US Pat. No. 10,924,659

ELECTRONIC DEVICE WITH IMAGE CAPTURE AND STIMULUS FEATURES

Apple Inc., Cupertino, C...

1. A portable electronic device comprising:a first camera on a first side of the portable electronic device and configured to capture an image of a subject;
a second camera on a second side of the portable electronic device and configured to capture an image of a user;
a first display on the first side configured to display to the subject a stimulus feature based on only the image of the user captured by the second camera while capturing the image of the subject; and
a second display on the second side of the portable electronic device and configured to display to the user only the image of the subject captured by the first camera.

US Pat. No. 10,924,656

ELECTRONIC DEVICE FOR IMAGE GENERATION, AND STORAGE MEDIUM

Samsung Electronics Co., ...

1. An electronic device, comprising:a camera including a plurality of micro-lenses and groups of photoelectric conversion elements, wherein each of the plurality of micro-lenses corresponds to a group of the groups of photoelectric conversion elements, and wherein each of the groups includes photoelectric conversion elements; and
at least one processor, which is configured to perform:
generating, using the camera, a first image of a first resolution in a focus state, and in which each of the groups corresponds to a corresponding pixel in the first image,
identifying whether a predetermined condition is satisfied, and
in response to identifying that the predetermined condition is satisfied, generating, using the camera, a third image in a defocus state, generating, using the camera, a fourth image in the defocus state, and generating, using the camera, a second image of a second resolution based on the third image and the fourth image, in which each of the groups corresponds to a plurality of corresponding pixels.

US Pat. No. 10,924,654

SURFACE SURVEILANCE BY UNMANNED AERIAL VEHICLES

Drone Control LLC, Salt ...

1. A control method performed by an unmanned aerial vehicle (UAV) piloting the UAV relative to a location on a surface, comprising:determining a plane using multiple points of the surface, the plane representing or approximating the surface;
receiving a signal describing a location on the plane corresponding to the location on the surface;
maintaining a position of the UAV along the plane at the location on the plane or the location on the surface; and
linearly scanning the surface along a line parallel to the plane.

US Pat. No. 10,924,653

IMAGING APPARATUS, CONTROL METHOD AND NON-TRANSITORY COMPUTER READABLE MEDIUM

FUJIFILM Corporation, To...

1. An imaging apparatus comprising:an imager that captures a subject image;
a processor configured to:
setting one piece of setting information of a plurality of pieces of setting information in the imager for each of a plurality of setting items relating to imaging conditions of the imager;
defining a combination of setting information prohibited from being simultaneously set as an exclusive relationship for a first setting item and a second setting item included in the plurality of setting items;
performing a first-win processing that prohibits the second setting item from being set to second setting information in the exclusive relationship after the first setting item is set to first setting information;
performing a late-win processing that changes the first setting information to setting information not in the exclusive relationship in a case where the second setting item is set to the second setting information in the exclusive relationship after the first setting item is set to the first setting information; and
a setting operation member that enables selective setting of which of the first-win processing and the late-win processing is to be executed for a relationship between two setting items included in the plurality of setting items.

US Pat. No. 10,924,651

WEARABLE MULTIMEDIA DEVICE AND CLOUD COMPUTING PLATFORM WITH APPLICATION ECOSYSTEM

Humane, Inc., San Franci...

1. A method comprising:receiving, using one or more processors of a cloud computing platform, two or more data streams, each data stream including a unique identifier and context data captured by a wearable multimedia device in a real-world environment, the context data including one or more digital images and depth data;
for each data stream:
identifying, using the one or more processors and based on the context data, a real-world object and one or more gestures associated with the real-world object; and
creating, using the one or more processors, a data processing pipeline with one or more applications based on one or more characteristics of the context data and the unique identifier;
generating, using the data processing pipeline, a description of the identified real-world object, the description including a label for the real-world object; and
sending, using the one or more processors, the description to the wearable multimedia device or other device.

US Pat. No. 10,924,650

SELFIE CAPTURING DEVICE OF PORTABLE MOBILE COMMUNICATION TERMINAL AND CONTROL METHOD THEREFOR

1. A self-portrait photographing device for a portable mobile communication terminal, comprising:a display panel including:
a screen area filled with liquid crystal molecules or light emitting material therein and through which an image is output; and
an empty space provided in the screen area, penetrating a portion of the screen area filled with the liquid crystal molecules or the light emitting material, and having no liquid crystal molecules or light emitting material therein;
a self-camera module which is installed within the screen area of the display panel and captures an image of a subject through a front surface of the display panel, and including a lens inserted inside the empty space provided in the screen area; and
a controller configured to control operations of the self-camera module and the display panel.

US Pat. No. 10,924,649

PHOTOGRAPHING MODULE WITH LEAF SPRING AND ELECTRONIC DEVICE INCLUDING SAME MODULE

LARGAN DIGITAL CO., LTD.,...

1. A photographing module, comprising:a metal cover comprising a top plate and a plurality of side plates, wherein the top plate has an opening, and the side plates extend from the top plate along a direction away from the opening;
a base assembled with the metal cover to define an inner space, wherein the base has a through hole, and the through hole is disposed correspondingly to the opening of the metal cover;
a lens portion displaceably disposed in the inner space; and
a leaf spring assembled with the lens portion and comprising an inner fixing portion, an outer fixing portion and an elastic portion, wherein the inner fixing portion is assembled with the lens portion, the outer fixing portion contacts and is fixedly disposed with the metal cover, and the elastic portion connects the inner fixing portion and the outer fixing portion;
wherein the leaf spring further comprises a plurality of contact portions and a plurality of auxiliary elastic portions, each of the auxiliary elastic portions connects the outer fixing portion and one of the contact portions, and for the leaf spring, only the contact portions thereof contact the side plates of the metal cover.

US Pat. No. 10,924,648

ELECTRONIC ASSEMBLY AND ELECTRONIC DEVICE

GUANGDONG OPPO MOBILE TEL...

1. An electronic assembly, comprising a bracket, a depth element configured to acquire depth image information, a first camera configured to acquire first hue image information, a projector and a second camera configured to acquire second hue image information, wherein the depth element, the first camera, the projector and the second camera are arranged on the bracket together, and the second camera is arranged between the depth element and the first camera, and an image acquisition direction of the second camera is opposite to an image acquisition direction of the first camera;wherein the first camera is located between the depth element and the projector in such a manner that the first camera is arranged adjacent to the projector and spaced apart from the depth element,
wherein the electronic assembly further comprises a fill light arranged adjacent to the depth element, and the depth element is arranged between the fill light and the first camera.

US Pat. No. 10,924,645

POLARIZATION IMAGING TO DETECT DISPLAY SCREEN

Microsoft Technology Lice...

1. An imaging system comprising:separate first and second sensor elements of one or more optical sensor arrays;
an objective lens system configured to direct light received at a given angle onto the first sensor element and onto the second sensor element;
a polarization filter system including a first polarizer portion positioned to filter the light en route to the first sensor element and a second polarizer portion positioned to filter the light en route to the second sensor element, the first and second polarizer portions providing unequal relative attenuance of nonparallel polarization components of the light received at the given angle; and
logic to acquire a first digital image by interrogating at least the first sensor element, acquire a second digital image by interrogating at least the second sensor element, associate a pixel element of the first digital image with electronic display content based on a difference in light-intensity value of that pixel element relative to a corresponding pixel element of the second digital image, and map a display screen onto a frame of reference of the imaging system based on the pixel element associated with the electronic display content.

US Pat. No. 10,924,644

CAMERA MODULE WITH ISOLATED FOCUSING AND STABILIZATION MECHANISM

Samsung Electronics Co., ...

1. A camera module, comprising:a first housing including a first lens group and a first magnet;
a second housing including a second lens group spaced apart from the first lens group and a second magnet, the second housing configured to receive at least part of the first housing;
a third housing including a bottom surface including an opening, and a wall surface perpendicular to the bottom surface of the third housing, the third housing configured to receive at least part of the second housing, the third housing further including a first flexible circuit board forming a pair of walls facing each other, first coils formed on a portion of the pair of walls, and second coils formed on two prongs extending from the first flexible circuit board adjacent to the bottom surface of the third housing; and
a second circuit board including an image sensor, the second circuit board disposed adjacent the bottom surface of the third housing,
wherein the first housing is moveable in a first direction responsive to an interaction between the first magnet and the first coils that adjusts a focus of the camera module, and the second housing is moveable in a second direction responsive to an interaction between the second magnet and the second coils that at least partially compensates for shaking of the camera module.

US Pat. No. 10,924,643

TERMINAL WITH CONTROLLED ELASTIC CAMERA COMPONENT

K-Tronics (Suzhou) Techno...

1. A terminal, comprising a camera component and a camera control device, whereinthe terminal has an accommodation chamber therein, an opening of the accommodation chamber is located at a side wall of the terminal, and both of the camera component and the camera control device are located in the accommodation chamber;
the camera control device comprises a switch valve component, an elastic component and a holding component;
the elastic component is connected to the camera component and located on the side, away from the opening of the accommodation chamber, of the camera component;
the holding component is connected to the camera component and configured to hold the switch valve component; and
the camera component is located in the accommodation chamber when the switch valve component is held by the holding component, and the elastic component drives the camera component to stretch out from the opening of the accommodation chamber when the switch valve component is separated from the holding component,
wherein
the holding component comprises a fixture block and at least one first spring, and stretching directions of each first spring and the elastic component intersect; and
one end of each first spring is connected to the camera component, the other end thereof is connected to the fixture block, and an end face close to the opening of the accommodation chamber, of the fixture block is configured to hold the valve core.

US Pat. No. 10,924,642

APPARATUS FOR SECURING A CAMERA TO A POINT-OF-SALE DEVICE

Walmart Apollo, LLC, Ben...

1. An apparatus for securing a camera to a Point-of-Sale (POS) device comprising:an arm assembly comprising:
a first arm section;
a second arm section that is a mirror image of the first arm section and configured to be selectively coupled to the first arm section;
wherein the arm assembly is configured for mounting on a light arm of the POS device by securing the first arm section and the second arm section around the light arm using one or more fasteners;
a detachable camera housing configured for attaching to a distal end of the arm assembly and for housing a camera, the camera housing having an opening for a lens of the camera; and
a protective layer configured for disposing in the camera housing to protect the lens of the camera.

US Pat. No. 10,924,641

WEARABLE VIDEO CAMERA MEDALLION WITH CIRCULAR DISPLAY

Ubiquiti Inc., New York,...

1. A video recording and streaming device, the device comprising:a tear-shaped body having a rounded front side and a back side, wherein the front side is separated from the back side by a curving sidewall;
a rounded touchscreen on the front side of the tear-shaped body;
a video camera mounted to front side of the tear-shaped body;
an attachment portion configured to attach to a mount;
wherein the device is configured to be held by a mount;
a first buffer configured as a virtual frame buffer for converting rectangular display images from the video camera to the rounded touchscreen;
a second buffer configured to communicate with one or more remote devices; and
control circuitry configured to simultaneously display the converted display images on the rounded touchscreen and to transmit mirrored images of the display images to the one or more remote devices.

US Pat. No. 10,924,640

IMAGE PICKUP MODULE AND ENDOSCOPE INCLUDING IMAGE PICKUP MODULE IN WHICH BONDING JUNCTION BETWEEN IMAGE PICKUP PORTION AND SIGNAL CABLE IS RESIN-SEALED BY CURABLE RESIN

OLYMPUS CORPORATION, Tok...

1. An endoscope comprising:an insertion section having a rigid distal end portion;
an image pickup apparatus disposed in the rigid distal end portion, wherein the image pickup apparatus comprises an image pickup sensor configured to output an image pickup signal, the image pickup sensor having a light receiving face and a rear face on an opposite side of the light receiving face, with an external electrode being disposed on the rear face;
a signal cable, a distal end portion of which is one of directly bonded to the external electrode of the image pickup sensor or indirectly bonded to the external electrode of the image pickup sensor through a bonding electrode of another member electrically connected to the external electrode; and
resin configured to seal a bonding junction between the external electrode or the bonding electrode and the distal end portion of the signal cable, the resin being entirely accommodated in a space formed by projecting the rear face of the image pickup sensor in a direction of an optical axis of the image pickup sensor;
wherein a rear end position of the resin in the optical axis direction is defined by a ring-shaped groove formed in the signal cable; and
the resin is a curable resin and is disposed in the space in a liquid state, the ring-shaped groove being configured such that the resin does not spread rearward, in the optical axis direction, of the ring-shaped groove due to interfacial tension with the ring-shaped groove, and the resin becomes a rigid solid by a curing treatment.

US Pat. No. 10,924,635

IMAGE PROCESSING APPARATUS AND IMAGE PROCESSING METHOD

TOSHIBA TEC KABUSHIKI KAI...

1. An image processing apparatus, comprising:a scanner to generate image data by scanning a document, the image data comprising a plurality of pixels, each respectively having a first pixel value; and
a control unit configured to:
set, for each pixel in the image data, a second pixel value based on the first pixel value of the pixel and a first difference between a first base value corresponding to a base color of the document and a second base value that is based on neighboring first pixel values of a plurality of neighboring pixels around the pixel,
use a correction table to obtain, for each pixel in the image data, a corrected second pixel value, and
set a third pixel value based on the corrected second pixel value and the first difference.

US Pat. No. 10,924,634

IMAGE PROCESSING APPARATUS AND IMAGE PROCESSING METHOD

Canon Kabushiki Kaisha, ...

1. An image processing method comprising:performing a first thickening process for an image object of which an edge portion includes a pixel of a chromatic color represented by a mixture of a plurality of chromatic color components, by converting a white pixel which is adjacent to the pixel included in the edge portion into a pixel having a plurality of color components;
performing a second thickening process for an image object of which an edge portion includes a pixel of an achromatic color represented by a mixture of a plurality of chromatic color components, by converting a white pixel which is adjacent to the pixel included in the edge portion into a pixel having only a monochromatic color component; and
printing an image including the converted pixel.

US Pat. No. 10,924,633

RGB-BASED PARAMETRIC COLOR MIXING SYSTEM FOR DIGITAL PAINTING

Adobe Inc., San Jose, CA...

8. A system for parametric color mixing, the system comprising:one or more processors configured to generate a Bezier curve extending from a first point in a 3-Dimensional (3D) space, to a second point in the 3D space, the first point specified by coordinates based on red-green-blue (RGB) values of a first mixing color, the second point specified by coordinates based on RGB values of a second mixing color, the Bezier curve defined by a curvature parameter;
the one or more processors further configured to locate a point on the Bezier curve, the location of the point determined by a color mixing ratio parameter specifying a ratio of the first mixing color to the second mixing color; and
the one or more processors further configured to generate a color mix based on RGB values specified by coordinates of the located point on the Bezier curve.

US Pat. No. 10,924,630

USING MIDDLEWARE FOR GENERATING VECTOR GRAPHICS IMAGED SECURITY DOCUMENTS

Hydragraphix, Providence...

1. A system comprising:a processor;
a non-transitory computer-readable medium storing program code, the program code executable by the processor to cause the system to:
receive, in a non-vector graphic format, a set of secure variable indicia of a scratch-off-coating protected document to be printed, wherein each of the set of secure variable indicia are assigned a location on the document;
generate a set of vector graphics;
link each of the set of secure variable indicia to a vector graphic in the set of vector graphics;
generate a composite vector graphic image utilizing the set of vector graphics based, at least in part, on the location assigned to each of the set of secure variable indicia; and
transmit the composite vector graphic image for printing on the document.

US Pat. No. 10,924,629

TECHNIQUES FOR VALIDATING DIGITAL MEDIA CONTENT

Amazon Technologies, Inc....

1. A method, comprising: under control of a computer system, executing instructions for:generating, by the computer system, from a metadata file associated with a media file, a plurality of metadata image files, a one or more of scene paragraphs, and a list of characters referenced in a given scene paragraph of the one or more scene paragraphs;
generating, by the computer system, an audio file and a video file from the media file;
identifying, by the computer system, one or more segments in the audio file;
partitioning, by the computer system, the video file into one or more scene files based at least in part on the one or more segments;
identifying, by the computer system, one or more characters of the list of characters present in a scene file of the one or more scene files, the identifying being based at least in part on one or more of the plurality of metadata image files;
in response to identifying the one or more characters present in the scene file, determining, by the computer system, a match score based at least in part on an association of the scene file to a scene paragraph of the one or more scene paragraphs;
determining, by the computer system, a validity criterion for a title associated with the media file based at least in part on the match score; and
in response to the validity criterion crossing a threshold value, modifying, by the computer system, the title.

US Pat. No. 10,924,628

TRANSMITTING APPARATUS, METHOD FOR CONTROLLING THE TRANSMITTING APPARAUTS, AND COMPUTER-READABLE STORAGE MEDIUM

CANON KABUSHIKI KAISHA, ...

1. An image forming apparatus, comprising:a reader that reads a document to generate image data;
a user interface that accepts an instruction from a user;
a memory device that stores instructions and a setting for not outputting a transmission result of a transmission of image data as a device setting of the image forming apparatus; and
a processor that executes the instructions stored in the memory device to:
transmit the generated image data;
set a setting for outputting the transmission result of a transmission of the image data as a transmission setting of the image data before the user interface accepts an instruction for transmitting the image data; and
control an output of the transmission result, based on the transmission of the image data, in accordance with the transmission setting instead of the device setting of the image forming apparatus.

US Pat. No. 10,924,625

DYNAMIC COMPRESSION ACCELERATION USING REAL-TIME IMAGE DATA ENTROPY ANALYSIS

XEROX CORPORATION, Norwa...

1. An image compression method comprising:for each of a plurality of segments of an image, computing an entropy value of the segment, comprising:
considering the segment as a stream of bits, computing a bit difference between pairs of bit sequences in the stream of bits, and
computing an entropy value of the segment as a function of the bit differences;
for each segment, determining an acceleration factor based on the computed entropy value for the segment; and
compressing at least one color separation of the image, each segment within the image being compressed based on the respective computed acceleration factor for that segment.

US Pat. No. 10,924,622

MANAGEMENT APPARATUS

FUJI XEROX CO., LTD., To...

1. A management apparatus comprising:an obtaining unit that obtains a history of communication performed with an external apparatus in accordance with a derivative application program created on a basis of a basic application program; and
a state control unit that, if the basic application program is made unavailable, controls, using the history of communication, whether to make the derivative application program unavailable.

US Pat. No. 10,924,621

READING DEVICE TO READ AND OUTPUT AN INVISIBLE IMAGE INCLUDED IN A DOCUMENT

Ricoh Company, Ltd., Tok...

1. A reading device, comprising:a light source configured to irradiate an object with light;
an imaging element configured to receive and read the light from the object;
a controller configured to control a reading operation of reading an invisible image included in the object; and
circuitry configured to perform correction of the read invisible image, and output, in visible form, an image including only the corrected invisible image.

US Pat. No. 10,924,620

DOCUMENT READING GUIDANCE FOR OPERATOR USING FEATURE AMOUNT ACQUIRED FROM IMAGE OF PARTIAL AREA OF DOCUMENT

FUJI XEROX CO., LTD., To...

1. A reading method guidance apparatus comprising:a receiving unit that receives a document size that is a size of a document as a reading target;
an acquisition unit that acquires an image of at least a partial area in the document; and
a guidance unit that provides an operator with guidance about a reading procedure when the document is read by a first reading apparatus in a plurality of batches, using a feature amount obtained from the acquired image, the received document size, and a readable size that is a size of an area readable by the first reading apparatus,
wherein, after the acquisition unit reads an area having a feature amount change that is less than a predetermined amount, the guidance unit provides the operator with guidance about a next reading so as to include an area having a feature amount change above the predetermined amount.

US Pat. No. 10,924,619

IMAGE FORMING SYSTEM

CANON KABUSHIKI KAISHA, ...

1. An image forming system comprising:a first feeding portion configured to feed a recording sheet;
an image forming portion configured to form an image on a recording sheet fed from the first feeding portion;
a sheet conveyance path through which a recording sheet on which an image has been formed by the image forming portion;
a second feeding portion comprising a plurality of supporting portions each configured to support an inserting sheet, the second feeding portion being configured to feed an inserting sheet from one of the plurality of supporting portions toward the sheet conveyance path;
a detection portion configured to detect information about presence/absence of an inserting sheet supported on the plurality of supporting portions; and
a controller configured to execute a job comprising a feeding process of causing the first feeding portion to feed a recording sheet and causing the image forming portion to form an image and a process of causing the second feeding portion to feed an inserting sheet to be inserted between a plurality of recording sheets,
wherein the controller is capable of executing a feed-before-detection mode in a case of performing the feeding process on a recording sheet subsequent to an inserting sheet in an order of passing through the sheet conveyance path,
wherein, in the feed-before-detection mode, the feeding process of a current recording sheet is started before the detection portion detects whether or not a last preceding inserting sheet is present on a supporting portion selected as a feeding source of an inserting sheet from among the plurality of supporting portions, the current recording sheet being a recording sheet to be fed this time, the last preceding inserting sheet being an inserting sheet to be inserted immediately before the current recording sheet, and
wherein the controller is configured to, in a case where a first supporting portion among the plurality of supporting portions has been selected as the feeding source of an inserting sheet for execution of the job and the detection portion has detected that an inserting sheet is present on a second supporting portion different from the first supporting portion among the plurality of supporting portions, start the feeding process of the current recording sheet in the feed-before-detection mode and cause the second supporting portion to feed the last preceding inserting sheet.

US Pat. No. 10,924,616

IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, AND NON-TRANSITORY STORAGE MEDIUM STORING INSTRUCTIONS EXECUTABLE BY THE IMAGE PROCESSING APPARATUS HAVING A SHORTCUT FUNCTION

BROTHER KOGYO KABUSHIKI K...

1. An image processing apparatus, comprising:a reading device;
a display device;
an input interface; and
a controller configured to execute:
a type setting processing in which the controller sets a type of a reading-related function to be performed according to a set parameter, to one of a first type and a second type, the first type being a type in which the reading-related function is to be started in response to acceptance of a start instruction for the reading-related function via the input interface after an input of selection of the reading-related function to be performed, the second type being a type in which the reading-related function is to be started without accepting the start instruction via the input interface after the input of the selection of the reading-related function to be performed;
a procedure-selection display processing in which when the second type is set in the type setting processing, the controller controls the display device to display a procedure-selection screen prompting for selection of one of a first procedure and a second procedure as an execution procedure that is a procedure of execution of a processing after reading of an image is started in performing of the reading-related function;
a procedure setting processing in which the controller sets the execution procedure to one of the first procedure and the second procedure in accordance with a selecting operation input via the input interface when the procedure-selection screen is displayed; and
a registration processing in which the controller registers the reading-related function, the reading-related function comprising (i) a setting processing in which the controller sets a parameter to be implemented in the reading-related function, (ii) a reading processing in which the reading device reads the image, and (iii) a particular processing based on data representing a read image that is the image read in the reading processing,
wherein the first procedure is a procedure in which the controller controls the display device to display a first preview screen containing the read image, and the image processing apparatus starts the particular processing when a particular-processing start instruction for instructing a start of the particular processing is accepted via the input interface with the first preview screen being displayed, and
wherein the second procedure is a procedure in which the controller controls the display device to display a second preview screen containing the read image, and the image processing apparatus starts the particular processing without accepting the particular-processing start instruction via the input interface.

US Pat. No. 10,924,613

ENCODER POOLS FOR CONFERENCED COMMUNICATIONS

8x8, Inc., Campbell, CA ...

