US Pat. No. 11,032,276

MOUNT, AUTHENTICATION DEVICE, AUTHENTICATION METHOD, AND PROGRAM

NEC CORPORATION, Tokyo (...

1. A wearable article comprising:an annular casing that surrounds a space into which a body part of a user is to be inserted;
an imaging element that is provided in the annular casing, the imaging element configured to capture a first image of the space;
an authentication circuit configured to authenticate the user based on a second image of biometric information previously stored in a storage and the first image of the space, in a case where there is a change from a first state in which the body part is not present in the space to a second state in which the body part is present in the space;
a sensor that is provided in the annular casing and configured to output a sensor value in accordance with a positional relationship between the annular casing and the body part;
a wearing determination circuit configured to determine whether the body part is present in the space, based on the sensor value; and
a light source configured to emit light based on an authentication result of the authentication circuit to notify the user of the authentication result.

US Pat. No. 11,032,275

SYSTEM FOR IMPROVED IDENTIFICATION AND AUTHENTICATION

Mimecast Services Ltd., ...

1. A system for authenticating a user, the system comprising:a processor coupled to a non-transitory memory containing instructions executable by the processor to cause the system to:
receive a request from an entity in response to attempted access to entity resources by a user via a primary user computing device;
determine whether the user is registered with the system; and
initiate one of a registration process and an authentication process with the user based on the determination;
wherein a registration process comprises:
establishing a peer-to-peer exchange of data between at least the system and the primary user computing device and a secondary user computing device;
generating, via the system, an initial candidate secret and transmitting the initial candidate secret to one of the primary and secondary user computing devices via the peer-to-peer exchange;
receiving a reciprocal secret from the secondary user computing device based on interaction between the secondary user computing device and the initial candidate secret, wherein the initial candidate secret is specific to the user and the secondary user computing device, and wherein the reciprocal secret is based on the initial candidate secret;
generating, via the system, a canonical secret including a token and a random confirmation code and transmitting the canonical secret to the secondary user computing device via the peer-to-peer exchange ensuring a bonded device metaphor such that the canonical secret is a definitive secret only known and stored by the system and the secondary user computing device, wherein the token is associated with an expiry date and is stored on the secondary user computing device to be used for authenticating the user during a future authentication session in lieu of the user entering user login credentials for authentication; and
registering the user with the system in response to receipt of the confirmation code from the secondary user computing device.

US Pat. No. 11,032,274

CARD-PERSONALIZATION SYSTEM

Truist Bank, Charlotte, ...

1. A system comprising:a processing device; and
a memory device that includes instructions that are executable by the processing device to cause the processing device to:
generate a graphical user interface for a process for personalizing a physical card, wherein the process is formed from a plurality of steps that includes at least (a) receiving a selection of an image from a user via a user device and (b) associating the image with a personalization plan for the physical card;
in response to the receiving the selection of the image from the user, transmit a notification to the user indicating that the user is required to create an account to continue the process;
associate a code with the user in response to the account being created;
receive the code from the user via the user device, wherein the code is a unique set of characters that was previously generated by the processing device and provided to the user;
in response to the receiving of the code:
authenticate the user device based on the code;
determine a current step of the user in the process based on the code, wherein the current step of the user in the process is determined by accessing a database that includes a relationship between (i) the code and (ii) a status identifier indicating the current step of the user in the process, and wherein the status identifier is associated with the image; and
update the graphical user interface to reflect the current step of the user in the process;
determine that the image is in an approval stage in which the image is being reviewed for compliance with predefined image criteria;
update the status identifier to indicate that the image is in the approval stage;
based on the updated status identifier, update the graphical user interface to include a message indicating the image is in the approval stage;
determine that the image is approved in the approval stage based on comparing a resolution of the image to a resolution threshold and comparing a size of the image to a size threshold; and
in response to the determining the image is approved in the approval stage, electronically transmit the image and the personalization plan for the physical card to a printing subsystem for generating a personalized card for the user using the personalization plan.

US Pat. No. 11,032,273

METHOD FOR AUTHENTICATING SECRET INFORMATION WHICH PROTECTS SECRET INFORMATION

Crypto Lab Inc., Seoul (...

1. A computer-implemented method for authenticating secret information, the method comprising:receiving, by an authentication server, QX from a terminal for registering secret information;
storing, by the authentication server, the received QX;
receiving, by the authentication server, a vector Z from a terminal for requesting authentication of secret information;
calculating, by the authentication server, the inner product of QX and Z;
calculating, by the authentication server, ½(n?the inner product); and
determining, by the authentication server, that the authentication is successful if ½(n?the inner product) is within a predetermined value and that the authentication fails otherwise,
wherein X is a vector, having a length of n, of secret information to be registered, the elements of which consists of {?1,1}n; Q is a matrix having m rows and n columns where m>n, the elements of which is randomly selected from qm×n; Y is a vector of secret information to be requested for authentication, the elements of which consists of {?1, 1}n; and Z is a vector which satisfies QTZ=Y where QT is a transpose matrix of the matrix Q, and
wherein qm×n is defined by {0, 1, 2, . . . q?1}; and q, m, and n are positive integers.

US Pat. No. 11,032,272

MOBILE NUMBER VERIFICATION FOR MOBILE NETWORK-BASED AUTHENTICATION

ZUMIGO, INC., San Jose, ...

1. A computer-implemented method of authorizing a user's mobile device to log into a user account on an application server based on a network identification (ID) for the mobile device when the mobile device is connected to a wireless local area network (WLAN) that is separate from a cellular network, the method comprising:receiving a request for authorization credentials from the application server via the WLAN;
in response to receiving the request, causing a default port to be opened on the mobile device and determining that the default port opened on the mobile device is bound to the WLAN;
in response to the determining that the default port is bound to the WLAN, directing the mobile device to transmit one or more data packets to a mobile device identification server via the cellular network and not via the WLAN, wherein the network ID for the mobile device is determined using information included in the one or more data packets;
receiving the network ID for the mobile device from the mobile device identification server;
transmitting the network ID for the mobile device received from the mobile device identification server to the application server; and
receiving an authorization to log into the user account from the application server via the WLAN,
wherein the authorization is generated by the application server based on the network ID for the mobile device.

US Pat. No. 11,032,271

AUTHENTICATION BASED ON SHARED SECRET SEED UPDATES FOR ONE-TIME PASSCODE GENERATION

RSA Security LLC, Bedfor...

1. A method, comprising:in response to a first authentication of a client using a given one-time passcode derived from a given shared secret seed, updating, using at least one processing device of a server, the given shared secret seed using one or more of the given one-time passcode and a timestamp from the first authentication as part of a secret update protocol to generate an updated given shared secret seed; and
evaluating a second authentication using a new one-time passcode derived from the updated given shared secret seed, wherein an anomaly is detected when the client attempts the second authentication using a one-time passcode and the server determines that the one-time passcode was generated by a previously used shared secret seed.

US Pat. No. 11,032,270

SECURE PROVISIONING AND VALIDATION OF ACCESS TOKENS IN NETWORK ENVIRONMENTS

CyberArk Software Ltd., ...

