US Pat. No. 10,694,043

ALLOWING ACCESS TO A DEVICE RESPONSIVE TO SECONDARY SIGNALS PREVIOUSLY ASSOCIATED WITH AUTHORIZED PRIMARY INPUT

LENOVO ENTERPRISE SOLUTIO...

1. A method, comprising:receiving, by a target device, primary input from a user or user device, wherein the primary input matches a predetermined input stored by the target device and authorizes the user or user device to access the target device;
receiving, by the target device, one or more wireless secondary signals during a time period in which the primary input is received by the target device;
storing, by the target device, the one or more wireless secondary signals;
allowing access to the target device in response to the target device receiving the primary input; and then
allowing access to the target device in response to the target device receiving a wireless secondary signal that matches at least one of the one or more stored wireless secondary signals in the absence of receiving the primary input.

US Pat. No. 10,694,042

SYSTEM AND METHOD FOR PROCESSING MEDIA REQUESTS DURING TELEPHONY SESSIONS

Twilio Inc., San Francis...

1. A method comprising:receiving, by a telephony platform, a first media request to access a first media item in relation to a first telephony session, the first media request initiated by a first application utilizing communication services provided by the telephony platform, the first media request including a specified Universal Resource Identifier (URI);
determining whether the specified URI corresponds to any cached media resources stored in a cache memory of the telephony platform, each cached media resource being a copy of a previously requested media item formatted into a compatible format for telephony sessions facilitated by the telephony platform;
in response to determining that the specified URI does not correspond to any of the cached media resources stored in the cache memory of the telephony platform, transmitting a request for the first media item to a media server identified by the specified URI;
in response to receiving the first media item from the media server, converting the first media item into the compatible format and storing a copy of the first media item converted into the compatible format in the cache memory of the telephony platform, yielding a first cached media resource, the first cached media resource being associated with the specified URI; and
forwarding the first media item converted into the compatible format to a call router to provide the first media item in relation to the first the telephony session.

US Pat. No. 10,694,041

ANALYTICS-GUIDED CALL ROUTING WITH THIRD PARTY

Avaya Inc., Santa Clara,...

1. A system comprising:a microprocessor; and
a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions stored thereon that program the microprocessor to:
assign a number of phantom communication sessions and a number of contact center agents to a high priority contact center queue, wherein the number of phantom communication sessions is greater than or equal to the number of assigned contact center agents, wherein the number of phantom communication sessions each comprises a rake communication session that is used as a place holder in the high priority contact center queue, and wherein the high priority contact center queue is used for coordinating communication session routing with an external control application;
receive an indication that a first contact center agent of the number of contact center agents is available;
assign the first contact center agent of the number of contact center agents to a first phantom communication session of the number of phantom communication sessions in response to receiving the indication that the first contact center agent is available; and
send an electronic notification message to the external control application that the first contact center agent is available.

US Pat. No. 10,694,040

CENTRALIZED EVENT LOG GENERATION AND ANALYSIS FOR CONTACT CENTERS

Wells Fargo Bank, N.A., ...

1. A computer-implemented method comprising:receiving, by a computing system and from a plurality of front-end systems within a contact center of an organization, call data associated with actions performed during a call into the contact center;
creating, by the computing system, an entry for the call in a centralized event log for the contact center, wherein the call entry includes the call data received from the plurality of front-end systems;
correlating, by the computing system, the call entry with other call entries in the centralized event log for a same entity identified for the call, wherein the correlation is represented by a common identifier appended to the call entry and each of the other call entries for the same entity in the centralized event log;
aggregating, by the computing system and from a plurality of back-end systems for the contact center, context data associated with the call, wherein the context data is appended to the call entry in the centralized event log; and
transmitting, by the computing system, a pointer to the call entry in the centralized event log to one or more of the front-end systems for use in determining how to handle the call.

US Pat. No. 10,694,039

SYSTEM AND METHOD FOR AUTOMATED CALL DISTRIBUTION

1. A computer-implemented method for automating calls from a call center to a lead, comprising:identifying, with at least one processor, the lead;
determining, with at least one processor, a number of automated contact attempts to be made for contacting the lead based at least partially on at least one rule, the number of automated contact attempts to be made comprising a plurality of contact attempts including a first contact attempt and a nth contact attempt, wherein n is greater than 2 and less than the number of contact attempts to be made;
for at least the first contact attempt and the nth contact attempt, determining, with at least one processor, a predicted optimal time for the contact attempt to be made based at least partially on a predictive model configured to generate the predicted optimal time for the contact attempt based on historical call attempts to the lead and/or lead data associated with the lead;
initiating, with at least one processor, the first contact attempt to the lead at the predicted optimal time for the first contact attempt; and
initiating, with at least one processor, the nth contact attempt to the lead at the predicted optimal time for the nth contact attempt.

US Pat. No. 10,694,038

SYSTEM AND METHOD FOR MANAGING CALLS OF AN AUTOMATED CALL MANAGEMENT SYSTEM

Replicant Solutions, Inc....

1. A method for managing a call between a contact, a conversation bot, and a human agent, the method comprising:selecting a conversation bot associated with a particular human agent from a plurality of conversation bots that are each associated with a different human agent using an automated call management system, wherein each conversation bot is a computer model trained using conversation data including specific conversation data recorded during conversations conducted by the particular human agent with which it is associated;
connecting an audio call with a human contact using the automated call management system;
generating audio during the call, where the audio is generated based upon a voice of the particular human agent using the automated call management system;
recording speech of the human contact and converting the recorded speech to text to create a text transcript of the call using the automated call management system;
determining that a transition criterion is satisfied based upon the text transcript of the call;
selecting a selected human agent from amongst a plurality of available human agents using the automated call management system;
when the transition criterion is satisfied, enabling a selected human agent to participate on the call using the automated call management system; and
continuing the call between the selected human agent and the human contact.

US Pat. No. 10,694,037

SYSTEM AND METHOD FOR AUTOMATICALLY VALIDATING AGENT IMPLEMENTATION OF TRAINING MATERIAL

1. A computer implemented method for testing an agent by a validation bot executed by a processor, the method comprising:a. sending training material, by the validation bot, to an agent;
b. at the same time that agents other than the agent are connected to customers, automatically initiating, by the validation bot, a session with an agent by providing a natural language phrase to the agent via a client media interface, wherein the client media interface is the same interface the agent uses to communicate with a customer, wherein, during the session, the validation bot pretends to be a real customer with which the agent is supposed to interact;
c. obtaining, by the validation bot, a reply from the agent;
d. interpreting the reply by a natural language engine which includes a machine learning module trained to classify agent replies into agent intents and mapping, by the validation bot, the reply of the agent to an agent intent, wherein the agent intent is a goal of the agent expressed by the agent during the session;
e. providing, by the validation bot, a response to the agent based on the mapped agent intent and according to a predetermined session flow, wherein the predetermined session flow is based on the training material, wherein the response is translated into a media channel of the session;
f. calculating, by the validation bot, a score of the agent according to scoring rules; and
g. providing, by the validation bot, the score of the agent to a user.

US Pat. No. 10,694,036

APPLYING USER PREFERENCES, BEHAVIORAL PATTERNS AND/OR ENVIRONMENTAL FACTORS TO AN AUTOMATED CUSTOMER SUPPORT APPLICATION

West Corporation, Omaha,...

1. A method, comprising at an interactive voice response (IVR) system:transmitting a pre-recorded audio segment to a user device based on a match of at least one user preference to the pre-recorded audio segment, wherein the method further comprises:
storing information corresponding to spoken words of a user of the user device, the spoken words included in a prior message;
determining the at least one user preference based on a frequency of terms in the spoken words; and
associating the at least one user preference with an account related to the user device for interaction with an agent.

US Pat. No. 10,694,035

CALL CONTENT MANAGEMENT FOR MOBILE DEVICES

First Orion Corp., Littl...

1. A method comprising:identifying a call to a mobile device;
determining whether the call comprises call content data intended for the mobile device;
initiating an active session and a time to live (TTL) associated with the call content data;
forwarding the call content data to the mobile device when the call comprises call content data associated with the caller;
receiving a content confirmation from the mobile device that the call content data was received; and
responsive to the active session terminating, blocking additional content from being sent to the mobile device.

US Pat. No. 10,694,034

AVOIDING IDENTITY FRAUD AND UNWARRANTED CALLS BY AUTHORIZATION MECHANISM IN COMMUNICATION SYSTEM

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for verifying a commission-based relationship in a communication system by authorization and verification based on event, the method comprising:generating, by an authorizer of the communication system comprising one or more processors, authorization information that is to be transmitted to a caller and forwarded by the caller to a callee upon a call being initiated between the caller and the callee, wherein the authorization information includes at least authorizer identity information, callee identity information, and a caller public key;
signing, by the authorizer, the authorization information with a private key of the authorizer; and
transmitting, by the authorizer, the signed authorization information to the caller;
wherein the caller is configured to generate a digital signature via a private key of the caller and transmit the digital signature and the signed authorization information to the callee; and
wherein the callee is configured to verify the authorization information by at least verifying the signature of the signed authorization information via a public key of the authorizer, extracting the public key of the caller from the authorization information, and verifying an identity of the caller based on the extracted public key of the caller, and
wherein the verifying of the authorization information further includes the callee being configured to verify the authorizer identity information based on the public key of the authorizer.

US Pat. No. 10,694,033

SYSTEM AND METHOD FOR IDENTIFYING UNWANTED COMMUNICATIONS USING COMMUNICATION FINGERPRINTING

YouMail, Inc., Irvine, C...

1. A method, in a communication environment including a data processing system comprising a processor and a memory, for identifying communicators as wanted or unwanted based on messages from such communicators, the method comprising:recording, by the data processing system, communications from a plurality of communicators;
generating, by the data processing system, fingerprints of message content from the recording of the communications;
tagging, by the data processing system, the fingerprints with data representative of whether the message content is associated with one or more unwanted communicators;
determining, by the data processing system, given ones of the fingerprints are associated with one or more unwanted communicators based on the tagging;
matching, by the data processing system, at least one of the given fingerprints to an inbound communication from an unknown communicator;
determining, by the data processing system, an identity of the unknown communicator as being likely unwanted based on the tagged data of the matched at least one of the given fingerprints; and
automatically rejecting or disposing of communications from the unknown communicator determined to be likely unwanted.

US Pat. No. 10,694,032

SYSTEMS AND METHODS FOR BLOCKCHAIN WIRELESS SERVICES IN A CONTROLLED ENVIRONMENT

1. A method of providing blockchain wireless services in a controlled environment, comprising:a wireless communication device associated with an inmate of a controlled environment receiving one of a voice and video call from a device external to the controlled environment;
the wireless communication device placing the received call into a hold state;
the wireless communication device sending a request for validation of the call via a blockchain, the request identifying at least parties to the call, the requested validation comprising at least a confirmation that a user of the device external to the controlled environment is an authorized contact of the inmate;
the wireless communication device, upon receipt of the requested validation, removing the call from the hold state; and
the wireless communication device enabling at least one of voice and video functionality for the parties.

US Pat. No. 10,694,031

METHOD OF PROVIDING A RECENT CALL LIST, SOFTWARE PRODUCT, TELECOMMUNICATIONS DEVICE AND SYSTEM

1. A telecommunications apparatus comprising:at least one telecommunications device communicatively connectable to at least one server for executing services, the at least one telecommunications device having a processor and a non-transitory computer readable medium;
the at least one telecommunications device configured to incorporate information on recent services as entries in a recent call list of said telecommunications device, wherein each entry is defined by a data structure, wherein the recent call list comprises at least one non-telecommunications service entry representing a recent service other than a telephone call in said recent call list, each at least one non-telephone call service entry comprising: a service code identifying a non-telephone call service as a data value such that the service code or an identifier associated with the service code is displayable when the recent call list is displayed regardless of whether differences between telecommunication calls and non-telecommunication services are distinguishable by the telecommunications device; and
the at least one telecommunications device configured to display at least one follow-up action option associated with the service code in response to a selection of at least one of the non-telephone call service entry of the recent call list.

US Pat. No. 10,694,030

SYSTEM AND METHOD FOR PROVIDING PARTICULARIZED AUDIBLE ALERTS

Somatek, San Diego, CA (...

1. A system for generating a distinctive auditory alert upon receiving a telephone call, the system comprising:a device having at least one processor;
a memory corresponding with the device, the memory storing:
a first plurality of sounds indicative of a user of the device, wherein data corresponds to a sequence of phonemes associated with the user, the device configured to receive a telephone call; and
a second plurality of sounds indicative of a calling party of the received telephone call;
wherein the device is configured to:
receive one of a selection between 1) the user and 2) the calling party;
play the first plurality of sounds in a sequence so as to identify the received telephone call being directed to the user in response to the user being selected, wherein the plurality of sounds are based on a sequence of phonemes associated with the user; and
in response to the calling party being selected:
a) access an identifier associated with the calling party of the received telephone call;
b) retrieve data indicative of the second plurality of sounds designating the calling party based on the identifier; and
c) play the second plurality of sounds in a sequence so as to identify the calling party.

US Pat. No. 10,694,029

VALIDATING AUTOMATIC NUMBER IDENTIFICATION DATA

RightQuestion, LLC, Port...

1. A system, comprising:a verification service provider, configured to, using one or more processors:
enroll a first device with the verification service provider, wherein enrolling the first device includes associating, by the verification service provider, the first device with device information comprising a fingerprint of the first device, wherein the fingerprint of the first device is generated based at least in part on a set of configuration information associated with the first device;
store, at the verification service provider, the device information associated with the first device;
obtain, at the verification service provider, information transmitted by a second device associated with a communications connection, wherein the communications connection comprises an audio communications connection associated with a call;
perform, at the verification service provider, a security determination at least in part by determining whether the obtained information transmitted by the second device matches at least a portion of the stored device information associated with the enrolled first device;
wherein a relying party is configured to perform a policy-based decision, and wherein the policy-based decision is performed based at least in part on the security determination; and
based at least in part on the policy-based decision performed by the relying party, perform at least one of sending a message via a communication identifier associated with the first device and enrollment of the second device.

US Pat. No. 10,694,028

SYSTEMS AND METHODS FOR GENERATING APPLICATION DATA FROM CALL DATA

RINGCENTRAL, INC., Belmo...

1. A computer-implemented method for generating application data from call data, the method comprising:acquiring, with one or more call-data aggregators, call data from at least one call-data source;
modifying at least a portion of the call data with a call-data modifier;
generating application data from the portion of the call data, wherein the application data is configured for diagram generation; and
generating a first diagram from the application data, wherein the first diagram indicates a plurality of call-portion durations, each call-portion duration of the plurality of call-portion durations having associated with presentation configured to be presented upon selection, and wherein the first diagram reflects two or more of the plurality of call-portion durations in a temporal sequence and each call-portion duration reflected in the first diagram is associated with a phase of a call.

US Pat. No. 10,694,027

SYSTEM AND METHOD FOR AUTOMATED VOICE QUALITY TESTING

CYARA SOUTIONS PTY LTD, ...

1. A system for automated testing of audio quality, comprising:a first audio generator device configured to transmit reference audio samples; and
a head and torso simulator device configured to simulate at least a plurality of physical qualities of human head and torso anatomy, and comprising at least a microphone and a second audio generator device configured to transmit reference audio samples; and
an audio quality sampler; and
wherein the first audio generator device transmits a reference audio sample to the head and torso device to simulate inbound audio from a calling party to a receiving party; and
wherein the second audio generator device transmits a reference audio sample from the head and torso simulator device to simulate receiving party interaction with the calling party; and
wherein the audio quality sampler samples and reports the audio quality received at the head and torso device, or sent from the head and torso device, or both.

US Pat. No. 10,694,026

SYSTEMS AND METHODS FOR EARLY FRAUD DETECTION

ROYAL BANK OF CANADA, Mo...

1. A computer implemented method for routing a call received at a call centre based on one or more characteristics of call data, the method comprising:receiving or retrieving a first data set associated with a first set of call features relating to an on-going call, the first data set including: data representing a caller identifier associated with the on-going call, a time the on-going call was received at the call centre, and account identifying information associated with an electronic account;
generating, using a machine learning model, a suspiciousness score of the on-going call based on a call history of the caller identifier with the call centre, an attempted access history for the electronic account, and an enumerated time period in which the time the on-going call was received at the call centre, the suspiciousness score indicating a probability of the on-going call being a fraudulent call;
routing the on-going call based on the suspiciousness score;
displaying the first suspiciousness score on a graphical user interface;
receiving or retrieving a second data set associated with the first set or additional call features relating to the on-going call;
updating the suspiciousness score of the on-going call based on the second data set; and
displaying the updated suspiciousness score on the graphical user interface.

US Pat. No. 10,694,025

REDUCTION IN NETWORK CONGESTION

West Corporation, Omaha,...

1. A method, comprising:receiving, from a sender, a telephony connection request at a location in a telephony network, the telephony connection request directed toward an intended recipient;
identifying a type of the sender and a type of the intended recipient;
identifying a compatibility of the sender and the intended recipient based on a comparison of the type of the sender and the type of the intended recipient;
determining a status characteristic of the intended recipient based on addressing information, wherein the status characteristic is based on active network registration; and
sending a spoofed reply to the sender based on the type of the sender and the type of the intended recipient being identified as incompatible.

US Pat. No. 10,694,024

SYSTEMS AND METHODS TO MANAGE MODELS FOR CALL DATA

Capital One Services, LLC...

1. A system for configuring a computerized model for call analysis, comprising:one or more memory units storing instructions; and
one or more processors that execute the instructions to perform operations comprising:
receiving, from a user device, an input indicating (i) a segment of a recorded call and (ii) an attribute associated with the segment;
determining a parameter of a model, wherein the model is associated with the attribute;
changing the parameter based on the input; and
generating an updated model based on the changed parameter, wherein the updated model is configured to analyze recorded calls having one or more segments with the same attribute.

US Pat. No. 10,694,023

TESTING METHODS AND SYSTEMS FOR MOBILE COMMUNICATION DEVICES

1. A testing method for testing a mobile communication device, the method comprising:connecting a Universal Integrated Circuit Card (UICC) manager module of a mobile communication device to a UICC that emulates subscriber-specific information to the mobile communication device over a provisioning interface of a testing front end module to an access interface of the UICC, wherein the UICC is external to the mobile communication device and arranged in the testing front end module,
transmitting by the testing front end module, a testing profile of the UICC over the provisioning interface to the mobile communication device;
activating the testing profile on the mobile communication device;
setting, by a testing controller, the configuration of the mobile communication device to a testing mode according to the information of the activated testing profile of the UICC; and
performing operational tests on the mobile communication device using a testing front end module of a testing system while the configuration of the mobile communication device is set to the testing mode.

US Pat. No. 10,694,022

AUTONOMOUS PROFILE SWITCHER FOR DEVICES BASED UPON EXTERNAL ENVIRONMENT

Dell Products L.P., Roun...

1. A method comprising:receiving, by one or more processors of a computing device, sensor data from a plurality of sensors;
determining, by the one or more processors and based on the sensor data, that a computing device is being used at a particular location, the computing device having a first profile associated with a first user, the first profile having a first set of decision rules including when to mute or unmute a ringer on the computing device;
determining that the particular location comprises a new location that the first user has not previously visited;
sending the particular location and the first profile to a server;
receiving, from the server, a second profile having a second set of decision rules, the second profile selected based on look-alike modelling and based on similarities between the first profile and the second profile, wherein:
the second profile is associated with a second user;
the second profile is similar to the first profile; and
the second user has visited the particular location;
updating the first profile based on the second profile and the second set of decision rules; and
switching, by the one or more processors, from the first set of settings to a second set of settings based on a particular decision rule of the second set of decision rules that are associated with the particular location.

US Pat. No. 10,694,021

CUSTOMISATION OF CONTENT OF AN ELECTRONIC DEVICE

Provenance Asset Group, ...

1. An electronic device, comprising:at least one processor; and
at least one memory including:
a contact card of a predetermined service provider; and
computer program code configured to, with the at least one processor, cause the electronic device to at least:
store a first theme that defines a first set of operating characteristics of the electronic device and a first content of the contact card,
store a second theme that defines a second set of operating characteristics of the electronic device and a second content of the contact card,
detect a location of the device,
select the first theme or the second theme for adoption by the electronic device in dependence on the location of the electronic device,
control operation of the electronic device in dependence of the first set or the second set of operating characteristics, and
control communication with the predetermined service provider in dependence of the first content or the second content of the contact card;
wherein the first theme or second theme is configured to affect availability of the content of the electronic device, including one or more software applications such that access to the one or more software applications is dependent on the location of the electronic device.

US Pat. No. 10,694,020

INFORMATION DISPLAYING METHOD AND TERMINAL

Huawei Technologies Co., ...

13. A method for displaying information, the method comprising:obtaining, by a terminal, audio data that represents a sound to be played;
determining, by the terminal based on attribute information corresponding to any moment of the sound represented by the audio data, a shape of a graph corresponding to the any moment, wherein the any moment falls within a range from a start play moment of the sound to an end play moment of the sound, wherein the graph corresponding to the any moment includes a closed curve with a bump, and a maximum distance from points on the bump to a center of the graph corresponding to the any moment is correlated to a value indicated by the attribute information at the any moment;
displaying, by the terminal, the graph corresponding to the any moment;
obtaining, by the terminal, a type of the audio data, time information of the audio data, or information about an external environment in which the terminal is located; and
determining, by the terminal based on the type of the audio data, the time information of the audio data, or the information about the external environment in which the terminal is located, a material of the graph corresponding to the any moment;
wherein the information about the external environment in which the terminal is located comprises weather information, temperature, or humidity of the external environment in which the terminal is located.

US Pat. No. 10,694,019

SAFETY CUTOFF FOR A POWER TOOL OR OTHER DEVICE

CUTTING EDGE INNOVATIONS,...

1. A detachable adapter for an electrical power tool, the detachable adapter having a first location to selectively attach to the electrical power tool and a second location to selectively attach to a removable battery, the detachable adapter comprising:a receiver mounted within the adapter configured to: (i) receive a first communication signal generated by a transmitter; (ii) to command or allow the detachable adapter to transmit electrical current from the battery to the electrical power tool when the receiver detects the first communication signal; and (iii) to interrupt electrical current from the battery to the electrical power tool when the receiver does not detect the first communication signal; and
a current leakage detector mounted within the adapter configured to interrupt electrical current from the battery to the electrical power tool when current leakage is detected.

US Pat. No. 10,694,018

METHOD AND APPARATUS FOR CONTROLLING RUNNING STATUS OF WEARABLE ELECTRONIC DEVICE

HUAWEI TECHNOLOGIES CO., ...