1. An apparatus comprising:a logic circuit to process communications involving endpoint devices of a digital audio conference, each of the endpoint devices including a communications circuit enabled to convey involving one or more users; and the logic circuit also to:
process different audio signals via respective input circuits respectively associated with each of the endpoint devices,
assigning, in response to a subset of the different audio signals deemed or qualified as having a loudest audio input as compared to other ones of the different audio signals, each of the other ones of the different audio signals to an encoder pool based on a codec associated with the digital audio conference; and
encode digital audio packets for the digital audio conference associated with the subset of the different audio signals deemed or qualified as having a loudest audio input.

US Pat. No. 10,924,612

TECHNIQUES FOR BENCHMARKING PAIRING STRATEGIES IN A CONTACT CENTER SYSTEM

Afiniti, Ltd., Hamilton ...

1. A method comprising:during a first period of time, associating, by at least one computer processor communicatively coupled to and configured to operate in a contact center system, a first pairing strategy to a plurality of agents;
pairing, by the at least one computer processor, the plurality of agents to a first plurality of contacts using the first pairing strategy;
during a second period of time later than the first period of time, associating, by the at least one computer processor, a second pairing strategy that is different from the first pairing strategy to the plurality of agents;
pairing, by the at least one computer processor, the plurality of agents to a second plurality of contacts using the second pairing strategy;
during a third period of time later than the second period of time, associating, by the at least one computer processor, a third pairing strategy that is different from the second pairing strategy to the plurality of agents;
pairing, by the at least one computer processor, the plurality of agents to a third plurality of contacts using the third pairing strategy;
during a fourth period of time later than the third period of time, associating, by the at least one computer processor, a fourth pairing strategy that is different from the first and third pairing strategies to the plurality of agents;
pairing, by the at least one computer processor, the plurality of agents to a fourth plurality of contacts using the fourth pairing strategy;
determining, by the at least one computer processor, a first performance measurement based on outcomes of the first and third pluralities of contacts;
determining, by the at least one computer processor, a second performance measurement based on outcomes of the second and fourth pluralities of contacts; and
outputting, by the at least one computer processor, data that enables a comparison of the first and second performance measurements,
wherein the first, second, third, and fourth periods of time occur within a time interval of less than 24 hours,
wherein a first scheduling of the first period of time is determined prior to the first period of time,
wherein a second scheduling of the second period of time is determined prior to the second period of time,
wherein a third scheduling of the third period of time is determined prior to the third period of time, and
wherein a fourth scheduling of the fourth period of time is determined prior to the fourth period of time.

US Pat. No. 10,924,610

METHODS AND SYSTEMS FOR AUTHENTICATING A USER ON A CALL

UNITED SERVICES AUTOMOBIL...

1. A computer-implemented method comprising:receiving a call from a user via a device,
wherein the device has a unique identifier, wherein the device is associated with a user profile of the user;
authenticating the user to the call;
determining whether the device is associated with a second user profile to determine eligibility for quick access service,
wherein the quick access service allows the user to be authenticated by providing only a user verifier that does not include personally identifiable information; and
in response to the device being associated with the second user profile, denying enrollment into the quick access service.

US Pat. No. 10,924,604

SYSTEM, A COMPUTER READABLE MEDIUM, AND A METHOD FOR PROVIDING AN INTEGRATED MANAGEMENT OF MESSAGE INFORMATION

NHN Corporation, Seongna...

1. A mobile device comprising:a voice call management part configured to manage a voice call;
a text message management part configured to manage text messages exchanged through a mobile telephone switching network;
a display part;
an integrated message management part; and
an additional function process part configured to process at least one additional function in association with the integrated message management unit;
wherein the integrated message management part comprises:
a message monitoring unit configured to monitor voice call information and text message information in association with the voice call management part and the text message management part;
a message information managing unit configured to generate integrated message information based on the voice call information and the text message information; and
an interface managing unit configured to generate a first message management user interface comprising a plurality of message blocks each of which corresponds to one of the voice call information and the text message information, receive a user input selecting one of the message blocks, identity a counterpart of a voice call or a text message corresponding to the selected message block, retrieve the voice call information and the text message information of which the counterpart is a receiver or a sender, and generate a second message management user interface where voice call information and text message information received from and transmitted to the counterpart is displayed.

US Pat. No. 10,924,603

PHONE MAP USED TO FIND AND OPERATE MULTIUSER DEVICES

1. A phone has a map, the map displays devices that are used by multiple users, comprising,the map has a search function, the phone has a keyboard connected to the search function,
an activation of the search function displays on the map locations of devices whose names are typed into the search function by a user's input into the keyboard,
each of the displayed devices has a description associated to the device, each description describes the device that it is associated to,
the phone's detection of the user's finger's contact with one of the devices connects the contacted device to the phone,
the connection of the phone to the device activates a sending of the device's control panel from the device to the phone,
the control panel is stored on the phone's computer,
the phone is configured to display the stored control panel when the phone connects to the device,
the received control panel is displayed on the phone's display, the control panel displays operations of the device that are different from each other,
the displayed operations describe operations of the device,
detection of the user's finger with one of the displayed operations activates the displayed operation detected being contacted,
the activation of the displayed operation is associated to an activation of an operation of the device that is described by the displayed operation,
the activated operation of the device effects the operation of the device, the effected operation of the device is sent from the device to the phone,
the received effected operation of the device is displayed on the phone,
one of the devices names typed into the search function is car, the name car is associated to a car that drives itself,
one of the displayed car operations is a start travel operation,
an activation of the displayed start travel operation is associated to an activation of a start travel operation by the car,
the activation of the start travel operation by the car is the car starting to follow a route, the route is displayed on the phone.

US Pat. No. 10,924,602

ELECTRONIC DEVICE AND METHOD FOR CONTROLLING SAME

Samsung Electronics Co., ...

1. A method for controlling an electronic device, the method comprising:activating a display of the electronic device;
following the activation of the display, displaying a lock screen comprising an image content prestored in the electronic device;
receiving an input of a user command for selecting information about the displayed image content; and
following the input of the user command, storing, by the electronic device, in connection with the image content selected according to the user command, information about the image content, while continuously displaying the lock screen,
wherein the displaying of the lock screen comprises, following an occurrence of a particular event, displaying the lock screen comprising the image content prestored in the electronic device, the particular event comprising at least one selected from a storage of a preset number or more of image contents within a preset time, a storage of a plurality of continuously captured image contents, a storage space of the electronic device remaining to a preset value or less, a position of the electronic device in a preset place, and an input of a user command.

US Pat. No. 10,924,601

LOCK SCREEN INTERFACE PROCESSING METHOD AND TERMINAL

HUAWEI TECHNOLOGIES CO., ...

1. A lock screen interface processing method implemented by a terminal, comprising:presenting a lock screen interface;
receiving an unlocking operation, wherein the unlocking operation comprises a first operation performed in the lock screen interface or a second operation performed in a fingerprint recognition area;
presenting a prompt interface when a first quantity of unlocking failures reaches M, wherein the prompt interface prompts a user to enter a preset operation, wherein M is less than N, and wherein N is a second quantity of unlocking failures that triggers a security mode;
obtaining the preset operation from the user; and
presenting the lock screen interface in response to the preset operation.

US Pat. No. 10,924,600

SYSTEM, METHOD AND ARTICLE OF MANUFACTURE FOR PROVIDING VARYING LEVELS OF INFORMATION IN A MOBILE DEVICE HAVING A LOCK SCREEN WALLPAPER

AVANT-GARDE IP LLC, Lort...

1. An article of manufacture having non-transitory computer readable storage medium comprising computer readable program code executable by a processor in a mobile device having a lock screen wallpaper, the non-transitory computer readable storage medium comprising:(a) computer readable program code identifying location of the mobile device as being within a first pre-determined radius, r1, of a Global Positioning System (GPS) location and outside a second pre-determined radius, r2, of the same GPS location, where r1>r2, the same GPS location comprising a location coordinate inside the second pre-determined radius, r2, and both the first pre-determined radius, r1, and the second pre-determined radius, r2, measured from the location coordinate as a center;
(b) computer readable program code accessing a first image associated with an application running in a background of the mobile device;
(c) computer readable program code providing a glimpse into the application running in the background while the mobile device is in a screen locked state by displaying the first image instead of the lock screen wallpaper while the mobile device is within the first pre-determined radius, r1, of the same GPS location of (a) and outside the second pre-determined radius, r2, of the same GPS location of (a);
(d) computer readable program code identifying location of the mobile device as being within the first pre-determined radius, r1, of the same GPS location of (a) and inside the second pre-determined radius, r2, of the same GPS location of (a);
(e) computer readable program code accessing a second image associated with the application running in the background of the mobile device;
(f) computer readable program code providing another glimpse into the application running in the background while the mobile device is in a screen locked state by displaying the second image instead of the lock screen wallpaper while the mobile device is within the first pre-determined radius, r1, of the same GPS location of (a) and inside the second pre-determined radius, r2, of the same GPS location of (a), and
wherein the first and second images provide varying levels of information associated with the same GPS location of (a) while the mobile device is at varying distances from the same GPS location of (a).

US Pat. No. 10,924,599

SYSTEM AND METHOD FOR CALLING A SERVICE REPRESENTATIVE USING AN INTELLIGENT VOICE ASSISTANT

United Services Automobil...

1. A method of assisting a user determine if a document needs to be signed, the method being performed by an intelligent voice assistant, the method comprising:receiving, by the intelligent voice assistant, a request from the user to explain the document;
retrieving, by the intelligent voice assistant, information about the document;
determining, by the intelligent voice assistant, that the user is asking whether the document needs to be signed by the user;
upon determining that the user is asking whether the document needs to be signed, the intelligent voice assistant using the retrieved information about the document to determine whether the document needs to be signed by the user; and
wherein, upon determining that the document needs to be signed, the intelligent voice assistant provides an audible response to the user, the response informing the user that the document needs to be signed.

US Pat. No. 10,924,598

STAND FOR DESKTOP PHONE

Plantronics, Inc., Santa...

1. A stand comprising:a neck;
a base coupled to a first end of the neck; and
a receiving interface located at a second end of the neck, wherein the receiving interface is configured to receive a short stand of a desktop phone device.

US Pat. No. 10,924,596

METHOD AND APPARATUS FOR PROVIDING EVENT OF PORTABLE DEVICE HAVING FLEXIBLE DISPLAY UNIT

SAMSUNG ELECTRONICS CO., ...

1. An electronic apparatus, comprising:a main body;
a single display which is mounted on the main body, the single display comprising:
a main display area, and
an auxiliary display area which is extended from the main display area to a rear surface of the electronic apparatus and is smaller than the main display area,
wherein the auxiliary display area comprises a curvature extending from the main display area,
wherein the main body comprises:
a front portion which is coupled with the main display area, the front portion and the main display area form a front surface of the electronic apparatus,
a rear portion which forms the rear surface of the electronic apparatus, and
a side portion which is coupled with the auxiliary display area, the side portion and the auxiliary display area form at least one side surface of the electronic apparatus, and
wherein the side portion comprises a curved area corresponding the curvature.

US Pat. No. 10,924,595

LIGHT-EMITTING DEVICE HAVING A BENT SUBSTRATE

Semiconductor Energy Labo...

1. A light-emitting device comprising:a first substrate;
a transistor over the first substrate;
a light-emitting element over the transistor;
a resin layer over the light-emitting element;
a first conductive layer over the resin layer;
a second conductive layer over the first conductive layer; and
a second substrate over the second conductive layer,
wherein the second substrate comprises a flat region and an end portion which is bent to a first substrate side,
wherein a side surface of the second substrate including the end portion and a side surface of the first substrate are covered by an insulator,
wherein a top surface of the second substrate transmits light emitted from the light-emitting element and is not covered by the insulator, and
wherein proximity or contact of an object on the top surface of the second substrate is sensed using the first conductive layer and the second conductive layer.

US Pat. No. 10,924,593

VIRTUALIZATION WITH DISTRIBUTED ADAPTIVE MESSAGE BROKERING

Xaptum, Inc., Chicago, I...

1. A method comprises:editing, by a first computing entity, an entry in a first copy of a common responsibility list of a proprietary network, wherein the common responsibility list includes a plurality of entries, wherein the entry includes information regarding the first computing entity's service responsibility for a first user computing device, and wherein another entry in the common responsibility list includes information regarding another computing entity's service responsibility for another user computing device;
sending, by the first computing entity, at least the edited entry to other computing entities;
receiving, by the first computing entity, at least a second edited entry from a second computing entity; and
updating, by the first computing entity, the first copy of the common responsibility list with the at least the second edited entry.

US Pat. No. 10,924,590

VIRTUAL WORKSPACE EXPERIENCE VISUALIZATION AND OPTIMIZATION

Citrix Systems, Inc., Ft...

1. A computer system comprising:a memory storing a plurality of event log entries, each event log entry of the plurality of event log entries including an identifier of an event and a timestamp at which the event occurred;
at least one network interface; and
at least one processor coupled to the memory and the at least one network interface and configured to
receive, via the at least one network interface, a request to profile one or more phases of a distributed process executed by a plurality of hosts coupled to one another via a network, each of the one or more phases comprising a plurality of operations executed by a plurality of processes hosted by the plurality of hosts, each of the one or more phases either starting with receipt of a request via a user interface of a virtualization client application or ending with provision of a response to the request via the user interface of the virtualization client application,
identify two or more event log entries within the plurality of event log entries that each include an identifier of an event marking one or more of a start and an end of one of the plurality of operations,
construct a performance profile based on the two or more event log entries,
transmit the performance profile to the virtualization client application for rendering via the user interface of the virtualization client application,
receive a request to improve performance of at least one process of the plurality of processes,
identify at least one enhancement available for the at least one process, and
initiate deployment of the at least one enhancement to the at least one process, wherein the at least one process comprises the virtualization client application, the at least one enhancement comprises a template of configuration information, and to initiate deployment of the at least one enhancement comprises to replace configuration information of the virtualization client application with the template.

US Pat. No. 10,924,589

RF TRANSCEIVER AND WIRELESS MESH NETWORK

NXP USA, Inc., Austin, T...

1. A mesh network node comprising:a radio frequency (RF) transceiver, wherein the RF transceiver comprises a memory circuit and is configured in a normal mode of operation as a network node in a wireless mesh network and is configured in a service mode of operation as a network node in a tree network,
wherein in the service mode of operation, the RF transceiver is further configured as at least one of a server and a client,
when configured as a client in the service mode of operation, the RF transceiver is configured to communicate to a single predetermined first further RF transceiver, wherein the single predetermined first further RF transceiver is configured as a server, and
when configured as a server and a client in the service mode of operation, the RF transceiver, configured as a server, is further configured to receive a data request from a predetermined second further RF transceiver configured as a client, to check if the data requested is available in the memory circuit, and wherein if the data is available the RF transceiver is further configured to transmit the data to the second further RF transceiver, and if the data is not available the RF transceiver, configured as a client, is further configured to transmit the data request to the single predetermined further RF transceiver configured as a server.

US Pat. No. 10,924,587

LIVE MIGRATION FOR HIGHLY AVAILABLE DATA STORES

Amazon Technologies, Inc....

1. A system, comprising:a source data store;
a destination data store; and
a plurality of computing devices configured to implement a live migration system comprising a plurality of routers, wherein the live migration system is configured to:
initiate a migration of a data set from the source data store to the destination data store, wherein the migration comprises a backfill of existing records in the data set from the source data store to the destination data store;
begin updating the routers to indicate that the destination data store represents an authoritative data store for the data set, wherein the routers are updated individually during a window of time after the backfill;
receive, from a client application, a read request for a first record in the data set, wherein the read request is received during the window of time;
generate a response to the read request using a first copy of the first record in the source data store and a second copy of the first record in the destination data store, wherein the response to the read request comprises an authoritative version of the first record, and wherein the authoritative version of the first record is determined based at least in part on version metadata associated with the first copy of the first record and the second copy of the first record;
receive, from the client application, a write request for a second record in the data set, wherein the write request is received during the window of time; and
perform the write request using a first copy of the second record in the source data store and a second copy of the second record in the destination data store, wherein the write request is performed based at least in part on acquisition of a lock associated with the second record, and wherein the write request is performed based at least in part on version metadata associated with the first copy of the second record and the second copy of the second record.

US Pat. No. 10,924,585

METHOD AND APPARATUS FOR PARSING AND DIFFERENTLY PROCESSING DIFFERENT PORTIONS OF A REQUEST

MCKESSON CORPORATION, Ir...

1. A computing device configured to parse and differently process different portions of an electronic healthcare message, the computing device comprising:a communication interface configured to receive the electronic healthcare message comprising a first portion formatted in accordance with a first predefined format and a second portion formatted differently than the first portion, wherein the first predefined format is in accordance with a standard associated with submission of prescription claim requests;
processing circuitry configured to:
parse the electronic healthcare message to separately identify the first and second portions;
analyze the second portion of the electronic healthcare message to identify (i) an action to be taken based thereupon, (ii) a cost paid by a pharmacy for a medication associated with the electronic healthcare message, and (iii) whether information associated with a medical claim is included within the second portion;
construct a first message in the form of a prescription claim request formatted in accordance with the first predefined format based upon the first portion and not the second portion to be transmitted to a prescription claims processor;
based upon the first message including the first portion formatted in accordance with the first predefined format, receive a first response comprising a reimbursement amount for the medication associated with the electronic healthcare message from the prescription claims processor;
in accordance with a determination that the cost paid by the pharmacy for the medication exceeds the reimbursement amount, construct a response to the electronic healthcare message that includes a rejection of the prescription claim request for transmission to the pharmacy and construct a reversal message to be transmitted by the computing device to the prescription claims processor to cause the medication to be eliminated from the prescription claim request without reliance upon analysis by the pharmacy of the reimbursement amount;
in an instance in which the analysis of the second portion of the electronic healthcare message identifies information associated with a medical claim included within the second portion, transform the information included within the second portion so as to have a second predefined format, different that the first predefined format, wherein the second predefined format is in accordance with a standard associated with medical claims processing and is based at least in part on the information associated with the medical claim included within the second portion;
construct a second message in the form of a medical claim request in the second predefined format from the information transformed to have the second predefined format to be transmitted to a medical claims processor different than the prescription claims processor and different than a source of the electronic healthcare message such that first and second different messages are both separately constructed from separate respective portions of a single electronic message, wherein the first and second different messages are constructed with different formats for transmission to different recipients based upon different portions of the single electronic healthcare message;
based upon the second message including the information transformed to have the second predefined format, receive a second response from the medical claims processor; and
based upon at least one of the first response from the prescription claims processor or the second response from the medical claims processor, construct a response to the electronic healthcare message that is to be transmitted; and
a database in communication with the processing circuitry and configured to store one or more of the electronic healthcare message, the first message, the first response, the second message, the second response or the response to the electronic healthcare message.

US Pat. No. 10,924,583

OVERLOAD HANDLING IN A CONTENT DELIVERY NETWORK (CDN)

Level 3 Communications, L...

1. A computer-implemented method, in a content delivery (CD) network, wherein said CD network delivers content on behalf of multiple content providers, the method comprising:at a server in said CD network, receiving multiple requests for content from a plurality of distinct clients, wherein the server has been assigned to serve the content;
processing a portion of the requests without throttling;
determining, by said server, utilization of a first capacity of said server;
in response to determining the utilization of the first capacity of said server exceeds a first threshold, degrading, by said server, processing of a plurality of said requests, wherein degrading processing of the plurality of said requests comprises throttling processing of the plurality of the requests; and
in response to determining that the utilization of the first capacity of the server falls below a second threshold, un-degrading, by the server, processing of at least one degraded request in said plurality of requests, wherein the second threshold defines a lower utilization of the first capacity of the server than the first threshold, and wherein un-degrading processing of the at least one degraded request comprises processing the at least one degraded request without throttling.

US Pat. No. 10,924,581

SCHEDULER FOR DIGITAL MEDIA AND MULTIMEDIA SCHEDULING AND DELIVERY PLATFORM

1. A computer implemented method of selecting schedules for punctual playback of user media and multimedia files on a digital display or plurality of digital displays available in client network, comprising:a process of identifying, by a computer processor, that a user's account holds only one media or only one multimedia file record in the database; automatically selecting said media or multimedia file for scheduling;
retrieving input from said user for a target digital display for eventual and punctual playback of said media or multimedia file;
retrieving input from said user of a selected calendar date, per selected digital display;
retrieving input from said user of user-defined time period(s), and/or a selected predefined time period or a selection of predefined time periods, per selected calendar date;
enables said user to select an available schedule item or a plurality of available schedule items, wherein each schedule item is temporally specific to said user media or multimedia file's duration and confirmed on a first come first served basis wherein no schedule conflict with previously confirmed schedule items in respective database exists, wherein their corresponding media or multimedia file is recorded and assigned to said schedule item(s), per selected predefined, and/or assigned user-defined, time period, per selected calendar date, per selected target digital display, for eventual assembly into a clock time synchronized and schedule specific playlist, respective per user's reserved schedule item(s), per selected client system;
and a process that enables a user to select a media or multimedia file if said user's account holds a plurality of media and/or multimedia files;
retrieving input from said user for a target digital display for eventual and punctual playback of said media or multimedia file;
retrieving input from said user of a selected calendar date, per selected digital display;
retrieving input from said user of user-defined time period(s), and/or a selected predefined time period or a selection of predefined time periods, per selected calendar date;
enables said user to select an available schedule item or a plurality of available schedule items, wherein each schedule item is temporally specific to said user media or multiumedia file's duration and confirmed on a first come first served basis, wherein no schedule conflict with previously confirmed schedule items in respective database exists, wherein their corresponding media or multimedia file is recorded and assigned to said schedule item(s), per selected predefined and/or assigned user-defined time period, per selected calendar date, per target digital display, for eventual assembly into a clock time synchronized and schedule specific playlist, respective per user's reserved schedule item(s), per selected client system.

US Pat. No. 10,924,580

SYSTEM AND METHOD FOR IMPROVING INTERNET COMMUNICATION BY USING INTERMEDIATE NODES

LUMINATI NETWORKS LTD., ...

1. A method for anonymously fetching a first content by a first device from a second server over the Internet via a first server, the first content identified in the Internet by a first URL and the first device is identified in the Internet by a first Internet Protocol (IP) address, further for anonymously fetching a second content by the first device front the second server over the Internet via the first server, the second content identified in the Internet by a second URL, and for use with a group of client devices that are each identified in the Internet using a respective IP address and that are each associated with a physical geographical location, the method by the first server comprising:receiving a message over the Internet from each of the client devices in the group;
storing, in response to the receiving of the messages, the respective IP addresses of each of the client devices in the group;
receiving the first URL over the Internet from the first device;
selecting, based on the respective physical geographical location, a client device from the group in response to the receiving of the first URL:
sending the first URL over the Internet to the selected client device;
receiving the first content over the Internet via the selected client device from the second server;
receiving the second URL over the Internet from the first device;
sending the second URL over the Internet to the selected client device;
receiving the second content over the Internet via the selected client device from the second server; and
sending the second content over the Internet to the first device.

US Pat. No. 10,924,579

SYSTEM AND METHOD FOR METRO MID-TIER MAPPING IN A CONTENT DELIVERY NETWORK

Level 3 Communications, L...

