execution of the one or more functions specified in the definition of the custom network event, wherein invoking the registered callback function includes transmitting the identifier and event type of the custom network event to the first custom SDN application, wherein the network device comprises a first network device; and
propagating the custom network event from the first custom SDN application to a second custom SDN application in an absence of any registered callback function of the second custom SDN application, by publishing the custom network event via the network control plane of the shared network infrastructure to a second network device executing the second custom SDN application;
wherein the first network device is one of a switch and a router.

US Pat. No. 10,397,070

ROUTING SERVICE CALL MESSAGES

AMERICAN EXPRESS TRAVEL R...

1. A computer-based method comprising:receiving, by a computer and via a first application protocol interface (API), a request for routing a service call message;
routing, by the computer and through a second API, the service call message to a service provider based on routing attributes of the service call message;
receiving, by the computer and through the second API, a response to the routed service call message;
tagging, by the computer, the response to the routed service call message with tags having data indicating privileges of the service provider to deliver services to a service consumer;
scrubbing, by the computer, the tags of the response to the routed service call message;
routing, by the computer and through the first API, the response to the routed service call message to the service consumer based on response attributes of the response to the routed service call message; and
auditing, by the computer, an efficiency of the routing of the service call message and the routing of the response.

US Pat. No. 10,397,069

SELF-ADAPTIVE SERVICE MANAGEMENT METHOD AND SYSTEM THEREOF

1. A self-adaptive service management method, comprising:sending, by a target autonomous management agent (AMA) server based on pre-stored address information of at least one autonomous management framework (AMF) server, first detection information to the at least one AMF server;
receiving, by the at least one AMF server, the first detection information sent by the target AMA server, and returning, by the at least one AMF server, first detection response corresponding to the first detection information to the target AMA server;
receiving, by the target AMA server, the first detection response returned by the at least one AMF server, selecting, by the target AMA server, a target AMF server from the at least one AMF server, and sending, by the target AMA server, a join request to the target AMF server;
receiving, by the target AMF server, the join request sent by the target AMA server, and adding, by the target AMF server, the target AMA server to a network node corresponding to the target AMF server; and
for each AMF server in the at least one AMF server, calculating, by the target AMA server, a difference in time between a moment that the first detection information is sent to the AMF server and a moment that the first detection response returned by the AMF server is received, wherein selecting the target AMF server comprises:
selecting an AMF server with a minimum time difference as the target AMF server.

US Pat. No. 10,397,067

DETERMINING QUALITY OF EXPERIENCE FOR COMMUNICATION SESSIONS

International Business Ma...

13. A computing system comprising:a processor and a memory module coupled with the processor, the processor being configured for:
determining a plurality of intrusive quality of experience scores associated with a plurality of intrusive audio transmission samples from a communication session;
determining a plurality of non-intrusive quality of experience scores associated with a plurality of non-intrusive audio transmission samples, wherein each non-intrusive audio transmission sample of the plurality of non-intrusive audio transmission samples is obtained at a same time frame during the communication session as a corresponding intrusive audio transmission sample of the plurality of intrusive audio transmission samples, wherein the plurality of non-intrusive quality of experience scores are determined during one or more separate communication sessions; and
deriving a quality of experience coefficient based upon a relationship between the plurality of intrusive quality of experience scores and the plurality of non-intrusive quality of experience scores, wherein the derived quality of experience coefficient is a codec specific coefficient corresponding to a codec utilized for conducting the communication session, wherein the plurality of intrusive quality of experience scores is determined for a respective plurality of different network conditions, wherein the different network conditions includes at least one of a different packet loss rate, a different jitter, and a different delay, wherein the different packet loss rate is up to 40% in increments of 0.5%.

US Pat. No. 10,397,066

CONTENT FILTERING FOR INFORMATION CENTRIC NETWORKS

Telefonaktiebolaget LM Er...