1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for securely validating access tokens, the operations comprising:receiving, at a token validation resource, a token provided from a network application,
the token having an associated destination network address;
wherein:
the token was dynamically created, and
the token was provided to the network application;
performing, at the token validation resource, a validation process for the token, the validation process being based on identifying a match between the destination network address and a list of trusted destination network addresses, the destination network address being at least one of: included in the token or included separate from the token in a message conveying the token; and
determining, at the token validation resource and based on an outcome of the validation process, whether to permit the network application to transmit the token to a destination network resource associated with the destination network address for assertion to the destination network resource, wherein the determining comprises verifying, responsive to the outcome being successful, additional security data provided to a network device associated with the network application.

US Pat. No. 11,032,269

METHOD AND SYSTEM FOR ESTABLISHING TRUSTED COMMUNICATION USING A SECURITY DEVICE

INBAY TECHNOLOGIES INC., ...

1. A method for providing a secure access from a security device at a local network location to a remote network location, the method comprising:at the security device, having a unique identifier (UID), a processor, and a memory:
causing a security software to obtain a personal identification number (PIN) of a user, and the UID of the security device;
verifying an authenticity of the PIN and the UID, without communicating over a network, and using a credential code generated using the PIN, the UID and the security software;
retrieving access credentials to the remote network location upon verifying the authenticity of the PIN and the UID; and
providing the secure access to the remote network location using the retrieved access credentials, the remote location having a copy of the security software, the PIN, the UID and the credential code.

US Pat. No. 11,032,268

SYSTEM AND METHOD FOR PROVIDING PERSISTENT USER IDENTIFICATION

International Business Ma...

1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for providing persistent user identification, the method comprising:receiving, by an authenticator, one or more tagged packets from a user agent, wherein each tagged packet includes a first security tag, and each first security tag is a different portion of a first keystream, wherein the first keystream is generated based on a security token from an authentication server;
generating, by the authenticator, a second keystream based on the security token from the authentication server;
generating, by the authenticator, one or more second security tags based on the second keystream, wherein each second security tag is a different portion of the second keystream;
comparing, by the authenticator, one or more first security tags against the one or more second security tags; and
if the one or more first security tags match the one or more second security tags,
stripping, by the authenticator, the first security tag from each tagged packet to obtain one or more packets; and
forwarding, by the authenticator, the one or more packets to a network destination.

US Pat. No. 11,032,267

SECURING SENSITIVE HISTORIAN CONFIGURATION INFORMATION

AVEVA SOFTWARE, LLC, Lak...

1. A cloud-based computer system comprising:a cloud service,
a service role,
a configuration data file,
configuration data, and
configuration settings;
wherein the service role is configured to receive the configuration data and store the configuration data in the configuration data file;
wherein the configuration data comprises the configuration settings; and
wherein the cloud service is configured to read the configuration settings from the configuration data file in response to a query by the service role;
further comprising one or more computers comprising one or more processors and one or more non-transitory computer readable memory devices, the one or more non-transitory computer readable memory devices storing computer-executable instructions that cause the one or more processors to:
generate a certificate and apply the certificate to the configuration data file to transform the configuration data file into a protected configuration data file, generate a private key associated with the certificate, and
deploy the protected configuration data file for querying by the service role;
wherein the protected configuration data file comprises encrypted configuration values as well as a thumbprint of the certificate stored in a service configuration file;
wherein the thumbprint uniquely identifies the certificate;
wherein the certificate is only required for uploading the encrypted configuration values to the cloud service; and
wherein the private key associated with the certificate is not required for uploading the encrypted configuration values to the cloud service.

US Pat. No. 11,032,266

DETERMINING THE REPUTATION OF A DIGITAL CERTIFICATE

McAfee, LLC, San Jose, C...

1. At least one non-transitory, computer-readable medium comprising one or more instructions that, when executed by at least one processor, cause the at least one processor to perform a method comprising:identifying a digital certificate associated with data;
classifying the digital certificate as trusted if the digital certificate is included in an entry in a certificate whitelist, or classifying the digital certificate as untrusted if the digital certificate is included in an entry in a certificate blacklist;
determining a certificate authority that created the digital certificate;
determining a reputation of the certificate authority based on a determination that the digital certificate is not included in the certificate whitelist or the certificate blacklist; and
assigning a reputation to the data based at least in part on the reputation of the certificate authority, wherein the data is classified as trusted if the certificate authority is included in an entry in an authority whitelist or the data is classified as untrusted if the certificate authority is included in an entry in an authority blacklist.

US Pat. No. 11,032,265

SYSTEM AND METHOD FOR AUTOMATED CUSTOMER VERIFICATION

DigiCert, Inc., Lehi, UT...

1. A computer-implemented method for identifying and authenticating a domain name associated with a computer server prior to receiving a request for a digital certificate, the method comprising:scanning, by a processor associated with a first certificate authority, a communication port of a plurality of computer servers, each of the plurality of computer servers hosting a respective website;
identifying, by the processor, a group of computer servers of the plurality of computer servers that include a first digital certificate generated by a second certificate authority and installed thereon based on said scanning the communication port of the plurality of computer servers, wherein the second certificate authority is different from the first certificate authority; and
for at least one computer server of the group of computer servers:
performing, by the processor, a security handshake,
receiving, by the processor, the first digital certificate based on said performing the security handshake,
parsing, by the processor, the first digital certificate;
identifying, by the processor, a domain name and organization information of an organization associated with the website hosted by the at least one computer server based on said parsing the first digital certificate,
verifying, by the processor, in one or more databases, the domain name and the organization information of the organization,
prior to receiving a request for a second digital certificate that associates the organization with the domain name, performing a first partial authentication, by the processor, of the organization for the second digital certificate based on said verifying the domain name and the organization information, wherein authentication of the organization is based on the first partial authentication and a second partial authentication, wherein the first partial authentication comprises performing one or more initial steps of the authentication of the organization,
receiving, by the processor, the request for the second digital certificate from the organization,
based on receiving the request for the second digital certificate and performing the first partial authentication, performing, by the processor, the second partial authentication of the organization for the second digital certificate, wherein the second partial authentication comprises performing one or more subsequent steps of the authentication of the organization, and
generating, by the processor, the second digital certificate based on the first partial authentication and the second partial authentication.

US Pat. No. 11,032,264

BACKEND SERVICE INTEGRATION

SCREENING ROOM MEDIA, INC...

1. A method comprising:receiving, by a digital content delivery system, a request from a client-side digital delivery device to rent a first digital movie;
in response to receiving the request:
assigning a digital content license to a user account associated with the client-side digital delivery device, the digital content license permitting a user associated with the user account to stream the first digital movie from the client-side digital content delivery device associated with the user account; and
allocating digital credits to the user account associated with the client-side digital delivery device, the digital credits allocated to the user account being redeemable to attend a scheduled presentation of the first digital movie at an exhibitor location; and
in response to receiving a selection of a first scheduled presentation of the first digital movie:
assigning a digital credential to the user account, the digital credential being redeemable at a first exhibitor location to gain access to the first scheduled presentation of the first digital movie; and
deducting a first portion of the digital credits allocated to the user account based on the selection of the first scheduled presentation of the first digital movie.

US Pat. No. 11,032,263

PROVIDE ACCESS TO DATA STORAGE SERVICES IN A NETWORK ENVIRONMENT

International Business Ma...