1. A content delivery network comprising:a first device having a processor in communication with a non-transitory storage medium having computer executable instructions stored therein, the computer executable instructions configured to:
in response to receiving a content request for content from an edge device unable to serve the content, generate an identification of an intermediate tier content device to obtain the content, the generation of the identification of the intermediate tier content device based on application of a hash algorithm to the content request,
hash a first uniform resource locator included in the content request to obtain a first hash value, and
using the first hash value, obtain a second uniform resource locator associated with a specific mid-tier server to request the content;
a domain name server that provides an internet protocol (IP) address of the intermediate tier content device using the second uniform resource locator, wherein the domain name server is configured based on a map that correlates a second hash of the second uniform resource locator, a hash of a third uniform resource locator associated with a hostname of the content delivery network, and the IP address of the intermediate tier content device; and the intermediate tier content device serving the content.

US Pat. No. 10,924,576

RELAY APPARATUS, CLIENT APPARATUS, DATA RELAY METHOD, AND PROGRAM STORAGE MEDIUM IN WHICH COMPUTER-READABLE PROGRAM IS STORED

NEC CORPORATION, Tokyo (...

1. A relay apparatus, comprising:a processor and a memory storing an instruction program that causes the processor to perform:
requesting, based on a data acquisition request from a data request source, a data provision apparatus that provides data by using a predetermined application programming interface to transmit data;
transmitting a conversion rule for data transmitted from the data provision apparatus to the data request source and instructs the data request source to convert the data transmitted from the data provision apparatus; and
forwarding data transmitted from the data provision apparatus to the data request source.

US Pat. No. 10,924,575

AUTOMATIC NETWORK MANAGEMENT SYSTEM AND METHODS

Telefonaktiebolaget LM Er...

1. A method for enabling a first consumer to invoke an operation by a legacy agent using a message that the legacy agent is not operable to successfully process the message, comprising:an adapter receiving a first software package for use in processing the message; and
the adapter, as a result of loading the first software package, transmitting to a Responsibility Domain Common Functions, RDCF, agent a capability registration message comprising information indicating that the adapter is configured to process the message,
the adapter receiving from a second consumer a capability discovery message indicating that the second consumer is requesting certain capability information;
after receiving the capability discovery message, the adapter: extracting a parameter from the capability discovery message, using the extracted parameter to determine an identifier for a second legacy agent that maintains the requested capability information, and using the determined identifier to transmit to the second legacy agent a second legacy message requesting said certain capability information;
the adapter receiving from the second legacy agent a legacy response message comprising capability information selected by the second legacy agent in response to the second legacy message transmitted by the adapter to the second legacy agent; and
after receiving the legacy response message, the adapter transmitting to the second consumer a capability discovery response message comprising the capability information included in the legacy response message.

US Pat. No. 10,924,574

SYSTEMS AND METHODS FOR MANAGING LOADING PRIORITY OR SEQUENCING OF FRAGMENTS OF A WEB OBJECT

Yottaa Inc., Waltham, MA...

1. A system for managing rendering of a web page, the system comprising:one or more processors;
a cache configured to store a plurality of fragments of a web page, each of the plurality of fragments having a rendering characteristic that comprises a trigger and an action for rendering of a corresponding fragment independent of other fragments of the plurality of fragments;
a browser executable on the one or more processors, the browser configured to render a first fragment of the plurality of fragments provided from the cache;
a sequencing engine executing on the one or more processors, the sequencing engine configured to:
when the first fragment is rendered, dynamically detect, based on a rendering characteristic of a second fragment from the plurality of fragments that is to be provided from the cache, a trigger for rendering of the second fragment within the first fragment, the trigger comprising a user action to move a specific portion of the first fragment having a fragment pointer of the second fragment, into a viewing region of a client, and
initiating, responsive to the detected trigger, a corresponding action for rendering of the second fragment within the specific portion of the first fragment having the fragment pointer of the second fragment.

US Pat. No. 10,924,573

HANDLING LONG-TAIL CONTENT IN A CONTENT DELIVERY NETWORK (CDN)

Level 3 Communications, L...

1. A method of content delivery in a content delivery network comprising:receiving, at a first server of a first tier of servers of the content delivery network, a request from a requesting device for a resource available from the content delivery network;
accessing a popularity service associated with the content delivery network to determine a popularity designation associated with the requested resource;
requesting the resource from a second server of the content delivery network;
processing, at the first server of the first tier of servers, a redirect instruction from the second server of the content delivery network to obtain the resource from a content server of the content delivery network;
receiving an instruction to not cache the portion of the resource at the first server of the first tier of servers when the portion of the resource is obtained from the content server of the content delivery network; and
providing the obtained resource to the requesting device.

US Pat. No. 10,924,571

SENDING INFORMATION TO USERS

Amazon Technologies, Inc....

1. A method, comprising:receiving, from a skill, first data representing a push event, the first data including a user identifier, a type identifier, and first content to be sent in absence of a user input requesting the first content;
determining, associated with the user identifier, a user preference for receiving content corresponding to the type identifier;
determining, using the user preference, a modality for outputting the first content;
determining a template associated with the type identifier, the template representing how the first content is to be rendered for output using the modality;
determining a data field associated with the type identifier;
determining the first data includes at least a portion corresponding to the data field;
based at least in part on the first data including the at least a portion corresponding to the data field, generating second content including the first content using the template;
determining a first device identifier associated with the user identifier, the first device identifier representing a first device;
determining a second device identifier associated with the user identifier, the second device identifier representing a second device;
receiving first presence data associated with the first device identifier, the first presence data representing a user was detected by the first device;
determining a communications component configured to send the second content to the first device;
sending, to the communications component, the second content; and
sending, to the communications component, the first device identifier.

US Pat. No. 10,924,570

NOTIFICATION UPDATES FOR SAVED SITES

Microsoft Technology Lice...

1. A computer system comprising:a processor; and
a computer readable storage medium having stored thereon program code that, when executed by the processor, causes the processor to:
receive a signal to associate a website with an entity on a user interface, the website being run in an application and the entity running separately from the application in the user interface, wherein the entity is saved to a location on the user interface and is managed by an operating system running on the computer system;
notify, by the operating system, the application that the entity has been assigned to the location;
in response to the application receiving the notification, receive, by the operating system, a request from the application to retrieve metadata for the entity that includes a location identifier for the website and an interface to use to establish a push channel;
receive, using the interface to use to establish the push channel, a request to associate the entity with the push channel that is configured to push updates from the location identifier for the website, wherein an entity identifier used by the operating system for the entity is used to configure the entity as an endpoint for the push channel;
receive an update via the push channel at the operating system;
associate the update with the entity by correlating the endpoint of the push channel to the entity identifier for the entity; and
cause a notification to be output for the entity at the location on the user interface using the operating system.

US Pat. No. 10,924,569

METHOD OF PROVIDING DIGITAL CONTENT FOR USERS OF PHYSICAL ITEMS

adidas, AG, Herzogenaura...

1. A method performed by an application on a mobile device for delivering digital content associated with an item, the method comprising:receiving a uniform resource locator from a smart tag coupled to the item;
loading a webpage using the uniform resource locator, wherein the webpage includes an interface to receive user input;
displaying, on a display of the mobile device, the interface to receive user input;
retrieving, from a remote computing device, digital content associated with the item in response to receiving user input, wherein the digital content comprises information about an entity associated with the item; and
displaying, on the display of the mobile device, the digital content in response to retrieving the digital content.

US Pat. No. 10,924,568

MACHINE LEARNING SYSTEM FOR NETWORKING

shallow.AI Inc., Los Alt...

1. A method comprising:providing a social networking service comprising a content spreading engine;
for the content spreading engine, using an electronic processor, calculating a spreadability (Si) component of a given content using an equation Si=f(w sT), where f(x)=1/(1+e?x), wherein w comprises a vector of weights, s comprises a vector of factors affecting spreadability Si, and T represents a transpose operation;
calculating a reaction (Rij) component of the given content using an equation Rij=f(w tT), where f(x)=1/(1+e?x), wherein t comprises a vector of factors affecting reaction Rij; and
based on the spreadability and reaction components, making a determination whether to deliver the given content to other users of the social networking service or killing the given content, preventing its delivery to other users of the social networking service.

US Pat. No. 10,924,566

USE OF CORROBORATION TO GENERATE REPUTATION SCORES WITHIN VIRTUAL REALITY ENVIRONMENTS

High Fidelity, Inc., San...

1. A method for use with a computer implemented virtual reality (VR) environment that enables users of the VR environment to explore the VR environment and interact with one another within the VR environment using client computing devices that are being used by the users, the method comprising:(a) receiving, from a client computing device used by a first user of the VR environment, information indicative of a positive gesture that an avatar of the first user made towards an avatar of a second user of the VR environment, which positive gesture is indicative of the first user having a positive impression of the second user,
wherein the positive gesture is selected from the group consisting of nodding, thumbs up, hand shaking, clapping, and waving;
(b) receiving, from a client computing device used by a third user of the VR environment, further information that is used to either corroborate or contradict that the avatar of the first user actually made the positive gesture towards the avatar of the second user within the VR environment,
wherein the further information, which is used to either corroborate or contradict that the avatar of the first user actually made the positive gesture towards the avatar of the second user within the VR environment, comprises objective information indicative of whether the third user, or an avatar of the third user, objectively witnessed the avatar of the first user making the positive gesture towards the avatar of the second user while the positive gesture was actually occurring;
(c) determining, based on the further information received from the client computing device used by the third user of the VR environment, that the positive gesture is corroborated;
(d) in response to determining that the positive gesture is corroborated, increasing a reputation score associated with the second user of the VR environment; and
(e) enabling each of one or more users of the VR environment to access, using the client computing device they are using, the reputation score associated with the second user of the VR environment;
wherein in order for the third user, or the avatar of the third user, to witness the avatar of the first user actually making the positive gesture towards the avatar of the second user, the avatar of the third user is within a specified distance of the avatars of the first and second users within the VR environment while the avatar of the first user makes the positive gesture towards the avatar of the second user, the avatar of the third user is facing the avatars of the first and second users while the avatar of the first user makes the positive gesture towards the avatar of the second user, and the avatars of the first and second users are not blocked from the view of the avatar of the third user by an intervening virtual object while the avatar of the first user makes the positive gesture towards the avatar of the second user.

US Pat. No. 10,924,565

TRACKING EVENT ATTENDANCE

Facebook, Inc., Menlo Pa...

1. A method, comprising:by one or more computer systems, receiving one or more input signals comprising one or more event signals associated with an event and one or more user signals associated with a user,
wherein the input signals comprise one or more time-based signals, and each time-based signal comprises an event time, a user arrival time, or a combination thereof,
wherein the input signals further comprise one or more location-based signals, and each location-based signal comprises an event location, a user location, or a combination thereof;
by the one or more computer systems, determining, using a trained machine-learning model, whether the user attended the event according to the input signals; and by the one or more computer systems, presenting, to a target user, an indication, based on the determining, of whether the user attended the event; and
wherein the input signals further comprise one or more friend engagement signals indicating how one or more friends of the user engaged with the event; and
wherein the one or more friend engagement signals comprise one or more of:
a signal indicating how many of the user's friends indicated they would attend the event, and
a signal indicating how many of the user's friends have viewed the event in a user interface.

US Pat. No. 10,924,564

APPARATUS AND METHODS FOR PROVIDING RECOMMENDATIONS BASED ON ENVIRONMENTAL DATA

Intel Corporation, Santa...

1. A network of sensors, comprising:first one or more sensors included in first one or more sensor devices to collect first physical environmental data of a first plurality of environmental parameters of an environment surrounding a first user; and
second one or more sensors included in second one or more sensor devices to collect second physical environmental data of a second plurality of environmental parameters of the environment, the first and second plurality of environmental parameters being different environmental parameters;
wherein at least selected ones of the first and second one or more sensors formed a mesh network;
wherein the first and second one or more sensors forward the first and second physical environmental data to a remote server, through first one or more user devices of the first user;
wherein the first one or more user devices further collect and forward contextual data of the first user reflective of interactions of the first user with the environment, to the remote server;
wherein the remote server, in addition to the first and second physical environmental data, further receives third physical environmental data of the environment from second one or more user devices of a second user; and
wherein the remote server forms a physical behavioral model of the first user, based at least in part on the third physical environmental data, and at least one of the first or second physical environmental data, and the contextual data of the first user, formulates a recommendation for the first user using the physical behavioral model of the first user, and sends the recommendation to a user device of the first user.

US Pat. No. 10,924,563

METHOD, SYSTEM AND RECORDING MEDIUM FOR PROVIDING REAL-TIME CHANGE IN SEARCH RESULT

NAVER CORPORATION, Seong...

1. A search result providing method implemented in a computer, the method comprising:receiving a keyword;
extracting social network service (SNS) documents corresponding to the keyword by conducting a search on documents registered to an SNS platform;
determining a ranking of each of the SNS documents relative to each other based on user feedback information and newness information corresponding to an elapse of time from the creation or registration of each of the SNS documents;
providing a search result associated with the keyword by selecting and sorting SNS documents to be displayed on a user terminal according to the rankings based on the user feedback information and the newness information;
repeatedly performing the extracting of the SNS documents and the determining of the ranking of each of the SNS documents based on updated user feedback information and updated newness information; and
providing an updated search result from the search result associated with the keyword by selecting and sorting SNS documents to be displayed on the user terminal according to the rankings obtained by the repeated performance of the extracting of the SNS documents and the determining of the ranking of each of the SNS documents based on the updated user feedback information and the updated newness information,
wherein the updated search result is provided automatically without a user input request to provide the updated search result, and
wherein the determining of the ranking of each of the SNS documents comprises,
calculating user feedback count, a first time, and a second time with respect to each of the SNS documents, the first time denoting a time elapsed after receiving a recent user feedback and the second time denoting the time elapsed from a point in time at which corresponding SNS document is created or registered,
determining whether the second time has passed a third time that denotes a standard time for determining a newness of the corresponding SNS document,
setting a weight value in proportion to the elapsed time of the second time as a first weight of the third time if the second time has passed the third time,
setting a default value as the first weight of the third time if the second time has not passed the third time,
determining whether the first time has passed a fourth time that denotes an initial display maintain time for guaranteeing an initial display time of the corresponding SNS document,
setting a weight value to be inverse proportion to the user feedback count and in proportion to the first weight as a second weight of the fourth time if the first time has passed the fourth time, and
setting a default value as the second weight of the fourth time if the first time has not passed the fourth time.

US Pat. No. 10,924,562

REAL-TIME MONITORING OF IO LOAD AND LATENCY

Amazon Technologies, Inc....

1. A system for influencing latency characteristics of one or more hosted services by controlling an admittance rate, the system comprising:one or more computing nodes hosting at least a first service, the one or more computing nodes comprising a first capacity for processing requests directed to the first service; and
one or more memories comprising computer-readable instructions that, upon execution by a computing device, cause the system at least to:
admit a first request, based at least in part on a first rate value for the admittance rate, the first rate value based at least in part on the first capacity;
determine an elapsed time for processing the first request;
calculate a latency error value for the processing of the first request based at least in part on a difference between the elapsed time for processing the first request and a target elapsed time for processing the first request, the target elapsed time based at least in part on a classification of the first request;
adjust the admittance rate to a second rate value, wherein the second rate value is based at least in part on an output of a computation utilizing, as input, the first rate value, the latency error value, a history of latency error values, and a prediction of future latency error values; and
admit a second request based at least in part on the adjusted admittance rate.

US Pat. No. 10,924,561

SYSTEM AND METHOD FOR PREDICTIVE DELIVERY OF PRIORITIZED CONTENT

1. A method comprising:aggregating, by a processing system including a processor, predictions of requests from subscriber devices located in a region for media content to obtain a content request prediction for the region, the content request prediction comprising a list of media content items;
analyzing, by the processing system, the content request prediction to determine a priority order for the media content items according to a number of the subscriber devices predicted to request the media content items while at a predicted future location during a predetermined future time period, the number corresponding to a predicted audience, each of the media content items having a priority based at least in part on a time remaining until a time of a largest predicted audience;
monitoring, by the processing system, traffic on a network used by the subscriber devices, and added traffic on the network due to copying of media content items to a storage device on the network, to predict a period of decreased network load;
scheduling, by the processing system, copying of the media content items from a content server to the storage device located in the region, wherein the copying is scheduled to be performed during the predicted period of decreased network load and in accordance with the priority order; and
copying, by the processing system, the media content items to the storage device according to the scheduling.

US Pat. No. 10,924,560

DETERMINING GEOGRAPHIC LOCATIONS OF NETWORK DEVICES

Facebook, Inc., Menlo Pa...

1. A method, comprising:by one or more computer systems, receiving one or more communication network addresses and one or more first geographic locations of each network address;
by the one or more computer systems, for each network address, determining one or more location-related features based on the network address;
by the one or more computer systems, generating one or more predicted locations of the network address, wherein each predicted location corresponds to one of the first geographic locations of the network address, and each predicted location is associated with a time stamp representing an age of the predicted location;
by the one or more computer systems, determining, based on the location-related features and the time stamps, a weighting factor representing a probability that at least one of the predicted locations of the network address corresponds to a true location of the network address;
by the one or more computer systems, determining, for each of the predicted locations, a weight based on at least the weighting factor, wherein the weight represents a probability that the predicted location corresponds to the true location of the network address;
by the one or more computer systems, storing the predicted locations of the network address and the associated weights in a table of predicted locations in association with the network address; and
by the one or more computer systems, providing, in response to a request to identify a geographic location for a particular network address, one or more of the predicted locations that correspond to the particular network address.

US Pat. No. 10,924,559

MIGRATION OF CLOUD SERVICES

International Business Ma...

1. A computer-implemented method for migrating cloud services between cloud providers comprising:transforming, by one or more processors, a set of Infrastructure as Code (IaC) resources of a cloud service on an initial cloud provider into a reference architecture to be deployed to a set of alternate cloud providers, wherein transforming comprises:
translating, by one or more processors, the set of IaC resources into a standard format;
minimizing, by one or more processors, the translated set of IaC resources by a factor to create the reference architecture;
storing, by one or more processors, the reference architecture on a cloud archive; and
deploying, by one or more processors, the reference architecture to the set of alternate cloud providers;
gathering, by one or more processors, a set of indicators from each alternate cloud provider of the set of alternate cloud providers;
comparing, by one or more processors, the set of indicators from each alternate cloud provider of the set of alternate cloud providers;
responsive to determining that an affinity score was reached for an alternate cloud provider of the set of alternate cloud providers, outputting, by one or more processors, an alert to an owner of the cloud service, wherein the alert requests approval to migrate the cloud service from the initial cloud provider to the alternate cloud provider; and
responsive to receiving approval from the owner, migrating, by one or more processors, the cloud service to the alternate cloud provider.

US Pat. No. 10,924,558

NETWORK FUNCTION INFORMATION INTERACTION METHOD AND DEVICE, AND COMPUTER STORAGE MEDIUM

China Mobile Communicatio...

1. A method for interaction of network function (NF) information, comprising:receiving, by a network repository function (NRF), a service discovery request from an NF requester, wherein the service discovery request comprises a service identifier (ID) of a service requested by the NF requester;
querying, based on the service ID, for at least one of an ID of an NF provider capable of providing the service requested by the NF requester or service-related information of the NF provider capable of providing the service requested by the NF requester, wherein the service-related information is to indicate related information of a plurality of services provided by the NF provider; and
sending at least one of the ID of the NF provider or the service-related information to the NF requester through a service discovery response.

US Pat. No. 10,924,557

MANAGEMENT SERVICE MIGRATION USING MANAGED DEVICES

AIRWATCH LLC, Atlanta, G...

1. A system, comprising:a client device, the client device being enrolled with a first management service; and
a migration application executable in the client device wherein the migration application, when executed, causes the client device to at least:
identify migration information for a migration of the client device from the first management service to a second management service that is different from the first management service, the migration information comprising: a first server address, and a second server address that is different from the first server address;
enable, by the migration application, a network adapter of the client device to identify a device identifier associated with the client device, wherein the device identifier is unavailable unless the network adapter is enabled;
send a request to un-enroll the client device from the first management service, the request comprising: the first server address, and the device identifier;
cause the client device to be un-enrolled from the first management service by causing a first management profile associated with the first management service to be removed from the client device;
send a request to enroll the client device with the second management service, the request comprising: the second server address, and the device identifier; and
cause the client device to be enrolled with the second management service by causing a second management profile associated with the second management service to be installed on the client device.

US Pat. No. 10,924,556

REAL TIME DYNAMIC TIMEOUT PREDICTION

SAP SE, Walldorf (DE)

1. A computer implemented method comprising:storing data on a client system, the data corresponding to a plurality of previous data requests from the client system to a server system over a network, the data comprising a load time and a plurality of parameters describing context for each data request;
receiving an instruction to perform a first data request;
determining weights corresponding to the plurality of parameters, the weights indicating a contribution of each parameter to the load time;
determining a load time offset value based on the stored data;
estimating a first load time for the first data request by combining the weights corresponding to the plurality of parameters and a plurality of parameters describing context for the first data request, and in accordance therewith, producing an estimated load time;
adding the load time offset value to the estimated load time to produce a first timeout value; and
performing the first data request, wherein a timeout for the first data request is set to the first timeout value.

US Pat. No. 10,924,555

TRANSACTION RESOURCES FOR STATELESS MESSAGE PROTOCOL

Intel Corporation, Santa...

1. A communications device, comprising:a computing platform, including a processor, a data store, and communication facilities, the computing platform to implement:
an entity resource to originate or consume data;
core resources to facilitate stateless messaging with a remote device, the stateless messaging including operations for data associated with the entity resource; and
transaction resources to interface with the entity resource and manage a transaction with the remote device that includes a sequence of stateless messages associated with the entity resource, wherein the transaction resources provide abstraction to limit direct communication with the entity resource for the transaction, the transaction resources including:
a transaction state machine to represent a current intra-transactional ephemeral state from among a plurality of intra-transactional ephemeral states representing progression of the sequence of stateless messages for the transaction;
a commit handler to institute a persistent state change related to the entity resource in response to a successful completion of the transaction; and
a transaction communicator to conduct intra-transaction communications via the core resources directed to corresponding transactional resources of the remote device.

US Pat. No. 10,924,554

APPLICATION CUSTOMIZATION

Citrix Systems, Inc., Fo...

1. A method, comprising:receiving, by a computing device, an enrollment request from a mobile device to enroll in a mobile device management (MDM) system;
generating, by the computing device, a session cookie after receipt of the enrollment request, the generation of the session cookie including use of a device identifier of the mobile device and an identifier of the MDM system, and the session cookie being unique to an enrollment session of the mobile device into the MDM system, so that the mobile device receives different session cookies in response to the mobile device requesting enrollment in the MDM system on different occasions;
prior to providing a client agent to the mobile device:
embedding the session cookie into a client agent application template, wherein the session cookie enables a client agent application to access the MDM system after enrollment and during a first-time use of the client agent;
embedding enterprise uniform resource locators (URLs) into the client agent application template, wherein the enterprise URLs correspond to enterprise resources of the MDM system;
embedding one or more policies into the client agent application template to configure the client agent application template, the one or more policies being based on at least one of the device identifier and an identity of a user of the mobile device; and
building the client agent application comprising the session cookie, the enterprise URLs and the one or more policies;
providing the client agent to the mobile device by transmitting the client agent application comprising the session cookie, the enterprise URLs and the one or more policies to the mobile device; and
permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.

US Pat. No. 10,924,553

MEDICAL DEVICE MANAGEMENT

ZOLL Medical Corporation,...