1. A method for marking classifications of content objects at a content marking node in a content centric networking (CCN) network, where the content marking node has a network interface with a network that is separately administered from the CCN network, the method comprising:receiving a content object on the network interface, the content object not including a category field;
checking whether the content object is authentic and there is a pending interest for the content object in a pending interest table;
discarding the content object in response to the check of the content object indicating that the content object is not authentic;
discarding the content object in response to the check of the content object indicating that there is not a pending interest for the content object;
sending a request to a content marking service to obtain categories for the content object using a name of the content object, in response to the pending interest in the pending interest table;
receiving a response from the content marking service with the categories for the content object;
adding the category field to the content object, the category field including the categories received from the content marking service; and
forwarding the content object with the category field on the network interface, in response to the pending interest for the content object.

US Pat. No. 10,397,065

SYSTEMS AND METHODS FOR CHARACTERIZATION OF TRANSIENT NETWORK CONDITIONS IN WIRELESS LOCAL AREA NETWORKS

General Electric Company,...

1. A method for real-time monitoring and characterization of network conditions experienced by a client device coupled to a wireless local area network via an uplink and a downlink to at least one access point of the wireless local area network, the method comprising:receiving at least one primary performance parameter corresponding to the wireless local area network for at least one operating interval of the client device uplink to the at least one access point of the wireless local area network;
computing at least one derived performance parameter based on the at least one primary performance parameter;
analyzing one or more trends of the at least one primary performance parameter and the at least one derived performance parameter to identify occurrence of at least one problem signature representative of a known network error condition experienced by the client device;
defining a situational awareness state characterizing the network conditions experienced by the client device based on the at least one problem signature;
identifying occurrence of at least one transient fault condition in the wireless local area network based on the situational awareness state by determining performance degradation of previously connected access points connected to the client device; and
modifying settings of at least one of the access point and the client device of wireless local area network based on the performance degradation of the previously connected access points.

US Pat. No. 10,397,063

DISCOVERING LINKS BETWEEN OPERATING DOMAINS IN A COMMUNICATION NETWORK

Telefonaktiebolaget LM Er...

3. A method of automatically discovering links between a first node of a first operating domain and a second node of a second operating domain of a communication network, the method performed in a control node and the method comprising:sending a trigger message to the first node, the trigger message instructing the first node to send an in-band control message to the second node over a link, and comprising a first flag indicating to the first node whether the trigger message applies to all border interfaces on the first node, or to selected border interfaces on the first node;
if the link between the first and second nodes has not failed, receiving a link message from the second node, the link message comprising:
information about the first node and a first interface used by the first node for sending the in-band control message to the second node; and
information about a second interface used by the second node for receiving the in-band control message;
if the link between the first and second nodes has failed, receiving a modified link message from the second node, the modified link message comprising:
the information about the first node and the first interface used by the first node for sending the in-band control message to the second node;
the information about the second interface used by the second node for receiving the in-band control message; and
a second flag set to indicate that the link between the first and second nodes has failed; and
wherein the trigger message is a different message than the in-band control message.

US Pat. No. 10,397,062

CROSS LAYER SIGNALING FOR NETWORK RESOURCE SCALING

RED HAT, INC., Raleigh, ...

1. A system comprising:a load balancer associated with a first service, the load balancer including a service traffic monitor associated with the first service;
a network switch including a network bandwidth monitor, wherein the network switch includes a latency setting associated with the first service;
a plurality of containers executing a plurality of instances of the first service including a first container executing the first service, wherein the first container is associated with a bandwidth setting;
a policy engine in communication with the service traffic monitor and the network bandwidth monitor; and
one or more processors executing to:
determine, by the network bandwidth monitor, a first bandwidth usage rate of the first service over a first time period and a second bandwidth usage rate of the first service over a second time period starting after a start of the first time period;
determine, by the service traffic monitor, a first request rate of the first service over a third time period overlapping with the first time period and a second request rate of the first service over a fourth time period overlapping with the second time period;
calculate, by the policy engine, a first ratio of the first bandwidth usage rate to the first request rate and a second ratio of the second bandwidth usage rate to the second request rate;
determine, by the policy engine, that the second ratio is less than or greater than the first ratio;
responsive to determining that the second ratio is less than the first ratio, increase the latency setting; and
responsive to determining that the second ratio is greater than the first ratio, increase the bandwidth setting.