1. A method for controlling a running status of a wearable electronic device, the method comprising:receiving a first motion sensor signal from a mobile phone;
determining a magnitude of the first motion sensor signal;
determining whether the magnitude of the first motion sensor signal satisfies a first threshold;
responsive to determining that the magnitude of the first motion sensor signal satisfies the first threshold, determining a posture change status of the wearable electronic device comprising the steps of:
determining that a posture of the wearable electronic device has changed when a change value of the first motion sensor signal is greater than a second threshold and that the first motion sensor signal is received within a time period; and
determining that the posture of the wearable electronic device has not changed when the change value of the first motion sensor signal is less than the second threshold within the time period; and
controlling the running status of the wearable electronic device according to the posture change status.

US Pat. No. 10,694,017

ERGONOMIC POSITION DETECTOR

International Business Ma...

1. A computer-implemented method comprising executing on a computer processor:determining, as a function of sensory data provided by a sensing component of a hand held mobile computing device, identification of fingers of a user hand that are engaging a keypad input component of a touch screen of the hand-held mobile computing device to enter text characters into an application running on the mobile device, an orientation of the user hand relative to the hand-held mobile computing device, and a rate of entry of the text characters into the application by the fingers via the keypad input component;
determining a current ergonomic movement pattern for the user while the user physically operates the hand-held mobile computing device as a function of the identification of the fingers, the orientation of the user hand relative to the hand-held mobile computing device and the rate of entry of the text characters into the application by the fingers via the keypad input component, wherein the determined ergonomic pattern of movement includes data representing a pattern of the user hand movements with an orientation of a body of the hand-held mobile computing device with respect to the user while physically operating the hand-held mobile computing device in a discrete user activity of a plurality of discrete user activities that operate the hand-held mobile computing device, wherein physically operating the hand-held mobile computing device in the discrete activity comprises at least one discrete user activity with associated processing activity of the hand-held mobile computing device selected from a group consisting of: entering text via the keypad input component with the touch screen of the hand-held mobile computing device, speaking into a microphone disposed within the hand-held mobile computing device, reading a displayed screen displayed on the hand-held mobile computing device, and taking a picture with a camera disposed within the hand-held mobile computing device;
comparing the current user ergonomic movement pattern to a knowledge base of a plurality of activity hand movements that are each labeled as problematic ergonomic movements and labeled with the associated processing activity of the discrete user activity operating the hand-held mobile computing device; and
in response to determining that the compared current user ergonomic movement pattern for the discrete user activity matches one of the labeled hand movements within a threshold similarity value, driving a communication component of the mobile device to alert the user physically operating the hand-held mobile computing device in a problematic ergonomic movement and recommend during the discrete activity an alternative ergonomic position for use in physically operating the hand-held mobile computing device for the discrete user activity.

US Pat. No. 10,694,016

MOBILE PHONE WITH AN EYE ILLUMINATION

Zoppolin Corporation, Ap...

1. A mobile phone, comprising:a control unit;
a first wireless module coupled to said control unit;
a second wireless module coupled to said control unit;
a front substrate having a first conductive line and a rear substrate having a second conductive line, fluorescent substances are formed between said front substrate and said rear substrate, wherein a bias is applied to excite said fluorescent substances by combination of an electron and a hole to emit visible light, thereby removing backlight of said mobile phone;
an eye illumination source coupled to said control unit to measure an eye of a subject before said mobile phone;
at least one CMOS sensor coupled to said control unit to sense an eye illumination from said eye of said subject; and
a control module in responsive to an image captured by said at least one CMOS sensor to execute an instruction.

US Pat. No. 10,694,015

DIGITAL DEVICE AND METHOD FOR CONTROLLING THE SAME

LG ELECTRONICS INC., Seo...

1. A portable device comprising:a display;
a motion sensor, wherein the motion sensor includes at least one of a gyroscope sensor, an acceleration sensor, a gravity sensor or a terrestrial magnetism sensor;
a wireless communication unit to be paired with a smart watch, wherein the pairing is performed based on Bluetooth or Near Field Communication (NFC); and
a controller configured to:
perform pairing with the smart watch via the wireless communication unit,
receive an event,
transmit notification information of the event to the smart watch paired with the portable device via the wireless communication unit,
wherein the event includes a first event, a second event, and a third event, which occur in due order, and the notification information relates to a first notification corresponding to the first event, a second notification corresponding to the second event and a third notification corresponding to the third event,
display detail information for a latest event among the first event, the second event and the third event on the display in response to the motion sensor recognizing a predetermined motion of the portable device within a predetermined period of time that starts from a time when a signal related to the notification information of the event is received from the smart watch paired with the portable device, wherein the detail information includes at least one of contents of a message, contents of a mail, caller information or contents of a schedule corresponding to the second event, and
display occurrence information for the first event, the second event and the third event in response to the motion sensor recognizing the predetermined motion of the portable device after the predetermined period.

US Pat. No. 10,694,014

HAPTIC LOCOMOTION USING WIDE-BAND ACTUATOR

Apple Inc., Cupertino, C...

1. A method comprising:determining a target location and orientation of a mobile device on a surface;
determining a surface material type;
determining a current location of the mobile device on the surface based on the surface material type;
determining a current orientation of the mobile device based on motion data;
generating one or more waveforms based on the current and target mobile device locations and orientations;
responsive to the one or more waveforms, driving one or more actuators of the mobile device to move the mobile device on the surface;
measuring the motion of the mobile device on the surface resulting from driving the one or more actuators with the one or more waveforms;
based at least in part on the measuring, determining that the mobile device has reached the target location and orientation; and
initiating one or more actions on the mobile at the target location and orientation.

US Pat. No. 10,694,013

ELECTRONIC DEVICE WITH WATERPROOF STRUCTURE

Samsung Electronics Co., ...

1. A smart phone comprising:a rear cover;
a rear case bonded to the rear cover;
a fingerprint recognition sensor module disposed between the rear cover and the rear case and mounted to be exposed through at least a portion of the rear cover to enable an optical operation of the fingerprint recognition sensor module;
a decorating member which surrounds at least part of the fingerprint recognition sensor module, wherein at least part of the decorating member is exposed to an exterior of the smart phone; and
a waterproof structure disposed between the rear cover and the decorating member,
wherein the waterproof structure comprises:
a first structure extending in a horizontal direction outward from a part of the decorating member and surrounding a periphery of the fingerprint recognition sensor module, wherein the first structure and the part of the decorating member are integrally molded; and
a sealing member including elastic material and disposed on the first structure and contacting with a surface of the rear cover facing a first direction,
wherein when the rear cover is assembled in the smart phone the sealing member between the first structure and the rear cover is compressed by the rear cover to seal a gap between the first structure and the rear cover for preventing moisture from penetrating into the smart phone through the gap.

US Pat. No. 10,694,010

COVER SHEET AND INCORPORATED LENS FOR A CAMERA OF AN ELECTRONIC DEVICE

APPLE INC., Cupertino, C...

1. An electronic device comprising:an enclosure component defining a first portion of an external surface of the electronic device;
a display at least partially positioned within the enclosure component;
a cover sheet coupled to the enclosure component and defining a second portion of the external surface of the electronic device, the cover sheet having a recess defining a first curved contour profile; and
a camera system positioned below the cover sheet and comprising:
a camera module; and
a lens coupled to the camera module and defining a second curved contour profile that corresponds to the first curved contour profile of the recess thereby defining a uniform gap between the first curved contour profile of the cover sheet and the second curved contour profile of the lens, the lens positioned at least partially within the recess of the cover sheet.

US Pat. No. 10,694,009

COMMUNICATION SYSTEM HAVING AN ARRAY OF PUMPS AND METHOD OF USE THEREOF

Clean Energy Labs, LLC, ...

1. A communications system comprising:(a) a substrate; and
(b) an array of pumps comprising a plurality of electrically conductive gates mounted on the substrate and an electrically conductive sheet spaced apart from the plurality of electrically conductive gates, wherein
(i) the array of pumps are operable for operating at a first frequency to produce sound waves at a second frequency, and
(ii) the first frequency is higher than the second frequency.

US Pat. No. 10,694,008

METHOD AND DEVICE FOR PROCESSING DATA PACKETS

Koninklijke Philips N.V.,...

wherein Y corresponds to the received header value; andcalculating the size of the message based on the header value by applying the selected message size formula.

US Pat. No. 10,694,007

PREAMBLE DEFECT DETECTION AND MITIGATION

Seagate Technology LLC, ...

1. An apparatus comprising:a circuit configured to:
synchronize a sampling phase for sampling a signal pattern, including:
sample a preamble field of the signal pattern to obtain sample values;
split the sample values into a plurality of groups, each group of the plurality of groups including consecutively-obtained samples;
determine defect groups from the plurality of groups having samples corresponding to defects in the preamble field;
remove the defect groups from the plurality of groups; and
synchronize the sampling phase based on the plurality of groups.

US Pat. No. 10,694,006

GENERATION OF DESCRIPTIVE DATA FOR PACKET FIELDS

Barefoot Networks, Inc., ...

1. For a parser unit of a hardware forwarding element processing pipeline, a method comprising:receiving a packet for processing by a set of match-action stages of the processing pipeline;
storing packet header field values from a first set of packet header fields of the packet in a set of data containers, the first set of packet header fields for use by the set of match-action stages;
for a second set of packet header fields not used by the set of match-action stages, generating descriptive data that identifies locations of the second set of packet header fields within the packet; and
sending (i) the set of data containers to the set of match-action stages and (ii) packet data and the generated descriptive data outside of the set of match-action stages to a deparser that uses the packet data, generated descriptive data, and the set of data containers as modified by the set of match-action stages to reconstruct a modified packet, wherein:
the descriptive data generated for a particular packet header field comprises a starting location of the particular packet header field within the packet data and a length of the particular packet header field,
the starting location is a particular bit location and the length is a particular number of bits, and
the descriptive data for the particular packet header field further comprises checksum data for the particular packet header field.

US Pat. No. 10,694,005

HARDWARE-BASED PACKET FORWARDING FOR THE TRANSPORT LAYER

Akamai Technologies Inc.,...

1. A method for relaying packets performed by a host computer, the method comprising:(a) providing a host computer that includes:
(i) network interface hardware having a forwarding table;
(ii) circuitry forming at least one processor;
(iii) at least one software process executing on the at least one processor of the host computer;
(b) with the host computer:
(i) receiving a packet, via the network interface hardware;
(ii) providing a group of modes for handling the packet at the forwarding table, the group of modes comprising:
controller mode, and
fast mode, and
branch mode;
(iii) selecting a mode from the group of modes for handling the packet based on the content of the packet,
(iv) handling the packet in accord with the selected mode;
(v) wherein controller mode comprises the forwarding table forwarding the packet to the at least one software process to exercise a relaying function on the packet;
(vi) wherein branch mode comprises the forwarding table copying the packet to the at least one software process and synchronously relaying the packets to a destination device via the network interface hardware, said relaying performed based on a configuration of the forwarding table.

US Pat. No. 10,694,004

COMMUNICATION APPARATUS, CONTROL METHOD AND STORAGE MEDIUM

Canon Kabushiki Kaisha, ...

1. A communication apparatus, comprising:one or more processors; and
one or more memories including instructions that, when executed by the processor(s), cause the apparatus to:
receive a data frame of a frame format different from a frame format conforming to Ethernet;
determine whether to perform OpenFlow control on the received data frame;
convert the frame format of the received data frame into the frame format conforming to Ethernet in a case where it is determined that the OpenFlow control is performed,
wherein the communication apparatus does not convert the frame format of the received data frame into the frame format conforming to Ethernet in a case where it is determined that the OpenFlow control is not performed; and
perform, on the data frame of the frame format converted into the frame format conforming to Ethernet, the OpenFlow control to perform transfer processing based on a predetermined transfer rule.

US Pat. No. 10,694,003

SYSTEMS AND METHODS FOR DYNAMIC RECEIVE BUFFERING

Citrix Systems, Inc., Fo...

1. A system comprising:a device comprising one or more processors, coupled to memory, and intermediary to a client and a server and configured to establish a transport layer connection having a maximum segment size with the server responsive to a request from the client advertising a first window size for the transport layer connection, wherein the device is configured to advertise to the server a second window size that is set to the first window size;
a buffer allocated from the memory to store data received from the server via the transport layer connection;
wherein the device is configured to:
determine memory usage of the device is above a first predetermined threshold and below a second predetermined threshold;
increase, responsive to the determination, the second window size advertised to the server by a predetermined increment of the maximum segment size; and
increase, responsive to receiving additional data from the server, an amount of memory allocated to the buffer by a predetermined amount.

US Pat. No. 10,694,002

DATA COMPRESSION OPTIMIZATION BASED ON CLIENT CLUSTERS

EMC IP Holding Company LL...

1. A system for data compression optimization based on client clusters, the system comprising:a processor-based application stored on a non-transitory computer-readable medium, which when executed on a computer, will cause one or more processors to:
identify a cluster of similar client devices in a group of client devices, by comparing data compression factors that correspond to each client device in the group of client devices;
identify a relationship between data compression factors corresponding to the cluster and data compression ratios corresponding to the cluster;
identify a client device, in the duster, which corresponds to a data compression ratio that is inefficient relative to other compression ratios corresponding to other client devices in the cluster; and
output a data compression recommendation for the client device, based on data compression factors corresponding to the client device and the identified relationship between the data compression factors corresponding to the cluster and the data compression ratios corresponding to the cluster.

US Pat. No. 10,694,001

METHOD, APPARATUS AND SYSTEM FOR UPLOADING A FILE

Beijing Xiaomi Mobile Sof...

1. A method for uploading a file, comprising:receiving, by a router, a target file for uploading to a target server which is transmitted from a terminal;
determining, by the router, a feature value of the target file;
obtaining, by the router, a list of feature values of files for the target server, in which the feature value of each file stored in the target server is recorded;
transmitting, by the router, the target file to the target server, when the feature value of the target file is not in the list of feature values of files;
transmitting, by the router, the feature value of the target file to the target server, when the feature value of the target file is in the list of feature values of files,
when the target server receives the target file transmitted by the router, storing, by the target server, the target file and recording, by the target server, the target file as an uploading file of a login account of the terminal; and
when the target server receives the feature value of the target file transmitted by the router, recording, by the target server, a target file corresponding to the received feature value which is already stored in the target server as the uploading file of the login account of the terminal,
wherein a list of feature values of files corresponding to each account is stored in the target server;
wherein when the target server receives the feature value of the target file transmitted by the router, recording, by the target server, the target file corresponding to the received feature value which is already stored in the target server as the uploading file of the login account of the terminal comprises:
when the target server receives the feature value of the target file transmitted by the router and the feature value of the target file is not in a list of feature values of files which corresponds to the login account of the terminal, recording, by the target server, the target file which is already stored in the target server as the uploading file of the login account of the terminal.

US Pat. No. 10,694,000

BROWSER-BASED ANALYSIS OF CONTENT REQUEST MODE PERFORMANCE

Amazon Technologies, Inc....

1. A system comprising:one or more computer processors;
a computer readable memory accessible by at least one of the one or more computer processors, and
an executable browser module stored in the computer-readable memory, the browser module configured to:
determine, using a randomizing algorithm, a request type for each of a plurality of content requests to a content server, wherein the request type is determined from a group of request types comprising:
a first request type comprising a request, for a first version of requested content, to the content server without going through an intermediary server, wherein the browser module is to render the first version of requested content; and
a second request type comprising a request, to the intermediary server, for an at least partially pre-rendered second version of requested content that is different than the first version of the requested content, wherein the intermediary server provides the second version of the requested content, at least partially pre-rendered from the first version of the requested content, to the browser module;
record content load time measurements for the plurality of content requests;
determine whether a difference between a first distribution of a first portion of the content load time measurements associated with the first request type and a second distribution of a second portion of the content load time measurements associated with the second request type satisfies a statistical criterion;
in response to determining that the difference satisfies the statistical criterion, generate request configuration information indicating a preferred request type for content requests to the content server, wherein the preferred request type is associated with lower content load time measurements than a non-preferred request type;
determine a request type for a subsequent request for content hosted by the content server, wherein the determination of the request type for the subsequent request is biased toward determining to use the preferred request type, with a pseudo-random chance of determining to use a non-preferred request type instead of the preferred request type for the subsequent request without first changing the preferred request type; and
establish a connection with either the content server or the intermediary server based on the determined request type for the subsequent content request.

US Pat. No. 10,693,999

METHOD AND SERVER FOR DISPLAYING ACCESS CONTENT

ALIBABA GROUP HOLDING LIM...

1. A method for displaying access content, the method comprising:receiving an access request for transaction records of a first user;
determining, according to the access request of the first user, access content including the transaction records requested by the first user;
determining a second user identifier comprised in the access content for identifying a second user, wherein the second user is different from the first user and the transaction records indicate that the second user had a financial transaction with the first user;
determining a presentation identifier corresponding to the second user according to the determined second user identifier, wherein the presentation identifier includes at least one picture showing a logo of the second user for identifying the second user,
wherein:
if one presentation identifier corresponding to the second user is determined according to the determined second user identifier, using the determined presentation identifier as the presentation identifier corresponding to the second user; and
if multiple presentation identifiers corresponding to the second user are determined according to the determined second user identifier, determining a language of the access content to be returned to the first user, and determining, according to a correspondence between languages of access content and presentation identifiers of the second user, a presentation identifier corresponding to the language of the access content to be returned to the first user, the languages comprising at least English language; and
returning the access content to the first user, wherein the access content comprises the presentation identifier.

US Pat. No. 10,693,998

SYSTEMS AND METHODS FOR CREATING APPLICATION RATINGS

NortonLifeLock Inc., Tem...

1. A computer-implemented method for creating application ratings, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:determining that a user device has downloaded an application;
monitoring the usage of the application on the user device, wherein monitoring the usage comprises:
identifying a total amount of time for which the application is used on the user device; and
identifying a total amount spent by the user on the application, the total amount comprising an initial cost of the application and a cost of any subsequent in-App purchases;
deducing a value of the application based at least in part on the monitored usage, wherein the deducing comprises deducing the value based on:
the total amount spent by the user on the application; and
the total amount of time for which the application is used on the user device; and
creating a rating for the application that indicates the deduced value of the application, wherein the rating comprises a ratio indicating a cost of the application relative to a time measurement.

US Pat. No. 10,693,997

NETWORK BASED MACHINE LEARNING GENERATED SIMULATIONS

SAP SE, Waldorf (DE)

1. A computer implemented method comprising:sending, from a server system to a client system across a network, first code, the first code comprising a programmable calculator, the programmable calculator configured to generate a simulated value for a target field based on a scoring data structure and user selected values for a plurality of fields;
sending, from the server system to a database, a data request, the data request configured to retrieve data from the database comprising the plurality of fields and the target field;
processing the retrieved data using a machine learning algorithm to produce a weight for each field of the plurality of fields and the scoring data structure, each weight indicating a contribution of a corresponding field to the target field, the scoring data structure storing the weight for each field of the plurality of fields;
sending the plurality of fields and the scoring data structure to the client system across the network,
wherein the programmable calculator is configured to generate the simulated value for the target field based on the user selected values and the weight for each field of the plurality of fields stored in the scoring data structure.

US Pat. No. 10,693,996

SYSTEM AND METHOD FOR IMPROVING EFFICIENCY OF A REMOTE COMPUTING DEVICE

Click Therapeutics, Inc.,...

1. A method, comprising:maintaining, by a server including one or more processors, a profile associated with a user of an application executing on a remote computing device, the profile identifying a plurality of performance metrics for a corresponding plurality of routines specifying actions performed by the user, each performance metric of the plurality of performance metrics indicating a degree of efficacy of a corresponding action in addressing a condition associated with the user;
transmitting, by the server, responsive to receiving data from the application of the remote computing device, first instructions to the remote computing device to cause the remote computing device to present a first prompt for the user to perform a first action specified by a first routine;
receiving, by the server, from the remote computing device, a response relating to the first action specified by the first routine;
logging, by the server, on an activity log for the user associated with the profile, an entry identifying the first routine, the response relating to the first action specified by the first routine, and a timestamp corresponding to a time at which the response was transmitted or received;
updating, by the server, using the entry identifying the first routine, a performance metric for the first routine identified in the profile;
selecting, by the server, using the updated performance metric of the first routine and a second performance metric of a second routine specifying a second action, the second routine to provide to the remote computing device responsive to receiving subsequent data from the application of the remote computing device; and
transmitting, by the server, second instructions to the remote computing device to cause the remote computing device to present a second prompt for the user to perform the second action specified by the second routine.

US Pat. No. 10,693,995

MESSAGE EXECUTION SERVER AND CONTROL METHOD

Canon Kabushiki Kaisha, ...

1. A message execution system that executes a process based on a message, which is registered in a queue by a message registration system, the message execution system comprising:a memory storing instructions; and
a processor executing the instructions to:
acquire the message from the queue;
execute the process based on the acquired message; and
register, to the queue, a message for executing a remained process based on the message which is interrupted when a predetermined period of time passes after the process based on the acquired message has started executing,
wherein, to the registered message, a delay time, which indicates a period of time to make the registered message unavailable from the queue, is set,
wherein a progress status of the process based on the acquired message is registered to a data store with an identifier of the acquired message, when the process based on the acquired message is interrupted, and
wherein the progress status of the message registered to the data store is confirmed by using the identifier of the acquired message when the message is acquired from the queue, and the remained process based on the message is executed according to the confirmed progress status.

US Pat. No. 10,693,994

METHOD, APPARATUS, AND ELECTRONIC DEVICE FOR PROCESSING CONSENSUS REQUESTS IN A BLOCKCHAIN CONSENSUS NETWORK

ALIBABA GROUP HOLDING LIM...

1. A method, comprising:determining, by a processor, a pending request set, the pending request set including pending consensus requests of a blockchain consensus network;
obtaining, by the processor, the pending consensus requests from the pending request set to form a plurality of subsets, wherein each of the subsets comprises one or more respective pending consensus requests that are obtained from the pending request set, wherein at least one of the subsets comprises a plurality of pending consensus requests that are obtained from the pending request set;
determining, by the processor, a number of the subsets that are in a consensus stage in the blockchain consensus network; and
when the number of the subsets that are in the consensus stage is less than a preset concurrent number of the blockchain consensus network, issuing, by the processor, a consensus proposal for a new subset of the subsets to the blockchain consensus network to cause the new subset to enter the consensus stage to process the new subset's pending consensus requests, wherein the preset concurrent number is an upper limit of the number of the subsets that are permitted to be simultaneously in the consensus stage in the blockchain consensus network.