1. A computer program product for providing access to data storage services in a network environment, wherein the computer program product comprises a computer readable storage medium having program instructions embodied therewith that when executed cause operations, the operations comprising:registering a user with a data source associated with a tenant and a client, wherein the user is associated with the client associated with the data source, and wherein the user is permitted to access the data source with which the user is registered;
providing to the user, registered with the data source, an isolate tag comprising a client tag identifying the client with which the user is associated, a tenant tag identifying the tenant associated with the data source, and a data source tag identifying the data source with which the user is registered;
validating a user access request, from the user provided the isolate tag, by determining: that the user is assigned to a data source identified by the data source tag; that the data source to which the user is assigned is assigned to a tenant identified by the tenant tag; and that the tenant assigned to the data source is assigned to a client identified by the client tag; and
processing the user access request to the data source identified by the data source tag in response to the validating the user access request.

US Pat. No. 11,032,262

SYSTEM AND METHOD FOR PROVIDING SECURITY MONITORING

Datawatch Systems, Inc., ...

1. A method for processing data, the method comprising the steps of:(a) recording a set of data, the set of data including a plurality of data streams wherein the set of data comprises a first portion of data associated with a time frame TF1 and a second portion of data associated with a time frame TF2, wherein at least a portion of TF2 overlaps TF1 in time;
(b) receiving a first instruction to transmit a first data stream of the plurality of data streams to an authorized user's viewing device, wherein the first data stream includes only the first portion of data associated with TF1;
(c) determining a format size for the authorized user's viewing device;
(d) transmitting the first data stream to the authorized user's viewing device in a first format compatible with the determined format size;
(e) receiving a second instruction to transmit a second data stream of the plurality of data streams to the authorized user's viewing device, wherein the second data stream includes only the second portion of data associated with TF2; and
(f) transmitting the second data stream to the authorized user's viewing device in the first format.

US Pat. No. 11,032,261

ACCOUNT RECOVERY USING IDENTITY ASSURANCE SCORING SYSTEM

RSA Security LLC, Bedfor...

1. A method, comprising:providing a plurality of available identity assurance techniques, wherein the plurality of available identity assurance techniques are assigned respective identity assurance values each indicating a level of assurance for the corresponding available identity assurance technique;
performing the following steps, using at least one processing device, in response to a user request to obtain access to a protected resource following a loss incident of a user authenticator:
receiving, from the user, authentication information associated with at least two selected identity assurance techniques of the plurality of available identity assurance techniques;
determining whether there is an overlap between the received authentication information associated with the at least two selected identity assurance techniques;
modifying the identity assurance value associated with at least one of the selected identity assurance techniques upon determining there is an overlap between the received authentication information;
aggregating the corresponding assigned identity assurance values for each of the at least two selected identity assurance techniques to determine an aggregate identity assurance value;
determining whether the aggregate identity assurance value satisfies a predefined identity assurance level criteria; and
evaluating the user request to access the protected resource based on the determination of whether the aggregate identity assurance value satisfies a predefined identity assurance level criteria.

US Pat. No. 11,032,260

FRONT-END USER INTERFACE FOR CONFIDENTIAL TRANSACTIONS

Microsoft Technology Lice...

1. An apparatus, comprising:a device including at least one memory adapted to store run-time data for the device, and at least one processor that is adapted to execute processor-executable code that, in response to execution, enables the device to perform actions, including:
determining that an attempted function associated with an application has at least one requirement including at least particular security credentials for a user of the application;
causing a transaction to be sent to each node in a permissioned blockchain that stores an access level block corresponding to the user, wherein the transaction is associated with a real-time determination as to whether the at least one requirement for the attempted function is met; the nodes in the permissioned blockchain store access level blocks, including the access level block corresponding to the user; the access level blocks include nanoblocks; the nanoblocks are encrypted databases; and wherein the access level blocks stored in the permissioned blockchain include an access level block for at least one of a defined group, a defined object, a defined trigraph security marking, a defined codeword, a defined physical location, a defined labeling control requirement, or a defined access control requirement;
receiving a transaction result from the permissioned blockchain; and
selectively allowing the attempted function based on the transaction result.

US Pat. No. 11,032,259

DATA PROTECTION IN A STORAGE SYSTEM

Pure Storage, Inc., Moun...

1. A method comprising:for each of the plurality of NVMe SSDs (‘Non-Volatile Memory Express Solid State Drives’) of a storage system, encrypting a device key using a master secret,
wherein the device key is used to encrypt and decrypt data in one or more namespaces on the NVMe SSD;
generating a plurality of shares from the master secret; and
storing a separate share of the plurality of shares in a namespace prohibited from encryption on each NVMe SSD.

US Pat. No. 11,032,258

LOCAL COMPUTE RESOURCES AND ACCESS TERMS

Hewlett-Packard Developme...

1. A system comprising:a processor managing access to a local compute resource; and
a memory storing computer readable instructions executable by the processor to:
authorize a resource request to the local compute resource from a source;
assign a data property to the local compute resource in response to a determination the resource request is authorized to access the local compute resource, wherein the data property assigned to the local compute resource identifies a classification for the local compute resource;
determine an authorization level of the resource request;
determine whether the data property assigned to the local compute resource is within permitted operations based on a comparison of the data property assigned to the local compute resource and an access term associated with the authorization level; and
assign access of the local compute resource to the resource request based on determining that the data property assigned to the local compute resource is within the permitted operations, wherein the assigning access of the local compute resource to the resource request includes prioritizing demand of the local compute resource based on a level of demand and the access term.

US Pat. No. 11,032,257

METHOD FOR COVERTLY DELIVERING A PACKET OF DATA OVER A NETWORK

Rankin Labs, LLC, Willia...

1. A method for covertly transmitting a packet of data over a network, said method comprising the steps of:fragmenting a datagram for transmission into at least a first fragmented section and a second fragmented section;
storing encrypted data intended for covert delivery entirely within said second fragmented section of the datagram;
within a timeout period, instructing transmission of only the second fragmented section that contains the encrypted data from a sending device, wherein no instruction to transmit any other fragmented section of the fragmented datagram, other than said second fragmented section, from the sending device is provided so that the second fragmented section as transmitted appears to be an erroneous transmission following receipt at a receiving device.

US Pat. No. 11,032,256

SECURE DATA EXCHANGE

Oxford University Innovat...

1. A computer implemented method of exchanging first valuable data at a first node for second valuable data from a second node, the method comprising the steps of:applying a first encryption to a first plurality of messages, at the first node, with a function having a commutative property, so as to create a blinded first plurality of messages;
sending the blinded first plurality of messages from the first node to the second node, wherein the first valuable data is concealed in one message of the blinded first plurality of messages;
receiving a blinded second plurality of messages at the first node, wherein the second valuable data is concealed in one message of the blinded second plurality of messages and the blinded second plurality of messages have been encrypted with a second encryption;
in response to receiving the blinded second plurality of messages at the first node, applying a third encryption to the blinded second plurality of messages with a function having a commutative property so as to create double blinded second plurality messages which have been encrypted with at least the second encryption and the third encryption;
sending the double blinded second plurality messages from the first node to the second node;
subsequent to sending double blinded second plurality messages from the first node to the second node, receiving double blinded first plurality messages at the first node, wherein the double blinded first plurality of messages have been encrypted with at least the first encryption and a fourth encryption;
in response to receiving double blinded first plurality messages at the first node, removing the first encryption of the second plurality of double blinded messages to provide partially decrypted blinded first plurality of messages which remain encrypted with the fourth encryption;
after removing the first encryption, sending at least one message of the partially decrypted blinded first plurality of messages to the second node;
subsequent to sending at least one message of partially decrypted blinded first plurality of messages to the second node, receiving at least one partially decrypted message which is one of the second plurality of messages with the second encryption removed; and
in response to receiving at least one partially decrypted message, exchanging with the second node further partially decrypted messages of the first and second plurality of messages.