US Pat. No. 10,397,061

LINK BANDWIDTH ADJUSTMENT FOR BORDER GATEWAY PROTOCOL

Juniper Networks, Inc., ...

1. A device, comprising:one or more memories; and
one or more processors, communicatively coupled to the one or more memories, to:
identify a first bandwidth of a first link and a second bandwidth of a second link,
the first link and the second link comprising a first plurality of interfaces and a second plurality of interfaces, respectively, and
the one or more processors, when identifying the first bandwidth and the second bandwidth, are to:
determine, based on a routing table, a first sum of bandwidths of the first plurality of interfaces as the first bandwidth; and
determine, based on the routing table, a second sum of bandwidths of the second plurality of interfaces as the second bandwidth;
store a first link bandwidth extended community value identifying the first bandwidth and a second link bandwidth extended community value identifying the second bandwidth,
the first link bandwidth extended community value and the second link bandwidth extended community value being defined by a border gateway protocol;
determine that the first bandwidth has increased or decreased based on information received from a kernel of the device;
store a modified first link bandwidth extended community value identifying the first bandwidth as increased or decreased; and
perform load balancing of network traffic on the first link and the second link based on the modified first link bandwidth extended community value and the second link bandwidth extended community value.

US Pat. No. 10,397,060

IDENTITY-BASED POLICY IMPLEMENTATION IN NETWORK ADDRESS TRANSLATION (NAT) ENVIRONMENTS

Cisco Technology, Inc., ...

1. A method comprising:at a policy server, receiving a first message from a network element connected to a client device, wherein the first message requests an identity-based policy for network communications of the client device, and wherein the first message includes a first network address;
receiving a second message from an identity server, wherein the second message includes information indicating an identity role and a second network address;
receiving a third message from a network address translation (NAT) device, the third message including a NAT mapping that correlates the first network address with the second network address, wherein the NAT device translates the first network address to the second network address in an authentication session between the client device and the identity server;
determining the identity-based policy based on a combination of the first message, the second message, and the third message; and
implementing the identity-based policy in the network element.

US Pat. No. 10,397,059

ROUTER CONTROLLING

Hewlett Packard Enterpris...

1. A router controlling method, to be implemented by an aggregation router, comprising:encapsulating a first Console command as a control packet in an Ethernet format;
determining a target branch router of the control packet, transmitting the control packet to the target branch router via an Ethernet link between the aggregation router and the target branch router;
where the aggregation router comprises a Console interface, receiving a command line comprising the first Console command via the Console interface of the aggregation router, and parsing the command line to obtain the first Console command, wherein the process of determining the target branch router of the control packet comprises parsing the command line to obtain the Ethernet link interface information, and determining the target branch router of the control packet based on the Ethernet link interface information;
where the aggregation router is connected to a host computer via a network management interface, receiving a management packet comprising the first Console command via the network management interface of the aggregation router, and parsing the management packet to obtain the first Console command, wherein the process of determining the target branch router of the control packet comprises parsing the management packet to obtain Ethernet link interface information, and determining the target branch router of the control packet on the Ethernet link interface information; and
receiving a feedback packet from the target branch router via the Ethernet link between the aggregation router and the target branch router, wherein the feedback packet comprises an output result obtained by the target branch router through executing the first Console command.

US Pat. No. 10,397,058

FULL PATH DIVERSITY FOR VIRTUAL ACESS POINT (VAP) ENABLED NETWORKS

Cisco Technology, Inc., ...

1. A method comprising:assigning, by a supervisory device in a network, different access points in the network to different access point groupings, wherein each of the different access point groupings uses a different network path to communicate with a given endpoint in the network;
selecting, by the supervisory device, at least one of the access points in each of the different access point groupings for mapping to a virtual access point (VAP) for a node in the network as part of a VAP mapping, wherein the selected access points are in communication range of one another; and
instructing, by the supervisory device, the selected access points to form a VAP for the node, wherein the node treats the access points in the VAP mapping as a single access point for purposes of communicating with the network, wherein instructing includes:
instructing, by the supervisory device, the access points in the VAP mapping to apply timestamps to copies of a communication received from the node and to send the timestamped copies of the communication to the endpoint, wherein the endpoint drops duplicate copies of the communication based on the applied timestamps.