US Pat. No. 10,693,993

BUILDING SERVICES CONTROL

Eight Inc. Design Singapo...

1. A system for controlling building services, the system including:a) a services array supporting a collection of different types of service devices, each type for providing a respective service;
b) an electronic controller that communicates with a client device to:
i) determine a selected profile defining service device settings associated with each of all the different types of service devices supported by the services array, the service device settings for enabling the collection of service devices to provide a desired condition; and,
ii) control the collection of service devices supported by the services array in accordance with the service device settings defined by the profile to thereby
at least partially control building services to provide the desired condition.

US Pat. No. 10,693,992

APPARATUS AND METHOD FOR PROVIDING STREAMING SERVICE

Samsung Electronics Co., ...

1. A method for operating a terminal providing a streaming service, the method comprising:detecting a streaming operation for the streaming service;
identifying a request type for the streaming service when the streaming service is a streaming acceleration supportable service;
estimating a network status associated with the detected streaming operation including at least one of a bandwidth and a per-session throughput;
determining a number of multiple sessions for simultaneously receiving at least one of metadata and streaming data from a streaming server, based on the estimated network status;
performing a streaming acceleration for the detected streaming operation based on the determined number of multiple sessions, wherein the streaming acceleration is performed according to the request type for the streaming service, and wherein performing the streaming acceleration includes pre-fetching, using the number of multiple sessions, at least one of the metadata and the streaming data in units corresponding to the request type for the streaming service; and
sharing a rule associated with the streaming acceleration with a server.

US Pat. No. 10,693,991

REMOTE BROWSING SESSION MANAGEMENT

Amazon Technologies, Inc....

1. A system configured to manage caching of a network resource in a networked computing environment, the system comprising a processor and a memory, wherein the processor executes computer-executable instructions stored in the memory to:determine predicted network resources, wherein individual predicted network resources are associated with a probability of being requested by individual client devices in a first geographic region, wherein the predicted network resources are determined based at least in part on historical information identifying resource requests in a plurality of resource requests received in the first geographic region, and wherein the predicted network resources are selected from network resources associated with a probability greater than a threshold probability based at least in part on the historical information; and a caching component comprising one or more computing devices configured to:
in response to receiving a request from a client computing device at a first geographic location for a network resource and determining that the requested network resource is not cached:
determine that the first geographic location is within the first geographic region;
identify a predicted network resource associated with the requested network resource, wherein the predicted network resource is associated with the requested network resource based at least in part on the historical information, and wherein the predicted network resource is associated with a first probability of being requested that is determined based at least in part on the first geographic region;
determine, based at least in part on an expiry header associated with the predicted network resource, a second probability that the predicted network resource will expire before it is requested;
obtain the requested network resource and the predicted network resource;
cache the predicted network resource based at least in part on the first probability and the second probability; and
provide, to the client computing device, the predicted network resource independently of a request from the client computing device for the predicted network resource.

US Pat. No. 10,693,990

INFORMATION PROCESSING SYSTEM, METHOD OF DATA TRANSMISSION, AND INFORMATION PROCESSING DEVICE

FUJITSU LIMITED, Kawasak...

1. An information processing system comprising:a first storage device;
a first information processing device coupled to the first storage device and including a first memory and a first processor coupled to the first memory; and
a second information processing device including a second memory and a second processor coupled to the second memory,
wherein the first processor is configured to perform:
receiving a first request requesting data,
transmitting the first request to a third information processing device,
receiving the data from the third information processing device,
storing the data in the first storage device, and
notifying the second information processing device of information indicating that the data is stored in the first storage device,
the second processor is configured to perform:
receiving a second request requesting the data from a device,
changing, based on the information, a destination of the second request to the first information processing device, and
transmitting the second request of which the destination is changed to the first information processing device,
the first processor is further configured to perform:
transmitting the data stored in the first storage device to the second information processing device in response to receiving the second request from the second information processing device, and
the second processor is configured to:
transmitting, to the device, the data received from the first information processing device as a response to the second request.

US Pat. No. 10,693,989

BROKERING SERVICES FROM PARTNER CLOUD PLATFORMS

SAP SE, Walldorf (DE)

1. A computer-implemented method, comprising:receiving, from a developer and at a Proxy Service Broker on a Hoster Platform as a Service (PaaS), a request for a Service Catalog comprising PaaS services available from a Partner PaaS, wherein the Proxy Service Broker on the Hoster PaaS brokers the PaaS services run by the Partner PaaS by mapping Partner PaaS service creation, and binding service calls to corresponding calls on the Partner PaaS;
initiating creation, by the developer using the Proxy Service Broker, of an instance of a Partner PaaS service selected from the Service Catalog;
generating, by the Proxy Service Broker, a unique service identifier for the instance of the Partner PaaS service to avoid name clashes on the Partner PaaS;
transmitting, using the Proxy Service Broker, a call to a Partner Service Broker on the Partner PaaS to create the instance of the Partner PaaS service executing on the Partner PaaS;
deploying, by the developer, an Application on the Hoster PaaS to consume the instance of the Partner PaaS service;
binding, by the developer, the Application deployed on the Hoster PaaS to the instance of the Partner PaaS service executing on the Partner PaaS; and
directly consuming the Partner PaaS service executing on the Partner PaaS and bound to the Application deployed on the Hoster PaaS by using Hoster PaaS consumer credentials and without requiring Partner PaaS consumer credentials.

US Pat. No. 10,693,988

REACTIVE API GATEWAY

Accenture Global Solution...

1. A computer-implemented method for processing application programming interface (API) calls, the method comprising:receiving, by a proxy system and from a first user agent, an API call that relates to a service provided by a first service subsystem, wherein the proxy system is configured as a proxy for a plurality of service subsystems including the first service subsystem;
routing, by the proxy system, the API call to the first service subsystem to cause the first service subsystem to perform an operation responsive to the API call and to communicate a result of the operation to a messaging system, wherein the messaging system is distinct from both the proxy system and the first service subsystem and is configured to publish messages from each of the plurality of service subsystems for which the proxy system is configured as a proxy;
receiving, by the proxy system and from the messaging system rather than directly from the first service subsystem, an indication of the result of the first service subsystem's performance of the operation responsive to the API call from the first user agent; and
in response to receiving the indication of the result of the first service subsystem's performance of the operation responsive to the API call from the first user agent, returning a message that is based on the indication of the result to one or more user agents associated with a user of the first user agent.

US Pat. No. 10,693,987

SYSTEMS AND METHODS FOR ENSURING PRESENTATION OF IN-APPLICATION MESSAGES

Braze, Inc., New York, N...

1. A method performed by a software application on a user computing device for presenting a message to a user of the computing device, comprising:sending a communication to a registration server;
receiving message data from a messaging server after the step of sending a communication to the registration server has been performed, where the received message data instructs the software application to present a message to the user;
checking to determine if the software application has already presented the message to the user; and
causing the message to be presented to the user if the software application has not already caused the message to be presented to the user, and wherein receipt of the message data causes the software application to ignore any subsequently received push notifications that include the same messaging data that was included in the message data received from the messaging server.

US Pat. No. 10,693,986

NOTIFICATION EXTENSIONS FOR APPLICATIONS

Apple Inc., Cupertino, C...

1. A method comprising:receiving, by a user device, a notification from a notification server;
presenting, by the user device, a first graphical notification representing the notification;
receiving, by the user device, a first user input selecting the first graphical notification;in response to the first user input, determining, by the user device, whether the first graphical notification specifies a content category;in response to determining that the first graphical notification specifies a particular content category, invoking, by the user device, a content extension associated with the particular content category of the first graphical notification, the content extension being configured to define presentation of notification content and graphical elements for the particular content category within a second graphical notification;
presenting, by the user device, the second graphical notification including at least the notification content and the graphical elements generated by the content extension; and
in response to determining that the first graphical notification does not specify a content category: presenting, by the user device, a third graphical notification using default notification presentation features for the user device.

US Pat. No. 10,693,985

USER SUBSCRIPTION TO CONTENT

Oath Inc., New York, NY ...

1. A method of facilitating user subscription to content from a content provider, the method involving a computing device comprising a processor, and the method comprising:executing, on the processor, instructions that cause the computing device to perform operations, the operations comprising:
displaying a message interface used to provide access to one or more messages associated with a user message address of a user;
evaluating a potential content provider against approval criteria to determine an approval rating for the potential content provider;
responsive to the approval rating exceeding an approval threshold, identifying the potential content provider as a content provider;
generating a content recommendation for subscribing to content of the content provider;
populating the message interface with the content recommendation; and
responsive to the user interacting with the content recommendation:
displaying a subscribe option through the message interface; and
responsive to the user accepting the subscribe option, facilitating creation of a user subscription to the content from the content provider.

US Pat. No. 10,693,984

AUTOMATED MOBILE DEVICE NOTIFICATION ROUTING

International Business Ma...

1. A mobile device notification improvement method comprising:receiving, by a processor of a notification server hardware device, notification routing data associated with routing notifications to a plurality of mobile hardware devices of a user;
receiving, by said processor, a list describing said mobile hardware devices of said user;
querying, by said processor, said plurality of mobile devices to determine that alternative types of notifications are configured to be routed to and between differing devices of said plurality of mobile devices;
associating, by said processor based on said notification routing data and results of said querying, specified notifications of said routing notifications with specified devices of said plurality of mobile hardware devices of said user;
receiving, by said processor, a request for transmitting a notification to said user;
analyzing, by said processor based on results of said associating, content of said notification;
additionally associating, by said processor, results of said analyzing with said list describing said mobile hardware devices of said user;
transmitting, by said processor to a specified mobile hardware device of said plurality of mobile hardware devices based on results of said additionally associating, said notification;
detecting, by said processor via execution of sensors, routing preferences of said user;
determining, by said processor, that said notification should be rerouted to an additional mobile hardware device of said plurality of mobile hardware devices based on said routing preferences and a specified alert type associated with said notification; and
enabling, by said processor, a transfer of said notification from said specified mobile hardware device to said additional mobile hardware device.

US Pat. No. 10,693,983

METHOD FOR MONITORING A STATUS IN FORM OF PRESENCE AND/OR ABSENCE OF A NETWORK ENTITY

NEC CORPORATION, Tokyo (...

1. A method for monitoring, by a presence service, a presence status of a network entity in a software defined network (SDN), wherein the SDN includes one or more forwarding elements configured to recognize and apply one or more actions on forwarded packets, the method comprising:receiving a subscription request including a network entity identifier for the network entity;
creating one or more entries for the network entity in one or more monitored entities data structures, wherein the one or more entries for the network entity include the presence status of the network entity;
discovering, via an edge switch, the network entity;
setting, in response to the discovering, the presence status of the network entity as online;
installing an absence detection flow table entry at the edge switch, wherein the absence detection flow table entry specifies an idle timeout period after which the absence detection flow table entry is to be deleted from the edge switch if no keepalive packet destined for the presence service is received from the network entity;
receiving a notification from the edge switch that the absence detection flow table entry has been deleted; and
setting the presence status of the network entity as offline in response to receiving the notification,
wherein the one or more monitored entities data structures include a monitored entities table and an entities location table, and
wherein the presence status of the network entity is included in an entry in the monitored entities table.

US Pat. No. 10,693,982

INTERNET ACTIVITY, INTERNET CONNECTIVITY AND NEARBY WI-FI AND LOCAL NETWORK DEVICE PRESENCE MONITORING SENSOR

Alarm.com Incorporated, ...

1. A method performed by one or more computers, the method comprising:determining an alarm event for a property has been triggered;
in response to determining that the alarm event for the property has been triggered, determining whether there was an abnormality associated with a network of the property when the alarm event was triggered,
wherein determining whether there was an abnormality associated with the network of the property when the alarm event was triggered includes determining whether there was a device connected to the network that was not a known device when the alarm event was triggered; and
in response to determining that there was not an abnormality associated with the network of the property when the alarm event was triggered, determining that the alarm event is likely to be a false alarm.

US Pat. No. 10,693,981

PROVISIONING PERSONALIZED CONTENT RECOMMENDATIONS

Outbrain Inc., New York,...

1. A system comprising:a memory comprising instructions; and
a processing device operatively coupled to the memory, the processing device to execute the instructions to:
establish a plurality of content recommendation sets, wherein each of the plurality of content recommendation sets comprises a plurality of content recommendations each associated with a long-term user engagement measurement, wherein a first content recommendation set is associated with a first long-term user engagement measurement indicating a first click through rate (CTR) for a first geographic location;
generate a first grade associated with each of a first plurality of content recommendations in the first content recommendation set;
generate a user profile associated with a first user, wherein the user profile comprises registration information provided by the first user executing PA an online registration process;
collect activity information associated with the first user, wherein the activity information indicates the first user is associated with the first geographic location;
generate a second grade associated with each of the plurality of content recommendations in the first content recommendation set, wherein the second grade is generated by adjusting the first grade in view of the registration information associated with a user login and the activity information;
identify a first content recommendation of the plurality of content recommendations based on the second grade; and
cause a display of the first content recommendation to the first user.

US Pat. No. 10,693,980

DETERMINING A DURATION CONTENT IS VISIBLE TO A USER OF AN ONLINE SYSTEM

FACEBOOK, INC., Menlo Pa...

1. A method comprising:receiving a content item from an online system at a client device associated with a user of the online system, the content item including a network address for accessing a web page, the web page including instructions that, when executed by the client device, cause the client device to:
obtain a visibility state of an application presenting the web page, the visibility state indicating whether at least a threshold amount of the web page is presented on a display device of the client, the visibility state further indicating if the application has closed the web page, the obtaining in response to the client device identifying that an action performed by a user of the client device matches one or more actions that are specified by the instructions included in the page of content,
obtain a time when the visibility state was obtained, and
generate an identifier corresponding to execution of the instructions by the client device;
presenting the content item on the client device;
receiving a selection of the network address in the presented content item at the client device;
presenting the web page identified by the content item in the application executing on the client device in response to receiving the selection of the network address in the presented content item;
executing the instructions included in the web page identified by the content item in response to presenting the web page; and
transmitting the visibility state in association with the time and the identifier from executing the instructions to the online system.

US Pat. No. 10,693,979

THIRD PARTY VALIDATION OF WEB CONTENT

CLOUDFLARE, INC., San Fr...

1. A method in a first server, comprising:receiving, from a client network application, a first request for a first network resource;
retrieving the requested first network resource, wherein the requested first network resource is handled by a second server that is different than the first server;
validating whether at least a portion of the retrieved first network resource conforms to a set of one or more rules;
responsive to determining that the at least the portion of the retrieved first network resource conforms to the set of one or more rules, cryptographically signing the at least the portion of the retrieved first network resource thereby creating a digital signature;
transmitting a first response to the client network application that includes the at least the portion of the retrieved first network resource and the digital signature;
determining that the requested first network resource includes a reference to a second network resource;
retrieving the second network resource;
storing the retrieved second network resource in cache available to the first server;
receiving, from the client network application, a second request for the second network resource, wherein the second request for the second network resource is received after the step of retrieving the second network resource;
retrieving the second network resource from the cache available to the first server; and
transmitting a second response to the client network application that includes at least the retrieved second network resource.

US Pat. No. 10,693,978

SYSTEMS AND METHODS FOR DATA ROUTING MANAGEMENT

Comcast Cable Communicati...

1. A method, comprising:receiving, by a communication processing system, a communication request directed to an address;
determining a performance capability for one or more computing devices of a first logical grouping of computing devices, wherein each computing device of the first logical grouping of computing devices is associated with a respective device identifier;
determining, based on the performance capability, a computing device of the first logical grouping of computing devices to process the communication request; and
sending, to the determined computing device based on the respective device identifier of the determined computing device, the communication request.

US Pat. No. 10,693,977

METHOD AND SYSTEM FOR IMPLEMENTING DUAL NETWORK TELEMETRY APPLICATION PROGRAMMING INTERFACE (API) FRAMEWORK

CenturyLink Intellectual ...

1. A method, comprising:receiving, with a computing system, customer network telemetry data via a gateway application programming interface (“API”), the customer network telemetry data comprising information regarding a local area network (“LAN”) associated with one or more user devices and information regarding a gateway device that connects the one or more user devices to one or more service provider networks;
receiving, with the computing system, service provider network telemetry data via a network API, the service provider network telemetry data comprising information regarding the one or more service provider networks and information regarding at least one network equipment in each of the one or more service provider networks;
analyzing, with the computing system, the received customer network telemetry data and the received service provider network telemetry data to determine one or more first instructions to send to the LAN to cause one or more first nodes in the LAN to perform at least one first action and to determine one or more second instructions to send to each of the one or more service provider networks to cause one or more second nodes in each of the one or more service provider networks to perform at least one second action;
sending, with the computing system, the one or more first instructions to the one or more first nodes in the LAN, the one or more first instructions causing the one or more first nodes to perform the at least one first action; and
sending, with the computing system, the one or more second instructions to the one or more second nodes in each of the one or more service provider networks, the one or more second instructions causing the one or more second nodes to perform the at least one second action,
wherein at least one of the gateway device or the one or more first nodes in the LAN identifies one or more first shared objects in the LAN, wherein the one or more first shared objects in the LAN have received user authorization to be shared, and broadcasts to one or more third nodes in the LAN or the service provider network an indication that the one or more first shared objects are available to be shared, the one or more first shared objects each being an abstraction of at least one of information or one or more resources that exist in the LAN, wherein the one or more resources comprise at least one of physical network resources, logical network resources, virtual resources, or application layer resources.

US Pat. No. 10,693,976

METHOD AND SYSTEM FOR DYNAMIC DISCOVERY OF SERVICE FUNCTIONS

ORANGE, Paris (FR)

1. A discovery method for dynamically discovering service functions in an IP network comprising at least one Policy Decision Point (“PDP”) node responsible for taking decisions relative to the structuring of a service relying on a set of service functions, referred to as “SF” functions, and for notifying the decisions to other nodes of said IP network, and at least one “SF” node associated with at least one SF function hosted on said SF node or accessible via said SF node, said method comprising the following acts:the PDP node receiving an announcement message sent by the SF node, said announcement message indicating at least one identifier and a location of said SF function associated with the SF node; and
the PDP node updating a list of SF functions on the basis of information taken from said announcement message,
wherein said service functions enable performing processing that is differentiated depending on a nature of data traffic being transported in the IP network.

US Pat. No. 10,693,975

CAPACITY SCALING OF NETWORK RESOURCES

Red Hat, Inc., Raleigh, ...

1. A method comprising:receiving, by a processing device of a first server, a first request from a client device, wherein the first request includes a task and a host name assigned to an internet protocol (IP) address of a second server at a first data center to perform the task;
determining that a resource availability of the first data center is less than a resource availability of a second data center;
in response to determining that the resource availability of the first data center is less than the resource availability of the second data center:
redirecting the first request from the IP address of the second server at the first data center to an IP address of a third server at the second data center; and
sending a second request to the first data center to migrate a virtual machine executing on the second server at the first data center to the third server at the second data center.

US Pat. No. 10,693,974

MANAGING BROWSER SESSION NAVIGATION BETWEEN ONE OR MORE BROWSERS

Citrix Systems, Inc., Fo...

1. A computing device comprising:a processor; and
memory storing computer-executable instructions that, when executed by the processor, cause the computing device to:
receive, from a server device and via a remote presentation protocol, a browser window display output of a first page of content, the content being generated by a browser application executable at the server device;
display, via a display of the computing device, the browser window display output of the first page of content;
execute, at the computing device, an instance of a local browser window;
display, via the instance of the local browser window and via the display of the computing device, the first page of content;
receive, via the local browser window, a navigation command to navigate to a second page of content; and
based on the navigation command to navigate to the second page of content, synchronize a first browsing history of the browser application executable at the server device with a second browsing history of the instance of the local browser window executable at the computing device, such that the second page of content is added to the first browsing history.

US Pat. No. 10,693,973

SYSTEM AND METHOD FOR WORK DISTRIBUTION IN A FOG NETWORK VIA CODE OFFLOADING

Wistron AiEDGE Corporatio...

1. A method comprising:determining whether resources are available at a second fog network node for code offloading;
granting a token in response to determining resources are available;
creating a container for the second fog network node in response to grant of an unexpired token;
attaching the unexpired token to the created container;
designating an application program for execution on a first fog network node;
determining a need to offload execution of at least one portion of the application program for execution in the second fog network node;
accessing a registry to identify and locate a container image;
loading the identified container image in the second fog network node;
starting a container hosted by the second fog network node in response to the container image being loaded;
executing a second executable of the application program in the second fog network node; and
returning a result from executing the second executable in the second fog network node to the first fog network node.

US Pat. No. 10,693,972

SECURE CROSS-DOMAIN SESSION STORAGE

salesforce.com, inc., Sa...

1. A method for webpage domain handling, comprising:receiving, at a host server, a request to load a cross-domain application on a first container webpage, the first container webpage corresponding to a first web domain;
loading, in the first container webpage, an inline frame enclosed document corresponding to the cross-domain application, wherein the inline frame enclosed document is hosted by the host server and associated with a host web domain;
receiving an indication of a webpage switch to a second container webpage corresponding to a second web domain different than the first web domain and the host web domain; and
reloading, in the second container webpage, the inline frame enclosed document based at least in part on the host web domain, wherein the inline frame enclosed document is hosted by the host server and associated with the host web domain, wherein the host web domain is different than the first web domain and the second web domain.

US Pat. No. 10,693,971

IDENTIFYING THE BEST SUITABLE APPLICATION TO OPEN A FILE SHARED VIA A LINK

Microsoft Technology Lice...

1. A method comprising:receiving, by an operating system of a device, a request to access a resource via a uniform resource locator included in a communication;
analyzing, by the operating system of the device, the uniform resource locator to determine a pattern of the uniform resource locator;
determining that multiple applications, installed on the device, have previously registered to open resources that are associated with the pattern;
obtaining, by the operating system of the device and from a network service associated with the uniform resource locator, a ranked list of applications authorized to open the resource;
identifying, by the operating system of the device and based on the ranked list of applications, a highest ranked application of the multiple applications;
invoking the highest ranked application to open the resource;
obtaining, by the highest ranked application and from the network service associated with the uniform resource locator, one or more capabilities associated with at least one of opening the resource or enabling interactions with contents of the resource, the one or more capabilities being generated based on the contents of the resource;
determining whether the highest ranked application possesses the one or more capabilities; and
opening the resource based on the determining whether the highest ranked application possesses the one or more capabilities.

US Pat. No. 10,693,970

SERVICING OF STORAGE DEVICE SOFTWARE COMPONENTS OF NODES OF A CLUSTER STORAGE SYSTEM

NetApp Inc., Sunyvale, C...