1. An automated external defibrillator (AED) comprising:at least one battery;
defibrillation electrode pads with a cardiopulmonary resuscitation (CPR) sensor;
a communication component configured to facilitate communication with a management server based on registration information associated with the AED and with a registration account user and stored in a database by the management server; and;
a memory, a processor, and associated circuitry, the memory including processor-executable instructions, wherein the processor is communicably coupled to the memory, the at least one battery, the defibrillation electrode pads, and the communication component and is configured to:
initiate a self-test at an administrator configured self-test interval of at least one of daily and weekly, wherein the self-test interval is a user role based configuration setting,
receive and analyze signals from the self-test from the at least one battery and the defibrillation electrode pads during the self-test,
generate device readiness information about the AED based at least in part on the received and analyzed signals from the at least one battery and the defibrillation electrode pads,
store the device readiness information in the memory,
determine a commencement of a clinical event,
record clinical event information during the clinical event, the clinical event information comprising CPR performance data based on signals from the CPR sensor,
detect a termination of the clinical event,
save a clinical event file comprising the clinical event information at the detected termination,
control the communication component to automatically transmit the device readiness information to the management server, via a network, without a request from the management server, at a monthly interval that is different than the administrator configured self-test interval of at least one of daily and weekly, and
control the communication component to transmit the clinical event file to the management server, via the network, in a separate communication transmission from the automatic transmission of the device readiness information.

US Pat. No. 10,924,552

HYPER-CONVERGED FLASH ARRAY SYSTEM

TOSHIBA MEMORY CORPORATIO...

1. A host device for a first storage system including a plurality of storage devices each including a nonvolatile semiconductor memory, the host device comprising:an internal interface controller connectable to the plurality of storage devices;
an external network interface connectable to a plurality of storage systems including a second storage system through a storage system network;
a memory; and
a processor configured to:
upon receipt of an access command from the second storage system through the storage system network, temporarily store the access command in the memory, and
control the internal interface controller to transmit the access command to one of the storage devices so that said one of the storage devices accesses the nonvolatile semiconductor memory thereof in accordance with the access command,
wherein the access command is issued by an operating system executed by the second storage system, which works with an operating system executed by the first storage system in a coordinated manner.

US Pat. No. 10,924,551

IRC-INFOID DATA STANDARDIZATION FOR USE IN A PLURALITY OF MOBILE APPLICATIONS

Sprinklr, Inc., New York...

1. A method of generating user preference IRC-Infoids comprising:identifying approved users;
collecting user level of access to the data and determining security status of individual users for each identified user;
collecting user preferences;
compiling a user profile for each individual user;
inputting the user profiles for each of the identified approved users into an Infoid runner;
formatting the input user profiles to produce a nested IRC-Infoid of the profile for each of the individual users;
checking the IRC-Infoid to ensure that the IRC-Infoid conforms to a structure of the IRC-Infoids;
checking the IRC-Infoid for conformity to rules of the IRC-Infoids; and
saving and linking the checked IRC-Infoids of the individual users.

US Pat. No. 10,924,550

FRAMEWORK FOR DISTRIBUTED KEY-VALUE STORE IN A WIDE AREA NETWORK

VMWARE, INC., Palo Alto,...

1. A method comprising:storing complete copies of an entire key-value (KV) store into each of a plurality of first computing systems in a data center;
storing at most a subset of the KV store into each of a plurality of second computing systems that are outside of the data center;
broadcasting entries among the copies of the KV store that were changed (“changed entries”) to each of the plurality of first computing systems using an unreliable multicast communication protocol, wherein each changed entry is associated with a monotonically increasing sequence number that is broadcast with the changed entry;
storing the changed entries in a retransmit buffer, including retransmitting one of the entries in the retransmit buffer in response to receiving a retransmit request for said one of the entries, wherein the retransmit request includes the sequence number associated with said one of the entries;
using one or more filters to select one or more entries from among the changed entries; and
broadcasting the selected entries to one or more of the second computing systems using a reliable unicast communication protocol.

US Pat. No. 10,924,549

METHOD AND DEVICE FOR DATA VERSION COMPARISON BETWEEN TRANS-TIME ZONE SITES

Advanced New Technologies...

1. A computer-implemented method, comprising:receiving, by a central server from a plurality of trans-time zone sites, target data and a corresponding time stamp from each trans-time zone site, wherein each of the time stamps are based on a respective time zone of a sending trans-time zone site from which the target data and the time stamp were received, wherein the target data comprises account data associated with a login account shared across each of the trans-time zone sites;
modifying, by the central server, each of the received time stamps based on the respective time zone of the sending trans-time zone site for the time stamp and a time zone of the central server;
comparing, by the central server, the received target data from each of the trans-time zone sites to stored target data based on the modified corresponding time stamp; and
storing, by the central server, a latest version of the target data having a modified corresponding time stamp that indicates a later time than each of the other modified corresponding time stamps.

US Pat. No. 10,924,548

SYMMETRIC STORAGE USING A CLOUD-BASED STORAGE SYSTEM

Pure Storage, Inc., Moun...

1. A method comprising:determining, in dependence upon an I/O operation received at a cloud-based storage system included in a set of storage systems synchronously replicating a dataset, a metadata update describing a mapping of segments of content to one or more addresses within one or more storage objects that include the dataset; and
synchronizing metadata on a hardware-based storage system included in the set of storage systems synchronously replicating the dataset by sending the metadata update from the cloud-based storage system to the hardware-based storage system to update a metadata representation on the hardware-based storage system in accordance with the metadata update, wherein the metadata representation on the storage system is structured differently than the metadata representation of the dataset on the cloud-based storage system.

US Pat. No. 10,924,547

SYSTEMS AND METHODS FOR ESTABLISHING AND MAINTAINING VIRTUAL COMPUTING CLOUDS

AdmieMobile LLC, New Yor...

1. A method comprising:receiving, from two or more computing devices, updates relating to a status of files from a plurality of files, at least one update including information relating to a new file to be added to the plurality of files, and each computing device of the two or more computing devices having a software agent;
posting, to a social network, an indication of the new file;
transmitting, to each respective software agent of the two or more computing devices, permissions of a first and a second computing device to access files from the plurality of files;
receiving a request, from a first software agent at the first computing device, to access a first file from the plurality of files, the first computing device having a first version of the first file;
determining, by a processor, whether the first computing device has permission to access the first file;
responsive to determining the first computing device has the permission to access the first file, determining, by the processor, whether the first version of the first file at the first computing device is synchronized with the plurality of files;
responsive to determining that the first version of the first file is synchronized, instructing the first software agent at the first computing device to provide the first computing device access to the first file; and
responsive to determining that the first version of the first file is not synchronized, transmitting an instruction, to a second computing device associated with a second software agent, to transmit a second version of the first file at the second computing device to the first computing device, the second version of the first file to replace the first version of the first file at the first computing device.

US Pat. No. 10,924,546

STATE CONTAINER SYNCHRONIZATION SYSTEM AND METHOD

eCIFM Solutions Inc., Sa...

11. A method being performed by a mobile computing device, the mobile computing device comprising: at least one memory comprising mobile application instructions and a state container, a graphics processing unit (GPU), and at least one processing device configured for executing the mobile application instructions, the method comprising:creating, while in an offline mode such that the mobile computing device is disconnected from a remote application server, a local update packet corresponding to the state container, the local update packet associated with a first timestamp;
storing the local update packet in the memory of the mobile computing device;
detecting an availability of a wireless network;
establishing, via the wireless network, a network connection with the remote application server, thereby causing the mobile computing device to enter an online mode;
synchronizing the memory of the mobile computing device with the remote application server, the synchronizing comprising:
receiving, from the remote application server, a remote update packet corresponding to the state container, the remote update packet associated with a second timestamp;
comparing the first timestamp associated with the local update packet with the second timestamp associated with the remote update packet;
in response to determining that the first timestamp is earlier than the second timestamp: first modifying contents of the state container based on the local update packet, and second modifying the first modified contents of the state container based on the remote update packet; and
initiating display of, using the GPU, a graphical user interface representation of the second modified contents of the state container to a user of the mobile computing device.

US Pat. No. 10,924,545

COMPUTER SYSTEM PROVIDING MIRRORED SAAS APPLICATION SESSIONS AND RELATED METHODS

CITRIX SYSTEMS, INC., Fo...

1. A computer system comprising:a client computing device configured to run a first Software as a Service (SaaS) application session from a first server within a first browser; and
a second server cooperating with the at least one client computing device to
run a second SaaS application session within a second browser mirroring a state of the first SaaS application session, and
forward data traffic generated by the first SaaS application session to the first server while blocking traffic generated by the second SaaS application session from passing to the first server, and delivering responses from the first server to the data traffic from the first SaaS application session to both of the first and second SaaS application sessions.

US Pat. No. 10,924,544

APPARATUS, METHOD, AND PROGRAM PRODUCT FOR CALENDAR CONTROL

Lenovo (Singapore) PTE. L...

1. An apparatus comprising:a processor;
a memory that stores code executable by the processor to:
detect a triggering calendar entry of a plurality of calendar entries in a first digital calendar corresponding to a first user of the first digital calendar;
determine a pattern of the first digital calendar based on historical calendar entries in the first digital calendar, wherein the historical calendar entries comprise multiple separately entered calendar entries that do not overlap in time;
determine whether the triggering calendar entry is inconsistent with the pattern of the first digital calendar, wherein the triggering calendar entry occupies a time that is inconsistent with data corresponding to the first digital calendar; and
attempt to synchronize the triggering calendar entry with a second digital calendar corresponding to the first user of the first digital calendar without synchronizing each calendar entry of the plurality of calendar entries in response to detecting the triggering calendar entry, wherein, as a result of attempting to synchronize the triggering calendar entry with the second digital calendar not comprising copying the triggering calendar entry to the second digital calendar:
notify a second user of the second digital calendar during occurrence of the triggering calendar entry, wherein the second user of the second digital calendar is notified by showing a popup, showing an alert, sending an email, producing an audible alert, or producing a tactile alert.

US Pat. No. 10,924,543

DEPLOYMENT STRATEGY FOR MAINTAINING INTEGRITY OF REPLICATION GROUPS

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:generating a number of deployment groups for a plurality of hosts, each deployment group of the number of deployment groups containing at least one host executing at least one node of at least one data replication group, where each data replication group of the at least one data replication group is a member of a set of data replication groups managed by a replication group service, by at least:
determining a number of nodes to be included in the data replication group; and
determining the number of deployment groups based at least in part on the number of nodes in the data replication group;
assigning a set of hosts to the number of deployment groups, the set of hosts collectively executing the number of nodes of the data replication groups, wherein the assigning is performed based at least in part on evenness criteria such that removing one or more hosts assigned to a particular deployment group preserves a quorum of nodes within the data replication group;
obtaining a request to deploy software to the number of deployment groups;
assigning a set of scores to the number of deployment groups; and
selecting a first deployment group, based on the score, of the number of deployment groups to deploy software to in response to the request.

US Pat. No. 10,924,542

CONTENT DELIVERY SYSTEM

Verizon Patent and Licens...

1. A computer implemented method, comprising:starting, by a processing device and based on instructions received from a host entity, a content delivery micro edge server module to generate a content delivery micro edge server on a web server, wherein the content delivery micro edge server is a virtualized edge server associated with a content delivery network operator and the web server is associated with the host entity that is different than the content delivery network operator;
partitioning web server capacity of the web server into a predetermined level of capacity associated with the content delivery micro edge server and web server capacity, wherein the content delivery micro edge server module reserves web server capacity based on available capacity and utilized capacity;
remotely controlling, by the content delivery network operator and not the host entity, applications, processes, and configuration of the content delivery micro edge server via an encrypted network connection, including:
activating at least one application associated with the content delivery micro edge server to provide content delivery services;
registering, with the content delivery network operator, the content delivery micro edge server to provide the content delivery services;
receiving a request for content to be provided to a client device via a prospective best cost route determined by a master route matrix based on a transmission control protocol (TCP) latency as of a last-identified state of the content delivery micro edge server, and a TCP latency as of a last-identified state of at least one neighboring content delivery micro edge server, wherein the client device is associated with a third party to the host entity and the content delivery network operator;
determining that the at least one neighboring content delivery micro edge server forms part of an actual best cost route for delivering the content to the client device, wherein the actual best cost route is further determined using a micro route matrix based on a comparison of a first expected TCP latency associated with the content delivery micro edge server, and a second expected TCP latency associated with the at least one neighboring content delivery micro edge server;
re-directing, based on the determining, the request for content to the at least one neighboring content delivery micro edge server;
receiving, by the at least one neighboring content delivery micro edge server, the content from a cache dedicated to the content delivery micro edge server; and
delivering, by the at least one neighboring content delivery micro edge server, the content to the client device via the actual best cost route, wherein the actual best cost route does not include the content delivery micro edge server using the predetermined level of capacity; and
terminating, by the processing device and based on instructions received from the host entity, the content delivery micro edge server module.

US Pat. No. 10,924,541

LOW-POWER AND LOW-LATENCY DEVICE ENUMERATION WITH CARTESIAN ADDRESSING

QUALCOMM Incorporated, S...

1. A host device, comprising:a first master interface for coupling over a first point-to-point (P2P) link to a first slave interface in a first slave device;
a second master interface for coupling over a second P2P link to a second slave interface in a second slave device; and
a node aggregator configured to assign a first link identification (ID) to the first P2P link and to assign a second link ID to the second P2P link upon initiation of an enumeration process, the node aggregator being further configured to receive a node ID from the first slave device that equals a concatenation of a slave bit and the first link ID and to receive a node ID from the second slave device that equals a concatenation of a slave bit and the second link ID, wherein the node aggregator is further configured to address the first slave device with a first message including the node ID for the first slave device to re-assign a Cartesian address to the first slave device.

US Pat. No. 10,924,540

LIGHTWEIGHT NAMING SCHEME FOR AGGREGATING REQUESTS IN INFORMATION-CENTRIC NETWORKING

Cisco Technology, Inc., ...

1. A method comprising:receiving, at a device in a network, an interest request for one or more pieces of content data available in the network, wherein the interest request specifies the one or more pieces of content data via one or more bits sets in a content request bitmap of the interest request, each bit of the content request bitmap being associated with a different piece of content data available from the network;
comparing, by the device, the content request bitmap to a content availability bitmap in a forwarding information base (FIB) of the device, wherein the content availability bitmap in the FIB is associated with a particular interface of the device and each bit of the content availability bitmap indicates whether a particular piece of content data is available via the particular interface; and
forwarding, by the device, the interest request via the particular interface of the device, based on the comparison between the content request bitmap and the content availability bitmap in the FIB of the device.

US Pat. No. 10,924,539

METHOD AND DEVICE FOR SELECTING AGGREGATION NODE

BOE TECHNOLOGY GROUP CO.,...

1. A method for selecting an aggregation node, comprising steps of:acquiring a trust value list for each of nodes in a cluster, wherein the trust value list for each of the nodes comprises trust values for each of the nodes, acquired by remaining nodes in the cluster;
acquiring an actual trust value for each of the nodes according to the trust value list for each of the nodes, by using a first predetermined algorithm;
calculating an actual remaining energy ratio of each of the nodes according to a self-calculated remaining energy ratio of each of the nodes calculated by itself and other-calculated remaining energy ratios for each of the nodes calculated by the remaining nodes in the cluster, by using a second predetermined algorithm;
calculating an energy-trust integrated value for each of the nodes according to the actual trust value for each of the nodes and the actual remaining energy ratio of each of the nodes, by using a third predetermined algorithm; and
selecting an aggregation node according to the energy-trust integrated value for each of the nodes,
wherein any of the trust values in the trust value list is acquired according to the following steps:
taking a node for which the trust value is to be acquired as a target node, the remaining nodes in the cluster comprising the target node as monitoring nodes, one of the monitoring nodes as a direct monitoring node, and others of the monitoring nodes as indirect monitoring nodes;
acquiring direct information of the target node through the direct monitoring node;
acquiring indirect information of the target node through the direct monitoring node, wherein the indirect information is information of the target node acquired by the indirect monitoring nodes; and
calculating the trust value for the target node according to the direct information and the indirect information of the target node which are collected by the direct monitoring node; and
wherein the step of selecting an aggregation node according to the energy-trust integrated value for each of the nodes comprises steps of:
comparing the energy-trust integrated values of the nodes with each other, and selecting a node having a maximum energy-trust integrated value as the aggregation node.

US Pat. No. 10,924,538

SYSTEMS AND METHODS OF MONITORING SOFTWARE APPLICATION PROCESSES

THE BOEING COMPANY, Chic...

1. A system comprising:a first compute node of multiple compute nodes that are configured to run multiple instances of a software application, wherein the first compute node comprises:
a process monitor configured to generate process status data for a first instance of the software application running at the first compute node;
a status data analyzer configured to:
determine, based on the process status data, whether an expected process of the first instance of the software application has stopped running at the first compute node; and
selectively restart the first instance of the software application based on determining that the expected process has stopped running at the first compute node;
a process monitor checker configured to:
determine whether the process monitor has stopped running at the first compute node; and
restart the process monitor in response to determining that the process monitor has stopped running at the first compute node; and
a peer monitor configured to:
determine whether a second instance of the software application failed at a second compute node of the multiple compute nodes; and
in response to determining that the second instance failed at the second compute node, perform an action based on incomplete tasks associated with the second instance of the software application; and
the second compute node.

US Pat. No. 10,924,537

SYSTEMS, APPARATUS AND METHODS FOR COST AND PERFORMANCE-BASED MANAGEMENT OF RESOURCES IN A CLOUD ENVIRONMENT

TURBONOMIC, INC., Boston...

1. A computer-implemented method, comprising:determining, by a consumer manager running on a data processor in a computer system, a cost in currency units for running a computational workload on a first computational resource provider, the workload having a resource requirement corresponding to a quantity of one or more resources selected from CPUs, memory, databases, network bandwidth, and/or input-output capacity for use by a component of the computer system;
selecting to run the workload on the first computational resource provider;
determining, after a predetermined period of time has passed since the selection or after the cost for running the workload has increased by at least a predetermined amount, a cost for running the workload on a second computational resource provider, wherein the first computational resource provider is an in-house resource provider and the second computational resource provider is a cloud-based service provider offering a plurality of templates, each of the templates specifying a quantity of one or more resources selected from CPUs, memory, databases, network bandwidth, and/or input-output capacity;
selecting, from among the plurality of templates, an optimal template (i) having resources exceeding the workload resource requirement and (ii) having a lowest cost of all templates having resources exceeding the workload resource requirement;
determining a cost of moving the workload to the second provider using the optimal template;
determining whether any template resources exceeding the workload resource requirement can be deployed by the consumer manager in the computer system;
computing a utilization value for running the workload on the second provider based at least in part on the determined cost of the optimal template on the second provider, the determined cost of moving the workload to the second provider, and whether any template resources exceeding the workload resource requirement can be deployed by the consumer manager in the computer system; and
moving the workload to the second provider if the utilization value exceeds a utilization value of continuing to host the workload on the first provider, wherein the cost of running the workload on the second provider is (i) a dynamic, on-demand price based at least in part on one or more template resources or (ii) a reserved-instance price based at least in part on multiple template resources.

US Pat. No. 10,924,536

METHOD AND SYSTEM FOR SELECTING A STORAGE NODE BASED ON A DISTANCE FROM A REQUESTING DEVICE

Oracle International Corp...

12. A method comprising:receiving, from a requesting device, an initial request to access a file;
responsive to the initial request to access the file:
selecting a first node, from among a plurality of nodes, to provide access to the file, wherein the first node is selected from a subset of the plurality of nodes that store the requested file;
causing transmission of the file from the first node to the requesting device;
determining that the first node is not an appropriate node to provide the file to the requesting device;
responsive to the determining operation, selecting a second node, from among the plurality of nodes, to provide access to the file for subsequent requests to access the file received after the initial request is received; and
causing the second node to retrieve a copy of the file in preparation for causing transmission of the file to the requesting device for the subsequent requests;
wherein the method is performed by at least one device including a hardware processor.

US Pat. No. 10,924,535

RESOURCE LOAD BALANCING CONTROL METHOD AND CLUSTER SCHEDULER

Huawei Technologies Co., ...

1. A resource load balancing control method, comprising:predicting performance data that is of an application deployed on each cluster node and that is in a preset time period, wherein the performance data represents resource usage that is of an application deployed on each cluster node and that is in the preset time period;
calculating a first standard deviation of a cluster system according to the predicted performance data of each cluster node, wherein the first standard deviation represents a resource load balance degree of the cluster system in the preset time period; and
in response to determining that the first standard deviation of the cluster system is greater than a preset threshold, determining an application migration solution according to a resource load balancing rule to balance a current resource load of the cluster system or a resource load of the cluster system in the preset time period after a application migration solution is executed, wherein determining the application migration solution comprises:
sorting all cluster nodes according to a resource load of each cluster node;
classifying the sorted cluster nodes into either a heavy-load cluster node or a light-load cluster node;
traversing an application deployed on the heavy-load cluster node and an application deployed on the light-load cluster node, so as to exchange an application deployed on the heavy-load cluster node with an application deployed on the light-load cluster node;
determining a first application deployed on a first cluster node in the heavy-load cluster node and a second application deployed on a second cluster node in the light-load cluster node by maximizing a difference between a third standard deviation of the cluster system before an application exchange and a fourth standard deviation of the cluster system after the application exchange, wherein the third standard deviation is greater than the fourth standard deviation; and
generating an application migration solution instructing to exchange the first application deployed on the first cluster node with the second application deployed on the second cluster node.

US Pat. No. 10,924,534

DYNAMIC PLACEMENT OF COMPUTING TASKS IN A DISTRIBUTED COMPUTING ENVIRONMENT

Akamai Technologies, Inc....

1. A method for placing a computing task within a distributed computing system having first and second servers, the method comprising:with a first server, receiving a first request, the first request originating from a client;
in response to the first request, the first server sending a forward request;
a second server receiving, directly or indirectly, the forward request;
in response to the receipt of the forward request, the second server determining whether to perform one or more computing tasks at the second server to generate particular content for the first server to provide in response to the first request;
upon a determination by the second server to perform the one or more computing tasks:
(i) the second server performing the one or more computing tasks to generate the particular content for the first server to provide in response to the first request;
(ii) the second server sending to the first server, directly or indirectly, a response comprising the particular content and a computing task locator that identifies any of the second server and a group of servers of which the second server is a member, as having performed the one or more computing tasks; and
(iii) the first server, upon receipt of the particular content and the computing task locator, sending towards the client the response to the first request including both the particular content and the computing task locator;
upon a determination by the second server not to perform the one or more computing tasks:
(iv) the second server sending to the first server, directly or indirectly, a response to the forward request;
(v) the first server performing the one or more computing tasks to generate the particular content; and
(vi) the first server sending, towards the client, the response to the first request including both the particular content and a computing task locator that identifies any of the first server and a group of servers of which the first server is a member as having performed the one or more computing tasks to generate the particular content;
the response to the first request including code executable by the client to cause the client to generate a beacon that includes performance data related to delivery of the particular content to the client and includes the computing task locator the client received, the code executable to cause the client to send the beacon back to the distributed computing system; and,
the distributed computing system:
receiving the performance data; and,
adjusting a probability that the second server determines to perform the one or more computing tasks.

US Pat. No. 10,924,533

SYSTEM, APPARATUS AND METHOD FOR LOAD BALANCING

Telefonaktiebolaget LM Er...