US Pat. No. 10,397,056

OPTIMIZED DIGITAL COMPONENT ANALYSIS SYSTEM

Google LLC, Mountain Vie...

1. A system comprising:a digital component database that stores distribution parameters that trigger transmission of a given digital component provided by a provider;
a digital component optimization server that transmits digital components to client devices and performs operations including:
determining multiple different configurations of multiple digital components that are eligible to be presented within a single digital component slot in a given electronic document being presented at a client device;
selecting, from among the multiple different configurations, a particular configuration that has a highest configuration score and includes a given digital component;
determining an offset factor that quantifies a negative impact of the given digital component on other digital components among the multiple digital components;
optimizing a distribution amount applied to the given digital component based on the offset factor and a baseline distribution amount applied to each of the multiple digital components in each of the configurations of the multiple different configurations, including increasing the distribution amount applied to the given digital component based on a magnitude of the offset factor; and
transmitting, by a distribution server, the given digital component to the client device based on the distribution amount applied to the given digital component, including causing the given digital component to be presented at the client device in the particular configuration.

US Pat. No. 10,397,054

DISTRIBUTED DYNAMIC SIZING AND LOAD SELF-MANAGEMENT FOR A RELAY INFRASTRUCTURE

International Business Ma...

1. A method for distributed dynamic sizing and load self-management for a relay infrastructure, the method comprising:determining, by a non-leaving relay in a relay infrastructure, whether a current load level of the non-leaving relay reaches an expansion level of the non-leaving relay and whether an overload condition of the relay infrastructure is satisfied;
in response to determining that the current load level reaches the expansion level and in response to determining that the overload condition of the non-leaving relay infrastructure is satisfied, initiating, by the non-leaving relay, an expansion process;
sending to a server, by the non-leaving relay, an expansion message, in response to initiating the expansion process;
sending to the server, by the non-leaving relay, local statistics of endpoints of the non-leaving relay;
selecting from the endpoints, by the server, an endpoint and converting the endpoint to a first new relay; and
shifting, by the non-leaving relay, one or more endpoints of the non-leaving relay to the first new relay.

US Pat. No. 10,397,052

ADAPTING DEMODULATION REFERENCE SIGNAL CONFIGURATION IN NETWORKS USING MASSIVE MIMO

1. A network device, comprising:a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
determining configuration data representative of a configuration for a first demodulation reference signal that is used to facilitate performing a first estimation of a transmission channel and a second estimation of a noise variance for transmissions between the network device and a user equipment, wherein the configuration relates to a density representative of an amount of a physical upstream control channel occupied by demodulation reference signal information;
transmitting the configuration data to the user equipment;
facilitating receiving a second reference signal from the user equipment;
evaluating the second reference signal to determine whether the configuration data is suitable for a condition of a transmission link between the network device and the user equipment; and
in response to a determination that the configuration is not suitable for the condition, modifying the configuration data resulting in modified configuration data representative of a modified configuration for the first demodulation reference signal.

US Pat. No. 10,397,050

PROVIDING AND CONFIGURING A VIRTUAL BASE STATION

NEC CORPORATION, Tokyo (...

1. A method for providing a virtual base station (VBS) in a mobile network, the method comprising:receiving, at a radio access network (RAN) operation, administration and maintenance (OAM) system, a register request from at least one radio access point (RAP) in the mobile network;
generating or retrieving, by the RAN OAM system, a VBS identifier (VBS ID) using an identifier of the at least one RAP; and
forming the VBS by instantiating at least one virtual radio access function (VRAF) to be executed by a centralized entity (CE) and associating the at least one VRAF to the at least one RAP using the VBS ID so as to provide a flexible RAN functional split between the at least one RAP and the at least one VRAF which jointly form the VBS.