US Pat. No. 11,032,255

SECURE COMPARISON OF INFORMATION

OpenEye Scientific, Inc.,...

1. A method of calculating a level of similarity of a first piece of data from a first party to a second piece of data from a second party without revealing the first and second pieces of data themselves, the method comprising:creating, with a first device, a first fingerprint from a first piece of data, wherein the first fingerprint is a hit string that that represents one of more properties associated with the first piece of data;
generating a GM key with a public key& and private key;
encrypting the first fingerprint with the public key& to create an encrypted first fingerprint;
sending the public key to the second device, wherein the second device encrypts a second fingerprint of the second piece of data with the public key to create an encrypted second fingerprint;
sending the encrypted first fingerprint to the second device, wherein the second device generates a scrambled encrypted fingerprint XOR from at least the encrypted first fingerprint and the encrypted second fingerprint;
receiving, with the first device, the scrambled encrypted fingerprint XOR to the first party;
decrypting the scrambled encrypted fingerprint XOR using the private key; and
determining a similarity in the scrambled fingerprint XOR, thereby learning the level of similarity between the first and second fingerprints.

US Pat. No. 11,032,254

BINDING DATA TO A NETWORK IN THE PRESENCE OF AN ENTITY

Red Hat, Inc., Raleigh, ...

1. A method comprising:encrypting, by a processing device of a client device, data stored at a memory of the client device using an encryption key derived from a public key of a communications device on a network;
storing an association of metadata derived from the public key with the data encrypted by the encryption key such that the data is accessible when the client device is in a presence of the communications device;
in response to the client device moving outside of the presence of the communications device, deleting the encryption key;
in response to the client device returning to the presence of the communication device:
identifying, by the processing device of the client device storing encrypted data, the metadata derived from the public key in view of an identifier associated with the communications device;
determining, by the processing device, a first intermediate public key in view of the metadata derived from the public key and in view of an acquisitioning public key, the acquisitioning public key associated with the encrypted data;
receiving, from the communications device, a second intermediate public key in view of the first intermediate public key;
recreating, by the processing device, the encryption key using at least the second intermediate public key; and
decrypting, by the processing device, the encrypted data using the recreated encryption key.

US Pat. No. 11,032,253

SECURE APPLICATION PROCESSING SYSTEMS AND METHODS

Intertrust Technologies C...

1. A method performed by a first application running on a first computing system, the method comprising:invoking a second application running in a secure execution environment separate from an execution environment of the first application to establish a secure channel between the second application and a second computing system, the secure channel being secured by one or more protected cryptographic session keys, wherein the one or more protected cryptographic session keys are not exposed to the first application;
invoking the second application to obtain a license from the second computing system, the license comprising a content decryption key, the content decryption key being further encrypted, at least in part, using at least one of the one or more protected cryptographic session keys;
invoking the second application to decrypt the content decryption key included in the license using, at least in part, at least one of the one or more protected cryptographic session keys; and
receiving access to the piece of content.

US Pat. No. 11,032,252

DISTRIBUTED AUTHENTICATION BETWEEN NETWORK NODES

SYCCURE, INC., Armonk, N...

1. A communication device comprising:a memory to store a first portion of a database, wherein the database is distributed across multiple communication devices of a network, which include the communication device; and
a processing device coupled to the memory, the processing device to authenticate a first interaction with a second communication device of the multiple communication devices, wherein to authenticate the first interaction, the processing device is to:
send first identification data to the second communication device with which the second communication device is to authenticate the communication device in view of information stored in the database;
receive second identification data from the second communication device;
retrieve, using the second identification data, a public key associated with the second communication device from one of the first portion of the database or a second portion of the database stored in a third communication device of the multiple communication devices, wherein the third communication device has a third database address that is numerically within a threshold value of a first database address of the communication device; and
verify, based on a permission also stored in relation to the public key, that the second communication device is authorized to engage in the first interaction with the communication device.

US Pat. No. 11,032,251

AI-POWERED CYBER DATA CONCEALMENT AND TARGETED MISSION EXECUTION

International Business Ma...

1. A method, comprising:retrieving a specific key;
training by a computer system an artificial intelligence model to generate outputs, wherein the training is performed so that a value, equal to a value of the specific key, is generated as one of the outputs when any one of multiple different sets of feature vectors is used as an input to the artificial intelligence model, the sets of feature vectors corresponding to a certain software environment and based on specified target environment attributes of a target environment domain, wherein the target environment domain refers to a domain or class of entity to which an encrypted payload is targeted, and wherein the specified target environment attributes comprise attributes of software environments;
using by the computer system the specific key to encrypt information as the encrypted payload; and
distributing by the computer system the encrypted payload and the trained artificial intelligence model to a second computer system, for use by the second computer system to use to decrypt, using the trained artificial intelligence model, the encrypted payload in response to recognizing a target comprising the certain software environment.

US Pat. No. 11,032,250

PROTECTIVE APPARATUS AND NETWORK CABLING APPARATUS FOR THE PROTECTED TRANSMISSION OF DATA

SIEMENS AKTIENGESELLSCHAF...

1. A protective apparatus for the protected transmission of data between two communicating devices, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission apparatus, each protective device having:a first interface for connection to the data transmission apparatus;
a second interface for directly plugging into a communicating device of the two communicating devices; and
a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted;wherein the protective devices are releasable external connectors, wherein the first interface releasably connects to the data transmission apparatus and the second interface releasably plugs into a respective communicating device of the two communicating devices.

US Pat. No. 11,032,249

DNS-BASED CAPTIVE PORTAL WITH INTEGRATED TRANSPARENT PROXY TO PROTECT AGAINST USER DEVICE CACHING INCORRECT IP ADDRESS

Guest Tek interactive Ent...

1. A server in a captive portal system, the server comprising:a first network interface coupled to a local computer network;
a second network interface coupled to an external computer network;
a memory device storing a plurality of software instructions; and
one or more processors coupled to the memory device, the first network interface, and the second network interface;
wherein, by the one or more processors executing the software instructions loaded from the memory device, the one or more processors are configured to:
accept a connection requested by a user device on the local computer network to an IP address of the server;
receive a request from the user device via the connection;
determine whether a target host of the request is a local host or a remote destination by examining a header of the request;
when the target host is the local host, send requested content from the local host to the user device via the connection;
when the target host is the remote destination, determine whether the user device is logged in to the captive portal system according to a source address of the user device;
when the user device is logged in, act as a transparent proxy between the user device and the remote destination, to thereby allow the user device to receive content from the remote destination via the connection; and
when the user device is not logged in, send alternate content different from that provided by the remote destination to the user device via the connection; and
wherein the connection from the user device to the IP address of the server occurs as a result of a firewall previously determining the user device to not be logged in and, in response, redirecting DNS requests from the user device to a particular name server, and the particular name server providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server as the resolved IP address of the target domain name.

US Pat. No. 11,032,248

GUEST THIN AGENT ASSISTED HOST NETWORK ENCRYPTION

NICIRA, INC., Palo Alto,...