1. A method of performing multi-path load balancing in a communications network comprising a plurality of servers, the method comprising:in a server of the plurality of servers:
receiving a first connection request, from a first load balancer, sent from a first interface of a client device;
sending a first acknowledgement of the first connection request to the first interface of the client device bypassing the first load balancer; and
storing a code representing the server in a database, the code associated with a unique identity of the server;
in a second load balancer:
receiving a second connection request from a second interface of the client device, wherein the second connection request is associated with the first connection request sent from the first interface of the client device to the server, wherein the second connection request includes a token associated with the server, wherein the token associated with the server is received from the second interface of the client device, and wherein the second load balancer is different from the first load balancer;
mapping the token to an entry in the database;
determining the unique server identity associated with the token; and
forwarding the second connection request to the server associated with the unique server identity.

US Pat. No. 10,924,532

PRESENTING SUGGESTION CONTENT IN REACTION TO CONTENT GENERATION

Facebook, Inc., Menlo Pa...

1. A method comprising:storing, in a social networking system, a plurality of reaction content items associated with management of pages in the social networking system;
receiving, through a content generation interface for a page in the social networking system, content generated by a posting user of the social networking system;
generating a user content item based on the received content, the user content item being associated with the page;
determining that the posting user of the social networking system is assigned a role to manage, interactions with, the page;
when the posting user is associated with the role to manage the page,
automatically selecting, by the social networking system, a set of eligible reaction content items from the plurality of reaction content items based on characteristics of the posting user satisfying a plurality of predetermined eligibility criteria to determine eligibility of each reaction content item, of the selected set of eligible reaction content items, to be presented for display to the posting user, wherein each reaction content item from the plurality of reaction content items provides information relating to management of the page by the posting user;
ranking the selected set of eligible reaction content items based on a measure of relevance of each selected reaction content item to the posting user;
automatically selecting, by the social networking system, a reaction content item from the set of eligible reaction content items based on the ranked set of eligible reaction content items;
responsive to the posting user providing the generated user content item, presenting, by the social networking system, the selected reaction content item to the posting user, the selected reaction content item being displayed with an interaction interface, wherein the selected reaction content item is presented to the posting user on a reaction interface immediately consecutive to the content generation interface; and
receiving, from the posting user, an interaction with the selected reaction content item through the interaction interface presented with the selected reaction content item.

US Pat. No. 10,924,531

SOPHISTICATED AUTOMATED RELATIONSHIP ALERTER

Sony Corporation, Tokyo ...

1. An electronic communication device, comprising:communications circuitry to provide near-field transmitting and receiving communications;
a user interface; and
control circuitry configured to:
(a) maintain a friends list comprising personal information of persons known to a user of the electronic communication device, the friends list also includes a first anonymous user indicia for at least a first person known to the user of the electronic communication device, wherein the first anonymous user indicia corresponds to information that identifies the first person in a database accessible by the electronic communication device but does not include personal information of the first person,
(b) activate the communications circuitry to determine near-field presence of a second electronic communication device within communication range of the electronic communication device,
(c) activate the communications circuitry to transmit to the second electronic communication device a portion of the first anonymous user indicia and/or second anonymous user indicia associated with the user of the first electronic communication device, wherein the second anonymous user indicia corresponds to information that identifies the user of the first electronic communication device in a database accessible by the second electronic communication device but does not include personal information of the user of the first electronic communication device,
(d) activate the communications circuitry to receive from the second electronic communication device third anonymous user indicia, wherein the third anonymous user indicia corresponds to a session initiation protocol (SIP) address, an encrypted name of the first person, a 128-bit unique identification number encrypting a name of the person,
(e) coordinate the third anonymous user indicia with information on the friends list to determine the presence of any matches between the first and/or second anonymous user indicia and the third anonymous user indicia; and
(f) provide to the user interface either a list of matches or an indication of no matches, but to share no personal information including at least one of biometric information such as fingerprints, retinal scans, iris scans, hand measurements, voice recognition, photographs of the face, anatomical traits, a record of previous meetings, a list of the first person's known friends and acquaintances, social security number, E-mail address, IP address, audio recordings, video recordings, or passwords, until such time as users of the first electronic communication device and the second electronic communication device have decided to meet, thereby unambiguously identifying near-field users of electronic communication devices who are potential acquaintances in a way that allows anonymity and concealment of personal information until such time as the decision is made to actually make contact and to share such personal information.

US Pat. No. 10,924,530

INTER-PROVIDER FILE TRANSFER SYSTEM AND METHOD

Verizon Patent and Licens...

1. A method comprising:receiving, by a service provider, a file transfer request that includes at least a network location corresponding to a file to be transferred;
determining, by the service provider, whether the network location is internal or external to a service provider network;
modifying the network location when it is determined that the network location included in the file transfer request is external to the service provider network; and
retrieving the file to be transferred using the modified network location.

US Pat. No. 10,924,529

SYSTEM AND METHOD OF TRANSMITTING DATA BY USING WIDGET WINDOW

Samsung Electronics Co., ...

1. A method of transmitting, by a computer, a file by using an execution window of an application that connects the computer to a first mobile terminal, the method comprising:receiving an address book stored in the first mobile terminal from the first mobile terminal;
moving a file selected on a screen of the computer to the execution window of the application;
when the file is moved to the execution window, receiving a keyword that is input to the execution window;
detecting at least one second mobile terminal corresponding to the keyword from the received address book; and
transmitting the file from the computer to the at least one second mobile terminal via the first mobile terminal,
wherein the keyword comprises a textual prefix tag value, and detection targets of the keyword differ from each other according to the textual prefix tag value, the textual prefix tag value corresponding to at least one of a plurality of types of data transmission services supported by the at least one second mobile terminal.

US Pat. No. 10,924,528

METHOD TO DETERMINE USE OF LOCAL AND REMOTE APPLICATIONS IN A DISTRIBUTED MULTIUSER ENVIRONMENT FOR SHARED FILE RESOURCES

Parallels International G...

1. A method comprising:determining, by a first computing device, a set of remote applications hosted by a second computing device, wherein each remote application in the set of remote applications is associated with one or more file types;
determining, by the first computing device, a set of local applications hosted on the first computing device, wherein each local application in the set of local applications is associated with one or more file types; and
for each file type associated with at least one remote application of the set of remote applications:
determining whether the file type associated with a respective remote application is also associated with a local application in the set of local applications; and
responsive to the file type associated with the respective remote application being also associated with the local application, invoking an application programming interface (API) of an operating system of the first computing device to associate the file type with a proxy component, wherein the proxy component for the file type is to determine, based on a network latency and a synchronization time associated with a location of a requested file, whether to open the requested file of the file type with the respective remote application or the local application.

US Pat. No. 10,924,527

DYNAMIC WORKFLOW-BASED COMPOSITE WEB SERVICE SYSTEM AND METHOD

TRANZTEC SOLUTIONS, INC.,...

1. A method for providing dynamic workflow-based composite web services comprising the steps of:providing a management system for receiving an input data request from at least one of a plurality of remote client applications, the request including a request URL;
providing a plurality of web service endpoints, each of the endpoints including a trigger with an associated endpoint URL;
providing a plurality of workflows, each workflow associated with at least one of the endpoints and including a plurality of activities;
providing a plurality of actors, each actor being a standardized data definition shared among the plurality of workflows, each actor providing a standard method for the plurality of workflows to interact with each other using a common data layer, wherein each actor is paired with the plurality of activities to allow the paired actor to automatically communicate with the at least one of the plurality of remote client applications, wherein each client application is different;
triggering one of the triggers having the endpoint URL corresponding to the request URL to load the associated workflow;
executing the loaded associated workflow using the associated actor to generate and send to the one trigger an output data representing serialized actor properties; and
sending the output data from the one trigger to the client application.

US Pat. No. 10,924,526

ADAPTING AN AUDIO BIT RATE BASED ON CHANGING NETWORK CONDITIONS

Verizon Patent and Licens...

1. A first user device, comprising:one or more memories; and
one or more processors, communicatively coupled to the one or more memories, to:
receive information indicating changed network conditions for a network supporting a call with a second user device at a first audio bit rate;
provide, to the second user device, an audio packet instructing use of a second audio bit rate that is different from the first audio bit rate;
start a timer associated with receiving an indication that the second user device is using the second audio bit rate;
receive, from the second user device and based on the audio packet instructing use of the second audio bit rate, a response audio packet at the first audio bit rate;
determine that the timer has expired after receiving the response audio packet at the first audio bit rate;
determine, based on determining that the timer has expired and receiving the response audio packet at the first audio bit rate, that the second user device did not receive the audio packet instructing use of the second audio bit rate;
determine, based on determining that the second user device did not receive the audio packet instructing use of the second audio bit rate and based on a threshold quantity of additional audio packets being provided to the second user device, to cease transmitting audio packets instructing use of the second audio bit rate;
provide, to the second user device, one or more additional audio packets instructing use of the second audio bit rate;
determine that the threshold quantity of additional audio packets have been provided to the second user device;
re-negotiate, based on the threshold quantity of additional audio packets being provided to the second user device, the second audio bit rate with the second user device based on a protocol-based re-invite message provided to the second user device; and
continue the call with the second user device, at the second audio bit rate and without dropping the call, based on the re-invite message.

US Pat. No. 10,924,525

INDUCING HIGHER INPUT LATENCY IN MULTIPLAYER PROGRAMS

Microsoft Technology Lice...

11. A method comprising:at a server computing device including a processor,
receiving a plurality of input streams from a respective plurality of client computing devices, each input stream including a plurality of inputs controlling actions of respective characters in a multiplayer game session of a multiplayer online software program;
determining a latency of each of the input streams based at least on detecting whether inputs were received from each of the plurality of input streams at a target input frequency;
identifying a higher latency input stream and a lower latency input stream among the plurality of input streams, wherein missed inputs not received at the target input frequency are used to identify the higher latency input stream; and
inducing a higher latency in the lower latency input stream to narrow a difference in latency between the higher latency input stream and the lower latency input stream to thereby accommodate the higher latency input stream and the lower latency input stream in the multiplayer game session.

US Pat. No. 10,924,524

COMMUNICATION DEVICES, COMMUNICATION DATA GENERATION METHOD, AND COMMUNICATION DATA PROCESSING METHOD

SATURN LICENSING LLC, Ne...

1. A communication device comprising:a memory that stores instructions;
processing circuitry configured to execute the instructions to
divide media data of a Group of Pictures (GOP) into portions of the media data, the GOP being a processing unit in video encoding to be decoded after all the portions of the media data are gathered, and
generate packets storing the media data of the GOP, each of the packets storing a respective one of the portions of the media data, a header of each of the packets including a segment identifier and an in-GOP location identifier, the segment identifier identifying the GOP, and the in-GOP location identifier indicating whether the respective portion of the media data stored therein corresponds to a first portion, a middle portion, or a last portion of the GOP; and
a transmitter configured to transmit the generated packets.

US Pat. No. 10,924,523

ENCODINGLESS TRANSMUXING

Verizon Digital Media Ser...

1. A method comprising:obtaining a single file encoding media content, the single file comprising metadata and binary data, wherein the binary data stores frame information for a plurality of frames representing the media content, and wherein the plurality of frames comprises a set of key frames irregularly intermixed with other frame types;
detecting positions of first, second, and third key frames of the set of key frames from said metadata;
transmuxing the single file into a plurality of segments based on a segment duration parameter, wherein said transmuxing comprises:
commencing a first segment of the plurality of segments with the first key frame;
determining that the third key frame is closer than the second key frame to a position that is the segment duration parameter from the first key frame in the media content, and wherein the third key frame is at a different position in the media content than the position that is the segment duration parameter from the first key frame;
commencing a second segment of the plurality of segments with the third key frame, wherein the second segment immediately follows said first segment during playback of the media content;
serving the first segment in response to a user request for the first segment, wherein said serving comprises providing a subset of the binary data without encoding, decoding, or modifying two or more frames falling within the subset of the binary data, wherein the subset of the binary data commences at binary data encoding the first key frame, spans binary data encoding the second key frame and other frames between the first key frame and the third key frame, and ends with a frame immediately before binary data encoding the third key frame.

US Pat. No. 10,924,522

AD HOC NETWORK-BASED COLLABORATION USING LOCAL STATE MANAGEMENT AND A CENTRAL COLLABORATION STATE UPDATE SERVICE

Anthill, Inc., Wellesley...

1. A method operative in a centralized computing infrastructure, comprising:responsive to receipt of a request, establishing an ad hoc collaboration session to which participating computing devices subscribe, synchronously or asynchronously with respect to one another, over an unrestricted time period, each of the participating computing devices have a gesture-responsive display interface;
as a participating computing device subscribes to the collaboration session or provides information about a change to its local state, providing a real-time state update to one or more other computing devices that are participating in the session such that the participating computing devices continually maintain their respective local state; and
executing a collaborative interaction among the participating computing devices;
wherein the collaborative interaction is associated with a sequence of a source media file having a timeline and at least one decision point in the timeline associated with a branch, the source media file having been delivered to each of the participating computing devices, and wherein the collaborative interaction comprises:
responsive to a determination based on the real-time state updates that the decision point in the timeline has been reached, transitioning the collaboration session to a collaboration state;
during the collaboration state, and responsive to receipt of data from a given subset of the participating computing devices, determining a next state, wherein the data from at least one participating computing device includes a result of a swipe gesture on the gesture-response display interface indicating a preference for the next state; and
responsive to determining the next state, providing each of the participating computing devices an update identifying the next state;
wherein the next state is associated with delivery to each of the participating computing devices in the collaboration session of an additional portion of the source media file as determined by the given subset of the participating computing devices.

US Pat. No. 10,924,521

SYNCHRONOUS DELIVERY OF MEDIA CONTENT IN A COLLABORATIVE ENVIRONMENT

Match Group, LLC, Dallas...

1. A method for facilitating a display of a time-based media object, the method comprising:receiving a first command to control the media object on a display of a first device;
generating an estimate of a communication time between the first device and a second device, based on pinging the second device; and
in response to a selection of a button in an instant messaging application at the first device or an entry of text in the instant messaging application at the first device, causing communication of a seek command and a metric associated with the media object to the second device to synchronize the display of the media object on the first device with a display of the media object on the second device, the metric based on an offset from a specified position in the media object.

US Pat. No. 10,924,520

ONLINE CHARGING MECHANISMS DURING OCS NON-RESPONSIVENESS

Microsoft Technology Lice...

1. A method of accommodating non-responsiveness of an online charging node in a networked system, comprising:receiving a request from a subscriber;
identifying that an online charging node is non-responsive, wherein identifying that the online charging node is non-responsive comprises at least one of detecting a lack of a heartbeat from the online charging node or identifying a timeout of a request to the online charging node;
assigning a default quota to the subscriber, the default quota being assigned by an entity other than the online charging node while the online charging node is non-responsive, the default quota defining a service usage threshold for the subscriber;
providing service to the subscriber based on the default quota, wherein the providing service to the subscriber based on the default quota includes tracking a usage associated with the service;
identifying that the online charging node has become responsive; and
reconciling with the online charging node the usage associated with the service, wherein the reconciling with the online charging node the usage associated with the service includes reporting one or more of the tracked usage associated with the service or the default quota to the online charging node.

US Pat. No. 10,924,519

METHOD, APPARATUS, SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM FOR INTERWORKING BETWEEN APPLICATIONS OF DEVICES

LINE CORPORATION, Tokyo ...

1. A non-transitory computer-readable medium storing computer readable instructions, which when executed by at least one processor, cause the at least one processor to perform a method for application interworking between devices, wherein the application interworking method comprises:establishing a communication session on a messaging service associated with a first account of a first user of a first electronic device using a first application executed on the first electronic device, the communication session including at least a second account of a second user of a third electronic device, the first account and the second account associated with the messaging service;
generating a user interface for creating a control instruction in a chatroom associated with the communication session, the chatroom including the first account and the second account, the user interface allowing the first account to control a second electronic device associated with the first account;
receiving a user input via the user interface from the first user using the first electronic device, the user input corresponding to an action to be performed by the second electronic device; and
transmitting a control instruction that includes a session identifier of the communication session to the second electronic device associated with the first account corresponding to the user input,
the control instruction causing the second electronic device to start execution of a second application on the second electronic device,
the control instruction further including instructions for the second electronic device that cause the second electronic device to execute the action to be performed by the second electronic device, and transmit results of the executed action to the chatroom using the session identifier, and
the action to be performed by the second electronic device including executing a camera included in the second electronic device, and transmitting an image created using the executed camera via the chatroom to the first electronic device and/or the third electronic device.

US Pat. No. 10,924,518

UPF PROGRAMMING OVER ENHANCED N9 INTERFACE

Cisco Technology, Inc., ...

1. A method comprising: determining, by a first packet gateway controller connected to a first session manager device, that a user equipment moved to a geographical area that is served by a second session manager device; receiving, by the first packet gateway controller, a set of information for a second packet gateway controller; transmitting, by the first packet gateway controller, a session establishment request via a first network interface to the second packet gateway controller using segment routing via a second network interface; receiving, by the first packet gateway controller, a session establishment response of a first network interface type from the second packet gateway controller, via the second network interface, confirming the second packet gateway controller's ability to meet a requested quality of service and maximum bit rate, and providing the second packet gateway controller's address, and a set of tunnel identifiers; and transmitting, by the first packet gateway controller, the session establishment response of the first network interface type, to the first session manager device.

US Pat. No. 10,924,517

PROCESSING NETWORK TRAFFIC BASED ON ASSESSED SECURITY WEAKNESSES

Sophos Limited, Abingdon...

1. A method of securing a computer network, the method comprising:selecting a security weakness for users of an enterprise network;
transmitting electronic communications to the users of the enterprise network, the electronic communications containing a response object corresponding to the security weakness;
detecting a request from an endpoint associated with the response object;
determining that a threat assessment failure related to the security weakness has occurred based on detecting the request from the endpoint;
for a user associated with the endpoint, adjusting a profile of the user based on a determination that the threat assessment failure occurred, wherein adjusting the profile of the user includes adjusting a security profile for one or more additional endpoint devices previously identified in a database of network users as associated with the user; and
processing network traffic to and from the endpoint and the one or more additional endpoint devices according to the adjusted profile of the user associated with the endpoint.

US Pat. No. 10,924,516

MANAGING NETWORK CONNECTIONS BASED ON THEIR ENDPOINTS

Snowflake Inc., San Mate...

1. A method comprising:storing a master connection file comprising a list of desired connections for a plurality of networked resources, wherein each connection in the master connection file defines a first resource and a second resource between which the connection exists;
obtaining, for each of one or more of the plurality of networked resources, a connection indication file indicating one or more actual connections maintained by the networked resource;
detecting one or more differences between the master connection file and the actual connections maintained by the one or more of the plurality of networked resources by comparing at least one entry in the master connection file with the one or more actual connections of each networked resource as indicated by a connection indication file of each networked resource; and
providing a notification of any detected differences between the master connection file and the actual connections maintained by the one or more of the plurality of networked resources indicated by the connection indication file.

US Pat. No. 10,924,515

METHODS AND SYSTEMS FOR PROTECTING A SECURED NETWORK

Centripetal Networks, Inc...

1. A method of filtering packets at a packet security gateway that provides an interface across a boundary of a network protected by the packet security gateway and one or more networks other than the network protected by the packet security gateway, the method comprising:receiving, by the packet security gateway and from a security policy management server located in the one or more networks other than the network protected by the packet security gateway, a dynamic security policy comprising a first set of packet filtering rules to be applied to all network traffic traversing the boundary via the packet security gateway, wherein one or more first packet filtering rules of the first set of packet filtering rules were automatically created by the security policy management server based on malicious traffic information received from one or more malicious host tracker services, and wherein each packet filtering rule of the first set of packet filtering rules comprises:
at least one packet matching criterion,
one or more corresponding packet transformation functions, and
metadata indicating at least one malicious host tracker service, of the one or more malicious host tracker services, corresponding to the respective packet filtering rule, wherein the metadata comprises an identification of a feed managed by the at least one malicious host tracker service that provides network addresses of malicious hosts;
configuring, based on the first set of packet filtering rules, the packet security gateway;
performing packet filtering on a first portion of packets associated with the network protected by the packet security gateway based on the first set of packet filtering rules by performing at least one of multiple packet transformation functions specified by one or more packet filtering rules of the first set of packet filtering rules on the first portion of packets, wherein the at least one of the multiple packet transformation functions specified by the one or more packet filtering rules of the first set of packet filtering rules corresponds to a packet digest logging function that supports a network communications awareness service and comprises generating a record comprising:
first data, from a packet, that matches first packet matching criterion of a packet filtering rule, wherein the packet filtering rule corresponds to the packet digest logging function; and
second data that comprises:
the first packet matching criterion,
the one or more corresponding packet transformation functions, and
the metadata indicating the at least one malicious host tracker service corresponding to the respective packet filtering rule,
wherein the network communications awareness service is provided based on one or more criteria that are indicative of packet communications that are of interest to an organization that operates the network;
reformatting, in accordance with a logging system standard, the record; and
forwarding, by the packet security gateway and to the network communications awareness service, the reformatted record.

US Pat. No. 10,924,514

MACHINE LEARNING DETECTION OF FRAUDULENT VALIDATION OF FINANCIAL INSTITUTION CREDENTIALS

Intuit Inc., Mountain Vi...

1. A method for increasing security in a computer network, the method comprising:receiving, in a software program executing on a first internal computer, a first request to attach a first user account for the software program to an external secure account, wherein the first request comprises a first set of user credentials for accessing the external secure account and a first unverified email address, the external secure account controlled by a second external computer;
receiving, after receiving the first request and at the first internal computer, a plurality of features comprising a plurality of metrics, the plurality of metrics describing at least creation of the first user account and including at least the first unverified email address;
calculating, by a machine learning model processing the plurality of features and executing on the first internal computer, a probability score that the first request is fraudulent;
comparing, by the first internal computer, the probability score to a first threshold to form a comparison result; and
performing, by the first internal computer, a security action with respect to attaching the first user account to the external secure account in response to the comparison result.

US Pat. No. 10,924,513

ACTION DETECTION AND NETWORK SECURITY POLICY ENFORCEMENT BASED ON WIRELESS-TRANSMISSION INTERFERENCE PATTERNS

NORTONLIFELOCK INC., Tem...

15. A system comprising:one or more processors; and
a non-transitory memory storing one or more instructions that, when executed on the one or more processors, perform an operation, the operation comprising:
collecting, at a web security gateway that enforces a network security policy, time-series data describing interference patterns in a series of wireless transmissions sent between the web security gateway and an endpoint device, wherein the wireless transmissions occurred at least partially concurrently with an action performed upon a user interface at the endpoint device and the time-series data comprises at least one of channel state information (CSI) values, received signal strength (RSS) values, or Doppler shift values;
sending the time-series data to a remotely executed network security service via a network;
receiving, from the remotely executed network security service in response to the sending, an action type of the action, the action type indicating at least one of a scrolling action, a pressing action, and a clicking action;
comparing the action type to the network security policy; and
blocking a network communication associated with the action based at least in part on the comparison.

US Pat. No. 10,924,512

SECURE EMAIL GATEWAY WITH DEVICE COMPLIANCE CHECKING FOR PUSH NOTIFICATIONS

VMware, Inc., Palo Alto,...

1. A method for providing secure access to an email server, comprising:receiving, at a gateway server, a request from a notification server for notification information from the email server, wherein the request includes a header identifying a plurality of at least two devices associated with a same user;
determining whether each of the plurality of identified devices complies with at least one compliance rule;
if at least one of the identified devices complies with the at least one compliance rule, passing the request from the gateway server to the email server;
receiving a response from the email server at the gateway server; and
sending a response message from the gateway server to the notification server, the response message including a response header indicating whether each of the plurality of devices is or is not compliant with the at least one compliance rule.