1. A method comprising:receiving, by a first node, an access request from a client device for a data container stored on shared storage accessible over a network to the first node and a second node;
retrieving, by the first node over the network from the second node, stored session data for a prior session where the data container was accessed using a stored user identifier and a stored data container handle;
comparing the stored user identifier and the stored data container handle to a user identifier and a data container handle of the access request to determine whether the client device accessed the data container through the prior session with the second node based upon the user identifier matching the stored user identifier and the data container handle matching the stored data container handle; and
validating and performing the access request upon the data container by the first node based upon the client device being associated with the prior session with the second node, otherwise, denying the access request.

US Pat. No. 10,693,969

ELECTRONIC DEVICE USING LOGICAL CHANNELS FOR COMMUNICATION

Samsung Electronics Co., ...

1. A method for operating an electronic device, the method comprising:executing, by at least one processor of the electronic device, an application program to interface with a framework interface;
routing, by the framework interface, data associated with the application program between the application program and two or more communication modules via a plurality of logical channels,
wherein the framework interface is configured to assign at least part of the data to a plurality of logical channels based on information received from the application program and select two or more different communication protocols based on the information received from the application program,
wherein the two or more communication modules operate according to the selected two or more different communication protocols, and
wherein the framework interface is configured to select at least one of the one or more communication modules for at least part of the data; and
controlling the two or more communication modules to transmit a message including the at least part of the data that is routed via each of the plurality of logical channels to one or more external electronic devices,
wherein a communication is performed based on one or more channel identifiers, each of which is indicative of a respective one of one or more logical channels, and
wherein the one or more channel identifiers are used to indicate the one or more logical channels or sessions on which the data is to be delivered.

US Pat. No. 10,693,968

SECURE BINDING WORKFLOW

Pivotal Software, Inc., ...

1. A system comprising one or more computers and one or more storage devices storing instructions that, when executed by the one or more computers, cause the one or more computers to perform operations comprising:receiving a service bind request for an application in a cloud application platform system, wherein the service bind request comprises a request to bind a service provided by a service host in the cloud application platform system, wherein the service bind request specifies (i) an identifier for the service and (ii) a unique identifier for the application;
receiving, from the service host, credentials for the application to access the service;
providing the credentials to a secure credential hub installed on the cloud application platform system, wherein the secure credential hub stores the credentials in association with a credential location identifier;
granting, to the unique identifier for the application, read access to the credential location identifier; and
storing the credential location identifier as application metadata for the application.

US Pat. No. 10,693,967

DATA CONNECTION ESTABLISHMENT METHOD, SERVER, AND MOBILE TERMINAL

Huawei Technologies Co., ...

1. A method, comprising:sending, by a first client, a first connection request to a server, wherein the first connection request comprises a first address of the first client;
searching, by the server, a storage device for a second client according to the first address of the first client, wherein the storage device is configured to store an identifier of each of a plurality of clients that have established a connection to the server, and configured to store a first address and a second address of each of the plurality of clients that have established the connection to the server, and wherein the second client belongs to a same local area network as the first client; and
in response to the server finding the second client, reading, by the server, a second address of the second client from the storage device, and returning a first reply message to the first client, wherein the first reply message comprises the second address of the second client;andin response to receiving the first reply message, establishing, by the first client, a connection to the second client according to the second address of the second client.

US Pat. No. 10,693,966

SYSTEM FOR DISTRIBUTED INTELLIGENT REMOTE SENSING SYSTEMS

FYBR, Chesterfield, MO (...

1. An Internet of things (IoT) system including a distributed system of virtual machines, the IoT system comprising:at least one IoT platform system control engine, each of the at least one IoT platform system control engine includes a IoT platform system control engine secure system space and a IoT platform system control engine user defined space;
at least one IoT network node device communicable with the at least one IoT platform system control engine through a network, each of the at least one IoT network node device includes a IoT network node device secure system space and an IoT network node device user defined space;
at least one IoT edge device communicable with the at least one IoT network node device and the to least one IoT platform system control engine through the network, each of the at least one IoT edge device includes an edge device secure system space and an edge device user defined space;
wherein the IoT platform system control engine secure system space, the IoT network node device secure system space, and the edge device secure system space are each configured to be secured to prevent unauthorized access; and
wherein, the IoT platform system control engine user defined space, the IoT network node device user defined space and the edge device user defined space each define a respective virtual machine configured to receive and execute user defined instructions to form the distributed system of virtual machines.

US Pat. No. 10,693,965

STORING DATA IN DISTRIBUTED SYSTEMS

Alibaba Group Holding Lim...

1. A computer-implemented method executed by one or more processors, the method comprising:receiving, by the one or more processors, a user input comprising a service request;
generating, by the one or more processors, a service response to the service request;
subsequent to generating the service response, receiving, by the one or more processors, a request to update data stored on a distributed data storage system that comprises a primary server and a plurality of secondary servers, the request comprising data updates, the primary server being randomly selected, wherein the data updates are associated with the service request;
sending, by the one or more processors, an update log instruction to the primary server and the plurality of secondary servers, wherein at least one of the primary server and the plurality of secondary servers records a log associated with the request;
determining, by the one or more processors, that a log operation was completed, wherein the log has been recorded by a first secondary server of the plurality of secondary servers;
in response to determining that the log operation was completed by the first secondary server of the plurality of secondary servers, sending, by the one or more processors, a data storage instruction to the primary server and the first secondary server of the plurality of secondary servers, wherein each of the primary server and the first secondary server stores the data updates; and
sending, by the one or more processors, a null-operation instruction to a second secondary server, wherein the null-operation instruction is used to instruct the second secondary server to perform no operation with respect to the data updates to reduce a number of copies of the data updates.

US Pat. No. 10,693,964

STORAGE UNIT COMMUNICATION WITHIN A STORAGE SYSTEM

Pure Storage, Inc., Moun...

1. A storage system, comprising:a first network coupling a plurality of storage nodes of the storage system, the storage nodes cooperative to store and retrieve user data across the storage nodes and in storage units; and
a second network coupling at least a storage unit of a first storage node of the plurality of storage nodes to a storage unit of a second storage node of the plurality of storage nodes, wherein the storage unit of the first storage node is configurable to transmit a command to the storage unit of the second storage node via the second network without the command passing through the first network, and wherein each storage unit of the first storage node and each storage unit of the second storage node includes storage memory.

US Pat. No. 10,693,963

ON-DEMAND WORKLOAD MANAGEMENT IN CLOUD BURSTING

International Business Ma...

1. A computer-based method for on-demand workload management between a first deployment model of a computing infrastructure and a second deployment model of a computing infrastructure, the method comprising:executing one or more software components of at least one application receiving transaction requests on a first processing node accessing at least one file server with persistent data in at least one database, wherein the transaction requests are tracked using tokens and each of the tokens include a thread identifier for a thread handling each of the transaction requests, the first processing node is managed by at least one controller in a first deployment model of a computing infrastructure;
performing enhanced transaction tracing analytics through use of instrumentation of the first processing node and the file server-for tracking which files in which table in which database in the first processing node in the file server are being requested;
parsing the transaction requests tracked by the instrumentation into a set of common structures for analysis;
creating a transaction-data map of transaction requests received by the controller to data resources in the file server by analyzing the set of common structures; and
using the transaction-data map to identify which of the one or more software components and corresponding data resources in the file server to move over to a second processing node in a second deployment model of a computing infrastructure.

US Pat. No. 10,693,962

LANGUAGE AND MECHANISM FOR MODELING AND EXPORTING STORAGE PLATFORM TOPOLOGIES, ATTRIBUTES, AND BEHAVIORS

EMC IP Holding Company LL...

1. A method of generating a middleware custom model, comprising:receiving a storage platform description expressed at least in part in a domain specific language, wherein the storage platform description describes a storage platform and includes a translation rule defining how the middleware custom model exports information and the storage platform description correlates adapter-generated code with at least one object output by a storage platform;
applying the translation rule to the storage platform description, wherein the translation rule includes at least one export rule defining export of a class into a target third party data structure;
programmatically generating, based at least in part on the application of the translation rule to the storage platform description, the middleware custom model configured to transform response data received from the storage platform to conform to the target third party data structure of a third party application with which the response data is associated including by creating a representation of a raw code model using raw data output by the storage platform and individual objects obtained from an adapter; and
creating a properties file containing user-facing strings, wherein the properties file associates a resource parameter with a user-facing string, and content of the user-facing string is replaceable to accommodate a language associated with a geographical location of a user.

US Pat. No. 10,693,961

DATA DRIVEN BACKUP POLICY FOR DATA-CENTERS AND APPLICATIONS

EMC IP Holding Company LL...

1. A method, comprising:determining, by one or more processors, an amount of data that has changed since a last backup of at least a defined subset of a save set, wherein determining the amount of data that has changed since a last backup comprises querying a child differential virtual hard disk to determine a size of the child differential virtual hard disk;
determining, by one or more processors, whether the determined amount of changed data equals or exceeds a corresponding threshold, wherein the determining whether the determined amount of changed data equals or exceeds the corresponding threshold is performed on a file-by-file basis; and
performing, by one or more processors, a backup based at least in part on the determination that the determined amount of changed data equals or exceeds the threshold, wherein the performing the backup based at least in part on the determination is performed with respect to one or more files for which the determined amount of changed data exceeds the corresponding threshold.

US Pat. No. 10,693,960

DATA EXCHANGE GUIDE DEVICE AND AN EXECUTION METHOD THEREOF

WALTON ADVANCED ENGINEERI...

1. A data exchange guide device, comprising a connection interface, a storage module and a network module; wherein: the connection interface, the storage module and the network module are electrically connected one another through a substrate; the storage module comprises private key information, a processing program and a driver, wherein the driver is effective to enabling an electronic device to access the network module and wherein the network module contains a virtual network card which is incapable of accessing the Internet independently and needs to bridge to an existing physical network card in the electronic device;wherein the processing program, which is executed by the electronic device connected with the connection interface and the virtual network card of the network module, is able to read the private key information, to access a tabulation of remote shared data when a network is available to the processing program via the virtual network card, which is connected with an existing physical network card in the electronic device, and to display the tabulation on a graphic user interface.

US Pat. No. 10,693,959

RESIDENTIAL AUTOMATION SYSTEM, EQUIPMENT AND PROCESS THAT IS EASY TO INSTALL, CONFIGURE AND USE

SOMFY SAS, Cluses (FR)

1. A process for configuring a residential automation system comprising a terminal, a gateway, at least one remote controller having at least one key, and at least one peripheral device,wherein the process is executed using at least one processor and comprises a configuration action, performed by the terminal, the configuration action comprising:
recognizing the gateway, the at least one remote controller, and the at least one peripheral device;
associating the gateway, the at least one remote controller, and the at least one peripheral device;
creating a configuration information comprising a scenario having a set of control commands to the at least one associated peripheral device; and
sharing the configuration information with the associated gateway and with the at least one associated peripheral device;
wherein the terminal, the gateway, the at least one remote controller, and the at least one peripheral device are configured to communicate with each other, and
wherein the associated gateway and the at least one associated peripheral device are in constant synchronization with the terminal during at least a part of the configuration action,
wherein during the constant synchronization with the terminal, the following actions are performed:
awaiting messages from the gate the at least one associated peripheral device;
sending configuration information by the terminal to the associated gateway as soon as the configuration information is created, and
transmitting systematically any received information by the associated gateway from the terminal to the at least one associated peripheral device.

US Pat. No. 10,693,958

SYSTEM AND METHOD FOR ADDING NODE IN BLOCKCHAIN NETWORK

ALIBABA GROUP HOLDING LIM...

1. A computer-implemented method for adding a node in a blockchain network, performed by the node to be added in the blockchain network, comprising:transmitting a first transaction comprising a first request for adding the node as a new consensus node of the blockchain network to one or more of a plurality of current consensus nodes for the plurality of current consensus nodes to perform consensus verification of the first transaction and to add the first transaction to a blockchain in response to that the consensus verification of the first transaction succeeds, wherein the blockchain network maintains the blockchain and comprises the plurality of current consensus nodes;
synchronizing with the blockchain to obtain a first local blockchain copy;
in response to determining that the first local blockchain copy comprises the first request to add the node as the new consensus node of the blockchain network, transmitting to one or more of the plurality of current consensus nodes a second transaction comprising a second request to activate the node; and
after the second transaction is added to the blockchain, synchronizing the first local blockchain copy with the blockchain to obtain a second local blockchain copy.

US Pat. No. 10,693,957

SYSTEM AND METHOD FOR ADDING NODE IN BLOCKCHAIN NETWORK

ALIBABA GROUP HOLDING LIM...

1. A computer-implemented method for adding a node in a blockchain network, performed by a current consensus node of the blockchain network, comprising:obtaining a first transaction comprising a first request for adding the node as a new consensus node of the blockchain network performing consensus verification of the first transaction;
in response to that consensus verification of the first transaction succeeds, executing the first transaction and numbering the node in a node list based on numbers of a plurality of current consensus nodes of the blockchain network;
obtaining from the node a second transaction comprising a second request for activating the node;
performing consensus verification of the second transaction;
in response to that the consensus verification of the second transaction succeeds, executing the second transaction for activating the node; and
performing view change for the node to participate in future consensus verification as the new consensus node of the blockchain network.

US Pat. No. 10,693,956

METHODS AND SYSTEMS FOR SECURE INFORMATION STORAGE AND DELIVERY

Greenfly, Inc., Santa Mo...

1. Non-transitory storage media having stored thereon executable program instructions configured to direct a computer system to perform operations comprising:receive an invitation to join a first content sharing group;
detect an action of a user corresponding to acceptance of the invitation to join the first content sharing group;
at least partly in response to the detected user action corresponding to acceptance of the invitation to join the first content sharing group, cause an acceptance indication to be transmitted to a remote secure content storage and delivery system;
in response to an instruction from the remote secure content storage and delivery system, cause a first content gallery comprising a gallery of images to be instantiated on the computer system;
enable a thumbnail of an image included in the first content gallery instantiated on the computer system in response to an instruction from the remote secure content storage and delivery system to be rendered as a representation of the first content gallery, wherein user selection of the thumbnail causes images included in the first content gallery to be displayed;
enable a title of the first content gallery received from the remote secure content storage and delivery system to be rendered in association with the representation of the first content gallery;
enable a number to be rendered in association with the thumbnail of an image included in the first content gallery rendered as a representation of the first content gallery, the number corresponding to a quantity of content items included in the first content gallery;
receive a new content item in association with an indication that the new content item is associated with the first content gallery;
enable an updated number to be rendered in association with the thumbnail of an image included in the first content gallery rendered as a representation of the first content gallery, the updated number reflecting the association of the new content item with the first content gallery;
receive a user selection of the representation of the first content gallery;
in response to the user selection of the thumbnail of an image included in the first content gallery rendered as a representation of the first content gallery, cause content items, including the new content item, associated with the first content gallery to be rendered via a scrollable interface;
receive a content request comprising text from the remote secure content storage and delivery system;
cause the content request comprising text from the remote secure content storage and delivery system to be rendered;
receive a user provided content item, wherein the user provided content item is provided in response to the rendered content request comprising text; and
cause the user provided content item to be transmitted in association with an identification of the rendered content request.

US Pat. No. 10,693,955

TECHNIQUES FOR SAN STORAGE CLUSTER SYNCHRONOUS DISASTER RECOVERY

NETAPP, INC., Sunnyvale,...

1. A method, comprising:creating, by a processor, a relationship between a primary and a secondary cluster of a storage area network, the primary and secondary clusters having a plurality of nodes and a plurality of storage devices for storing data;
wherein based on the relationship, a first virtual server corresponding to a first node of the primary cluster and a second virtual server corresponding to a second node of the secondary cluster are automatically configured to operate as high-availability peer nodes executing same processes for disaster recovery, the first virtual server providing storage access to a host via an assigned logical interface (LIF) in an operational state, while the second virtual server operates in a restricted state which limits host access to storage via the second virtual server, while the first virtual server operates in the operational state;
mapping the LIF to the second virtual server of the second node, upon validation of the LIF; wherein the mapped LIF is unavailable to obtain storage access during the restricted state of the second virtual server;
configuring a second logical storage object for the second virtual server at the second node using a same number of paths used to access a first logical storage object of the first virtual server at the first node; wherein the first and second logical storage objects have a same configuration for storing data;
validating a detected change in configuration of the first logical storage object;
applying the detected change to the second logical storage object; and
modifying the restricted state of the second virtual server to the operational state to provide non-disruptive storage access to the host via the mapped LIF, when the first virtual server becomes unavailable.

US Pat. No. 10,693,954

BLOCKCHAIN-ENHANCED MOBILE TELECOMMUNICATION DEVICE

International Business Ma...

1. A computer-implemented method of tracking and maintaining a record of telecommunication device events, the computer-implemented method comprising:detecting, by one or more processors, one or more events at a telecommunication device;
transmitting, by one or more processors, a transaction of the one or more events from the telecommunication device to multiple remote computing devices, wherein the multiple remote computing devices are part of a peer-to-peer network, and wherein the peer-to-peer network supports a blockchain that comprises a block that comprises the transaction of the one or more events;
blocking, by one or more processors, a telecommunication service provider for the telecommunication device from receiving the block that comprises the transaction of the one or more events;
determining, by one or more processors, a risk assessment of potential damage to the telecommunication device based on a current activity of a user of the telecommunication device; and
adjusting, by one or more processors, a frequency of transmitting the transaction of the one or more events from the telecommunication device to the multiple remote computing devices according to the risk assessment of potential damage to the telecommunication device based on the current activity of the user of the telecommunication device.

US Pat. No. 10,693,953

LOAD SWITCH COMMAND INCLUDING IDENTIFICATION OF SOURCE SERVER CLUSTER AND TARGET SERVER CUSTER

Hewlett Packard Enterpris...

1. A method for transferring access across dusters, comprising:receiving, by a network device, a load switch command from a software defined network (SDN) controller, wherein the load switch command includes identification of a source server cluster and identification of a target server cluster, and wherein the source server cluster and the target server cluster belong to a server cluster group; and
enable a switch processing mode for the source server cluster, comprising:
receiving a packet destined to the source server cluster;
determining whether the packet belongs to a session which has already been established for the source server cluster, and based on the determination that the packet belongs to a session which has already been established for the source server cluster, forwarding the packet to the source server cluster.

US Pat. No. 10,693,952

TECHNOLOGIES FOR LOW LATENCY MESSAGING

SALESFORCE.COM, INC., Sa...

1. One or more non-transitory computer-readable media (NTCRM) comprising instructions, wherein execution of the instructions by one or more processors is operable to cause an application server to:obtain a triggered send request (TSR) message from a triggered send subscriber, the TSR message comprising TSR information and a TSR payload to be used by a message server to build and send a user message to a user of a triggered send subscriber (TSS) platform;
send the TSR information and the TSR payload directly to an available message server of a plurality of message servers for message processing when the TSR information indicates that a high priority is associated with the TSR payload;
notify the available message server that the TSR payload is available for message processing when the TSR information indicates that a medium priority is associated with the TSR payload;
store the TSR information to a persistent work queue (PWQ) when the TSR information indicates that the medium priority is associated with the TSR payload or indicates that a low priority is associated with the TSR payload, the PWQ being separate from the plurality of message servers and the application server; and
store the TSR payload to a non-relational datastore regardless of the priority associated with the TSR payload, the non-relational datastore being separate from the plurality of message servers and the application server.

US Pat. No. 10,693,951

DECENTRALIZED, RESOURCE AWARE LOAD DISTRIBUTION IN A DISTRIBUTED SYSTEM

SALESFORCE.COM, INC., Sa...

1. In a distributed computing system including a cluster of server nodes and a plurality of clients coupled to the cluster of server nodes, a method comprising:at one or more of the clients, receiving server node metrics associated with individual server nodes in the cluster;
at one or more of the clients, assigning weights to at least some of the server nodes based on the associated metrics;
at one or more of the clients, ranking the server nodes based on the weights assigned to the server nodes;
at one of the clients, generating a request message;
at the one client, selecting one of the server nodes in the cluster based at least in part on the rankings of the server nodes;
at the one client, allocating the request message to the selected server node;
at one of the clients, piggybacking a metrics query message onto a read or write request message to send to a server node;
at one of the clients, receiving a read/write (R/W) reply message from a first server node from the cluster of server nodes;
extracting piggybacked server metrics from the R/W reply message; and
updating the weight assigned to the first server node based on the extracted server metrics.

US Pat. No. 10,693,950

CONTROL METHOD FOR NETWORK COMMUNICATION SYSTEM INCLUDING BASE STATION NETWORK MANAGEMENT SERVER AND MULTI-ACCESS EDGE COMPUTING ECOSYSTEM DEVICE

INDUSTRIAL TECHNOLOGY RES...

1. A control method for a network communication system including a BS network management server, which is adapted to a network communication system, wherein the network communication system comprises a first MEC platform, a first BS and the BS network management server, and the BS network management server communicates with the first MEC platform and the first BS, comprises:obtaining a neighbor BS ID of a neighbor BS by the first BS, wherein a first communication range of the first BS overlaps part of a second communication range of the neighbor BS;
providing first BS neighbor information to the BS network management server by the first BS, wherein the first BS neighbor information includes the neighbor BS ID;
obtaining the first BS neighbor information from the BS network management server by the first MEC platform;
generating first platform neighbor information by the first MEC platform, wherein the first platform neighbor information includes a first platform ID of the first MEC platform and the neighbor BS ID;
by confirming whether a request signal has the neighbor BS ID, determining whether the request signal matches the first platform neighbor information by the network communication system when the request signal is received by the network communication system from a second MEC platform; and
when the request signal has the neighbor BS ID, determining the request signal matches the first platform neighbor information and further providing the first platform ID to the second MEC platform.

US Pat. No. 10,693,949

METHOD FOR PROVIDING DATA FOR A MOBILE DEVICE FROM A FIELD DEVICE, COMPUTER PROGRAM AND ARRANGEMENT FOR EXECUTING SAME

1. A method for providing static data and dynamic data of a service/display menu for a mobile device from a field device of process automation, wherein the field device contains identification data, such as field device type and firmware version, and, associated therewith, a total amount of static data and dynamic data, the method comprising:upon query of the mobile device, transmitting dynamic data and/or static data at a data transmission rate from the field device to the mobile device via a first interface;
transmitting static data for an application from the field device to the mobile device;
enabling the application using at least a portion of the static data, wherein the at least a portion of the static data is stored in a memory in the mobile device; and
when the data transmission rate is not fully utilized, transmitting other static data, different from the static data already transmitted, from the field device to the mobile device in the background.