1. A method for selective encryption, the method comprising:filtering calls, at a virtual machine on a host, to connect sockets to server applications;
when a call, by a client application of a plurality of client applications on the virtual machine, to connect a socket to a server application is detected, determining if the socket, which is between the client application and the server application, is to be encrypted,
wherein said determining if the socket is to be encrypted includes querying an encryption policy machine for encryption policies that selectively specify encryption or non-encryption of traffic from each of the plurality of client applications on the virtual machine, and wherein the encryption policies selectively specify the encryption or the non-encryption based on at least one of identities of: the client applications or the user logged in on the virtual machine;
when the socket is to be encrypted and an outbound packet for the socket is detected, tagging the outbound packet for encryption by a hypervisor on the host; and
sending the outbound packet to a virtual network interface card (VNIC) emulated by the hypervisor, wherein when the hypervisor detects the tag for the outbound packet, the hypervisor causes the outbound packet to be encrypted, and sends the encrypted outbound packet to the server application.

US Pat. No. 11,032,247

ENTERPRISE MOBILITY MANAGEMENT AND NETWORK MICRO-SEGMENTATION

AIRWATCH LLC, Atlanta, G...

1. A non-transitory computer-readable medium embodying executable instructions, wherein the instructions, when executed by at least one processor, cause at least one computing device to at least:divide an internal network into a plurality of virtual network segments, wherein the plurality of virtual network segments comprise different configurations of a plurality of resources of the internal network;
receive, by a network device in the internal network, a packet comprising at least one device management attribute embedded in a packet header, wherein the at least one device management attribute corresponds to a client device in an external network;
extract, by the network device in the internal network, the at least one device management attribute from the packet header;
determine a compliance status of the client device based on the at least one device management attribute; and
forward the packet within the internal network based on a compliance status of the client device.

US Pat. No. 11,032,246

CONTEXT BASED FIREWALL SERVICES FOR DATA MESSAGE FLOWS FOR MULTIPLE CONCURRENT USERS ON ONE MACHINE

NICIRA, INC., Palo Alto,...

1. A method for performing firewall operations on a host computer on which a plurality of virtual machines (VMs) execute, the method comprising:at a firewall executing on the host computer,
concurrently receiving data messages that are a part of first and second data message flows sent by a first VM executing on the host computer for first and second users that are concurrently logged into the first VM;
for each data message flow, providing an identifier of the data message flow to a context collector that executes on the host computer in a query to obtain a set of one or more contextual attributes including a user identifier that identifies the first user or the second user as the user associated with the data message flow, the context collector communicating with guest introspectors installed on the VMs to collect contextual attributes regarding flows starting on the plurality of VMs and to store the contextual attributes to subsequently provide to the firewall executing on the host computer, the collected contextual attributes comprising user identifiers;
using the user identifiers obtained for the first and second data message flows to identify respectively a first firewall rule to enforce for the first data message flow associated with the first user and a second firewall rule to enforce for the second data message flow associated with the second user;
performing a first firewall operation on the data messages of the first data message flow based on the identified first firewall rule; and
performing a second firewall operation on the data messages of the second data message flow based on the identified second firewall rule.

US Pat. No. 11,032,245

COGNITIVE STATEFUL FIREWALL FOR IOT DEVICES

International Business Ma...

1. A computer-implemented method comprising:receiving, by a processor, a first data packet, wherein the first data packet is received from a second device, wherein the first data packet includes a general command for an internet-of-things (IoT) device;
executing the first data packet including the general command for the IoT device in a secure environment, wherein the secure environment is a sandbox environment that is separate from a runtime environment that controls the IoT device, wherein the secure environment simulates a first state of the IoT device by taking a snapshot of the IoT device in an actual state at a point in time in which the first data packet including the general command for the IoT device is received, and wherein the IoT device includes a firewall;
determining, from the execution of the general command for the IoT device in the first data packet in the secure environment, that the first state changed to a second state;
identifying that the second state is a predetermined secure state;
pushing the first data packet to the IoT device in response to identifying that the second state is the predetermined secure state; and
executing the first data packet on the IoT device;
generating a response to the general command;
identifying, by the firewall, that the response to the general command from the IoT device includes personal information associated with a user;
identifying that the second device does not require the personal information to function;
deleting the personal information from the response to the general command from the IoT device, wherein the processor utilizes the firewall to delete the personal information; and
sending the response to the general command to the second device.

US Pat. No. 11,032,244

SYSTEMS AND METHODS FOR DETERMINING ASSET IMPORTANCE IN SECURITY RISK MANAGEMENT

BitSight Technologies, In...

1. A computer-implemented method for ranking importance of assets of an entity, the assets comprising hosts associated with the entity, the method comprising:receiving at least one of:
a first dataset comprising (i) a respective plurality of hostnames of a plurality of hosts and (ii) lookup counts for each hostname of the plurality of hostnames, the lookup counts obtained from a stream of a domain name system (DNS) queries;
a second dataset comprising source code for a plurality of websites indicating, for each website, whether a host of the website is configured to collect data from users, the websites associated with the entity; or
a third dataset comprising a plurality of authentication certificates associated with at least one of the plurality of hosts;
determining input data based on the received at least one first dataset, second dataset, or third dataset such that:
when the first dataset is received, determining a first input data comprising, for each host of the plurality of hosts, a ratio of (a) a number of lookup counts of the hostname of the host to (b) a maximum number of lookup counts of the plurality of hostnames for the entity;
when the second dataset is received, determining a second input data indicating, for each host of the website, whether the source code indicates that the host is configured to collect data from users of the website; and
when the third dataset is received, determining a third input data indicating, for the at least one host, whether the host has an authentication certificate; and
determining, for each host associated with the entity, a host importance ranking based on the determined input data.

US Pat. No. 11,032,243

USING INDIVIDUALIZED APIS TO BLOCK AUTOMATED ATTACKS ON NATIVE APPS AND/OR PURPOSELY EXPOSED APIS WITH FORCED USER INTERACTION

SHAPE SECURITY, INC., Sa...

1. A network security method implemented by a network security system comprising one or more application programming interface (API) call filtering devices, application server devices, or user equipment (UE) devices, the method comprising:receiving an API call from a client, wherein the API call is to an API function of an API associated with a service provided by a server and comprises a UE identifier (UEIN);
comparing the UEIN against a stored plurality of UEINs issued to authorized clients to verify that the requesting client is authorized to access the service;
sending to the client a challenge in response to the API call after verifying that the client is authorized to access the service, wherein the challenge is an encryption challenge that requires the client to perform an encryption operation based on the UEIN;
determining when a response message received from the client in response to the challenge is valid;
modifying the API call to conform to an expected format of the API function at least by omitting the UEIN, and issuing the modified API call to the API function, in response to validating the response message;
determining when a number of API calls comprising the UEIN exceed a threshold request volume; and
initiating a security mitigation action, when the determination indicates the number of API calls exceeds the threshold request volume.

US Pat. No. 11,032,242

COMMUNICATION PROTOCOLS IN INTEGRATED SYSTEMS

iControl Networks, Inc., ...

1. A system comprising:a gateway device in communication, via a first protocol, with a security system located at a premises;
a touchscreen device located at the premises and configured to output a plurality of user interfaces, wherein the touchscreen device is in communication with the gateway device, wherein the plurality of user interfaces comprises:a security user interface configured to facilitate control of functions of the security system via communications with the security system and access to data collected by the security system; anda network user interface configured to facilitate access to one or more network devices located at the premises; anda remote device configured to receive, from the gateway device and via a second protocol different from the first protocol, data associated with one or more of the security system or the one or more network devices.