US Pat. No. 10,924,511

SYSTEMS AND METHODS OF CHUNKING DATA FOR SECURE DATA STORAGE ACROSS MULTIPLE CLOUD PROVIDERS

EMC IP Holding Company LL...

1. A method of chunking data in a data storage system that provides increased data storage security across multiple cloud storage providers, comprising:receiving, at the data storage system from a host computer, a file storage request pertaining to a file, the data storage system including at least a policy engine and a chunking engine;
evaluating, by the policy engine, a storage policy of the data storage system to determine whether one or more cloud storage parameters of the multiple cloud storage providers at least partially conform to the storage policy;
having determined that the one or more cloud storage parameters at least partially conform to the storage policy, determining, based on the one or more cloud storage parameters, multiple levels of conformity of the multiple cloud storage providers to the storage policy, the multiple levels of conformity including at least a best level of conformity to the storage policy and a next best level of conformity to the storage policy;
generating, by the policy engine, one or more operating parameters of the chunking engine for implementing the storage policy at the multiple cloud storage providers, the one or more operating parameters specifying at least one chunk size;
partitioning, by the chunking engine, the file into a plurality of chunks having the at least one chunk size;
transmitting the plurality of chunks having the at least one chunk size for storage across the respective multiple cloud storage providers having the best level of conformity to the storage policy;
determining that a first cloud storage provider from among the multiple cloud storage providers having the best level of conformity to the storage policy has one or more of a network failure, a server failure, and a breach in security; and
transmitting at least some of the plurality of chunks originally destined for storage at the first cloud storage provider to a second cloud storage provider from among the multiple cloud storage providers having the next best level of conformity to the storage policy.

US Pat. No. 10,924,510

METHOD AND SYSTEM FOR A DISTRIBUTED EARLY ATTACK WARNING PLATFORM (DEAWP)

PRAESIDEO B.V., Utrecht ...

9. A computer implemented method for a system for a distributed early attack warning platform (DEAWP), the method comprising:coupling a plurality of protected computer devices to a first communications network;
respectively coupling a plurality of monitoring node devices between the plurality of protected computer devices and the first communications network and monitoring with the plurality of monitoring node devices data communications transmitted over the first communications network between the plurality of protected computer devices;
coupling a second communications network separate from the first communications network to the plurality of monitoring node devices, wherein data transmission in the second communication network is faster than in the first communication network; and
based on the monitored data communications transmitted over the first communications network, the plurality of monitoring node devices communicating information over the second communications network regarding potential cyber-threats on the plurality of protected computer devices or the first communications network.

US Pat. No. 10,924,509

CROSS-SITE REQUEST FORGERY PROTECTION

salesforce.com, inc., Sa...

1. A server digital data device (“server”) comprising:web server software executing within an application layer on the server,
the web server software responding to a first and second requests received from one or more client digital data devices (each, a “client”) over a network by, for each such request, (i) validating a key encoded with a time-based code and received from the client with that request, (ii) generating a result code indicative of a success of that validation, wherein the result code is a “valid” code if the validation of the key was successful and a “defer” code if the validation of the key was not successful and storing the result code in a buffer accessible outside the application layer (iii) initiating processing of that request, including invoking server resource software executing outside the application layer,
the server resource software executing outside the application layer and checking the result code stored in the buffer upon invocation and before performing a protected operation required for processing the first request, the result code indicating success of validation of the key received with that first request, and the server resource software responding to that result code being a “defer” code by exiting before executing the protected operation, and
the server resource software processing the second request without checking the result code indicating success of validation of the key received with the second request, the second request not necessitating a protected operation.

US Pat. No. 10,924,508

PROVIDING ACCESS TO DATA IN A SECURE COMMUNICATION

SonicWALL Inc., Milpitas...

1. A method for securely providing access to data in a secure communication, the method comprising:receiving an indication that a client device is initiating a secure communication connection with a computing device at a first processing core of a multi-core processing system;
receiving a first packet sent between the client device and the computing device via the secure communication connection;
receiving handle information that includes a virtual address and a physical memory address;
storing translation information based on the receipt of the handle information, wherein the stored translation information associates the virtual address and the physical memory address with the secure communication connection;
creating session keys and secure keying material related to the secure communication connection;
storing the created session keys and the secure keying material in a physical memory, wherein the created session keys and the secure keying material that are stored in the physical memory are available to decrypt data included in subsequent data packets associated with the secure communication connection;
creating a new packet to send to a destination from data included in the first packet, wherein the newly created packet secures the data included in the first packet based at least in part on the created session keys;
allowing the newly created packet to be sent to the destination;
allowing access to the physical memory address based on the translation information associating the virtual address with the physical memory address and the secure communication connection; and
accessing by the first processing core data stored at the physical memory address based on a request that includes the virtual address.

US Pat. No. 10,924,507

AUTO CONFIGURATION SERVER AND METHOD

Alcatel Lucent, Nozay (F...

1. A method to prevent internet protocol address spoofing for execution by an Auto Configuration Server being coupled via at least one load balancer in a broadband network to at least one device comprising at least one gateway device, in at least one home network said method comprises remotely managing said device by using a CPE WAN Management Protocol on top of a Hypertext Transfer Protocol, said method comprises:receiving from said device a CWMP Inform message;
determining from said CWMP Inform message according to a CWMP data model parameter a public IP address of said gateway device;
retrieving from a X-Forwarded For field in a http header field at a http level of said CWMP Inform message a Forwarded IP address;
comparing said public IP address with said Forwarded IP address; and
deciding based on the comparison whether spoofing is present,
wherein the retrieving includes,
predetermining a number n of said at least one load balancers, according to a network topology in said broadband network, through which the CWMP Inform message passes in order to reach said Auto Configuration Server; and
retrieving said Forwarded IP address in said X-Forwarded For field as a function of an n-most last IP address.

US Pat. No. 10,924,506

MONITORING CLOUD COMPUTING ENVIRONMENTS

Red Hat, Inc., Raleigh, ...

1. A method comprising:receiving, by a processor, a request to subscribe to a monitoring service with respect to computing resources associated with a user account, the request specifying a first application and access information for a cloud computing system comprising a plurality of virtual machines associated with the computing resources;
monitoring, using the access information, resource usage by a plurality of applications running on the plurality of virtual machines, wherein the plurality of applications comprises the first application and a second application spawned by the first application, wherein the resource usage differs between virtual machines of the plurality of virtual machines;
receiving, in view of the monitoring, resource usage data reflecting types and duration of usage of the computing resources;
identifying, in view of the resource usage data, a virus-infected application running on a virtual machine of the plurality of virtual machines, wherein the virus-infected application is one of: the first application or the second application;
terminating, by the processor, the virus-infected application; and
generating, in view of a set of user rights associated with each virtual machine of the plurality of virtual machines, a report comprising resource usage information for the virtual machine, where the report indicates the difference in resource usage due to termination of the virus-infected application.

US Pat. No. 10,924,505

PASSCODE BASED ACCESS-CONTROL WITH RANDOMIZED LIMITS

Red Hat, Inc., Raleigh, ...

1. A method comprising:accessing an account that is associated with a set of computing resources and comprises a first passcode and a plurality of second passcodes, wherein the account is associated with a limit to a number of passcodes and wherein the first passcode enables access to the set of computing resources and wherein the plurality of second passcodes enable constrained access to the set of computing resources;
associating, by a processing device, the plurality of second passcodes with respective randomized resource limit that restrict a number of sub passcodes that can be created, wherein the respective randomized resource limit comprise different values that are each less than the limit for the account;
receiving a first request to create a sub passcode, wherein the first request is associated with one of the second passcodes having constrained access;
denying the first request in response to a first attempt to create the sub passcode associated with one of the second passcodes in excess of the respective randomized resource limit;
receiving, from a computing thread, a second request to create a passcode for the account; and
denying the second request to create the passcode in response to a second attempt to create the passcode for the account in excess of the respective randomized resource limit, wherein the computing thread is unable to determine a value for the respective randomized resource limit.

US Pat. No. 10,924,504

DUAL-PORT MIRRORING SYSTEM FOR ANALYZING NON-STATIONARY DATA IN A NETWORK

International Business Ma...

1. A method of analyzing non-stationary data in a network of computerized units, wherein the network further comprises a switch in data communication with one or more of said computerized units, wherein the method comprises:aggregating, by the switch, data received via input ports of the switch;
mirroring distinct sets of the data via two switch ports that comprise a first port and a second port, the first port mirroring the aggregated data and the second port mirroring the data selectively according to the second port's latest configuration, the mirroring via the first port and via the second port being performed concurrently; and
while mirroring said distinct sets of the data:
analyzing first data obtained from data mirrored at the first port;
based on the first data analyzed, reconfiguring the switch for the second port to mirror second data selected from data communicated via the switch; and
analyzing the second data mirrored at the second port.

US Pat. No. 10,924,503

IDENTIFYING FALSE POSITIVES IN MALICIOUS DOMAIN DATA USING NETWORK TRAFFIC DATA LOGS

Amazon Technologies, Inc....

1. A method comprising:receiving, by one or more computer processors coupled to at least one memory, a set of malicious domain name identifiers from a subscription service server, the set of malicious domain name identifiers comprising a first domain name identifier and a second domain name identifier;
determining, using a domain name system (DNS) lookup tool, a first set of internet protocol (IP) addresses comprising a first IP address associated with the first domain name identifier;
determining, using the DNS lookup tool, a second set of IP addresses comprising a second IP address associated with the second domain name identifier;
determining a first virtual private cloud (VPC) flow log for a first VPC comprising network traffic corresponding to the first IP address, the first VPC flow log comprising flow log records representing network flow for each network interface in the first VPC;
generating a first data object representative of the first VPC flow log;
determining a second VPC flow log for a second VPC comprising network traffic corresponding to the second IP address, the second VPC flow log comprising flow log records representing network flow for each network interface in the second VPC;
generating a second data object representative of the second VPC flow log;
determining a first distance between the first data object and a cluster of data objects that is representative of VPC flow log data for non-malicious network traffic;
determining a second distance between the second data object and the cluster of data objects;
determining that the first distance is less than a threshold value;
determining that the first IP address is associated with non-malicious network traffic;
generating a whitelist indication for the first domain name identifier;
determining that the second distance is equal to or greater than the threshold value; and
determining that the second IP address is associated with malicious network traffic.

US Pat. No. 10,924,501

CYBER-SECURITY PRESENCE MONITORING AND ASSESSMENT

Allstate Insurance Compan...

1. A cyber-security system, comprising:one or more processors;
a memory unit storing computer-executable instructions, which when executed by the one or more processors, cause the cyber-security system to:
monitor a communications network for confidential information associated with a consumer account of a consumer;
determine, based on a plurality of digital accounts associated with the consumer on the communications network, a digital safety value indicative of a risk of a data breach of the confidential information;
detect an action event associated with the confidential information, wherein the action event comprises that the consumer has consolidated the plurality of digital accounts with a centralized login; and
adjust the digital safety value based on the detected action event.

US Pat. No. 10,924,500

SYSTEM TO DETECT BEHAVIOUR IN A TELECOMMUNICATIONS NETWORK

Koninklijke KPN N.V., Ro...

1. A system comprising:a telecommunications network configured to identify mobile telecommunications device and comprising a core network and a base station, wherein the base station is configured to receive radio signals from the mobile telecommunications device and further process the radio signals into processed signals and to transmit the processed signals to the core network,
wherein the telecommunications network is arranged to count in the core network a number of occurrences of a certain predetermined signal associated with the mobile telecommunications device, the certain predetermined signal representing an interaction between network devices in the core network for normal processing of signals,
and wherein the telecommunications network is further arranged to register when the number of occurrences of the certain predetermined signal exceeds a level indicating acceptable behaviour of the mobile telecommunications device in the telecommunications network,
wherein the certain predetermined signal indicates handover of the mobile telecommunications device.

US Pat. No. 10,924,499

DETECTION OF GENUINE SOCIAL MEDIA PROFILES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for performing a detection of genuine social media profiles, the computer-implemented method comprising:receiving from a requesting user, by a processor, a request for a target user;
responsive to receiving the request from the requesting user, analyzing one or more categories associated with user profile information of at least one of the requesting user or the target user based at least in part on the request;
calculating one or more category scores for the one or more categories, wherein the one or more category scores comprises a post sub-category score, wherein calculating the post sub-category score comprises:
obtaining posts from a requesting user profile of the requesting user;
comparing the obtained posts of the requesting user to user profile information for the target user, wherein the requesting user is different than the requesting user;
calculating a total score from the one or more category scores; and
providing a notification to the target user based on the total score prior to the user accepting the request.

US Pat. No. 10,924,498

SYSTEM AND METHOD FOR REGISTERING SUBSCRIBABLE STATES IN BLOCKCHAIN

ADVANCED NEW TECHNOLOGIES...

1. A computer-implemented method, comprising:obtaining, by one or more servers, a request for registering a workflow;
deploying in a blockchain, by the one or more servers, a blockchain contract comprising the workflow, wherein the deployed blockchain contract is executable to update a current state of the workflow among one or more states of the workflow; and
creating, by the one or more servers, one or more local states of a state machine off the blockchain, the created one or more local states respectively mapped to the one or more states of the workflow in the blockchain.

US Pat. No. 10,924,497

JUST-IN-TIME ACCESS BASED ON GEOLOCATION TO MAINTAIN CONTROL OF RESTRICTED DATA IN CLOUD COMPUTING ENVIRONMENTS

MICROSOFT TECHNOLOGY LICE...

1. A computerized system comprising:one or more hardware processors; and
one or more computer storage media storing computer-useable instructions that, when used by the one or more hardware processors, cause the one or more hardware processors to:
receive, at a service within a cloud computing environment, a request for just-in-time (JIT) access to a resource within a production environment of the cloud computing environment, the request specifying request parameters including a level or type of access requested and information regarding an incident in the cloud computing environment;
access, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource;
determine, from the JIT policy for the resource, geolocation criteria restricting JIT access to the resource based on geolocation;
determine, by the service within the cloud computing environment, to approve the request for JIT access based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on a type of the incident and whether the incident is active and comparison of the geolocation criteria to a geolocation of a device associated with the request for JIT access; and
based on determining to automatically approve the request for JIT access, provision a JIT access session for the device including setting a time limit for the JIT access session.

US Pat. No. 10,924,496

SYSTEMS AND METHODS FOR MANAGING LOCATION-BASED ACCESS CONTROL LISTS

NORTONLIFELOCK, INC., Te...

1. A computer-implemented method for managing location-based access control lists, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying a collection of devices that are located within a physical space, wherein the collection of devices comprises monitoring devices that are capable of monitoring user activity within the physical space;
determining, based on user activity data received from the collection of devices, that an authorized user is attempting to modify, on a location-based access control list for a wireless network, access rights of a target computing device near a location indicated by the authorized user in the physical space;
detecting, based on the user activity data, the target computing device near the location indicated by the authorized user; and
in response to detecting the target computing device indicated by the authorized user, modifying, on the location-based access control list, the access rights of the target computing device, thereby enabling the target computing device to join the wireless network.

US Pat. No. 10,924,495

VERIFICATION METHOD, APPARATUS, AND SYSTEM USED FOR NETWORK APPLICATION ACCESS

Huawei Technologies Co., ...

1. A verification method used for network application access, wherein the method comprises:receiving, by a control device, a first encrypted token sent by a verification server, wherein the first encrypted token is an encrypted token generated by the verification server, the first encrypted token comprises first location information and an access permission of a user, and the first location information is used to identify a network location at which a terminal is located when sending a user verification request, and the access permission of the user comprises a list of content that can be accessed by the user;
decrypting, by the control device, the first encrypted token to obtain the first location information and the access permission of the user;
generating, by the control device, a second encrypted token according to the first encrypted token, wherein the second encrypted token comprises the first location information;
sending, by the control device, the second encrypted token to the terminal;
receiving, by the control device, a fourth encrypted token from the terminal and forwarded by a forwarding device, the fourth encrypted token is carried in a content access request sent by the terminal to the forwarding device;
verifying, by the control device, whether the fourth encrypted token is the same as the second encrypted token based on the first location information in the first encrypted token; and
in response to the control device verifying that the fourth encrypted token is the same as the second encrypted token, sending, by the control device, a first message to the forwarding device, wherein the first message comprises the access permission of the user, and the first message indicates that the terminal succeeds in the verification.

US Pat. No. 10,924,494

METHOD AND APPARATUS FOR PROVIDING AN ADAPTABLE SECURITY LEVEL IN AN ELECTRONIC COMMUNICATION

BlackBerry Limited, Wate...

1. A method for providing security in an electronic communication system, comprising:preparing, by a communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;
for each individual frame:
determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;
based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least three integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and
encrypting the data according to the security level for the frame; and
transmitting the plurality of frames to a recipient device.

US Pat. No. 10,924,493

SECURE, NON-DISRUPTIVE FIRMWARE UPDATING

IMPRIVATA, INC., Lexingt...

1. A thin client device comprising:at least one peripheral device facilitating interaction with a user;
a processor;
a network interface; and
writable, nonvolatile memory for storing firmware instructions executable by the processor, the firmware instructions defining:
(i) a caching loader which, when executed by the processor, causes (A) communication, via the network interface, with a remote firmware server, (B) identification of at least one firmware application needed by the client device but not stored thereon, (C) downloading for storage, in the nonvolatile memory, of the at least one identified firmware application, (D) identification of at least one newer versions of the at least one identified firmware application following initial download thereof, and (E) management of transition, on the thin client device, to the downloaded at least one newer version of the at least one identified firmware application, and
(ii) a self-launching base loader which, when executed by the processor, causes (A) communication, via the network interface, with the remote firmware server, and (B) downloading for storage, in the nonvolatile memory, of the caching loader.

US Pat. No. 10,924,492

INFORMATION LEAKAGE PREVENTION SYSTEM AND METHOD

HITACHI SOLUTIONS, LTD., ...

1. An information leakage prevention system comprising:a plurality of client terminals, wherein each client terminal of the plurality of client terminals includes a client processing unit; and
a management server which controls accesses from the plurality of client terminals to a Command & Control server (C&C server) and a network, wherein the management server comprises:
a user database which stores information concerning a plurality of users of the plurality of client terminals;
a security policy database which stores a plurality of security policies for the plurality of users of the plurality of client terminals, wherein each security policy of the plurality of security policies is assigned to each attribute of each user of the plurality of users, each attribute includes an affiliation and position of a corresponding user and a predetermined time period for delivery of a security policy that corresponds to the corresponding user;
and a server processing unit,
wherein upon detecting a malware infection by a client terminal of the plurality of client terminals, the client terminal transmits malware detection information including C&C server information and information of a user of the client terminal to the management server;
wherein in response to receiving the malware detection information, the management server:
searches the security policy database, based on a time of delivery of the malware detection information and predetermined time period of delivery for each of the plurality of security policies;
selects, using the server processing unit, at least one security policy of the plurality of security policies stored in the security policy database that corresponds to the time of delivery of the malware detection information;
transmits, using the server processing unit, the at least one security policy selected to at least one client terminal;
wherein in response to receiving the at least one security policy selected, the at least one client terminal prohibits connection from the at least one client terminal to the network if the at least one security policy selected prohibits connection to the network, and prohibits connection from the at least one client terminal to the C&C server if the at least one security policy selected prohibits connection to the C&C server.

US Pat. No. 10,924,491

PROCESS MANAGER FOR DIGITAL COMMUNICATION

SAP SE, Walldorf (DE)

1. A computing system comprising:a network interface configured to receive a communication request from a sending device which comprises a process identifier and an action identifier; and
a hardware processor configured to identify a communication process comprising a sequence of steps based on the process identifier and a step within the sequence of steps of the communication process based on the action identifier, identify completed steps in the sequence of steps of the communication process that have been completed based on status information associated with the sending device, and dynamically determine whether the identified step is allowed based on the identified completed steps,
wherein, in response to determining the is identified step is allowed, the hardware processor is further configured to control the network interface to transmit the received communication request to a receiving device.

US Pat. No. 10,924,490

SHARING SENSOR MEASUREMENTS

Aetna Inc., Hartford, CT...

1. A server for sharing sensor measurements, the server comprising:one or more processors; and
a non-transitory computer-readable medium having processor-executable instructions stored thereon, wherein the processor-executable instructions, when executed by the one or more processors, facilitate:
receiving friend information from business to consumer (B2C) entity servers;
receiving sensor information from a user device for gaining access to the sensor measurements;
receiving policy information from the user device, wherein the policy information comprises one or more policies indicating a customizable area for sharing the sensor measurements with a friend device;
receiving a request for the sensor measurements from the friend device, wherein the request comprises a location of the friend device;
determining whether the friend device is authorized to receive the sensor measurements based on the friend information and the location of the friend device being within the customizable area indicated by the received policy information; and
sending, to the friend device, the sensor measurements in response to determining the friend device is authorized to receive the sensor measurements.

US Pat. No. 10,924,489

BUILDING TRUSTED PUBLIC BLOCKCHAIN NETWORKS BASED ON PARTICIPANTS' DIGITAL SOCIAL BEHAVIOR

International Business Ma...

1. A method implemented by at least one hardware processor comprising:receiving, by a privileged peer of a public blockchain network, a request for changing a privilege of a peer of the public blockchain network;
in response to receiving the request for changing the privilege, automatically submitting, by the privileged peer, a trust query for the peer to a trust verification entity of a pre-determined set of trust verification entities;
receiving, by the privileged peer, from the trust verification entity, a trust score associated with the peer;
comparing, by the privileged peer, the received trust score to a pre-determined threshold, the pre-determined set of trust verification entities and the pre-determined threshold being pre-defined as a transaction in a public blockchain;
determining, based on the comparison, whether or not the trust score is greater than the predetermined threshold;
in response to determining that the trust score is greater than the pre-determined threshold, automatically voting, by the privileged peer, that the request be granted;
in response to determining that the trust score is less than or equal to the pre-determined threshold, automatically voting, by the privileged peer, that the request be denied;
receiving, by the privileged peer, votes of other privileged peers of the public blockchain network, the received votes being based on trust scores received by the other privileged peers from at least one trust verification entity in response to trust queries submitted by the other privileged peers responsive to a receipt of the request by the other privileged peers, wherein each of the at least one trust verification entity is a social media platform, each of the received votes from respective other privileged peers determined based on a comparison of a respective trust score against a respective associated pre-determined threshold, each social media platform from which a respective trust score is received having a different associated pre-determined threshold;
determining, by the privileged peer, that a number of the votes for granting the request is sufficient to grant the request; and
in response to determining that the number of votes is sufficient, automatically executing, by the privileged peer, the requested changing of the privilege of the peer, the executing of the requested changing of the privilege comprising one or more of: granting an ability of the peer to submit new transactions to the blockchain, to execute transactions on the blockchain, and to write to the public blockchain.

US Pat. No. 10,924,488

CUSTOMIZATION OF DATA SESSION RETRY MECHANISM IN A WIRELESS PACKET DATA SERVICE NETWORK

BlackBerry Limited, Wate...

1. A method by a mobile communications device, comprising:sending a request for activation of a data session with a node of a wireless network;
receiving, at the mobile communications device, a message in response to the request for activation of the data session, the message comprising a rejection of the request for activation of the data session and a cause code, wherein, a retry configuration is associated with the cause code, the retry configuration being configured by the wireless network and indicating whether a data session retry mechanism is to be disabled or enabled, wherein the retry configuration associated with the cause code is stored in a cause code resource file at the mobile communications device;
determining that the retry configuration indicates that the data session retry mechanism is to be disabled;
disabling, by the mobile communications device, a further request for activation of the data session with the node in response to determining that the retry configuration indicates that the data session retry mechanism is to be disabled;
receiving a second retry configuration associated with the cause code indicating that the data session retry mechanism is to be disabled or enabled;
determining that the second retry configuration indicates that the data session retry mechanism is to be enabled; and
in response to the second retry configuration associated with the cause code indicating that the data session retry mechanism is to be enabled, enabling, by the mobile communications device, a third request for activation of the data session with the node.