US Pat. No. 10,693,948

PROVISIONING OF CONTAINERS FOR VIRTUALIZED APPLICATIONS

BladeLogic Inc., Houston...

1. A computer-implemented method including executing, by at least one processor of a computing device, instructions to implement the method, the instructions being recorded on a non-transitory computer-readable storage medium, the method comprising:receiving a request to provision a plurality of containers of an application across a plurality of data center hosts;
identifying, from the plurality of containers, a first container to provision based on a computing resource to be used to implement the first container and network requirements between the first container and the computing resource, the network requirements between the first container and the computing resource defined in a manifest file for the first container;
selecting a first host from the plurality of data center hosts to implement the first container based on compute requirements of the first container, the network requirements between the first container and the computing resource, configuration of the plurality of data center hosts, and dynamically measured performance metrics of the plurality of data center hosts;
identifying, from the plurality of containers, a second container to provision based on the second container meeting network requirements between the second container and the first container from among remaining unplaced containers;
automatically generating affinity requirements between the first container and the second container based on one or more affinity rules automatically derived from the manifest file, wherein the one or more affinity rules include affinity rules related to shared container resources; and
selecting a second host from the plurality of data center hosts to implement the second container based on compute requirements of the second container, the network requirements between the second container and the first container, the configuration of the plurality of data center hosts, the automatically generated affinity requirements, and the dynamically measured performance metrics of the plurality of data center hosts.

US Pat. No. 10,693,947

INTERCHANGEABLE RETRIEVAL OF SENSITIVE CONTENT VIA PRIVATE CONTENT DISTRIBUTION NETWORKS

MICROSOFT TECHNOLOGY LICE...

1. A method for improving computational efficiency in interchangeably sourcing content for retrieval when providing a single address, comprising:identifying a content asset to be distributed via a CDN (Content Distribution Network) in conjunction with a cloud service hosting the content asset at a provided URL (Uniform Resource Locator);
creating a key value based on the provided URL;
hosting, at the cloud service, a child content asset of the content asset at a cloud URL and a source URL, wherein the source URL includes the key value;
creating, by the cloud service, a CDN URL, wherein the CDN URL points to an address for the CDN to provide the child content asset to a client device and the CDN URL includes the key value;
providing, from the cloud service to a client device, an authentication token associated with a client and the key value;
receiving an authorization request from the CDN to distribute the child content asset to the client device, the authorization request including the key value and the authentication token;
verifying the authentication token; and
transmitting, from the cloud service, an authorization code to the CDN to enable the CDN to distribute the child asset to the client device.

US Pat. No. 10,693,946

INSTANCE BACKED MOBILE DEVICES

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:receiving a request for a companion computer system associated with a mobile device;
in response to the request, instantiating the companion computer system by at least:
generating a record in a database associating the companion computer system and the mobile device; and
loading a first component of a first application into memory of the companion computer system, where a second component of the first application is configured for execution by the mobile device;
receiving an indication of a second application associated with the mobile device;
as a result of the mobile device being associated with the companion computer system in the database:
load a first component of the second application into memory of the companion computer system, based at least in part on a notification generated by monitoring network connectivity with one or more networks during an interval of time which the mobile device experiences intermittent network connectivity to the one or more networks, wherein a second component of the second application is configured for execution by the mobile device; and
performing, by the companion computer system, one or more operations of the first application and the second application on behalf of the mobile device.

US Pat. No. 10,693,945

FILE AND FOLDER REDIRECTION FOR VIRTUAL DESKTOPS VIA IMAGE SCANNING

VMware, Inc., Palo Alto,...

1. A method for enabling file and folder redirection between a virtual desktop, a client computing device, and a mobile device, the method comprising:setting up a web server on the client computing device by a virtual desktop client application operating on the client computing device, the web server configured to host a web application for enabling file and folder redirection between the virtual desktop and other devices;
connecting to the virtual desktop hosted on a remote server by the virtual desktop client application;
generating, by the virtual desktop client application, an image encoded with information identifying the web server and displaying the image on the client computing device;
receiving a connection request from a mobile device, wherein the connection request is transmitted by the web application that is launched on a web browser of the mobile device in response to the mobile device scanning the image displayed on the client computing device by using a digital camera of the mobile device;
establishing a hypertext transfer protocol (HTTP) connection between the web application on the mobile device and the web server on the client computing device;
receiving, from the mobile device to the client computing device, an identification of a folder on the mobile device that is to be made accessible on the virtual desktop;
sending an instruction, from the client computing device to the virtual desktop, to register and mount the folder of the mobile device locally on the virtual desktop;
receiving one or more file input/output (I/O) operations directed to one or more files in the folder from the virtual desktop to the client computing device, and redirecting the I/O operations received by the client computing device to the mobile device over the HTTP connection.

US Pat. No. 10,693,944

MEDIA-PLAYER INITIALIZATION OPTIMIZATION

Amazon Technologies, Inc....

1. A computing device comprising:one or more processors; and
computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
outputting, by the computing device, a first media file via a first media player instance of a media player executing on the computing device;
identifying a media type of the first media file;
determining a threshold number of media player instances to be included in a group of media player instances based at least in part on the media type of the first media file, each of the group of media player instances being in a prepared state for outputting respective ones of a group of media files;
identifying a second media file relevant to the first media file, wherein a current number of media player instances in the group is less than the threshold number;
prior to receiving a request to output the second media file:
identifying a first source address indicating a location at which the second media file is stored;
creating a second media player instance of the media player;
causing the second media player instance to enter an initialized state by providing an indication of the first source address for the second media player instance to access the second media file; and
causing the second media player instance to access the second media file to transition from the initialized state into the prepared state, wherein the second media player instance is included in the group of media player instances;
receiving the request to output the second media file; and
causing the second media player instance to transition from the prepared state to a play state in which the second media file is output via the second media player instance.

US Pat. No. 10,693,943

CONFIGURING TAGS TO MONITOR OTHER WEBPAGE TAGS IN A TAG MANAGEMENT SYSTEM

OBSERVEPOINT LLC, Orem, ...

1. A computer system for using a master tag to monitor and control other tags on a webpage comprising:one or more processors; and
one or more computer-readable media having stored thereon executable instructions that when executed by the one or more processors configure the computer system to perform at least the following:
identify a webpage hosted by a website;
embed a master tag within the identified webpage;
receive communications generated by the master tag at a master tag server;
identify, with the embedded master tag, from the received communications one or more characteristics of at least one other tag embedded within the webpage;
determine that the at least one other tag is banned from firing;
execute, from within the webpage, the at least one other tag, wherein the at least one other tag is configured to communicate with an external server;
redirect, from within the webpage, communications from the at least one other tag to a different server; and
prevent the at least one other tag embedded within the webpage from communicating with the external server.

US Pat. No. 10,693,942

RESENDING A HYPERTEXT TRANSFER PROTOCOL REQUEST

Alibaba Group Holding Lim...

1. A computer-implemented method, comprising:determining that an HTTP request has failed to be sent to a server;
upon determining that the HTTP request has failed to be sent to the server, recording the HTTP request to a list of HTTP requests that failed to be sent to the server;
receiving, from the server, a normal response message;
upon receiving the normal response message, deleting the HTTP request recorded to the list of HTTP requests; and
determining whether the list of HTTP requests is empty when redirecting from a first web page to a second web page.

US Pat. No. 10,693,941

SESSION MANAGEMENT

International Business Ma...

1. A computer-implemented method comprising:continuously transmitting, by one or more processor of a server, in accordance with a frequency setting on the server, session copy data, from session data on the server for storage on a client, wherein the session between the server and the client is maintained at the server by a first application executing on the server, wherein the transmitted session copy data comprises a portion of the session data, wherein the portion comprises session data different from the session stored session copy data;
detecting, by the one or more processor, a loss of session data on the server resulting in a session failure between the client and the first application, the loss of session data indicating a failure of the first application;
based on detecting the loss of session data on the server, requesting, by the one or more processor, transmission of the stored session copy data from the client;
receiving, by the one or more processor, the stored session copy data from the client;
configuring, by the one or more processor, a second application executing on the server to take over the session between the server and the client based on the stored session data from the client; and
resuming, by the one or more processor, the session, with the second application, wherein the session is maintained at the server by the second application, wherein the resuming comprises continuing an operation in the session at a point in the session prior to the failure recovery of the first application, based on a portion of the stored session data from the client.

US Pat. No. 10,693,940

REMOTE ACCESS TO AN APPLICATION PROGRAM

CALGARY SCIENTIFIC INC., ...

1. A method of providing remote access to at least one application program running on the server computing device to connected client computing devices over a network, comprising:executing a server remote access program at the server computing device, the server remote access program enumerating a unique Uniform Resource Locator (URL) that is uniquely associated with the at least one application program, wherein the unique URL represents a network location where the at least one application program is accessed by a client computing device;
generating, with the at least one application program, a display interface on the server computing device;
monitoring the display interface generated by the application program for events that cause pixels in a display to change, by reading changed regions of the display from a frame buffer in response to the events;
sending screen image data from the frame buffer to the server remote access program;
generating, by the server remote access program, presentation data from the screen image data; and
communicating the presentation data from the server computing device to the client computing device using the server remote access program.

US Pat. No. 10,693,939

PROVIDING MODIFIED PROTOCOL RESPONSES

International Business Ma...

1. A method comprising:receiving, by one or more computer processors of a gateway computer system from a client computer system connected to an enterprise computing environment, a first search request wherein the gateway computer system and the client computer are connected to an enterprise computing environment;
identifying, by the one or more computer processors, keywords of the first search request;
transmitting, by the one or more computer processors, a request in a protocol for the first search request to a web service, wherein the protocol is a Hypertext Transfer Protocol (HTTP);
receiving, by the one or more computer processors, a response in the protocol for the first search request from the web service, wherein the response includes body content;
determining, by the one or more computer processors, whether the first search request is similar to a previously submitted search request, based on identified keywords of the first search request and keywords of the previously submitted search request, wherein the previously submitted search request was submitted by a user from the enterprise computing environment, wherein the previously submitted search request was received and stored by the gateway computer system, and wherein one or more webpages visited by the user during a prior search session corresponding with the previously submitted search request are recorded;
responsive to determining that the first search request is similar to the previously submitted search request, modifying, by the one or more computer processors of the gateway computer system, the body content of the response to include Hypertext Markup Language (HTML) containing contact information of the user that submitted the previous search request and the recorded one or more webpages; and
transmitting, by the one or more computer processors, the modified response to the client computer system from which the first search request originated.

US Pat. No. 10,693,938

METHOD AND SYSTEM FOR INTERACTIVE TRANSMISSION OF PANORAMIC VIDEO

Samsung Electronics Co., ...

1. A method for interactive transmission of panoramic video by a user equipment (UE), the method comprising:defining a period in which the UE updates location information of a region of interest;
determining current location information of a current region of interest in a current period according to the defined period;
requesting a server for video information of the current region of interest by using the current location information;
receiving, from the server, a panoramic video slice corresponding to the current region of interest;
capturing a rotational direction of the UE, a rotation angle of the UE, and a displacement acceleration of the UE in the current period;
estimating a next region of interest in a next period according to the defined period based on the rotational direction of the UE, the rotation angle of the UE, and the displacement acceleration of the UE in the current period; and
transmitting, to the server, next location information of the next region of interest for calculating a next panoramic video slice corresponding to the next region of interest.

US Pat. No. 10,693,937

METHOD FOR VOLTE VOICE QUALITY FAULT LOCALIZATION

TELEFONAKTIEBOLAGET LM ER...

1. A method, implemented at a network node, for identifying a source of quality degradation for a media call flowing in a first direction from a first call leg to a second call leg via a gateway (GW) domain and in a second direction from the second call leg to the first call leg via the GW domain, wherein the first call leg extends from a first user equipment (UE) to a first interface of the GW domain via a first radio access network, wherein the second call leg extends from a second interface of the GW domain to a second UE via a second radio access network, the method comprising:obtaining a set of multiple rules specified respectively for multiple candidate sources of quality degradation for the media call in the first direction, wherein the set of multiple rules includes two or more items from the following list:
the first UE is a source of quality degradation if a first Key Performance Indicator (KPI) indicating performance of the media call at the first UE in the first direction does not satisfy a first performance criterion defined for the first KPI;
the first leg in the first direction is a source of quality degradation if a second KPI indicating performance of the media call at the first interface of the GW domain does not satisfy a second performance criterion defined for the second KPI;
the GW domain is a source of quality degradation if a third KPI indicating performance of the media call at the second interface of the GW domain does not satisfy a third performance criterion defined for the third KPI, but the second KPI does satisfy the second performance criterion;
the GW domain is a source of quality degradation if the second KPI is worse than the third KPI;
the second leg in the first direction is a source of quality degradation if a fourth KPI indicating performance of the media call at the second radio access network does not satisfy a fourth performance criterion defined for the fourth KPI, but the third KPI does satisfy the third performance criterion; and/or
the second UE is a source of quality degradation if the second KPI satisfies the second performance criterion and the fourth KPI satisfies the fourth performance criterion, but a fifth KPI indicating performance of the media call at the second UE in the first direction does not satisfy a fifth performance criterion defined for the fifth KPI;
identifying, from among the multiple candidate sources of quality degradation, one or more sources of quality degradation by evaluating one or more rules from the set of multiple rules.

US Pat. No. 10,693,936

TRANSPORTING CODED AUDIO DATA

QUALCOMM Incorporated, S...

1. A method of retrieving audio data, the method comprising:receiving availability data representative of a plurality of available adaptation sets, the available adaptation sets including one or more scene-based audio adaptation sets and one or more object-based audio adaptation sets, the object-based audio adaptation sets including audio data for audio objects and metadata representing location coordinates for the audio objects, and the one or more scene-based audio adaptation sets including audio data representing a soundfield using spherical harmonic coefficients and comprising one or more scalable audio adaptation sets, each of the one or more scalable audio adaptation sets corresponding to respective layers of scalable audio data;
receiving selection data identifying which of the scene-based audio adaptation sets and the one or more object-based audio adaptation sets are to be retrieved; and
providing instruction data to a streaming client to cause the streaming client to retrieve data for each of the adaptation sets identified by the selection data.

US Pat. No. 10,693,935

USER INTERFACE REMOTING THROUGH VIDEO ENCODING TECHNIQUES

VMware, Inc., Palo Alto,...

1. A method for remoting a user interface from a server device to a client device over a network, the method comprising:detecting an update to a user interface of a virtual desktop running on a virtual machine operating on a server device, wherein the user interface of the virtual desktop is remoted over the network to the client device;
performing pattern matching on one or more graphics commands sent from a guest operating system of the virtual machine to virtualization logic on the server device to detect a move, scroll, or uncover region event in the user interface of the virtual desktop;
in response to detecting the move, scroll or uncover region event, determining a set of pixels that can be reused to update the user interface on the client device, wherein determining the set of pixels is performed prior to transmitting the set of pixels to the client device;
computing a motion vector for the set of pixels resulting from the move, scroll or uncover region event;
transmitting the motion vector to the client device, wherein the client device receives the motion vector and uses the motion vector to update the user interface based on a previously cached frame.

US Pat. No. 10,693,934

UTILIZING VOIP CODED NEGOTIATION DURING A CONTROLLED ENVIRONMENT CALL

1. A method for processing and storing calls served by a controlled-environment call processing system utilizing voice over internet protocol (VoIP), comprising:receiving, from an interface device, a call setup request indicating that an inmate calling party being served by the interface device requests a voice call with a called party proxy server;
creating a first voice connection with the interface device to serve the inmate calling party, wherein a plurality of voice packets exchanged with the interface device is encoded using a first codec format;
first storing, in a storage device, the plurality of voice packets received from both ends of the voice call, the first storing using the first codec format;
retrieving, from the storage device, at least a portion of the plurality of voice packets;
determining that the call setup request was valid via a first biometric validation analysis of the retrieved portion of the plurality of voice packets;
second storing the at least the portion of the plurality of voice packets using a second codec format, wherein the second storing using the second codec format requires less storage space than the first storing using the first codec format; and
discarding the plurality of voice packets stored using the first codec format.

US Pat. No. 10,693,933

TECHNIQUES FOR MODIFYING A RULES ENGINE IN A HIGHLY-SCALED COMPUTING ENVIRONMENT

NETFLIX, INC., Los Gatos...

1. A computer-implemented method for modifying a rules engine in a scaled computing environment, comprising:receiving, by a playback content application executing on at least one processor, a first computer-readable file from either a rules database or a publication mechanism, wherein the first computer-readable file includes rules data that include a first operation, wherein the first operation is from a set of pre-defined operations and includes at least one dimension that is from a set of pre-defined dimensions;
building a list of rules for the rules engine based on the rules data, wherein the list of rules filters an extended list of entries based on the first operation and on a first value that corresponds to the at least one dimension;
receiving, by the playback content application, a request from a first endpoint device to generate a filtered list of entries, wherein the request references the first value; and
in response to receiving the request from the first endpoint device, applying the list of rules to the extended list of entries based on the first value to generate the filtered list of entries.

US Pat. No. 10,693,932

DISTRIBUTING COMMUNICATION OF A DATA STREAM AMONG MULTIPLE DEVICES

1. A first device comprising:a first transceiver and a second transceiver;
memory including computer readable instructions; and
a processor to, in response to an alphanumeric sharing code obtained from a second device to associate a plurality of devices with a shared connection, execute the computer readable instructions to perform operations including:
sending, via the first transceiver, a request including the alphanumeric sharing code to a distribution system to join the shared connection, the shared connection to distribute communication of a complete data stream among the plurality of devices, the plurality of devices including the first device, the alphanumeric sharing code having been assigned by the distribution system to associate the plurality of devices with the shared connection;
causing the first transceiver to receive a first one of a plurality of partial data streams corresponding to a first portion of the complete data stream from the distribution system via a first data connection established in response to the request, the plurality of partial data streams corresponding to respective portions of the complete data stream; and
relaying, via the second transceiver, the first one of the plurality of partial data streams to the second device.

US Pat. No. 10,693,931

DELIVERY OF BROADCAST-RELATED CONTENT TAGGED BY OFFLINE DEVICE

iHeartMedia Management Se...

1. A method for use in a processing system including a processor and associated memory, the method comprising:providing, from the processing system, broadcast content to a broadcaster via a communications network, the broadcast content including:
a plurality of broadcast media items;
unified numbering system (UNS) identifiers associated with individual broadcast media items, the UNS identifiers associating the individual broadcast media items with at least one other media item;
subsequent to the broadcast content being broadcast, receiving at the processing system via the communications network, an information transfer initiated by an end-user device, the information transfer including tag information indicating a selected broadcast media item previously marked by a user of the end-user device during a period of time the end-user device was disconnected from the processing system, wherein the tag information includes a UNS identifier associated with the selected broadcast media item;
in response to the information transfer:
identifying, based on the tag information, content related to the selected broadcast media item, wherein the content related to the selected broadcast media item includes enhanced content associated with a UNS identifier linking the selected broadcast media item to the enhanced content;
retrieving the enhanced content from an enhancement library using the UNS identifier linking the selected broadcast media item to the enhanced content; and
uploading the content related to the selected broadcast media item from the processing system to the end-user device via the communications network.

US Pat. No. 10,693,930

REAL-TIME OR NEAR REAL-TIME STREAMING

Apple Inc., Cupertino, C...

1. A machine readable non-transitory storage medium storing executable instructions that when executed by a data processing system cause the system to perform a method comprising:requesting, from a client device, a first set of media files specified in a first playlist, the first set of media files received at the client device through a non-streaming transfer protocol;
requesting, from the client device, a second set of media files specified in one of the first playlist or a second playlist, the second set of media files being received at the client device through the non-streaming transfer protocol;
storing first content from the first set of media files and storing second content from the second set of media files, wherein the first content has a first range of timestamps and the second content has a second range of timestamps, and wherein the first range and the second range overlap in time at least partially;
adaptively determining an amount of a minimum overlap in time of the first range and the second range based upon a connection speed to a source of at least one of the first set of media files and the second set of media files.

US Pat. No. 10,693,929

MODULAR VIDEO BLADE WITH SEPARATE PHYSICAL LAYER MODULE

Avid Technology, Inc., B...

1. A video server comprising:a first digital video processing module comprising first computer program instructions executed on a first processor to perform a first set of video processing operations including video encoding and decoding, and video format conversion, and having a first interface;a second digital video processing module, comprising second computer program instructions executed on a second processor to perform a second set of video processing operations including video encoding, video decoding, and video format conversion, and having a second interface;a first physical layer module having a first internal interface and a first physical layer interface and comprising third computer program instructions executed on a third processor to transmit processed video data received over the first internal interface from one of the first and second digital video processing modules to devices external to the video server over the first physical layer interface and to receive video data from devices external to the video server over the first physical layer interface and to provide the received video data to one of the first and second digital video processing modules over the first internal interface;
a second physical layer module having a second internal interface and a second physical layer interface and comprising fourth computer program instructions executed on a fourth processor to transmit processed video data received over the second internal interface from one of the first and second digital video processing modules to devices external to the video server over the second physical layer interface and to receive video data from devices external to the video server over the second physical layer interface and to provide the received video data to one of the first and second digital video processing modules over the second internal interface; and
a configuration file;
wherein the first interface, the second interface, the first internal interface, and the second internal interface are configured using the configuration file and implement a common physical and electrical interface; andwherein:when the first interface of the first digital video processing module is configured to be directly connected to the first internal interface of the first physical layer module, the first physical layer module communicates data between the first digital video processing module and the devices external to the video server connected using the first physical layer interface;
when the first interface of the first digital video processing module is configured to be directly connected to the second internal interface of the second physical layer module, the second physical layer module communicates data between the first digital video processing module and the devices external to the video server connected using the second physical layer interface;
when the second interface of the second digital video processing module is configured to be directly connected to the first internal interface of the first physical layer module, the first physical layer module communicates data between the second digital video processing module and the devices external to the video server connected using the first physical layer interface; and
when the second interface of the second digital video processing module is configured to be directly connected to the second internal interface of the second physical layer module, the second physical layer module communicates data between the second digital video processing module and the devices external to the video server connected using the second physical layer interface.

US Pat. No. 10,693,928

METHOD AND DEVICE FOR ADAPTIVE STREAMING OF MULTIMEDIA DATA

Wipro Limited, Bangalore...