US Pat. No. 11,032,241

SYSTEMS AND METHODS FOR APPLICATION LEVEL FAULT INJECTION FOR PARALLEL TESTS

Walmart Apollo, LLC, Ben...

1. A system, comprising:at least one processor operatively coupled with a datastore, the at least one processor configured to:
receive, from a user device, a request message comprising a request component uniform resource locator including a session identifier;
identify, by the at least one processor, a current rule identifier appended to the request component uniform resource locator, wherein the current rule identifier is different from the session identifier;
retrieve, from the datastore, a rule definition comprising instructions to be executed based on identification of the current rule identifier, wherein the rule definition comprises a rule condition and a rule consequence;
execute the rule consequence in response to determining that the rule condition is satisfied;
receive, from the user device, a second request message comprising a second request component uniform resource locator;
determine that the second request message does not comprise a rule identifier appended to the second request component uniform resource locator;
produce a redirect uniform resource locator in response to determining that the second request message does not comprise a rule identifier, wherein the redirect uniform resource locator comprises a second current rule identifier appended to the second request component uniform resource locator; and
send, to the user device, a redirection instruction comprising the redirect uniform resource locator, wherein the redirection instruction indicates that a resource requested by the second request message has been temporarily moved to the redirect uniform resource locator.

US Pat. No. 11,032,240

ESTABLISHING CONNECTIONS BETWEEN DATA STORAGE DEVICES

Western Digital Technolog...

1. A method for communicating from a first device behind a first network address translation (NAT) to a second device, the method comprising:determining a number of ports required to achieve a desired probability of a first amount of randomly-selected port numbers having at least one matching port number with a second amount of randomly-selected port numbers, wherein the desired probability is at least 90% and the number of ports is less than 2% of selectable port numbers;
creating a first set of sockets associated with a first set of ports of the first NAT, the first set of ports equal to the determined number of ports, the first set of ports having at least 100 port numbers randomly selected by the first NAT;
transmitting a set of packets to the second device via the first set of sockets;
waiting to receive, on the first device, a first packet from the second device on the first set of sockets, the second device configured to transmit using at least another 100 randomly-selected port numbers;
determining whether the first packet has been received from the second device via a first socket of the first set of sockets; and
responsive to the first packet being received, establishing a connection from the first device to the second device via the first socket.

US Pat. No. 11,032,239

METHODS AND SYSTEMS FOR PROVIDING GLOBAL INTERNET PROTOCOL (IP) ADDRESSES

1. An apparatus, comprising:a processing system including a processor; and
a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations comprising:
receiving, from a first network, a first request for a first global internet protocol (IP) address that is to be allocated to a first device that is provisioned on the first network, the first device being provisioned on the first network prior to allocation of the first global IP address, the first device being provisioned on the first network via use of a first subscriber identity that is associated with the first device and that is recognized by the first network, the first request including the first subscriber identity;
generating, responsive to the first request, the first global IP address, the first global IP address enabling communication with the first device when the first device is subsequently registered on a second network, the first subscriber identity being stored in a database as corresponding to the first global IP address that is generated;
sending, to the first network, the first global IP address that had been generated;
receiving, from the second network, a second request for a second global IP address that is to be allocated to a second device that is operative on the second network, the second device being registered on the second network prior to allocation of the second global IP address, the second device being registered on the second network via use of a second subscriber identity that is associated with the second device and that is recognized by the second network, the second request including the second subscriber identity;
generating, responsive to the second request, the second global IP address, the second global IP address enabling communication with the second device when the second device is subsequently registered on the first network, the second subscriber identity being stored in the database as corresponding to the second global IP address that is generated; and
sending, to the second network, the second global IP address that had been generated.

US Pat. No. 11,032,238

GENERATING CONTENT BASED ON SEARCH INSTANCES

EL TORO.COM, LLC, Louisv...

1. A method implemented by one or more processors, comprising:receiving a search instance comprising:
a source identifier transmitted over one or more networks in conjunction with electronic submission of at least one search associated with the search instance, the source identifier indicating one or more characteristics of at least one of: a computing device that submitted the search instance and a user of the computing device that submitted the search instance, and
search content of the at least one search associated with the search instance, the search content indicating at least one of: content included in the at least one search and content provided in response to the at least one search;
identifying a campaign based on the campaign being electronically stored in association with the search content of the search instance;
based on the campaign being electronically stored in association with the search content of the search instance, and based on the search instance including the source identifier:
identifying an additional source identifier that is geographically similar to the source identifier of the search instance, wherein identifying the additional source identifier that is geographically similar to the source identifier of the search instance comprises identifying the additional source identifier based on:
determining an additional physical address that satisfies one or more geographic proximity criteria relative to a physical address assigned to the source identifier of the search instance, wherein the additional physical address is different from the physical address assigned to the source identifier of the search instance, and
identifying the additional source identifier based on it being stored in association with the additional physical address that satisfies the one or more geographic proximity criteria relative to the physical address assigned to the source identifier of the search instance; and
based on the campaign being electronically stored in association with the search content of the search instance, and based on the additional source identifier being geographically similar to the source identifier of the search instance:
assigning the campaign to the additional source identifier in one or more computer readable media for providing electronic campaign content tailored to the campaign in response to a future electronic request from the additional source identifier.

US Pat. No. 11,032,237

CHANGING A BASIC SERVICE SET COLOR IDENTIFIER

NXP USA, INC., Austin, T...

1. A method in a wireless local area network (WLAN), comprising:determining, at a communication device, that a first value of a first basic service set (BSS) color identifier is the same as a value of a second BSS color identifier, wherein the first BSS color identifier corresponds to a first wireless network and the second BSS color identifier corresponds to a second wireless network that neighbors the first wireless network, and wherein the first BSS color identifier is shorter than a BSS identifier (BSSID) corresponding to the first wireless network;
determining, at the communication device, a second value of the first BSS color identifier in response to determining that the first value of the first BSS color identifier is the same as the value of the second BSS color identifier;
transmitting, by the communication device, one or more packets that each include i) an indication that the first BSS color identifier is changing, ii) the second value of the first BSS color identifier, and iii) a respective indicator of a start time when the second value of the first BSS color identifier will take effect; and
based on the start time, beginning to use, at the communication device, the second value of the first BSS color identifier with communications with other communication devices in the first wireless network.

US Pat. No. 11,032,236

TECHNOLOGIES FOR CONTENT DELIVERY NETWORK WITH MULTI-ACCESS EDGE COMPUTING

Intel Corporation, Santa...

1. An edge computing device for mobile content delivery, the edge computing device comprising:a multiple access framework to receive a content request from a mobile terminal, wherein the content request is associated with an identifier of a network content resource; and
a zone specific proxy to (i) modify the content request to generate a modified content request, wherein the modified content request is indicative of a network location of the zone specific proxy; and (ii) transmit the modified content request to a content delivery network server.

US Pat. No. 11,032,235

SYSTEM AND METHOD FOR MULTI-AGENT COORDINATION

Dell Products L.P., Hopk...