US Pat. No. 10,924,487

RESTRICTED WI-FI ACCESS BETWEEN PUBLIC AND PRIVATE SSIDS

CenturyLink Intellectual ...

1. A method, comprising:receiving, with a network device and from a user device having a second identifier associated with the user device, a request for network public access to a network through the network device;
determining, with the network device, whether the user device is associated with a first identifier that is associated with a user having network private access to the network through the network device, wherein determining comprises
accessing, with the network device, a database containing a list of identifiers, and
comparing, with the network device, the second identifier with the first identifier; and
based on a determination that the user device is associated with a first identifier that is associated with a user having network private access to the network through the network device and that the second identifier matches the first identifier, preventing, with the network device, the user device from having network public access to the network.

US Pat. No. 10,924,486

SECURE ACCESS MANAGEMENT FOR TOOLS WITHIN A SECURE ENVIRONMENT

International Business Ma...

1. A computer-implemented method for secure access management for tools within a secure environment, wherein the secure environment has a secure perimeter, the method carried out at a server in the secure environment comprising:accessing a virtual file system for a user in memory on a server side in the secure environment as part of an authenticated user session including a user command instigated by a user;
obtaining at the virtual file system an encrypted file stored in the secure environment, wherein the file holds sensitive data and is encrypted using a public key of the user;
intercepting, by a processor, a read operation at the virtual file system of the encrypted file and sending the encrypted file to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key; and
receiving, by the processor, the decrypted file at the virtual file system enabling the user to run the required user command.

US Pat. No. 10,924,485

ELECTRONIC SIGNING AUTHORIZATION SYSTEM

Interface Technology (Che...

1. An electronic signing authorization method implemented in a terminal device, the electronic signing authorization method comprising:converting a signing request submitted by an end user into a predetermined format, the predetermined format comprising at least one of a text format, an audio format, or a video format;
verifying an identity of an authorizing user of an authorization layer according to a predetermined verification process;
accepting input data of the authorizing user of the authorization layer when the identity of the authorizing user of the authorization layer is verified;
outputting an authorization command according to the input data when the input data comprises authorization data, the authorization command comprising rejecting the signing request, not authorizing the signing request, or authorizing the signing request;
wherein the predetermined verification process comprises at least one of a password verification process, a fingerprint verification process, a voice recognition verification process, an iris verification process, and a facial recognition verification process; and
wherein after accepting the input data of the authorizing user, the method further comprises:
when the input data comprises data in a text format, using a text recognition engine to recognize keywords of the input data, and determining the authorization command according to the keywords of the input data;
when the input data comprises data in an audio format, using a speech recognition engine to recognize audio features of the input data, and determining the authorization command according to the audio features of the input data;
when the input data comprises data in a video format, using an image recognition engine to recognize image characteristics of the input data, and determining the authorization command according to the image characteristics of the input data.

US Pat. No. 10,924,484

METHOD FOR DETERMINING A COST TO ALLOW A BLOCKCHAIN-BASED ADMISSION TO A PROTECTED ENTITY

Radware, Ltd., Tel Aviv ...

1. A method for determining a cost to allow a blockchain-based admission to a protected entity, the protected entity being an entity to be protected from malicious threats, comprising:identifying, in a blockchain network, a conversion transaction identifying a conversion of a first-type of access tokens with access tokens of a second-type, wherein the transaction designates at least the protected entity;
determining a conversion value for converting the first-type of access tokens into the second-type access tokens, wherein the conversion value is determined based on at least one access parameter; and
converting, based on the determined conversion value, a first sum of the first-type access tokens into a second sum of the second-type access-tokens, wherein
a client spends the second sum of the second-type access tokens to access the protected entity, the determined conversion value is the access cost to the protected entity, the function of the protected entity being unrelated to operation of the blockchain network.

US Pat. No. 10,924,483

PACKET VALIDATION IN VIRTUAL NETWORK INTERFACE ARCHITECTURE

Xilinx, Inc., San Jose, ...

1. An apparatus comprising:a network interface device to interface between a network and a host device, the network interface device comprising:
at least one receive queue resource configured to store at least one characteristic of at least one receive queue of said host device, the at least one receive queue resource having at least one pointer to at least one next available location for data in the at least one receive queue in at least one storage of said host device;
at least one event queue resource configured to store at least one characteristic of at least one event queue of said host device, the at least one event queue resource being configured to use an identification of a location identified by a pointer of the at least one pointer of the at least one receive queue resource to cause data received from the network to be written to the location identified by the pointer, and to write an event to an event queue in the at least one storage of the host device; and
a controller configured to, for an operation of exchanging data between a receive queue resource of the at least one receive queue resource and an event queue resource of the at least one event queue resource, determine whether the receive queue resource is permitted to communicate with said event queue resource and/or whether the event queue resource is permitted to communicate with the receive queue resource, wherein the operation of exchanging data comprises the receive queue resource providing the pointer of the at least one pointer to the event queue resource when it is determined that communication is permitted.

US Pat. No. 10,924,482

VIRTUAL SERVICE AUTHORIZATION

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:obtaining, from a service, an application programming interface (API) request to access a resource hosted by a computing resource service provider, wherein the API request includes information indicating a first identifier of the resource and a first representation of an operation to perform using the resource;
determining, based at least in part on data associated with the resource, that the first identifier and the first representation are insufficient to access a portion of the resource hosted by the computing resource service provider and the API request corresponds to a custom-defined API request, wherein the custom-defined API request is a transformed representation of the API request defined by a customer of the computing resource service provider;
generating, based at least in part on set of mapping rules corresponding to the resource, the first identifier and the first representation, the custom-defined API request to include a second identifier of the resource and a second representation of the operation, wherein the set of mapping rules is encoded in metadata of the resource;
causing the computing resource service provider to enforce a set of authorization rules to the custom-defined API request to determine that fulfillment of the custom-defined API request is authorized; and
as a result of determining that fulfillment of the custom-defined API request is authorized, accessing, based at least in part on the second identifier and the second representation, the portion.

US Pat. No. 10,924,481

PROCESSING SYSTEM FOR PROVIDING CONSOLE ACCESS TO A CYBER RANGE VIRTUAL ENVIRONMENT

Bank of America Corporati...

1. A system, comprising:a user device;
a secure console host platform;
a virtual air gap; and
a cyber-range host platform,
wherein:
the cyber-range host platform is on a physically separate network than the user device, the secure console host platform, and the virtual air gap;
the cyber-range host platform is configured to host one or more simulated cyber attacks;
user authentication occurs in the virtual air gap, away from the user device and away from the cyber-range host platform;
the user device and the secure console host platform are associated with a first area, the virtual air gap is associated with a second area, and the cyber-range host platform is associated with a third area;
the second area and the third area are physically separate and cannot communicate with each other;
the first area and the third area are physically separate and cannot communicate with each other unless and until a broker authenticates and authorizes a connection within the virtual air gap between the secure console host platform and the cyber-range host platform;
a user of the user device in the first area authenticates in the second area to gain access to the third area; and
access to the broker is granted upon verification of authentication credentials associated with the user device, and the broker then grants access to a console hosted by the secure console host platform and located behind a firewall, wherein the user device is configured to prompt for user input that causes simulation of a cyber attack mitigation procedure at the cyber-range host platform after the access to the broker is granted.

US Pat. No. 10,924,480

EXTENDED TRUST FOR ONBOARDING

Cisco Technology, Inc., ...

1. An Internet of Things (loT) server that provides services of an IoT-based system for a plurality of IoT devices, comprising:processing circuitry;
an input/output (I/O) module operative to communicate with at least an IoT device of the plurality of IoT devices and a vendor network server; and
an onboarding application to be executed by the processing circuitry and operative to at least:
receive an onboarding request from the IoT device via the I/O module,
send a confirmation request to the vendor network server via the I/O module, wherein the confirmation request indicates a request to confirm an identity of the IoT device by confirming that the IoT device is connected to a network device authenticated by the vendor network server, wherein the network device comprises a router or switch that has a secure trust mechanism installed,
receive a confirmation response from the vendor network server via the I/O module, wherein the confirmation response indicates whether the IoT device is connected to the network device and is based on a successful authentication of the network device with the vendor network server using the secure trust mechanism, and
upon determining that the confirmation response is a positive confirmation response that indicates the IoT device is connected to the network device, onboard the IoT device for participation in the IoT-based system.

US Pat. No. 10,924,479

SYSTEM AND METHODS TO ESTABLISH USER PROFILE USING MULTIPLE CHANNELS

Aetna Inc., Hartford, CT...

1. A method for authenticating a user to access information and services protected by an authentication system, the method comprising:receiving a request from a user device to access the information and services protected by the authentication system;
capturing device, application and user authentication attributes during the authentication;
comparing the captured device, application and user authentication attributes against previously obtained device, application and user authentication attributes stored in a database associated with the user device and stored as part of a user profile containing the previously obtained device, application and user attributes, wherein the user profile is stored in association with one or more user device profiles, one or more user application profiles, and one or more user authentication profiles, and wherein the one or more user device profiles uniquely identifies at least one device associated with the user;
calculating a risk score based on the comparison of the captured device, application and user authentication attributes against the previously obtained device, application and user authentication attributes; and
determining whether to grant the user device access to the information and services based on the risk score,
wherein the determining whether to grant access to the information and services based on the risk score comprises:
comparing the risk score to one or more of a first predetermined threshold risk level and a second predetermined threshold risk level, wherein the first predetermined threshold risk level is set such that when the risk score meets or exceeds the first predetermined threshold risk level, authentication of the user to access the information and services is achieved with high assurance, and the second predetermined threshold risk level is set such that when the risk score meets or exceeds the second predetermined threshold risk level but not the first predetermined threshold risk level, authentication of the user to access the information and services is achieved with low assurance;
granting access to the information and services in response to the risk score meeting or exceeding either the first predetermined threshold risk level or the second predetermined risk level,
wherein when the risk score meets or exceeds the first predetermined threshold risk level, the method further comprises:
updating the user profile with the captured device, application and user authentication attributes in response to the authentication of the user to access the information and services being achieved with high assurance, and
wherein when the risk score meets or exceeds the second predetermined threshold risk level but not the first predetermined risk threshold level, the method further comprises:
comparing device attributes of the captured device, application and user authentication attributes against device attributes of the previously obtained device, application and user authentication attributes;
in response to common device attributes between the captured device, application and user authentication attributes and the previously obtained device, application and user authentication attributes, upgrading from the low assurance of the authentication to an authentication with high assurance and updating the user profile with the captured device, application and user authentication attributes; and
in response to no common device attributes between the captured device, application and user authentication attributes and the previously obtained device, application and user authentication attributes, the authentication remains at low assurance and the user profile is not updated with the captured device, application and user authentication attributes.

US Pat. No. 10,924,478

IDENTIFICATION BASED ON SNAPSHOT OF DEVICE MEMORY

PayPal, Inc., San Jose, ...

1. A computer system, comprising:one or more computer-readable memories storing program instructions; and
one or more processors configured to execute the program instructions to cause the system to perform operations comprising:
identifying one or more characteristics corresponding to a memory of a trusted device based on analyzing information stored in the memory of the trusted device during one or more instances of a first time period;
detecting an untrusted device attempting to access an account during a second time period, wherein the account corresponds to the trusted device;
in response to the detecting the untrusted device attempting to access the account:
capturing, at the second time period, a snapshot of a memory of the untrusted device,
analyzing the snapshot to identify one or more characteristics of information stored in the memory of the untrusted device during the second time period, and
comparing the identified one or more characteristics of the information stored in the memory of the untrusted device to the identified one or more characteristics corresponding to the memory of the trusted device, wherein the comparing the identified one or more characteristics of the information stored in the memory of the untrusted device to the identified one or more characteristics corresponding to the memory of the trusted device is based on determining that one or more characteristics of the second time period corresponds to one or more characteristics of the first time period; and
in response to determining that a similarity level between the one or more characteristics of the information stored in the memory of the untrusted device during the second time period and the identified one or more characteristics corresponding to the memory of the trusted device is above a threshold level, allowing access to the account.

US Pat. No. 10,924,477

SYSTEM AND METHODS FOR CLIENT IDENTIFICATION AND VERIFICATION

Mastercard International ...

1. An identity verification system for client identification and verification, said identity verification system comprising:a memory device for storing data; and
a processor communicatively coupled to said memory device, said processor programmed to:
receive merchant identification data corresponding to a merchant, the merchant identification data including identification data relating to the identity of the merchant and a primary authorized user for the merchant;
generate a merchant profile from the merchant identification data for the merchant;
generate an activation code for authenticating the primary authorized user based on the merchant profile;
transmit the activation code to the primary authorized user;
receive, from the primary authorized user in response to the activation code, one or more biometrics of the authorized user;
validate the one or more biometrics of the authorized user; and
upon validation of the biometrics, activate a merchant account.

US Pat. No. 10,924,476

SECURITY GESTURE AUTHENTICATION

NCR Corporation, Duluth,...

19. A system (SST), comprising:a device;
at least one camera interfaced to the device; and
a server having a facial and gesture authenticator;
wherein the facial and gesture authenticator is configured to: (i) execute on at least one hardware processor of the server; (ii) dynamically perform facial authentication on a face of a user during a transaction being processed on the device by performing a facial recognition on the face and a depth analysis on a captured image of the face that determines a detected depth of the face within the captured image by using color analysis and determining when the captured image is taken of the face of the user and when the captured image is taken from a user-presented image of the face associated with the user by comparing image colors for the captured image against known first distinctive colors associated with printed images and known second distinctive colors associated with skin tones, comparing a scale of the captured image against a known scale for a field of view of a camera that captures the image, determining based on first abnormalities between the image colors as compared against the known first distinctive colors and the known second distinctive colors and determining based on second abnormalities of the scale of the captured image as compared to the known scale whether the captured image is the face of the user or is the user-presented image, (iii) dynamically perform security gesture authentication on a gesture made by the user during the transaction, and (iii) provide an indication to the device as to whether the user was successfully authenticated for the facial authentication and the security gesture authentication for the user to continue with the transaction on the device.

US Pat. No. 10,924,475

MANAGEMENT OF RELATIONSHIPS BETWEEN A DEVICE AND A SERVICE PROVIDER

ARM LIMITED, Cambridge (...

1. A method for registering an agent device with a remote resource, the method comprising:establishing a communication connection between the agent device and an authentication device;
performing local verification of information received from an interface at the authentication device prior to establishing communication with the remote resource and prior to establishing a relationship between the agent device and the remote resource;
selecting, at the authentication device, the remote resource and initiating registration of the agent device with the remote resource;
generating, at the authentication device, a key pair for authenticating the agent device with the remote resource, the key pair including a first key for the agent device and a second key for the remote resource; and
providing the first key to the agent device for storage at the agent device, and providing the second key to the remote resource for storage at the remote resource, thereby forming a secret data communication channel based on the stored first and second keys between the agent device and the remote resource,
wherein the method further comprises requesting user consent to the registration of the agent device with the remote resource, after generating the key pair for authenticating the agent device with the remote resource.

US Pat. No. 10,924,474

USER SECURITY AUTHENTICATION SYSTEM IN INTERNET AND METHOD THEREOF

EBAY KOREA CO., LTD., Se...

1. A system for providing security authentication in an Internet environment, the system comprising:one or more servers having one or more processing circuits and a non-transitory storage medium, the non-transitory storage medium having computer code that is executable by the one or more processing circuits to cause the one or more servers to perform operations comprising:
generating, for display on a user device, a webpage for receiving user authentication information from a user, the user authentication information comprising user credentials and a selection of at least one of a plurality of displayed code objects, the plurality of displayed code objects each having a unique code value comprising at least two characters;
receiving, from the user device, the user authentication information comprising data that combines the user credentials and the unique code value of the selected at least one of the plurality of displayed code objects;
determining whether the data of the received user authentication information corresponds to previously stored member authentication data for the user, the previously stored member authentication data comprising a preselected at least one of the plurality of displayed code objects; and
enabling the user device to access a web service in response to determining that the data of the received user authentication information corresponds to the previously stored member authentication data for the user.

US Pat. No. 10,924,473

TRUST STAMP

T STAMP INC., Atlanta, G...

1. A computer-implemented method of determining a numerical score related to a trustworthiness of a subscriber, the computer-implemented method being executed by a processor and comprising the steps of:receiving data values from various public or private databases over a network to a host computer with a non-transitory computer readable medium;
receiving, from the subscriber at least one element of subscriber information;
storing at least one data value of the data values or the at least one element of the subscriber information on the host computer with the non-transitory computer readable medium;
providing a first algorithm on the host computer capable of comparing the at least one data value to either at least one other data value of the data values or at least one other element of the subscriber information for similarities or discrepancies to determine a consistency of the data values or of the subscriber information;
providing a second algorithm on the host computer capable of analyzing a quantity, longevity, relevance, and accuracy of the data values and of the subscriber information to apply a weight to each of the quantity, the longevity, the relevance, and the accuracy;
providing a third algorithm on the host computer capable of calculating a numerical value for a trustworthiness of the subscriber based on factors contained in the data values and the subscriber information, similarities or discrepancies between the data values or the subscriber information, and the weights applied to the data values or the subscriber information based on the quantity, the longevity, the relevance, or the accuracy, wherein the first, second, and third algorithms are each separate algorithms;
displaying, to the subscriber, a recommendation to redact one or more sensitive attributes corresponding to the subscriber information, wherein redacting the one or more sensitive attributes excludes the one or more sensitive attributes from being included in trustworthiness score calculations;
generating, with the processor, a composite trust score corresponding to the subscriber based upon the first, second, and third algorithms;
displaying the composite trust score to the subscriber;
transmitting, via the processor, the composite trust score to a digital badge worn by the subscriber;
embedding the composite trust score into the digital badge worn by the subscriber;
detecting at least one trigger event, wherein the at least one trigger event comprises detecting a system and/or electronic computing device operable to receive the composite trust score;
in response to detecting a particular trigger event comprising identifying a physically proximate electronic computing device corresponding to a potential viewer, transmitting the composite trust score from the digital badge worn by the subscriber to the potential viewer wirelessly from the group consisting of Short Message Service (“SMS”), Multimedia Messaging Service (“MMS”), infrared, Bluetooth, and Near Field Communication (“NFC”), wherein the potential viewer may be provided with a dashboard that permits the potential viewer to see the composite trust score with variable combinations of weightings of underlying data based upon criteria in which the potential viewer has greatest confidence, wherein the variable combinations of weightings are adjustable responsive to the potential viewer interacting with the dashboard; and
continually updating the composite trust score of the subscriber by recalculating the composite trust score based on an interval set by a timer to account for new or updated data values and new or updated subscriber information.

US Pat. No. 10,924,472

WEARABLE COMMUNICATION DEVICES FOR SECURED TRANSACTION AND COMMUNICATION

SHENZHEN GOODIX TECHNOLOG...

1. A wearable device for capacitive coupled communications, the wearable device comprising:capacitive sensor transceiver circuitry configured to receive a capacitive coupled signal from a host device, wherein the capacitive coupled signal is received through a body of a user of the wearable device and is modulated to include a request for authentication data including encrypted identification information identifying the wearable device to authenticate the wearable device with the host device, and wherein the capacitive coupled signal is an electrical signal; and
processing circuitry in communication with the capacitive sensor transceiver circuitry to process the received capacitive coupled signal, and transmit, by the wearable device, authentication data, stored in a memory of the wearable device, comprising encrypted identification information and password information modulated on a capacitive coupled reply signal to the host device,
wherein the capacitive coupled reply signal modulated with the authentication data is transmitted through the body of the user of the wearable device, wherein the capacitive sensor transceiver circuitry is configured to receive another capacitive coupled signal from the host device modulated with information including a confirmation indicating a successful authentication of the wearable device with the host device and indicating that the host device is ready for operation, and
wherein in response to the received confirmation, the processing circuitry causes the wearable device to stop transmitting the authentication data.

US Pat. No. 10,924,471

METHOD FOR ENABLING AND/OR REQUESTING ACCESS BY A FIRST NETWORK SUBSCRIBER TO A SECOND NETWORK SUBSCRIBER IN A NETWORK

Robert Bosch GmbH, Stutt...

1. A method for enabling access by a first network subscriber to a second network subscriber in a network, the method comprising:transmitting an identification message from the first network subscriber to the second network subscriber;
receiving a communication request from the first network subscriber with the second network subscriber;
after receiving the communication request, determining whether the second network subscriber has carried out an authentication of the first network subscriber during a first phase;
allowing communication with the first network subscriber if the second network subscriber has carried out the authentication;
receiving an access request from the first network subscriber with the second network subscriber;
after receiving the access request, determining a level of trustworthiness of the first network subscriber; and
enabling access or rejecting access of the first network subscriber based on determined level of trustworthiness,
wherein the identification message includes identification of the first network subscriber and information regarding which services the first network subscriber provides.

US Pat. No. 10,924,470

SECURED NETWORK ARCHITECTURE

NOKIA SOLUTIONS AND NETWO...

1. A method of providing network security in a communications system, said method comprising:providing, in a first apparatus and in a second apparatus, a secure storage for an X.509v3 digital certificate;
mutually authenticating ports of the first apparatus and the second apparatus by using IEEE 802.1X port based authentication and IEEE 802.1AR secure device identity certificates, wherein a number of media access control (MAC) addresses is limited to a configurable number per port in the first apparatus and the second apparatus;
dividing traffic types using an operator-configurable selector function into at least one of user plane, control plane, synchronization plane, and management plane traffic types, or one or more further traffic types;
wherein for Ethernet transport, the method comprises:
creating a virtual port for each selected traffic type;
creating a different media access control security (MACsec) secure connectivity association (CA) for each virtual port;
maintaining an operator-programmable security policy for each of the selected traffic types; and
repeatedly re-authenticating a port by means of an operator-definable timer value.

US Pat. No. 10,924,469

SINGLE SIGN-ON (SSO) FOR INTERNET OF THINGS (IOT) APPLICATIONS

VERIZON MEDIA INC., New ...

1. A method, comprising:establishing, by an Internet of Things (IoT) application of an IoT device, a connection with a mobile application of a mobile device;
sending, by the IoT application, a request to a remote server to return a connector code, the request comprising an identification of the connection;
receiving, by the IoT application, the connector code from the remote server or a second server;
receiving, by the IoT application and from the remote server, an interval for use in polling the remote server in connection with completion of an authorization of the IoT application;
transferring, by the IoT application, the connector code to the mobile application via the connection,
wherein the mobile application sends a consent communication to the remote server that comprises the transferred connector code and a consent to authorize the IoT application, and
wherein the remote server generates an authorization code to send to the IoT application based on at least the consent communication from the mobile application; and
receiving, by the IoT application, the generated authorization code from the remote server.

US Pat. No. 10,924,468

REMOTE DESKTOP PROTOCOL PROXY WITH SINGLE SIGN-ON AND ENFORCEMENT SUPPORT

Citrix Systems, Inc., Fo...