1. A method for adaptive streaming of multimedia data,the method comprising:
receiving, by a media device, a request for streaming multimedia data, wherein the multimedia data is divided into a plurality of data packets;
identifying, by the media device, a plurality of network interfaces (N) available in the media device;
allocating, by the media device, one or more data packets from the plurality of data packets, to the plurality of network interfaces (N), based on one or more bandwidth parameters of the plurality of network interfaces (N), wherein the one or more bandwidth parameters comprise a bandwidth (B/W) speed of the plurality of network interfaces (N), the bandwidth speed being determined based on sample data received on each of the plurality of network interfaces (N) and time taken by the sample data to reach the media device, wherein the bandwidth speed of the plurality of network interfaces (N) for receiving the multimedia data is calculated by:
B/W Speed of Interface N=Calculated Speed of Interface N*(Total Speed required to receive the multimedia data/Summation of Calculated Speed of Interface 1 to Interface N),
wherein the Calculated Speed of Interface N=Amount of sample data received by Interface N/time taken for the sample data to reach the media device from media server;
requesting, by the media device, the allocated one or more data packets of the multimedia data over the plurality of network interfaces (N); and
collating, by the media device, the one or more data packets by arranging header of the one or more data packets in a sequence to form the multimedia data, for adaptively streaming the multimedia data on the media device.

US Pat. No. 10,693,927

PARALLEL EXECUTION OF REQUEST TRACKING AND RESOURCE DELIVERY

Google LLC, Mountain Vie...

1. A system comprising:one or more processors configured to:
provide, to a client computing device communicatively coupled to the one or more processors via a communication network, a content item for display on the client computing device, the content item comprising:
a renderable portion,
a content item identifier,
a first URL, the first URL causes the client computing device, responsive to actuation of the content item by the client computing device, to send a content item identifier of the content item and a device identifier of the client computing device, to a records server at a first network location identified by the first URL via the communication network, and
a second URL, the second URL causes the client computing device, responsive to actuation of the content item by the client computing device, to retrieve via the communication network a first resource from a second network location identified by the second URL for display by the client computing device,
the content item, when actuated by the client computing device, is configured to cause the client computing device to:
send the content item identifier of the content item and the device identifier of the client computing device, via the communication network, to a records server at the first network location identified by the first URL; and
retrieve the first resource from the second network location identified by the second URL independent of receiving a response from the records server.

US Pat. No. 10,693,926

METHOD AND DEVICE WITH INTELLIGENT MEDIA MANAGEMENT

Google Technology Holding...

1. A method for presenting content, the method comprising:determining, during reception of a content stream from a content provider, that a condition exists;
in response to determining that the condition exists, inhibiting the reception of the content stream when a content item is to be played back and transmitting a signal to the content provider that the content stream is continuing to be received from the content provider; and
causing a replacement content item to be presented.

US Pat. No. 10,693,925

METHODS AND SYSTEMS OF RECORDING INFORMATION RELATED TO AN ELECTRONIC CONFERENCE SYSTEM

Salesloft, Inc., Atlanta...

1. A method of recording information related to an electronic conference system meeting, comprising:enabling a virtual participant bot to join an electronic conference system meeting in order to record electronic information streams related to the meeting;
defining a comment tag related to the electronic conference system meeting; and
designating a pre-defined comment tag category for a pre-defined comment tag to assign to a recorded portion of the meeting, wherein a user of the electronic conference system meeting configures the pre-defined meaning.

US Pat. No. 10,693,924

METHOD AND SYSTEM FOR CONNECTING ELECTRONIC DEVICES

BARCO N.V., Kortrijk (BE...

1. A method for sharing data streams between meeting devices in a meeting in which the following are participating: at least two meeting devices adapted for electronic digital communication, at least two base units, at least one server, at least three communication networks, the method comprising the steps of:the at least two meeting devices each connecting for electronic digital communication to a different base unit over at least two different networks,
at least one meeting device initiating the creation of a meeting identifier, each meeting identifier being shared, over a third network, with the at least two base units belonging to a meeting associated with the meeting identifier,
at least one of the at least two meeting devices sending at least one data stream to a first base unit with which it is connected, over one of the at least three communication networks or within the at least one meeting device, and
the first base unit and the at least one server exchanging set-up messages associated with the meeting identifier and the at least one data stream, via a service bus, and sending data streams between the at least two meeting devices according to the set-up messages, wherein the data streams are not communicated via the service bus.

US Pat. No. 10,693,923

ESTABLISHING STREAMING SESSIONS DURING REMOTE SESSIONS

VMware, Inc., Palo Alto,...

1. A method comprising:receiving, at a remote application system, a first user request from a first user device, wherein the request is to access an application that executes on the remote application system;
initiating a remote session with the first user device that allows user interfaces generated by the application executing at the remote application system to be presented on the first user device and user events associated with the presented user interfaces to be provided as input to the application;
as part of the remote session between the first user device and the remote application system:
receiving at the remote application system a request from the first user device to initiate a multimedia streaming session between the first user device and a different system comprising a peer user device using the application executing at the remote application system;
establishing the multimedia streaming session with the peer user device, wherein establishing the multimedia streaming session comprises obtaining session parameters for the multimedia streaming session for the peer user device, wherein the session parameters are obtained by the remote application system from the peer user device and include a network address for the peer user device and negotiated session credentials for the streaming session; and
providing, by the remote application system, the session parameters for the peer user device to the first user device for use by the first user device in establishing a connection between the first user device and the peer user device and using the user interface generated by the application executing at the remote application system to stream multimedia content over the connection directly between the first user device and the peer user device without passing the streaming multimedia content through the remote application system;
receiving, by the first user device, the session parameters;
contacting, by the first user device, the peer user device using the network address;
establishing, by the first user device, the connection with the peer user device using the session credentials; and
streaming, by the first user device, multimedia content over the established connection with the peer user device.

US Pat. No. 10,693,922

MULTI-CHANNEL CUSTOMER ENGAGEMENT PLATFORM

salesforce.com, inc., Sa...

1. A system comprising:one or more hardware processors; and
a database system implemented using a server system comprising the one or more hardware processors; the database system configurable to cause:
identifying a first communication on a first communication channel provided using a first communication protocol, the first communication channel being between a first one of a plurality of customers and a first one of a plurality of agents;
processing a customer identifier associated with the first communication, the customer identifier identifying the first customer;
processing an agent identifier associated with the first communication, the agent identifier identifying the first agent;
retrieving a unique multi-channel identifier from a database, the unique multi-channel identifier being different from the customer identifier and different from the agent identifier, the unique multi-channel identifier linking the customer identifier and the agent identifier to uniquely link the first customer with the first agent from among the customers and the agents, the unique multi-channel identifier configured to be interpreted by processors associated with different communication channels provided using different communication protocols to initiate the different communication channels, the different communication channels comprising the first communication channel and a second communication channel; and
initiating, concurrent with existence of the first communication channel and using the unique multi-channel identifier, the second communication channel between the first agent and the first customer, the second communication channel provided using a second communication protocol different from the first communication protocol.

US Pat. No. 10,693,921

SYSTEM AND METHOD FOR DISTRIBUTED MOBILE NETWORK

Futurewei Technologies, I...

1. A method, by a virtual network function, comprising:receiving a first request from a user equipment (UE), the first request comprising first parameters and a first token, the first token being a vector value corresponding to a session state for the UE;
determining the session state for the UE according to the first token;
programming network resources according to the session state, the programming updating states of the network resources, the session state for the UE being updated when the states of the network resources are updated;
producing a second token corresponding to the updated session state for the UE;
storing the updated session state and the second token;
transmitting the second token to the UE;
receiving a second request from the UE, the second request comprising the second token;
determining a mismatch in session state for the UE according to the second token;
determining states of the network resources;
reconstructing the session state for the UE according to the determined states of the network resources;
producing a third token corresponding to the reconstructed session state for the UE;
storing the reconstructed session state and the third token; and
transmitting the third token and rollback parameters to the UE, the rollback parameters comprising information about the reconstructed session state.

US Pat. No. 10,693,920

SYSTEMS AND METHODS FOR SCREENING COMMUNICATION SESSIONS

SECURE CONNECTION LTD., ...

1. A method for centralized screening of a communication session, comprising:receiving, at a server, a request from a caller client terminal, to establish a communication session with a callee client terminal;
analyzing, by the server, the request according to a screening set-of-rules; and
transmitting, from the server, a first screening response to the caller client terminal according to the analysis;
wherein the analyzing and the transmitting are performed by the server independently of real-time response instructions from the callee client terminal;
wherein the first screening response is selected from a group of screening responses to provide to the request; and
wherein, upon detecting that the same caller client terminal issues a plurality of requests, for each subsequent request, a different screening response than a previously selected screening response is selected from the group of screening responses, to provide to the subsequent request.

US Pat. No. 10,693,919

DISTRIBUTED CONNECTIVITY POLICY ENFORCEMENT WITH ICE

Microsoft Technology Lice...

1. A method for enforcing policy restrictions for a conversation established over an Internet Protocol (IP) network, comprising:generating a plurality of candidate IP addresses for use in connecting a first client with a second client;
providing the plurality of candidate IP addresses to at least the first client;
receiving, from the second client, a subset of candidate IP addresses, wherein the subset of candidate IP addresses is generated by removing at least one of the plurality of candidate IP addresses based on a policy restriction, wherein the policy restriction specifies a restriction on a media flow for a communication between the first client and the second client, and wherein the at least one removed candidate IP address is not utilized during connectivity checks between the first client and the second client; and
establishing a connection between the first client and the second client using one of the subset of candidate IP addresses.

US Pat. No. 10,693,918

RADIO ACCESS TECHNOLOGY BASED SECURITY IN SERVICE PROVIDER NETWORKS

Palo Alto Networks, Inc.,...

11. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:monitoring network traffic on a service provider network at a security platform to identify a Radio Access Technology (RAT) type for a new session, wherein the security platform monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 3G and/or 4G network, or a control protocol and user data traffic in a mobile core network for a 3G and/or 4G network, and wherein the monitoring of the network traffic comprises:
identifying a create session request message or a create PDP context request message from the network traffic; and
extracting location from the create session request message or the create PDP context request message, the location including one or more of the following: CGI (Cell Global Identifier), SAI (Service Area Identifier), RAI (Routing Area Identifier), TAI (Tracking Area Identifier), ECGI (E-UTRAN Cell Global Identifier), or LAC (Location Area Identifier);
associating the RAT type with the new session at the security platform, wherein the RAT type includes 3G, 4G, 5G, or any combination thereof;
determining an application identifier for user traffic associated with the new session at the security platform, comprising:
monitoring, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the application identifier relates to web browsing using HyperText Transfer Protocol (HTTP), a Domain Name System (DNS) request, a file transfer using File Transfer Protocol (FTP), Telnet, Dynamic Host Configuration Protocol (DHCP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Trivial File Transfer Protocol (TFTP), or any combination thereof, and wherein the tunneled user traffic includes GPRS Tunneling Protocol User Plane (GTP-U) traffic;
determining a security policy to apply at the security platform to the new session based on the application identifier, the location, and the RAT type, wherein the security policy includes allowing or passing the new session, blocking or dropping the new session, or restricting access of the new session; and
performing threat detection and/or threat prevention based on the security policy.

US Pat. No. 10,693,917

SYSTEM AND METHOD FOR ON-LINE AND OFF-LINE STREAMING APPLICATION ISOLATION

OPEN INVENTION NETWORK LL...

1. A system, comprising:a host server with one or more memory locations configured to store isolated environments each comprised of one or more applications;
one or more clients each comprising one or more memory locations configured to store the one or more isolated environments and one or more Central Processing Units (CPUs) operatively connected to the one or more memory locations and configured to execute the applications and the isolated environments on a client operating system and each configured to determine if said each client is off-line or on-line; and
wherein said one or more clients, when being executed on-line, validate client credentials and stream one or more isolated environments from said host server before an execution of said isolated environments;
wherein said one or more clients, when being operated off-line, the one or more clients are presented with a list of already installed isolated environments, and are permitted to select which isolated environments to run;
wherein said one or more clients, when being executed off-line, execute previously streamed isolated environments without validation of the client credentials.

US Pat. No. 10,693,916

RESTRICTIONS ON USE OF A KEY

SSH Communications Securi...

1. A method in a computerized system comprising:configuring, by a management apparatus, at least one address based restriction on use of a key by source hosts for access to target hosts in the computerized system,
determining use of the key for access to a target host,
receiving information of an address of a source host from which the key is used for the access to the target host,
comparing the address of the source host from which the key is used for the access to the target host against the at least one address based restriction on use of the key, and
performing a management action based on the comparison.

US Pat. No. 10,693,915

SECURE POLICY AUDIT IN SHARED ENFORCEMENT ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A method for providing a secure policy audit in a shared enforcement environment, the method comprising:receiving, by an auditing component in a network, a first auditing event from a first component in the network and a related auditing event from a second component in the network;
analyzing, by the auditing component, the first auditing event and the related auditing event against an enforcement of an access policy criteria for the network, the access policy criteria comprising auditing events from at least two enforcement points in the network, wherein particular types of events are selected for extraction; and
controlling access from one subnet to another based on a determining, by the auditing component, one of a compliance or non-compliance with the access policy criteria.

US Pat. No. 10,693,914

ALERTS FOR COMMUNITIES OF A SECURITY INFORMATION SHARING PLATFORM

Micro Focus LLC, Santa C...

1. A method for providing alerts for communities of a security information sharing platform, the method comprising:obtaining a first security indicator from a user of a first community of the security information sharing platform that enables sharing of security information among a plurality of communities, wherein each of the plurality of communities is a defined group of users that share a particular set of security information;
including the first security indicator in community-based security information associated with the first community, the first security indicator comprising a first observable;
sharing a first portion of the first security indicator with a second community of the security information sharing platform, wherein a second portion of the first security indicator is kept private to the first community of the security information sharing platform;
obtaining, from the security information sharing platform, information related to sightings of the first observable; and
providing a first alert to the first community based on the information related to the sightings of the first observable.

US Pat. No. 10,693,913

SECURE AND POLICY-DRIVEN COMPUTING FOR FOG NODE APPLICATIONS

Cisco Technology, Inc., ...

1. A method, comprising:determining, by a client that is mounted at a base rootfs of a container application and prior to execution of the container application on a device of a network, characteristics of the container application, wherein the container application processes data from another device in the network or sends control commands to the other device, further wherein the characteristics of the container application include a hash of the rootfs, network parameters to be used by the container application, and exposed ports to be used by the container application, further wherein the device comprises at least one of: a network router, a network switch, a network gateway, or a network smart hub;
providing, by the device, the determined characteristics of the container application for security assessment;
receiving, by the device, an indication of the security assessment based on the provided characteristics of the container application, wherein the indication of the security assessment includes an indication as to whether an off-box profiler has validated the container application by using the hash; and
controlling, by the device, execution of the container application based on the received indication of the security assessment.

US Pat. No. 10,693,912

METHODS AND USER EQUIPMENT FOR EXCHANGING SERVICE CAPABILITIES

TELEFONAKTIEBOLAGET LM ER...

1. A method, the method comprising:a first user equipment (UE) sending via a first signaling protocol to a network node a service capabilities request that requests service capability information for a second UE and that triggers the network node to determine whether the network node is authorized to provide to the first UE the requested service capability information for the second UE;
the first UE receiving from the network node a response to the service capabilities request, the response rejecting the service capabilities request; and
as a result of the first UE receiving the response from the network node rejecting the service capabilities request, the first UE sending to the second UE, via a second signaling protocol other than the first signaling protocol, a service capabilities exchange invitation requesting an exchange of service capabilities.

US Pat. No. 10,693,911

DYNAMIC GENERATION OF POLICY ENFORCEMENT RULES AND ACTIONS FROM POLICY ATTACHMENT SEMANTICS

International Business Ma...

1. A computer-implemented method comprising:parsing, by a processor, a service level definition (SLD) enforced by a policy enforcement point (PEP);
generating, by the processor, a plurality of policy proxy objects from the SLD based upon information within the SLD, wherein the plurality of policy proxy objects represent locally-created processing entities that specify policy enforcement constraints to be enforced by the PEP, and the policy enforcement constraints comprise a policy domain and a list of assertions;
invoking, by the processor, a policy action mapper to map the assertions of the plurality of policy proxy objects to create processing actions for the policy domain corresponding to the policy proxy objects;
populating, by the processor, processing rules with the processing actions created by the policy action mapper for each policy proxy object and iteratively processing each policy proxy object of the plurality of policy proxy objects to generate a policy enforcement rule;
outputting, by the processor, the policy enforcement rule to each PEP tasked with policy enforcement of the SLD at runtime.

US Pat. No. 10,693,910

FAKE WEB ADDRESSES AND HYPERLINKS

International Business Ma...

1. A computer-implemented method of processing a destination address, the method comprising:receiving, within a computer hardware device, the destination address of a hyperlink;
comparing the destination address of the hyperlink with display text of the hyperlink to determine that the display text of the hyperlink is a dishonest transformation of the destination address of the hyperlink by computing by the hardware device a similarity value for the destination address of the hyperlink and the display text of the hyperlink as a ratio of a number of characters common between the destination address and the display text and a total number of characters of either the destination address or the display text, and determining if the similarity value between the destination address of the hyperlink and the display text of the hyperlink exceeds a predetermined value;
classifying the destination address of the hyperlink as a fraudulent address on condition that the computed similarity value exceeds the predetermined value; and
taking an appropriate action in response to classifying the destination address of the hyperlink as a fraudulent address.

US Pat. No. 10,693,909

SECURING AN ENDPOINT IN A COMPUTER NETWORK

International Business Ma...

1. An apparatus configured as an endpoint in a computer network, comprising:a processor;
computer memory holding computer program instructions executed by the processor, the computer program instructions comprising program code configured to:
instantiate first, second and third security zones in the endpoint, wherein, with respect to a user of the endpoint, the first security zone is readable and writable, the second security zone is read-only, and the third security zone is neither readable nor writable;
deploy first information into the second security zone;
upon a given occurrence, load the first information from the second security zone into the first security zone to enable the endpoint to use the first information; and
upon generating second information in the first security zone, the second information including sensitive data, transfer the second information from the first security zone to the third security zone to protect the sensitive data from information leak or compromise.

US Pat. No. 10,693,908

APPARATUS AND METHOD FOR DETECTING DISTRIBUTED REFLECTION DENIAL OF SERVICE ATTACK

ELECTRONICS AND TELECOMMU...

1. An apparatus for detecting a Distributed Reflection Denial of Service (DRDoS) attack, comprising a processor and a memory storing instructions executable by the processor as units including:a network flow data reception unit for receiving network flow data from network equipment;
a session type determination unit for determining a session type of sessions corresponding to the received network flow data;
a host type determination unit for determining a type of host corresponding to the network flow data based on the session type;
an attack method determination unit for determining an attack method corresponding to the network flow data;
a protocol identification unit for identifying a protocol of the network flow data; and an attack detection unit for detecting a DRDoS attack based on the session type, the host type, the attack method, and the protocol; and
a modeling unit for generating a detection model based on results of detection of the DRDoS attack;
wherein the host type determination unit is configured to determine directionality of the sessions, based on a source port number and a destination port number of the network flow data, and to determine the type of host to be any one of an attack target and an attacker using the directionality of the sessions; andwherein the modeling unit is configured to generate a detection model thatclassifies DoS attacks according to one of attack types, the attack types including DRDoS attacks and Distributed Denial of Service (DDoS) attacks,
the DRDoS attacks being classified according to
types of protocols, the types of protocols including a Domain Name System (DNS) protocol and a Network Time Protocol (NTP), and
attack methods, the attack methods including a reflection attack and an amplification attack,
classifies types of hosts, the types of hosts including an attack target and an attacker, based on the directionality of the sessions,
classifies attack target hosts based on session types, the session types including a one-to-one (1-to-1) session type and a many-to-one (N-to-1) session type according to a number of sessions corresponding the network flow data, and
classifies attacker hosts based on the session types.

US Pat. No. 10,693,907

SYSTEM AND METHOD OF TRAFFIC FILTERING UPON DETECTION OF A DDOS ATTACK

AO Kaspersky Lab, Moscow...

1. A method for filtering network traffic to protect a computing device from a distributed denial-of-service (DDoS) attack, wherein the method comprises:responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device;
determining one or more data transmission parameters based on the intercepted data;
assigning an initial danger rating to the network node at least based on a network address of the network node comprising at least an IP address;
changing the danger rating of the network node based on an application of a filter and on the data transmission parameters;
responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device, wherein an amount by which the channel capacity is limited is determined based on a relationship between the changed danger rating and historical values of the danger rating; and
halting the application of the filter until the danger rating of the network node becomes less than the threshold value.

US Pat. No. 10,693,906

PROVIDING SECURE DATA TRANSFER BETWEEN NETWORKS

Saudi Arabian Oil Company...

1. A computer-implemented method, comprising:receiving, by a destination terminal server in a destination network, a data frame transmitted over a serial link between the destination terminal server and a source terminal server of a source network, the data frame compatible with a data link layer protocol, and the data frame including a data field that comprises information that includes executable code;
routing, by the destination terminal server, the received data frame to a destination open platform communications (OPC) server coupled to the destination terminal server via a Transmission Control Protocol/Internet Protocol (TCP/IP) connection;
converting, by the destination OPC server, the data frame directly into a format compatible with an application layer protocol, wherein converting the data frame into the format comprises de-capsulation of the information included in the data field and interpreting the information as numerical values rather than executable code; and
outputting, by the destination OPC server, the numerical values to an application in the destination network.

US Pat. No. 10,693,905

INVALIDITY DETECTION ELECTRONIC CONTROL UNIT, IN-VEHICLE NETWORK SYSTEM, AND COMMUNICATION METHOD

PANASONIC INTELLECTUAL PR...

1. An invalidity detection electronic control unit connected to a bus used by a plurality of electronic control units to communicate with one another in accordance with controller area network (CAN) protocol,wherein each of the plurality of electronic control units includes a reception error counter, and configured to:
increment a value of the reception error counter when each of the plurality of electronic control units receives an error frame from the bus, and
decrement the value of the reception error counter when each of the plurality of electronic control units receives a normal frame from the bus,
the invalidity detection electronic control unit comprising:
a receiver that receives a frame for which transmission is started; and
a transmitter that transmits the error frame on the bus before a tail end of the frame is transmitted if the frame received by the receiver meets a predetermined condition indicating invalidity and transmits the normal frame that conforms to the CAN protocol on the bus after the error frame is transmitted.

US Pat. No. 10,693,904

SYSTEM AND METHOD FOR INFORMATION SECURITY THREAT DISRUPTION VIA A BORDER GATEWAY

CERTIS CISCO SECURITY PTE...