1. A host, comprising:persistent storage storing an address conversion table that associates targets of repurposed communications with commands to be performed by entities that receive the repurposed communications, wherein the targets of the repurposed communications are network endpoints that do not exist within a network segment of which the host is a member;
a processor programmed to execute a communication manager programmed to:
obtain a multi-agent initiation request from an application;
generate a network communication based on the multi-agent initiation request using the address conversion table, wherein the network communication comprises one of the repurposed communications that specifies a target of the targets, wherein the target is based on a type of command specified by the multi-agent initiation request; and
transmit the network communication to at least two other hosts on the network segment to initiate the type of the command by at least one of the at least two other hosts.

US Pat. No. 11,032,234

ARP OFFLOADING FOR MANAGED HARDWARE FORWARDING ELEMENTS

NICIRA, INC., Palo Alto,...

1. For a first managed hardware forwarding element (MHFE), a method for processing address resolution protocol (ARP) requests in a network comprising a plurality of managed software forwarding elements (MSFE) and at least one additional MHFE, the method comprising:sending an ARP request comprising a layer 3 (L3) address from the first MHFE to a service node configured to respond to ARP requests from MHFEs, wherein the first MHFE and a set of MSFEs together implement at least one logical forwarding element (LFE), wherein the ARP request sent to the service node relates to the LFE, wherein the service node (i) identifies the LFE associated with the ARP request and the set of MSFEs that implement the identified LFE and (ii) replicates the ARP request to the set of MSFEs;
receiving a layer 2 (L2) address in response to the ARP request from one of (i) the service node, when the service node stores a mapping from the L3 address to the L2 address locally or receives the mapping from one of the MSFEs and (ii) a second MHFE, when the service node does not store the mapping locally and the second MHFE stores the mapping; and
updating one of a plurality of media access control (MAC) tables with the received L2 address for specifying a destination of a packet received by the first MHFE.

US Pat. No. 11,032,233

CHECKOUT CHASSIS CHAT PLATFORM

VISA INTERNATIONAL SERVIC...

1. A computerized method for integrating message-based services with external execution environments comprising:receiving, by a processor, from a first external execution environment a request to access message-based services of a messaging software on a mobile device to enable a user to interact with the first external execution environment via the messaging software with services from a second external execution environment, wherein the messaging software is configured to interact with the user on the mobile device;
determining, by the processor, whether the first external execution environment includes a pre-existing relationship with the messaging software based on a messaging identification (ID) of the messaging software, the messaging ID comprises at least the following information: user information with the messaging software, a version information of the messaging software, a hardware ID of the mobile device;
in response to the determination being negative:
processing, by the processor, the request;
requesting, by the processor from the messaging software, access as a function of a platform ID to the second external execution environment on behalf of the first external execution environment, the platform ID comprises information associated with the second external execution environment;
receiving, by the processor a response including the platform ID from the second external execution environment granting the access; and
granting, by the processor, the request from the first external execution environment to access the message-based services in the messaging service on the mobile device while integrating the services from the second external execution environment to the messaging software; or
in response to the determination being positive:
identifying, by the processor, the pre-existing relationship based one or more of the following: a provider ID, the platform ID, and the messaging ID;
identifying, by the processor, parameters associated with the pre-existing relationship; and
granting, by the processor in the messaging software, the request.

US Pat. No. 11,032,232

CHAT-BASED SUPPORT OF MULTIPLE COMMUNICATION INTERACTION TYPES

Nokia of America Corporat...

1. An apparatus, comprising:at least one processor; and
at least one memory including program code;
wherein the at least one memory and the program code are configured to, with the at least one processor, cause the apparatus to at least:
support, based on a location of a device having a first chat application configured to provide a chat-based communication interface for a first entity, association of a second chat application with the first chat application, wherein the second chat application is configured to provide a chat-based communication interface for a second entity;
identify, automatically in response to the association of the second chat application with the first chat application, a set of additional chat applications configured to provide respective chat-based communication interfaces for a respective set of additional entities;
send, toward the first chat application, an indication of an availability of the set of additional chat applications, wherein the indication is configured to provide an opportunity for the first entity to request association of one or more of the additional chat applications with the first chat application;
receive, from the first chat application, an indication of a request by the first entity to associate at least one of the additional chat applications with the first chat application; and
initiate, based on the indication of the request by the first entity to associate the at least one of the additional chat applications with the first chat application, establishment of at least one chat session between the first chat application and the respective at least one of the additional chat applications.

US Pat. No. 11,032,231

TECHNIQUES TO CONVERT MULTI-PARTY CONVERSATIONS TO AN EDITABLE DOCUMENT

FACEBOOK, INC., Menlo Pa...

1. A computer-implemented method, comprising:analyzing sent and received messages in a messaging conversation in a messaging application using a domain-specific extractor, the domain-specific extractor providing a probability that one or more messages in the messaging conversation pertain to a particular domain associated with the domain-specific extractor;
determining that some or all of the one or more messages have a probability that exceeds a threshold for the domain;
displaying, in the messaging conversation, a note monitoring notification associated with the messages having a probability exceeding the threshold, the note monitoring notification providing a visual notification of a portion of the being considered for inclusion in an editable note:
accessing social graph information regarding participants in the messaging conversation;
determining, based on the social graph information, that the one or more participants have a domain-relevant relationship; and
lowering the threshold for the domain based on the domain-relevant relationship.

US Pat. No. 11,032,230

METHOD, SERVER, AND PROGRAM FOR MANAGING NOTIFICATION

GREE, INC., Tokyo (JP)

1. A method for managing a notification by a notification server, the method comprising:storing a new notification, when receiving the new notification to a user device from an application server, the application server being configured to supply a service for a plurality of applications to the user device, the plurality of applications comprising at least a first application and a second application that is different from the first application, the first application and the second application being installed in the user device;
determining whether the first application is in use based on use status information;
executing a predetermined calculation for the notification based on a usage frequency of the second application to obtain a calculation result, when determining that the first application is in use, the notification being related to the second application;
outputting the notification to a display of the first application on the user device, when the calculation result satisfies a predetermined condition; and
transferring, after the executing of the predetermined calculation for the notification based on the usage frequency of the second application, the notification related to the second application from the notification server to the user device for display on the second application, when the calculation result does not satisfy the predetermined condition, the notification being output to the second application on the user device by activating the second application by the user device, without the notification being displayed on the first application on the user device while the first application is in use.

US Pat. No. 11,032,229

SYSTEM AND METHOD FOR VISUAL CLASSIFICATION OF EMAIL PARTICIPANTS

International Business Ma...

1. A computer-implemented method comprising:identifying a recipient contact of an electronic message during composition of the electronic message;
retrieving attribute information of the recipient contact from an email account, a social media profile, a company profile, a manual entry, and stored information associated with the contact, wherein the attribute information includes a job role attribute and a job title attribute of the recipient contact, a band level attribute of the recipient contact, and a company attribute of the recipient contact,
classifying the recipient contact based on the one or more retrieved attributes of the recipient contact, wherein classifying the recipient contact comprises:
comparing the job role attribute and the job title attribute of the recipient contact with a job role and a job title of an author of the electronic message;
associating the recipient contact with a job role classification based on the comparison between the job role attribute and the job title attribute of the recipient contact and the job role and the job title of the author;
comparing the band level attribute of the recipient contact with a band level of the author;
associating the recipient contact with a band level classification based on the comparison between the band level attribute of the recipient contact and the band level of the author;
comparing the company attribute of the recipient contact with a company of the author;
associating the recipient contact with a company classification based on the comparison between the company attribute of the recipient contact and the company of the author;
highlighting the recipient contact's name displayed in a “To” field of the electronic message, wherein the highlighting comprises a color-coded hatched pattern corresponding to the classification of the recipient contact, wherein unique colors and unique hatched patterns are assigned to each of the job role classification, the band level classification, and the company classification; and
disabling the ability to send the electronic message and providing a visual warning message based upon a length of the electronic message exceeding a predetermined length associated with the classification of the recipient contact, wherein the visual warning message comprises a reason for displaying the visual warning message and suggestions on how to modify the electronic message prior to sending based on the reason for displaying the visual warning message.