1. A method for launching a connection to a resource link from a client device, the method comprising:authenticating, by a device intermediary to a client device and one or more servers, the client device for access to a plurality of resource links accessible via the one or more servers, the plurality of resource links include one or more remote desktop protocol (RDP) connections;
providing, by the device to the client device, a list of the plurality of resource links responsive to the authentication;
receiving, by the device, a request from the client device, identifying a first resource link from the plurality of resource links and information indicating at least one server of the one or more servers to establish an RDP connection; and
causing, by the device, first authenticated credentials for the first resource link to be stored on the client device via a script downloaded to the client device from the device and responsive to the request, the first authenticated credentials corresponding to the client device to access the first resource link through the RDP connection via the at least one server of the one or more servers, and wherein the client device is configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

US Pat. No. 10,924,467

DELEGATED AUTHORIZATION FOR ISOLATED COLLECTIONS

Microsoft Technology Lice...

1. A system comprising:at least one processor; and
memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising:
receiving, from a requestor, a request to access a graph database comprising a resource identifier, wherein access to the graph database is based on a first set of security permissions;
locating an underlying resource corresponding to the resource identifier, wherein access to the underlying resource is based on a second set of security permissions;
determining whether the requestor satisfies the second set of security permissions, wherein determining whether the requestor satisfies the second set of security permissions comprises sending a credential associated with the requestor to a resource provider associated with the underlying resource; and
when the requestor satisfies the first set of security permissions and does not satisfy the second set of security permissions, providing access to the graph database without providing access to the underlying resource.

US Pat. No. 10,924,466

SYSTEM AND METHOD FOR IOT SECURITY

SmartAxiom, Inc., Fuller...

1. A method of enabling secure access to at least one Internet of Things (JOT) device on a network by an JOT security system, comprising:receiving, by a processor of an JOT gateway device of the JOT security system, at least one encrypted block generated by at least one JOT device on the network, wherein the at least one encrypted block comprises a unique device identification (ID), a previous device token, a current device token, a time stamp, and an event data;
parsing, by the processor, the at least one encrypted block received to determine the unique device ID of the at least one JOT device;
verifying, by the processor, the authenticity of the at least one JOT device using a device chain to validate a device signature and identity of the at least one JOT device;
determining, by the processor, access to an event chain using a previous event token and a current event token of the at least one encrypted block, upon successful verification of the at least one JOT device;
validating, by the processor, the received event data by time synchronizing the device chain and the event chain;
updating, by the processor, the event chain with the received event data upon verifying the received event data using the time stamp, the previous device token and the current device token of the at least one encrypted block.

US Pat. No. 10,924,465

SPLIT AUTHENTICATION NETWORK SYSTEMS AND METHODS

Extreme Networks, Inc., ...

1. A method, comprising:receiving one or more packets wirelessly transmitted from a user device through a wireless access point to access a trusted network;
extracting onboarding characteristics from the one or more packets, wherein the onboarding characteristics comprise information on one or more of a device type, an authentication stage of the one or more packets, a device manufacturer, a device operating system (OS), and a device owner;
determining, based on the onboarding characteristics, a type of an Extensible Authentication Protocol (EAP) associated with the user device based on the one or more packets;
upon determining that the type of the EAP associated with the user device is a first EAP, routing the one or more packets to a first authentication server provided in the trusted network and associated with the first EAP, for authentication of the user device according to the first EAP, wherein the first EAP is configured to authenticate the user device using a server certificate and independent of a self-signed user certificate; and
upon determining that the type of the EAP associated with the user device is a second EAP different from the first EAP, routing the one or more packets to a second authentication server provided in the trusted network and associated with the second EAP, for authentication of the user device according to the second EAP.

US Pat. No. 10,924,464

AUTOMATIC CREDENTIAL ROTATION

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a first request for access to at least one resource, the first request including a first credential string corresponding to an output of a key stretching algorithm operated on an access credential for a first number of iterations;
receiving a second credential string, the second credential string corresponding to the output of the key stretching algorithm operated on the access credential for a second number of iterations;
generating a local copy of the second credential string, using the first credential string processed by the key stretching algorithm for the second number of iterations;
determining that the second credential string matches the local copy of the second credential string; and
granting, in response to a second request, access to the at least one resource.

US Pat. No. 10,924,463

DELEGATING INTERMEDIATION ON AN EXCHANGE OF ENCRYPTED DATA

ORANGE, Paris (FR)

1. A method for processing data, implemented within an intermediary module between a customer module and a server module connected through a communications network and communicating via a data transmission protocol, the data transmission protocol defining a control stream readable by the intermediary module, in addition to a data stream of encrypted data exchanged between the customer module and the server module, the control stream being independent and distinct from the data stream and transmitted in parallel of the data stream, wherein the method comprises the following acts:receiving a message identifying a data frame of said data stream of encrypted data, said data frame comprising an intermediation request identifying an intermediation operation to be performed relative to said data stream of encrypted data, said message being transmitted within said control stream;
after the reception of said message, receiving, from one among the customer and server modules, the data frame identified by the message, said data frame having:
a first part in which pieces of the encrypted data, whose content is not accessible by the intermediary module, are transported; and
a second part forming said intermediation request, readable by the intermediary module, the second part comprising a field identifying the intermediation operation to be performed; and
processing relative to said encrypted data as a function of said operation of intermediation said field identifying the intermediation operation to be performed.

US Pat. No. 10,924,462

CRYPTANALYSIS METHOD AND SYSTEM

1. A system for decrypting an encrypted cellular digital communication transmitted to or by a tranceiver of a client device, said system comprising:communication circuitry configured to receive the encrypted cellular digital communication, wherein the encrypted digital communication is encrypted according to a given encryption algorithm which employs an XORing of bits of digital communication with a keystream generated from an encryption key to generate the encrypted digital communication, and the digital communication is characterized by a given error correction coding scheme employed prior to encryption, where the error correction coding is based on a binary matrix associated with a characterized linear redundancy data streams generated using a convolutional error correction coding;
processing circuitry configured to recover the encryption key from the encrypted cellular digital communication with a recovery process of the encryption key that comprises deriving equations based on redundancy introduced by the error correction coding and using an XORing function over data bits of the encrypted cellular digital communication.

US Pat. No. 10,924,461

SECURE TWO-WAY BEACON IN AN INTERNET OF THINGS (IOT) SYSTEM

Afero, Inc., Los Altos, ...

1. A system comprising:a beacon to transmit a first advertisement packet associated with 1-way functions available from the beacon and to further transmit a second advertisement packet associated with 2-way functions available from the beacon, wherein the first advertisement packet and the second advertisement packet are transmitted concurrently by the beacon within a same time interval but at different frequencies and/or over different channels;
the first advertisement packet to cause an app and/or hub to be initialized on a mobile device; and
the second advertisement packet to cause the beacon to establish a first secure communication channel to a cloud service through the app and/or hub on the mobile device, wherein the beacon is to receive data from the cloud service over the first secure communication channel.

US Pat. No. 10,924,460

SYSTEMS AND METHODS FOR DIVIDING FILTERS IN NEURAL NETWORKS FOR PRIVATE DATA COMPUTATIONS

TRIPLEBLIND, INC., Kansa...

1. A method comprising:dividing, via one or more computing devices, a plurality of filters in a first layer of a neural network into a first set of filters and a second set of filters;
applying, via the one or more computing devices, each of the first set of filters to an input of the neural network to yield a first set of outputs;
obtaining a second set of outputs associated with the second set of filters, the second set of outputs being based on an application of each of the second set of filters to the input of the neural network;
for each set of filters in the first set of filters and the second set of filters that corresponds to a same filter from the plurality of filters, aggregating, via the one or more computing devices and at a second layer of the neural network, a respective one of the first set of outputs associated with a first filter in the set of filters with a respective one of a second set of outputs associated with a second filter in the set of filters to yield a set of aggregated outputs associated with the first set of filters and the second set of filters;
splitting, via the one or more computing devices, respective weights of specific neurons activated in each remaining layer of the neural network to yield a first set of weights and a second set of weights, the specific neurons being activated based on one or more activation functions applied to the set of aggregated outputs;
at each specific neuron from each remaining layer, applying, via the one or more computing devices, a respective filter associated with each specific neuron and a first corresponding weight from the first set of weights to yield a first set of neuron outputs;
obtaining a second set of neuron outputs associated with the specific neurons, the second set of neuron outputs being based on an application of the respective filter associated with each specific neuron to a second corresponding weight from the second set of weights;
for each specific neuron, aggregating one of the first set of neuron outputs associated with the specific neuron with one of a second set of neuron outputs associated with the specific neuron to yield aggregated neuron outputs associated with the specific neurons; and
generating an output of the neural network based on one or more of the aggregated neuron outputs.

US Pat. No. 10,924,459

LOCATION CONTROL AND ACCESS CONTROL OF EMAILS

Futurewei Technologies, I...

1. A sender device comprising:a processor configured to:
generate an email;
generate a control mechanism for the email, the control mechanism instructs a security server to implement a location control policy that affects a recipient device's use of the email, the control mechanism comprises an invalidation number field, an allowed location field, and a maximum openings number field, the invalidation number field requires that the email be destroyed when an invalidation counter exceeds an invalidation number, the invalidation counter is based on a recipient identifier (ID) and increments when a universally unique identifier (UUID) is not in an encryption record table, the UUID uniquely identifies an encryption record of the email, and the recipient ID uniquely identifies an email account of a recipient of the recipient device;
integrate the control mechanism into the email to generate an integrated email; and
generate a recall request requesting that the security server instruct the recipient device to destroy the email, wherein the recall request comprises the UUID or a sender ID;
a transmitter coupled to the processor and configured to transmit the integrated email to the security server for the security server to implement the control mechanism; and
a receiver coupled to the processor and configured to receive, from the security server and in response to the recall request, a destruction confirmation confirming that the recipient device destroyed the email.

US Pat. No. 10,924,458

GENERATING AN APPLICATION-BASED PROXY AUTO CONFIGURATION

Juniper Networks, Inc., ...

1. A network device, comprising:one or more memories; and
one or more processors to:
identify an application signature associated with a web application;
determine, based on an application-based policy associated with the web application, an access method to be used to transmit traffic associated with the web application;
generate a proxy auto configuration (PAC) file using:
the application signature associated with the web application,
the access method to be used to transmit the traffic associated with the web application, and
wherein the one or more processors, when generating the PAC file, are to:
dynamically generate the PAC file based on network endpoint information, associated with the web application, being added to a cache and identified in the cache; and
provide the PAC file to a client device to permit the client device to transmit the traffic associated with the web application based on the PAC file.

US Pat. No. 10,924,457

PACKET CLEANING METHOD AND APPARATUS

ALIBABA GROUP HOLDING LIM...

1. A packet cleaning method, comprising:acquiring a packet type and a destination address of a target packet;
acquiring, from a configuration file, a first attack type set according to the packet type, and a second attack type set according to the destination address, wherein the second attack type set comprises types of attacks that a device corresponding to the destination address receives from within a period of time;
generating a cleaning strategy chain corresponding to the target packet according to the first attack type set and the second attack type set; and
cleaning the target packet based on the cleaning strategy chain, comprising:
calling each cleaning strategy according to an order of cleaning strategies in the cleaning strategy chain, and
determining whether to discard the target packet according to the called cleaning strategy;
sending the target packet to the device corresponding to the destination address in response to the determination of not discarding the target packet.

US Pat. No. 10,924,456

METHODS AND SYSTEMS FOR EFFICIENT ENCRYPTED SNI FILTERING FOR CYBERSECURITY APPLICATIONS

Centripetal Networks, Inc...

1. A method comprising:receiving, by a packet-filtering device from an intelligence provider, one or more threat indicators, wherein the one or more threat indicators comprise a plurality of domain names associated with one or more threats;
determining a plurality of packet-filtering rules associated with each of the one or more threat indicators, wherein the one or more threat indicators comprise a matching criterion for the plurality of packet-filtering rules;
receiving, from a first device, a plurality of packets, wherein the plurality of packets comprise ciphertext comprising an encrypted server name indication (eSNI) value;
determining whether a plaintext hostname is resolvable from the ciphertext;
determining, based on a determination that the plaintext hostname is resolvable from the ciphertext, whether the plaintext hostname matches at least one of the one or more threat indicators; and
applying, based on a determination that the plaintext hostname matches at least one of the one or more threat indicators, a packet filtering operation associated with one or more of the plurality of packet-filtering rules to the plurality of packets, wherein the packet filtering operation comprises at least one of: blocking the plurality of packets from continuing toward its intended destination, allowing the plurality of packets to continue to its intended destination and forwarding a copy of the plurality of packets to a first proxy for monitoring, or forwarding the plurality of packets to a second proxy.

US Pat. No. 10,924,455

METHOD AND SYSTEM FOR IMPLEMENTING A CLUSTER-WIDE COMMUNICATION OVER A SINGLE PORT

Dell Products L.P., Roun...

1. A system for implementing a handshake between a source node cluster having file domains and a destination node cluster to which said file domains are replicated, the system comprising:a source node cluster having a plurality of nodes and a replication manager; and
a destination node cluster having a plurality of nodes, a replication manager and a single port manager for each node of the destination node cluster, wherein a number of the nodes at the destination node cluster and the number of nodes at the source node cluster is unequal,
wherein each of the single port managers is configured to inform the replication manager at the source node cluster of the node at the destination cluster node where the replication manager of the destination node cluster is located, via a single port opened in a firewall monitoring communication going between the source node cluster and the destination node cluster, wherein said single port is an only port that is opened for communication via said firewall between said source node cluster and said destination node cluster,
wherein the replication managers of the source and destination node clusters are configured to replicate all files and processes on the nodes of the source node cluster to the nodes of the destination node cluster via said single port,
wherein all replicated file domains register with the single port manager of the node on which they are replicated, and
wherein the single port manager is configured to communicate with the source node cluster via said single port to provide descriptors of replicated file domains, in response to inquiries from the source node cluster.

US Pat. No. 10,924,454

COMPUTING DEVICE AND METHOD FOR GENERATING A FABRIC-WIDE IPV6 ADDRESS

KALOOM INC., Montreal (C...

1. A computing device comprising:memory for storing a configuration file, the configuration file comprising an Internet Protocol version 6 (IPv6) base prefix and a fabric identifier; and
a processing unit for:
determining a host identifier;
generating an IPv6 prefix by combining the IPv6 base prefix stored in the configuration file and the fabric identifier stored in the configuration file; and
generating an IPv6 address by combining the IPv6 prefix and the host identifier.

US Pat. No. 10,924,453

METHOD FOR ASSIGNING CONTROLLABLE LUMINAIRE DEVICES TO CONTROL GROUPS

IDEAL Industries, Inc., ...

1. A method for automatically assigning a group address to a controllable luminaire device of a plurality of controllable luminaire devices, comprising:receiving an indication that the controllable luminaire device is to be added to a logical community of controllable luminaire devices;
determining that adding the controllable luminaire device to the logical community causes a number of controllable luminaire devices within the logical community to exceed an established threshold; and
in response to determining that adding the controllable luminaire device to the logical community causes the number of controllable luminaire devices within the logical community to exceed the established threshold, automatically assigning to each of the plurality of controllable luminaire devices within the logical community a group address and thereafter using a command addressed to the group address to commonly control those controllable luminaire devices of the plurality of controllable luminaire devices within the logical community as a group.

US Pat. No. 10,924,452

AUDITING IP ADDRESS ASSIGNMENTS

Amazon Technologies, Inc....

1. A system for validating a stored association between an IP address and a use for the IP address, comprising:a memory bearing instructions that, upon execution by a processor, cause the system at least to:
obtain information about the IP address from at least one source of information about IP addresses;
determine, based on the stored association, data indicating the use for the IP address;
determine from the information whether the IP address is being used in a manner identified by the use for the IP address based at least in part on a determination of whether the information about the IP address received from at least one source matches at least one criteria determined based on the data indicating the use;
store an indication of whether the IP address is being used in a manner identified by the use for the IP address in a memory;
obtain information about a second IP address from the at least one source of information about IP addresses wherein the IP address and the second IP address belong to a range of IP addresses; and
determine whether the second IP address is being used in a manner identified by the use for the second IP address based at least in part on the information about the IP address received from the at least one source.

US Pat. No. 10,924,451

COMMUNICATION DEVICE, CONTROL METHOD OF COMMUNICATION DEVICE, AND STORAGE MEDIUM

CANON KABUSHIKI KAISHA, ...

1. A communication device that has a network interface and allocates an IP address obtained from a DHCP server to the network interface and communicates with an external device by using the IP address, comprising:at least one memory that stores instructions; and
at least one processor that executes the stored instruction to:
set, based on a user's operation via a setting screen, an operation setting of the communication device as to whether or not to change a communication speed to a low speed in a case where the communication device shifts to a power save mode,
when the communication device detects link-up of the network interface, determine that it is unnecessary to obtain the IP address from the DHCP server again if it is set as the operation setting to change the communication speed to the low speed in a case where the communication device shifts to the power save mode, and determine that it is necessary to obtain the IP address from the DHCP server again if it is set as the operation setting not to change the communication speed to the low speed in a case where the communication device shifts to the power save mode; and
in accordance with occurrence of link-up of the network interface, perform control to transmit a DHCP DISCOVER packet onto the linked-up network, to search for a DHCP server on the network, and to allocate, to the network interface, an IP address distributed from the DHCP server found by the search if it is determined to be necessary to obtain the IP address again;
wherein, if it is determined to be unnecessary to obtain the IP address again, the DHCP DISCOVER packet is not transmitted onto the linked-up network even in a case where link-up of the network interface occurs,
wherein, if it is set as the operation setting to change the communication speed to the low speed in a case where the communication device shifts to the power save mode, the communication device detects the link-up of network interface at least in a case where the communication transitions from the power save mode to a normal power mode.

US Pat. No. 10,924,450

ALLOCATION OF RESOURCES DURING SPLIT BRAIN CONDITIONS

TELEFONAKTIEBOLAGET LM ER...

1. A first resource allocation device having control of a first set of network addresses and cooperating with a second resource allocation device having control of a second set of network addresses, the first resource allocation device comprising a processor acting on computer instructions whereby said first resource allocation device is operative to:receive a request for a network address, wherein the request was transmitted by a requestor;
in response to the request for the network address transmitted by the requestor, select a first network address, wherein the first network address is included in the second set of network addresses which is controlled by the second resource allocation device and further wherein the first network address is not included in the first set of network addresses which is controlled by the first resource allocation device;
after selecting the first network address, transmit to the second resource allocation device a resource allocation message comprising the selected first network address;
determine whether the first resource allocation device has received, within a predetermined response time, an acknowledgment of the resource allocation message transmitted by the second resource allocation device; and
as a result of determining that the first resource allocation device has received the acknowledgment of the resource allocation message within the predetermined response time, transmit to the requestor a response message responding to the request transmitted by the requestor, wherein the response message comprises a protocol data unit comprising a header and payload, wherein the payload comprises the first network address.

US Pat. No. 10,924,449

INTERNET PROTOCOL (IP) ADDRESS ASSIGNMENT

Facebook, Inc., Menlo Pa...

1. A method comprising:by a computing device, partitioning a block of Internet protocol (IP) addresses into one or more sets of continuously sequential IP addresses, wherein each set of IP addresses corresponds to a particular one of a plurality of geographically-distributed Internet points of presence (PoPs), wherein each of the IP addresses in the block corresponds to one of a plurality of global services, and wherein each of the plurality of PoPs delivers one or more of the global services from one of a plurality of geographic locations of the PoP;
by the computing device, assigning a respective one of the sets of continuously sequential IP addresses to each PoP, wherein a prefix of each set of continuously sequential IP addresses comprises a first portion that is fixed for all of the plurality of PoPs and a second portion that is unique for a particular PoP;
by the computing device, partitioning each set of IP addresses of each of the plurality of PoPs into a plurality of subsets of continuously sequential IP addresses, wherein one or more of the subsets of continuously sequential IP addresses each corresponds to a respective global service;
by the computing device, mapping a particular global service associated with two or more PoPs located at different geographic locations to a suffix range of continuously sequential IP addresses of the one or more of the subsets, wherein the suffix range of the continuously sequential IP addresses mapped to the particular global service is fixed across the two or more PoPs located at different geographic locations; and
by the computing device, assigning a price level to the suffix range of the continuously sequential IP addresses based on the mapped particular global service.

US Pat. No. 10,924,448

CONTENT DELIVERY FROM HOME NETWORKS

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving, at a routing device of a home network, a request for content from a first device of the home network, the request identifying the content using an IPv6 address for the content;
determining, by the routing device of the home network in response to receiving the request for the content, whether the content is stored in a cache of a second device of the home network, wherein each of a plurality of devices of the home network is operative to advertise presence of the content and the IPv6 address of the content to other of the plurality of devices of the home network;
upon determining the content is stored in the cache of the second device, determining, by the routing device of the home network, that accessing the content from the second device in the home network has a lower latency than accessing the content from a content server;
sending, by the routing device of the home network in response to determining that accessing the content from the second device has a lower latency than accessing the content from a content server, the request to the second device for the content using the IPv6 address of the content; and
forwarding the content to the first device from the second device, wherein the first and second devices are part of the same layer 2 domain.

US Pat. No. 10,924,447

METHOD AND SYSTEM TO CONVERSE ACROSS FRAGMENTED MESSAGING SERVICES BASED ON DISCUSSION TOPICS

Medallia, Inc., San Fran...

1. A method of managing messages across a plurality of messaging services, comprising:receiving, via a first messaging channel and at a message aggregator, a first message from a first messaging service, wherein the first message is sent by a first user;
sending the first message to a second user via a second messaging channel;
receiving, via the second messaging channel and at the message aggregator, a second message, wherein the second message is sent by the second user;
in response to a request from the first user to continue a conversation via a second messaging service, opening, by the message aggregator, a third messaging channel to the second messaging service, the third messaging channel associated with an account of the first user on the second messaging service, and wherein the conversation is terminated in absence of receiving the request from the first user to continue the conversation via the second messaging service;
sending the second message via the third messaging channel to the first user;
determining that a conversation between the first user and the second user is finished; and
sending a survey, follow-on information, or both, in response to a determination that a conversation is finished.

US Pat. No. 10,924,446

DIGITAL STORY REPLY CONTAINER

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:displaying a shared story, comprising a collection of individual stories composed by a plurality of different contributors, within a stories interface of a story consumption channel provided via a social media application running on a viewer's computing device by ephemerally presenting the individual stories one by one, transitioning from presenting one story to the next automatically, wherein (1) rights to contribute to the shared story are limited to a first group of users invited to contribute to the shared story as contributors and (2) rights to view the shared story are limited to a second group of users indicated by a privacy setting selected by one or more contributors;
receiving user input, from the viewer of the shared story, selecting a selectable reply element associated with the shared story within the stories interface and, in response to receiving the user input selecting the selectable reply element, providing the viewer with a chat room selection prompt that provides the viewer with a choice to select to join an inclusive private chat room or a limited private chat room, wherein (1) rights to access the inclusive private chat room are limited to a third group of users comprising each viewer who has replied to the shared story and each contributor to the shared story and (2) rights to access the limited private chat room are limited to a fourth group comprising the viewer and a subset of the shared story's contributors;
receiving an additional user input to the chat room selection prompt selecting to join the inclusive private chat room in lieu of the limited private chat room;
in response to receiving the additional user input, digitally adding the viewer to the inclusive private chat room associated with the shared story;
transitioning from displaying the stories interface to displaying a chat room interface corresponding to the inclusive private chat room;
receiving user-generated text submitted to a text box within the chat room interface; and
posting, to the chat room interface, a message from the viewer comprising the user-generated text.