1. A method for disrupting an information security attack on at least one computing device of a plurality of computing devices in a managed computer network, the method comprising:receiving using an event manager system, a first alert and a second alert from at least one monitoring device of a plurality of monitoring devices in the managed computer network and connected to the plurality of computing devices, wherein the event manager system is linked to the plurality of computing devices via a communicative connection of the event manager system and the plurality of monitoring devices, wherein each of the plurality of computing devices has its network activity monitored by at least one of the plurality of monitoring devices for an information security attack and each of the plurality of computing devices is located downstream of at least one of the plurality of monitoring devices, wherein the event manager system is within the managed computer network;
the at least one monitoring device generating the first alert in response to a first detection by a first network security device within the at least one monitoring device of an information security attack and generating the second alert in response to a second detection by a second network security device within the at least one monitoring device of an information security attack, and wherein the first alert and the second alert both include an Internet Protocol address of a source that initiated the detected information security attack on the at least one computing device and an identity of an intermediate upstream gateway of the managed computer network through which the attack passed, whereby the attack on the at least one computing device passed through the intermediate upstream gateway and at least one other gateway in the managed computer network and wherein the intermediate upstream gateway comprises a network node on the managed computer network that is located upstream of each of the plurality of monitoring devices and the at least one other gateway in the managed computer network;
determining by the event manager system operating parameters of the intermediate upstream gateway based on the identity of the intermediate upstream gateway through which the attack passed included in the first alert and the second alert by comparing the identity against a gateway database;
determining if the Internet Protocol address of the source that initiated the information security attack on the at least one computing device is to be disrupted using the event manager system based on the first and second alerts received from the at least one monitoring device, wherein the event manager system compares the first alert and the second alert to determine whether the two alerts are similar, whereby determining that the two alerts are similar indicates that the information security attack of the first detection and the information security attack of the second detection are the same information security attack which is a real attack and the Internet Protocol address of the source that initiated the information security attack on the at least one computing device is therefore to be disrupted;
if the Internet Protocol address of the source that initiated the information security attack on the at least one computing device is to be disrupted, generating a first set of instructions based on the operating parameters using the event manager system and transmitting via a network outside the managed computer network, the first set of instructions from the event manager system only to the intermediate upstream gateway, wherein the first set of instructions only instruct the intermediate upstream gateway to add the IP address of the source that initiated the information security attack to an access control list of the intermediate upstream gateway;
generating a second set of instructions based on the operating parameters using the event manager system and transmitting via a network outside the managed computer network, the second set of instructions from the event manager system to only the intermediate upstream gateway after a first period of time has lapsed, wherein the second set of instructions only instruct the intermediate upstream gateway to remove the IP address of the source that initiated the information security attack from the access control list of the intermediate upstream gateway;
determining, during the first period of time, if a new mitigation action is to be created to address the first alert and the second alert based on a security alert database using the event manager system; and
if the new mitigation action is to be created to address the first alert and the second alert, transmitting the first alert and the second alert from the event manager system to a command center which resides outside the managed computer network.

US Pat. No. 10,693,903

METHOD AND APPARATUS FOR DATA SECURITY ANALYSIS OF DATA FLOWS

IOR Analytics, LLC., Hou...

1. A method comprising:establishing communication with a plurality of monitoring systems, wherein each of the monitoring systems is disparate from one another;
aggregating alerts from the plurality of monitoring systems, wherein the alerts relate to use, storage, transmission, deletion or processing of data from the plurality of monitoring systems;
determining one or more uniform data flow steps by standardizing the aggregated alerts; and
storing the one or more uniform data flow steps in a central database that is external to the plurality of monitoring systems.

US Pat. No. 10,693,902

ASSESSING SECURITY CONTROL QUALITY AND STATE IN AN INFORMATION TECHNOLOGY INFRASTRUCTURE

Tripwire, Inc., Portland...

1. One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to perform a method, the method comprising:displaying a user interface that indicates a security control status of assets in an information technology (IT) infrastructure that are monitored by two or more security controls,
wherein the user interface includes at least a first portion of the user interface that displays a security control status of a first set of the assets monitored by a first security control, the first portion of the user interface displaying two or more security states monitored by the first security control and further indicating the number of assets in each of the two or more security states monitored by the first security control, and wherein the method further comprises allowing a user to select one of the two or more security states in the first portion of the user interface,
wherein the user interface further includes at least a second portion of the user interface that displays a security control status of a second set of the assets monitored by a second security control, at least some of the second set of the assets monitored by the second security control overlapping with the first set of the assets monitored by the first security control, the second portion of the user interface displaying two or more security states monitored by the second security control and further indicating the number of assets in each of the two or more security states monitored by the second security control, and
wherein the method further comprises, upon user selection of the one of the two or more security states in the first portion, automatically highlighting one or more of the security states in the second portion of the user interface monitored by the second security control and having overlapping assets with the selected one of the security states from the first portion,
wherein the first security control is a vulnerability assessment security control, and wherein the first portion of the user interface comprises a two-dimensional vulnerability risk matrix comprising multiple indicators that form the matrix, one or more of the indicators indicating the number of assets monitored by the vulnerability assessment security control having the corresponding vulnerability risk represented by the respective indicator, and
wherein the second security control is one of a policy compliance security control, a change data security control, or a log event data security control.

US Pat. No. 10,693,901

TECHNIQUES FOR APPLICATION SECURITY

JPMORGAN CHASE BANK, N.A....

1. A server system with a defense mechanism against security threats on application layer, comprising:at least one application server hosting one or more applications accessible to authorized users;
a single communication interface to which all user requests to any of the hosted applications are routed; and
a security appliance coupled to the single communication interface and configured to:
receive the user requests, and
screen each of the user requests with a selected set of discrete validation filters by sequentially applying the filters to each of the user requests, wherein one of the discrete validation filters applies one or more text-based pattern matching rules to each of the user requests and another one of the discrete validation filters applies application-specific input validation rules to each of the user requests;
wherein each of the discrete validation filters are modularly configured to handle a corresponding security threat and being individually modifiable without affecting another validation filter corresponding to another security threat, and
wherein when one of the user requests is a file upload request, the one of the discrete validation filters that applies the one or more text-based pattern matching rules checks a file type against a list of acceptable file formats and a list of disallowed formats based on both file header and extension.

US Pat. No. 10,693,900

ANOMALY DETECTION BASED ON INFORMATION TECHNOLOGY ENVIRONMENT TOPOLOGY

SPLUNK INC., San Francis...

1. A computer implemented method comprising:accessing a set of events associated with activity by a plurality of entities in an information technology (IT) environment, wherein each event in the set of events includes a portion of raw machine data that reflects activity in the IT environment and that is produced by a component of the IT environment, wherein each event is associated with a timestamp extracted from the raw machine data;
determining a topology of the IT environment by processing at least some of the accessed set of events;
generating an entity relationship graph based on the topology of the IT environment;
wherein the entity relationship graph includes:
a plurality of nodes representative of the plurality of entities in the IT environment; and
edges connecting the plurality of nodes, the edges representing relationships and activity between entities represented by the plurality of nodes;
wherein each edge includes a directionality that indicates a normal flow of communication between the entities represented by the nodes connected to the edge; and
monitoring the entity relationship graph to detect an anomaly.

US Pat. No. 10,693,899

TRAFFIC ENFORCEMENT IN CONTAINERIZED ENVIRONMENTS

TWISTLOCK, LTD., Herzliy...

1. A method for traffic enforcement in containerized environments, comprising:analyzing contents of a container image to determine a type of application to be executed by a first container, wherein the first container is a runtime instance of the container image, wherein analyzing the contents of the container image further comprises creating a runtime model for the container image, wherein the runtime model defines expected runtime behaviors of the first container, wherein the filtering profile includes the created runtime model, wherein each configuration for inspecting and filtering traffic directed to the first container is associated with at least one of the expected runtime behaviors;
determining, based on the type of application to be executed by the first container, a filtering profile for the first container, wherein the filtering profile defines at least one configuration for inspecting and filtering traffic directed to the first container; and
filtering, based on the filtering profile, malicious traffic directed to the first container.

US Pat. No. 10,693,898

SYSTEMS DATA VALIDATION

Splunk Inc., San Francis...

1. A method comprising:establishing a network connection between a server group of a data intake and query system and each of one or more source network nodes, the server group comprising an indexer server and a model management server;
receiving source data at the server group from at least one of the one or more source network nodes via the respective network connections and transforming, by the indexer server, the source data to a plurality of timestamped entries of machine data;
detecting, at the model management server, a plurality of data constraints for a first security model, wherein the plurality of data constraints comprises a data element used by the first security model and an availability requirement set, the availability requirement set defining when the data element is available, wherein the first security model is an anomaly model configured to detect an anomaly;
validating, using the plurality of timestamped entries, the plurality of data constraints to obtain a validation result, wherein validating the plurality of data constraints comprises determining whether the plurality of timestamped entries satisfies the availability requirement set for the data element;
determining, by the model management server, a data availability assessment of the first security model based on the validation result;
storing, in computer storage, the data availability assessment of the first security model;
identifying a threat model that uses the detection of the anomaly to detect a security threat; and
presenting an alert for the threat model based on a data constraint of the plurality of data constraints being unsatisfied.

US Pat. No. 10,693,897

BEHAVIORAL AND ACCOUNT FINGERPRINTING

Facebook, Inc., Menlo Pa...

1. A method, comprising:receiving activity specifications of a plurality of activities to be monitored, wherein each activity specification of the activity specifications identifies properties of a corresponding activity of the activities to be monitored;
receiving a fingerprint specification of a computer security risk fingerprint, wherein the fingerprint specification identifies a combination of two or more of the activities to be monitored;
using a processor to analyze a log of activities to identify occurrences of the activities to be monitored;
based on the analysis of the log of activities, detecting the computer security risk fingerprint in the log of activities, including by detecting an occurrence of at least a portion of the combination of the activities identified by the fingerprint specification; and
performing a computer security action based on the detection of the computer security risk fingerprint.

US Pat. No. 10,693,896

ANOMALY AND MALWARE DETECTION USING SIDE CHANNEL ANALYSIS

Virta Laboratories, Inc.,...

1. A method for anomaly detection comprising:receiving, by one or more data processors, an input signal comprising a plurality of samples, each of the plurality of samples representing a power consumption level from an alternating current (AC) source of a target device at a given time;
storing, by the one or more data processors, the plurality of samples as a data structure in a memory element coupled to the one or more data processors;
retrieving, by the one or more data processors, a subset of the plurality of samples from the data structure;
calculating, by the one or more data processors, a feature sample comprising at least a root-mean square value for the subset of the plurality of samples;
transmitting, by the one or more data processors and to a remote server, the feature sample;
receiving, by the one or more data processors and from the remote server, a classification of the feature sample; and
generating, by the one or more data processors, an alarm signal responsive to the classification of the feature sample indicating an anomaly.

US Pat. No. 10,693,895

SECURITY INDICATOR ACCESS DETERMINATION

Micro Focus LLC, Santa C...

1. A non-transitory computer readable medium having stored thereon machine readable instructions to provide security indicator access determination, the machine readable instructions, when executed, cause at least one processor to:determine that a security indicator is received from a first entity for sharing with a second entity;
analyze a rule associated with identification of a third entity that has access to the security indicator, wherein the third entity is different from the second entity, and if the second entity belongs to a community, the third entity is not in the community of the second entity;
determine whether to identify the third entity based on the analysis of the rule;
in response to a determination that the third entity is to be identified based on the analysis of the rule, identify the third entity to the first entity; and
in response to a determination that the third entity is not to be identified based on the analysis of the rule, not identify the third entity to the first entity.

US Pat. No. 10,693,894

REAL-TIME REGULAR EXPRESSION SEARCH ENGINE

Redberry Systems, Inc., ...

1. A malware detection apparatus comprising:an input buffer through which constituent values of a network traffic stream are shifted to capture, during each one of a sequence of search cycles, a respective segment of the network traffic stream;
fixed-pattern match circuitry to store fixed-pattern character sequences corresponding to respective fixed-pattern segments of malware rules and to determine, as a fixed-pattern search during the one of the search cycles, whether the respective segment of the network traffic stream captured within the input buffer matches any one of the fixed-pattern character sequences; and
variable-pattern match circuitry to store variable-character expressions corresponding to respective variable-pattern segments of the malware rules and to determine, within the one of the search cycles and concurrently with the fixed-pattern search, whether the respective segment of the input traffic stream captured within the input buffer matches any one of the variable-character expressions.

US Pat. No. 10,693,893

DETECTION OF MAN-IN-THE-MIDDLE IN HTTPS TRANSACTIONS INDEPENDENT OF CERTIFICATE TRUST CHAIN

International Business Ma...

1. A method of detecting a man-in-the-middle (MITM) during HTTPS communications, the method implemented by at least one processor comprising hardware, the method comprising:transmitting a query to a DNS for an IP address of a domain name;
receiving, from the DNS, the IP address of the domain name;
generating an alternate IP address different than the IP address of the domain name;
transmitting a TCP message to the alternate IP address;
receiving a TCP acknowledgement message from the alternate IP address;
establishing a TCP connection with the alternate IP address in response to the received TCP acknowledgment;
transmitting a TLS message using the TCP connection, a SNI of the TLS message including the domain name;
receiving a TLS reply message including a certificate for the domain name;
validating the received certificate;
establishing a TLS connection in response to validation of the received certificate;
transmitting a HTTP GET message using the TLS connection, a URL of the HTTP GET message including the domain name and a target web page associated with the domain name;
receiving a HTTP OK message including the target web page; and
determining that a man-in-the-middle is intercepting the HTTPS communications based on the receipt of the target web page.

US Pat. No. 10,693,892

NETWORK ATTACK TAINTING AND TRACKING

INTERNATIONAL BUSINESS MA...

1. A method, comprising:monitoring, by a network device, data packets destined for a target for a malicious request; and
responsive to detecting the malicious request;
creating by the network device a payload;
formatting the payload to correspond to a protocol of the request;
digitally signing the payload;
injecting the digitally signed payload into a response message; and
transmitting the response message to a source of the request as a response to the request.

US Pat. No. 10,693,891

ELECTRONIC MAIL SECURITY SYSTEM

Chicago Mercantile Exchan...

1. A computer implemented method of an email security system for processing email messages, the method comprising:intercepting, by an email server, an email message directed to a recipient prior to delivery thereto and forwarding the intercepted email message to the email security system implemented on the email server;
in response to receiving an email message, detecting, by a processor of the email security system, one or more artifacts within the email message, wherein each of the artifacts is associated with a payload;
for each artifact, generating, by the processor of the email security system:
a descriptor object representing the artifact that does not include the payload, so that the processor is prevented from accessing the payload via the descriptor object; and
at least one payload button based on the payload associated with the artifact for causing the payload to be transmitted to an external system for analysis of the payload;
generating, by the processor of the email security system, an artifact dashboard and transmitting only the artifact dashboard to an administrator computer;
presenting, by a processor of the administrator computer, the artifact dashboard in a graphical user interface (GUI) rendered on a display of the administrator computer, the artifact dashboard displaying, for each artifact, the descriptor object representing the artifact and the at least one payload button based on the payload associated with the artifact;
determining, by the processor of the administrator computer, whether each of the at least one payload button has been interacted with by a user of the administrator computer via the GUI to cause the associated payload to be transmitted to the external system for analysis;
presenting, by the processor of the administrator computer, a disposal button via the GUI which allows the user to complete a review of the email message only once it has been determined, by the processor, that the user has interacted with all of the at least one payload buttons, and further allows the user to provide a response to the email security system to one of authorize forwarding of the email message to the recipient or not authorize forwarding of the email message to the recipient;
determining, by the email security system, whether a response has been received from the user of the administrator computer, to authorize or not authorize forwarding of the email message to the recipient;
transmitting the email message to the recipient upon receiving the response authorizing forwarding of the email message to the recipient;
not transmitting the email message to the recipient upon receiving the response not authorizing forwarding of the email message to the recipient; and
wherein, if the email security system does not receive a response authorizing forwarding of the email message to the recipient with a threshold amount of time, quarantining the email message upon expiration thereof.

US Pat. No. 10,693,890

PACKET RELAY APPARATUS

ALAXALA NETWORKS CORPORAT...

1. A packet relay apparatus comprising:an input port;
a processor; and
a memory storing instructions that, when executed by the processor, cause the processor to execute:
a packet receiving module configured to receive a packet from the input port;
a security judgment module configured to judge whether or not the packet is one of an attack and an attack sign and judge information on one of an attack type and an attack sign type as information on the one of the attack and the attack sign;
a mirror processing module configured to generate, when it is judged that the packet is one of the attack and the attack sign, a mirror packet which is a replica of the packet, and add the information on the one of the attack type and the attack sign type to the mirror packet; and
a transmitting module configured to transmit the mirror packet from a mirror port, wherein the packet relay apparatus comprises a plurality of mirror ports including the mirror port, and
wherein the mirror processing module is further configured to determine to generate the mirror packet, determine the mirror port to transmit the mirror packet, and determine a priority to transmit the mirror packet based on a determination result of the security judgment module, and
wherein the determination result includes any one of attack type information, attack impact degree information, attack probability information, and attack path information,
wherein the transmitting module includes:
a mirror policing module configured to limit a monitored bandwidth of the determined mirror port based on the determined mirror port,
a mirror shaping module configured to shape transmission of the mirror packet based on the determined mirror port and the determined priority, and
a mirror sampling module configured to transmit the mirror packet from the mirror port in accordance with a sampling rate based on the determination result of the security judgment module.

US Pat. No. 10,693,889

VEHICLE COMMUNICATION APPARATUS, IN-VEHICLE NETWORK SYSTEM, AND VEHICLE COMMUNICATION METHOD

PANASONIC INTELLECTUAL PR...

1. An electronic control unit connected to an in-vehicle network bus in an in-vehicle network system, the in-vehicle network system including a plurality of apparatuses that performs communication of frames via the in-vehicle network bus, the electronic control unit comprising:a first control circuit; and
a second control circuit,
wherein the first control circuit is connected to the in-vehicle network bus via the second control circuit over at least one of wired communication or wireless communication,
wherein the first control circuit performs a first determination process on a frame that is transmitted to the in-vehicle network bus, and determines conformity of the frame with a first rule,
wherein, upon determining that the frame conforms to the first rule, the first control circuit transmits the frame to the second control circuit,
wherein the second control circuit performs a second determination process on the frame, that is received from the first control circuit, and determines conformity of the frame with a second rule, and
wherein, upon determining that the frame conforms to the second rule, the second control circuit transmits the frame to the in-vehicle network bus.

US Pat. No. 10,693,888

SYSTEMS AND METHODS FOR PROXIMITY IDENTITY VERIFICATION

Capital One Services, LLC...

1. A system for authorizing a transaction, comprising:one or more memory devices storing instructions; and
one or more processors configured to execute the instructions to:
receive a request to authorize a transaction associated with an account of a user;
identify a known associate of the user based at least in part on an indicator of relative risk associated with the transaction, the indicator of relative risk determined based on at least one of the current physical location of the user, a history of physical location information of the user, or a history of transactions requested by the user;
determine a proximity between a current physical location of the user and a current physical location of the identified known associate; and
approve the authorization request when the determined proximity is within a predetermined threshold;
wherein identifying the known associate of the user comprises identifying the known associate from among a plurality of associates listed in a social network of the user, based on a geographical relationship between the current physical location of the identified known associate and the current physical location of the user, to increase confidence in determining the transaction is initiated by the user.

US Pat. No. 10,693,887

SEALING SECRET DATA WITH A POLICY THAT INCLUDES A SENSOR-BASED CONSTRAINT

Microsoft Technology Lice...

1. A mobile computing device comprising:a sensor;
at least one processor; and
memory that has computer-readable instructions stored therein, wherein the at least one processor, when executing the computer-readable instructions, is configured to perform acts comprising:
receiving, from an application executing on the mobile computing device, a request for secret data, wherein the secret data is stored in computer-readable storage of the mobile computing device;
responsive to receiving the request for the secret data, identifying a policy that is assigned to the application, wherein the policy comprises a constraint that identifies the sensor and further identifies acceptable readings, wherein the policy prevents the application from accessing the secret data unless the sensor identified in the constraint returns a reading that is amongst the acceptable readings;
acquiring at least one reading from the sensor in response to receipt of the request for the secret data, the at least one reading being indicative of location of the mobile computing device;
based upon the at least one reading, determining that the at least one reading is amongst the acceptable readings, and thus the constraint in the policy has been satisfied; and
responsive to determining that the constraint in the policy has been satisfied, providing the secret data to the application.

US Pat. No. 10,693,886

COMPUTATION SYSTEM, COMPUTATION DEVICE, METHOD THEREOF, AND PROGRAM TO PERFORM INFORMATION PROCESSING

NIPPON TELEGRAPH AND TELE...

2. A computation system that includes a plurality of computation devices which perform information processing, whereinthe plurality of computation devices include a first computation device, a second computation device, and a third computation device, and
the first computation device includes processing circuitry configured to implement
an input unit that accepts a first processing request output from the second computation device,
a first security judgment unit that judges whether the first processing request satisfies a predetermined first security level,
a first processing unit that executes first processing, which does not involve outputting information to the third computation device, of processing based on the first processing request until the first processing request is judged to satisfy the first security level, and
a second processing unit that executes second processing, which involves outputting information to the third computation device, of the processing based on the first processing request after the first processing request is judged to satisfy the first security level,
wherein ? is an integer greater than or equal to 1 and i is an integer which satisfies 0?i, . . . , including a randomized concealed value obtained by pairing the concealed value [fi] with the concealed value [fir], and
the second processing includes processing which verifies the checksum C based on a concealed value [?] obtained by multiplying a sum of values of the concealed value [fi] by the concealed value [r] and a concealed value [?] which is a sum of values of the concealed value [fir] included in the checksum C.

US Pat. No. 10,693,885

SOCIAL NETWORKING BEHAVIOR-BASED IDENTITY SYSTEM

AMAZON TECHNOLOGIES, INC....

1. A method, comprising:receiving, via at least one of one or more computing devices, an assertion of a user identity from a client;
determining, via at least one of the one or more computing devices, whether the assertion of the user identity specifies a correct security credential associated with the user identity;
receiving, via at least one of the one or more computing devices, social networking data in response to receiving the assertion of the user identity, the social networking data identifying a circle of friends;
determining, via at least one of the one or more computing devices, whether the user identity belongs to a user at the client based at least in part on a reputation of at least one member of the circle of friends and whether the assertion of the user identity specifies the correct security credential associated with the user identity; and
determining, via at least one of the one or more computing devices, the reputation of the at least one member of the circle of friends based at least in part on whether the at least one member of the circle of friends is determined to be in a country or region associated with fraud.

US Pat. No. 10,693,884

DEVICE AGNOSTIC SECURITY LAYER AND SYSTEM

L3 Technologies, Inc., N...

20. A method for managing secure network communications by an end-point, the method comprising:communicating, to a controller, a unique hardware identifier that is associated with a first end-point and a device profile from the first end-point, wherein the device profile indicates the first device that is in direct communication with the first end-point;
receiving, at the controller, the unique hardware identifier and the device profile from the first end-point that is in communication with a network;
determining, at the controller, that the unique hardware identifier is present within a mission profile, wherein the mission profile comprises an indication of a second end-point to which the first-endpoint is allowed to communicate;
communicating to the first end-point a first encryption key that is uniquely matched to a decryption key privately held by the second end-point and a first translation profile that comprises instructions for communicating over a particular hardware adaptor with the first device;
receiving from the controller the first encryption key and the translation profile;
receiving device data from a first device in direct communication with the first end-point;
generating translated device data from the device data using the translation profile, wherein the translated device data is translated into a software language that is understandable by the controller; and
communicating the translated device data to the second end-point, wherein the device data is encrypted using the first encryption key.

US Pat. No. 10,693,883

TECHNOLOGIES FOR INTEGRATING AND SANDBOXING WEB RESOURCES

SALESFORCE.COM, INC., Sa...

1. One or more non-transitory computer-readable media (NTCRM) having instructions to cause a computing server, in response to execution of the instructions by a hardware processor of the computing server to provide a resource provider proxy service (RPPS) for a multi-tenant database, to:maintain a configuration object having descriptions of one or more domains of one or more third party services (3PS) that are valid for the RPPS to respectively obtain resources of the 3PS for various user systems of various tenants of the multi-tenant database, the descriptions of the one or more domains of the one or more 3PS being consistent with corresponding content security policies (CSP) of the user systems specifying 3PS domains which resources may be consumed by applications of the user systems, the configuration object further including access information for manifests associated with sets of the 3PS resources to be respectively served as single objects to the user systems, and each manifest having metadata of one of the sets of 3PS resources to be served as a single object;
identify and access a manifest among the manifests for one of the user systems, using the access information of the identified manifest indicated by the configuration object;
obtain, from one or more of the one or more domains of the one or more 3PS, a set of 3PS resources indicated by the accessed manifest to be served as a single object; and
serve the single object including the obtained set of 3PS resources, wherein individual resources of the served 3PS resources are executed independently on the one user system from other resources.

US Pat. No. 10,693,882

RESOURCE-BASED SELECTION OF IDENTITY PROVIDER

MICROSOFT TECHNOLOGY LICE...

1. A computing system comprising:one or more processors; and
one or more computer-readable media having stored thereon computer-executable instructions that are structured such that, when executed by the one or more processors, cause the computing system to perform a method for automatically attempting selection of an identity provider to be used to authenticate users when the users request access to one or more network resource is requested over a network, the method comprising the following for each of a plurality of user requests to access:
receiving a user request for accessing a network resource, the request including an identifier of the network resource and a username; initiating authentication of the user by performing the following:
based on the identifier of the network resource, accessing a directory containing a plurality of entries for a plurality of users authorized to access the network resource, each of the plurality of entries including a username and a corresponding identity provider;
checking the username against the directory of the network resource;
upon finding an entry for the username in the directory of the network resource,
checking the entry for a corresponding identity provider; and
upon finding the corresponding identity provider, automatically directing the user to the corresponding identity provider; or
upon not finding an entry for the username in the directory of the network resource, abstaining from granting access to the requested network resource.

US Pat. No. 10,693,881

SYSTEM AND METHOD FOR EMBEDDING FIRST PARTY WIDGETS IN THIRD-PARTY APPLICATIONS

Google LLC, Mountain Vie...

1. A method for providing a third party application with access to files stored on a server, the method comprising:receiving, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising a user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes:
a document identifier associated with the file, and
an application identifier of the third-party application, wherein the document is identified in a pop-up window associated with the web page provided by the third party application and rendered by the browser;
authenticating the application identifier at the server, wherein authenticating the application identifier comprises determining whether the application identifier references a valid application; and
based on the document identifier, and the authenticated application identifier, granting access to the file for the third party application.

US Pat. No. 10,693,880

MULTI-STAGE AUTHENTICATION OF AN ELECTRONIC COMMUNICATION

Bank of America Corporati...

1. A method for authenticating electronic communications, the method comprising:generating a whitelist database in association with at least one account of at least one recipient, the whitelist database including at least one identifying reference to a whitelist correspondent, the generating of the whitelist database including:
receiving from the whitelist correspondent registration data comprising:
identification of a first penalty;
an authorization to impose the first penalty; and
identifying information; and
in response to the receiving the registration data, cataloging into the whitelist database, and in association with the identifying reference, identification data associated with:
a whitelist correspondent device associated with the whitelist correspondent; and
a whitelist correspondent address associated with the whitelist correspondent;
generating a blacklist database in association with the account, the blacklist database including at least one blacklist correspondent address, the generating of the blacklist database including:
identifying a property of the blacklist correspondent address, the property indicating that a communication originating from the blacklist correspondent address is unsolicited and malicious; and
in response to the identifying, cataloging identification data associated with the blacklist correspondent address into the blacklist database;
receiving an electronic communication submitted by a sender for delivery to the recipient;
analyzing the content of the electronic communication for presence of identification data;
upon determination that the electronic communication includes a minimum threshold of the identification data cataloged in the whitelist database, delivering the communication to the recipient;
upon determination that the communication includes the identification data cataloged in the blacklist database, blocking delivery of the communication; and
upon determination that the communication lacks the identification data cataloged in the blacklist database, and further lacks the minimum threshold:
prompting the sender to submit supplementary data, the supplementary data comprising:
identification of a second penalty;
an authorization to impose the second penalty; and
additional identifying information; and
delivering the communication to the recipient only after:
receipt of the second penality; and
determining correspondence of the additional identifying information to the identification data associated with a whitelist correspondent;
wherein the second penalty is selected from a plural itv of second penalties based at least in part on frequency of electronic communications from the sender to the recipient.

US Pat. No. 10,693,879

METHODS, DEVICES AND MANAGEMENT TERMINALS FOR ESTABLISHING A SECURE SESSION WITH A SERVICE

TELEFONAKTIEBOLAGET LM ER...

1. A method, performed in a resource-constrained device, for communicating with a service delivered by a server terminal using a security protocol over a communication network, wherein the resource-constrained device is registered at a management terminal, the method comprising:receiving, by the resource constrained device from the server terminal, a credential associated with the service;
sending, by the resource constrained device to the management terminal, a service approval request, the service approval request comprising one or more of: an identifier of the service and the credential;
receiving, by the resource constrained device from the management terminal, a response, the response comprising an indication that the service is approved and a security context associated with a first secure session that was previously established between the management terminal and the service, wherein the security context comprises at least one of: i) a session identifier identifying the first secure session that was previously established between the management terminal and the service or ii) session information that enables the service to rebuild state information corresponding to the first secure session; and
in response to receiving from the management terminal the response comprising the indication and the security context, initiating, by the resource-constrained device, an abbreviated procedure for establishing a second secure session between the resource-constrained device and the service, wherein the initiating the abbreviated procedure for establishing the second secure session comprises transmitting, by the resource-constrained device, to the service at least: i) the session identifier identifying the first secure session that was previously established between the management terminal and the service or ii) the session information that enables the service to rebuild the state information corresponding to the first secure session.

US Pat. No. 10,693,878

BROKER-COORDINATED SELECTIVE SHARING OF DATA

Cisco Technology, Inc., ...

11. An apparatus, comprising:one or more network interfaces configured to communicate as a gateway device for a given computer network;
a processor coupled to the network interfaces and adapted to execute one or more processes; and
a memory configured to store a process executable by the processor, the process when executed operable to:
receive, from a centralized broker device, a data-access policy for the given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network;
form a secure connection with a gateway of a particular accessing entity using an encryption method stored at the centralized broker device, wherein the centralized broker device indicates the encryption method in a response that is sent to the particular accessing entity, the response including a time-to-live value that controls when the gateway device and the particular accessing entity flush out at least one encryption key associated with the encryption method;
receive, from the particular accessing entity over the secure connection, a request for one or more particular elements of data from within the given computer network;
determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request, wherein another gateway device has already determined that the particular accessing entity has been granted access to each of the one or more particular elements of data of the request; and
prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

US Pat. No. 10,693,877

EVALUATING SECURITY OF DATA ACCESS STATEMENTS

International Business Ma...

1. A method for evaluating data access statements with respect to database security, comprising:evaluating criticality of two or more Structured Query Language (SQL) statements, each statement from a different session of two or more sessions accessing, from a first computing system, a database implemented on a data server;
generating, on the data server, a critical item set from the two or more sessions, each element in the critical item set indicating one or more SQL statements in a session of the two or more sessions;
extracting at least one association rule from the critical item set, each of the at least one association rule indicating a sequence of SQL statements in a session of the two or more sessions;
calculating criticality of each of the at least one association rule;
evaluating a session based upon a criticality of the at least one association rule;
terminating, by the data server, the session based upon a result of the evaluating the session based upon the criticality;
ranking, by the data server, at least two association rules by the criticality of each of the at least two association rules; and
specifying, the data server, a security policy corresponding to each of the at least two association rules according to the ranking.

US Pat. No. 10,693,876

SYSTEM FOR LICENSING MOBILE APPLICATIONS, FEATURES, AND DEVICES

Kyocera Corporation, Kyo...

1. A method of operating a wireless mobile device, the method comprising:storing a local application, that is installed in the wireless mobile device, and a threshold;
activating, for the first time, the local application that has never been licensed on the wireless mobile device, in response to request from a user;
determining whether a communication link between the wireless mobile device and an application server is active or is not active;
in response to determining that the communication link is not active when activating the local application for the first time, the method further comprising:
allowing the user to use the local application without the local application being licensed;
starting, at the wireless mobile device, a counting period which elapses from when the local application is activated for the first time; and
displaying, at the wireless mobile device, a message that indicates the local application has not been licensed when activating the local application next time after the counting period exceeds the threshold.

US Pat. No. 10,693,875

AUTHENTICATION CENTER SYSTEM

1. An authentication center system, comprising an authentication center, service parties, users and terminals; wherein a service party is a provider of service on internet which provides service through internet, and the service parties are different and separate providers of service on internet; wherein the authentication center is a service provider which provides service through internet, and the authentication center is not one of the service parties; wherein the terminals are connected with the authentication center and the service parties by a network and are capable of communicating with them; wherein the terminals, the service parties and the authentication center are connected through internet; wherein a user has a user account at the authentication center, and the AUID of a user is a user account which the user has at the authentication center; wherein a user has a user account at one service party or at each of more than one service party separately, and an APID of a user is a user account which the user has at a service party; wherein a user is capable of using a terminal to establish a separate connection with the authentication center and a separate connection with a service party separately, and the user is capable of using the terminal to log in the AUID which the user has at the authentication center through the separate connection with the authentication center and to log in the APID which the user has at the service party through the separate connection with the service party separately; wherein the authentication center stores the corresponding relationships between the AUID of a user and the APIDs which the user has at different service parties; wherein an APID which a user has at a service party is capable of having the specific account information of the APID which the user has at the service party; wherein a terminal's interface which has logged in the AUID which a user has at the authentication center is capable of displaying the specific account information of the APIDs which the user has at different service parties separately, and on the terminal's interface which has logged in the AUID which the user has at the authentication center, the user is capable of setting to change the specific information of the APIDs which the user has at different service parties separately, and the authentication center is capable of sending the setting of the user to the corresponding service party; wherein the specific account information of an APID which a user has at a service party includes one or more of the following types of information, wherein the following types of information include user profile photo and user name and user contact information and user real-name authentication information; wherein if the specific account information includes user contact information, the user contact information of a user includes the mobile phone number of the user and/or the email address of the user; wherein if the specific account information includes user real-name authentication information, a user is capable of operating on a terminal's interface which has logged in the AUID which the user has at the authentication center to transfer and set the real-name authentication information of the user authenticated at the authentication center to a service party when the service party and the authentication center permit, and/or a user is capable of operating on a terminal's interface which has logged in the AUID which the user has at the authentication center to delete and/or to invalidate the real-name authentication information which the user sets for a service party when the service party and the authentication center permit.

US Pat. No. 10,693,874

AUTHENTICATION INTEGRITY PROTECTION

PEARSON EDUCATION, INC., ...

1. An adaptive authentication system to adaptively secure a set of access operations with respect to one or more electronic resources, the adaptive authentication system comprising:one or more adaptive processing devices; and
one or more non-transitory, computer-readable storage media storing instructions which, when executed by the one or more adaptive processing devices, cause the one or more adaptive processing devices to perform actions including:
detecting a request received via an endpoint device;
responsive to the request, identifying an access-right indicator configured to facilitate determination of whether particularized access for electronic resources is to be granted;
generating or retrieving one or more identifiers for the endpoint device, the one or more identifiers uniquely corresponding to the endpoint device amongst a set of endpoint devices;
detecting initiation of set of one or more access events initiated by the endpoint device;
receiving sensor-based data that is based at least in part on a first set of one or more sensors at the endpoint device capturing phenomena at the endpoint device, where the first set of one or more sensors is communicatively connected to the one or more adaptive processing devices;
receiving additional data that is one or more of based at least in part on the first set of one or more sensors, based at least in part on a second set of one or more sensors at the endpoint device, and/or based at least in part on input via an input interface of the endpoint device;
accessing a set of one or more authentication rules specified by a protocol record, the set of one or more authentication rules comprising criteria for endpoint authentication;
adaptively developing a particularized specification of one or more recognized patterns mapped to the access-right indicator based at least in part on processing the additional data;
generating an endpoint qualification that is based at least in part on the particularized specification of one or more recognized patterns and the criteria for endpoint authentication; and
selecting an activation adjustment in operation of one or more of the first set of one or more sensors, the second set of one or more sensors, a third set of one or more sensors, and/or a communication interface, and transferring a command to cause the activation adjustment.

US Pat. No. 10,693,873

SECURING REMOTE AUTHENTICATION

MICROSOFT TECHNOLOGY LICE...

1. In a computing environment, a method of authenticating a secure session between a first entity of a user and an identity provider by using a second entity of the user, the method comprising:at a first entity of a user, sending to an identity provider a request for a secure session;
receiving, at a second entity of the user, an authentication context based on the request, wherein the authentication context is prepared by the identity provider;
verifying, at the second entity of the user, that the received authentication context corresponds to the first entity of the user, wherein the verifying includes bypassing user approval for the verifying upon detection that an Internet Protocol (IP) address of the first entity of the user shares a certain similar characteristic with an IP address of the second entity of the user;
based on the verification, the second entity authorizing the authentication context;
receiving, at the identity provider, the authorized authentication context; and
as a result, the identity provider authenticating a secure session or approving a secure transaction between the first entity of the user and the identity provider.

US Pat. No. 10,693,872

IDENTITY VERIFICATION SYSTEM

Q5ID, Inc., Beaverton, O...

1. A computer system to provide identity verification service, comprising:network interface circuitry arranged to obtain primary biometric data and secondary biometric data different than the primary biometric data from a client system over an end-to-end encrypted tunnel (EET) between the computer system and the client system; and
processor circuitry communicatively coupled with the network interface circuitry, wherein the processor circuitry is arranged to:
control the network interface circuitry to establish the EET between the computer system and the client system in response to receipt of a request to verify an identity of a user of the client system,
identify one or more matching users from among a set of other users based on the primary biometric data,
determine a set of candidate identities via refinement of the one or more matching users based on the secondary biometric data,
calculate a confidence score for each candidate identity of the set of candidate identities, and
control the network interface circuitry to:
send a resume enrollment message to the client system when a user identifier (ID) matching a candidate identity having a highest calculated confidence score among calculated confidence scores of the set of candidate identities has begun an enrollment process for enrolling in the identity verification service,
send a new enrollment message to the client system when the user ID matching the candidate identity having the highest calculated confidence score has not begun the enrollment process, and
send a member authentication indicator message to the client system when the user ID matching the candidate identity having the highest calculated confidence score is a member of the identity verification service.

US Pat. No. 10,693,871

ACCOUNT INFORMATION OBTAINING METHOD, TERMINAL, SERVER AND SYSTEM

TENCENT TECHNOLOGY (SHENZ...

1. A method performed at a terminal having a camera, a microphone, one or more processors and memory storing programs to be executed by the one or more processors, wherein the terminal is associated with a user having a first user account at a social networking application, the method comprising:in response to a request of the user, invoking the social networking application running on the terminal;
receiving, from the user via the social networking application, an instruction to obtain video and audio information of a target user having a second user account on the social networking application;
in response to the instruction:
obtaining the video and audio information of the target user via the camera, the microphone, and a stored program on the terminal;
extracting one or more image frames from the video information for generating facial characteristics of the target user; and
extracting one or more sound frames from the audio information for generating acoustic fingerprints of the target user;
sending the facial characteristics and the acoustic fingerprints of the target user to a server of the social networking application;
receiving, from the server, account information of the second user account associated with the target user based on a match between biological features of users of the social networking application that are stored at the server and the facial characteristics and the acoustic fingerprints of the target user;
displaying the account information of the second user account associated with the target user on the terminal;
receiving, from the user, a selection of the account information of the second user account associated with the target user; and
in response to the selection from the user, adding the account information of the second user account associated with the target user to the contact list of the user on the social networking application, including using one of the extracted image frames as an alias of the target user on the contact list, thereby enabling the user to communicate with the target user directly via the social networking application.

US Pat. No. 10,693,870

AUTHENTICATION SYSTEM

SystemMetrx Co., Ltd., N...

1. An authentication system that performs authentication for a user to use an application on a client connected with a server via a network, the system including:the server comprising:
a token issuer configured to generate an online token in response to an authentication request from the client and to send the generated online token to the client, the online token being used for authenticating the user and permitting use of the application when the client is online;
a token manager configured to hold and manage online tokens generated by the token issuer; and
an authenticator configured to perform authentication to determine whether the use of the application in the client is to be permitted or prohibited, based on at least one of (i) validity of a client-specific online token and (ii) a start condition for permitting start of the application, in response to the authentication request from the client; and
the client comprising:
an authentication request transmitter configured to repeatedly send the authentication request to the server at a start of the application and at predetermined timings after the start; and
a use permission unit configured to permit the use of the application by the user,
wherein in the server,
when the use of the application is permitted by the authenticator, the token issuer sends to the client either a valid client-specific online token or information indicating that an issued online token which was previously issued to the client is valid, and
when an online token is newly generated by the token issuer in response to the authentication request from the client, and there is a previously issued online token for the user issued to another client different from the client currently requesting the authentication, the token manager invalidates the previously issued online token according to a predetermined invalidation condition, and
wherein in the client,
the use permission unit permits the use of the application only when confirming that the online token is valid, while otherwise prohibiting the use of the application.

US Pat. No. 10,693,869

SYSTEMS, METHODS, AND APPARATUSES FOR IMPLEMENTING A WEB-BASED LIFE MANAGEMENT PLATFORM WITH USER CREATED ELECTRONIC COMMUNICATIONS TRIGGERED UPON FUTURE EVENTS

541 Software, Inc., Bend...

1. A method performed by a system having at least a processor and a memory therein, wherein the method comprises:generating a user account for a subscriber at the system;
communicably interfacing with a user device over a network via a receive interface of the system, wherein the user device operates remotely from the system;
authenticating the subscriber via subscriber credentials received from the user device;
receiving input from the user device defining each of: (i) one or more contacts, (ii) one or more messages, and (iii) one or more documents;
receiving a request to configure a plan for the subscriber and configuring the plan to include (i) at least one of the one or more contacts, (ii) at least one of the one or more messages for the included contacts, and (iii) at least one of the one or more documents to be made accessible to the included contacts;
defining an event trigger for the plan, wherein the event trigger is to initiate execution of the plan upon occurrence of a subscriber defined event;
triggering execution of the plan at the system pursuant to determination the event trigger has occurred, wherein execution of the plan includes transmitting a notice to the included contacts for the plan with a link to access the message and the one or more documents;
wherein the system implements a life management platform;
wherein the life management platform executes via the processor and the memory of the system providing on-demand cloud based services to a plurality of subscribers; and
wherein each of the subscribers communicate with the life management platform system via a computing device which is remote from the life management platform and communicably interfaced with the life management platform via a public Internet.

US Pat. No. 10,693,868

EHN VENUE-SPECIFIC APPLICATION PROVISIONING

ARRIS Enterprises LLC, S...

1. A portable electronic device, comprising:an interface circuit configured to wirelessly communicate with other electronic devices in an enterprise-hosted network (EHN), wherein, the portable electronic device is configured to:
discover the EHN by receiving, at the interface circuit, a packet associated with the EHN, wherein the EHN comprises a network hosted by an entity that is other than an operator of a cellular-telephone network and is located at a venue, and wherein the discovery occurs when the portable electronic device is within wireless communication range of the EHN located at the venue;
connect to the EHN using a quarantine zone by providing and receiving second packets using the interface circuit, wherein the quarantine zone restricts access to the EHN;
provide, from the interface circuit, valid credentials for the EHN;
provide, from the interface circuit, a credential for the EHN; and
receive, at the interface circuit, provisioning information that customizes an application on the portable electronic device to the venue, wherein the provisioning information allows the portable electronic device to connect to the EHN outside of the quarantine zone.

US Pat. No. 10,693,866

SYSTEM, APPARATUS AND METHOD FOR FIRST HOP SECURITY

Intel Corporation, Santa...

1. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a first host system to:use a manufacturer-supplied key of the first host system to authenticate the first host system to an authentication server of a subnet;
send a subnet join request to the authentication server of the subnet;
receive a group public key for the subnet;
after authenticating the first host system to the authentication server and sending the subnet join request to the authentication server, receive a group membership credential for the subnet from the authentication server;
generate a random value “f1” and generate a first group private key for the first host system, based at least in part on (a) the group membership credential for the subnet from the authentication server and (b) the random value “f1”, wherein the first group private key corresponds to the group public key, in that data encrypted with the first group private key can be decrypted with the group public key; and
in response to receiving an address resolution protocol (ARP) request from a second host system on the subnet, wherein the ARP request comprises a signature that was generated by the second host system using a second group private key that was generated by the second host system based at least in part on a random value “f2” that was generated by the second host system, use the group public key and the signature in the ARP request to validate that the ARP request was generated by an authenticated member of the subnet.