US Pat. No. 11,032,228

SYSTEMS AND METHODS FOR MESSAGE COLLECTION

1. A system that processes content disposed in an electronic communication received from a user device of a user, the user device assigned a routing character string, the system being a tangibly embodied computer, the system including instructions on a non-transitory computer readable medium, the system comprising:(A) a communication processor that inputs the electronic communication received from the user device, the electronic communication including communication content and the routing character string, and (1) the communication content constituted by data generated as a result of, and representative of, characters keyed into the user device by the user, the communication content including at least a character string, and (2) the character string having been keyed in by the user to the user device and represented in the electronic communication, input by the communication processor, as such; and
(B) a processor that maintains a trig map for the user in a database, the trig-map including a plurality of trig-map items; and each trig-map item including (a) a list-trig and (b) associated responsive content;
(C) the processor performing processing including:
(1) identifying the user based on the routing character string;
(2) identifying, based on at least one selected from the group consisting of the user that was identified and the routing character string, the trig-map associated with the user;
(3) identifying the character string contained in the electronic communication;
(4) comparing the character string to the list of list-trigs;
(5) determining that the character string matches with a list-trig, the list-trig that matched constituting a matched list-trig;
(6) mapping the matched list-trig to associated responsive content for the matched list-trig; and
(7) outputting responsive content to the user in the form of a responsive communication using a predetermined channel; and
the maintaining the trig map for the user including generating a GUI (graphical user interface) to interface with the user, the GUI including:
interfacing with the user for the user to select to add a further trig-map item; interfacing with the user including generating a first field and a second field in the GUI;
interfacing with the user to populate the first field of the GUI, and the first field accepting input of a list-trig from the user, and the input list-trig being the matched list-trig;
interfacing with the user to populate the second field of the GUI, and the second field accepting input of responsive content, for the list-trig, from the user;
performing a check on format of the list-trig, which was input to determine if the list-trig is of an acceptable format;
mapping the input list trig to the input responsive content, and storing the mapping in a database;
further interfacing with the user, at a later time, to edit the further trig-map item; and
the processor associating the further trig-map item with indicia to reflect that the further trig-map item has been edited, and the indicia displayed to the user via a GUI; and
the character string constituted by a command, a trick, and a bin name.

US Pat. No. 11,032,227

STACKED CHAT CONVERSATIONS

Snap Inc., Santa Monica,...

1. A method comprising:presenting, by a client device a first conversation cell corresponding to a first chat conversation; and
in response to receiving a user selection of the first conversation cell:
displaying a list of group messages exchanged between a plurality of members of a group associated with the first conversation cell, the list of group messages being accessible by each of the plurality of members of the group;
displaying, within the list of group messages, concurrently with the list of group messages, one or more private messages exchanged exclusively between a subset of the plurality of members; and
scrolling through the one or more private messages independently of the list of group messages in response to a user input.

US Pat. No. 11,032,226

SYSTEMS AND METHODS FOR RAPID ELECTRONIC MESSAGING TESTING AND POSITIONAL IMPACT ASSESSMENT IN A PROSPECT ELECTRONIC MESSAGING SERIES

CAASTLE, INC., New York,...

1. A computer-implemented method comprising:determining, by one or more processors, a set of email messages including at least a first email message and a second email message at least based on data regarding email marketing information and an electronic subscription platform collected from one or more sources and converted to one or more predetermined formats;
assigning, by the one or more processors, the first email message as a first initial email message from the set of email messages to be transmitted to one or more user devices;
transmitting, by the one or more processors, the set of email messages to a first plurality of devices associated with user identifiers, wherein each of the first plurality of user identifiers is associated with a customer of the electronic subscription platform, and wherein the first email message is transmitted as the first initial email message from the set of email messages to the first plurality of devices associated with user identifiers;
determining, by the one or more processors, a first performance indicator at least based on one or more responses to the first email message transmitted as the first initial email message from the set of email messages;
assigning, by the one or more processors, the second email message as a second initial email message from the set of email messages to be transmitted to one or more user devices;
transmitting, by the one or more processors, the set of email messages to a second plurality of devices associated with user identifiers, wherein each of the second plurality of user identifiers is associated with a customer of the electronic subscription platform, and wherein the second email message is transmitted as the second initial email message from the set of email messages to the second plurality of devices associated with user identifiers;
determining, by the one or more processors, a second performance indicator at least based on one or more responses to the second email message transmitted as the second initial email message from the set of email messages;
comparing, by the one or more processors, the first performance indicator and the second performance indicator; and
sorting, by the one or more processors, a sequence of the set of email messages by ordering the first email and the second email based on the comparison of the first performance indicator to the second performance indicator.

US Pat. No. 11,032,223

FILTERING ELECTRONIC MESSAGES

Rakuten Marketing LLC, S...

1. A method of generating filters operable to filter a population of electronic messages transmitted between network nodes and stored in association with respective user accounts on one or more network data storage systems managed by one or more messaging servers, each electronic message being associated with a respective sender, a respective header, and a respective body, the method comprising:fetching, for each sender, a respective sample of electronic message headers in the electronic message population that are associated with the sender and stored on one of more of the network data storage systems across multiple of the user accounts;
processing, by a processor, subject fields in the fetched sample of electronic message headers to obtain measures of content similarity that compare similarity and diversity of contents in the subject fields in the fetched sample of the electronic message headers;
grouping, by sender domain, ones of the headers in the sample into clusters, wherein the grouping is based on a density based clustering process that correlates the clusters with respective dense regions in a clustering data space in which the headers in the sample are separated from one another based on the similarities and diversities between respective pairs of the headers in the sample;
classifying, by an electronic message classifier, a respective sample of electronic messages selected from each cluster of headers, wherein the electronic message classifier assigns to electronic messages in the sample respective labels based on a predefined set of electronic message labels and associated confidence levels; and
for each cluster that is assigned a purchase related electronic message label, automatically generating a respective filter for filtering purchase related electronic messages.

US Pat. No. 11,032,222

NOTIFYING USERS OF OFFENSIVE CONTENT

Facebook, Inc., Menlo Pa...

1. A method comprising:receiving, from a computing device associated with a user account, content to be shared by the user account;
inputting the content into a machine-learned model trained to identify potentially offensive content;
receiving, from the machine-learned model, a score associated with an offensiveness of the content;
comparing the score to a threshold score corresponding to an offensiveness level;
sending, to the computing device associated with the user account and based at least in part on the score being greater than the threshold score, an instruction to present a notification associated with the content for a duration of time;
withholding the content from being transmitted by the user account for the duration of time; and
transmitting the content based at least in part on the duration of time elapsing.

US Pat. No. 11,032,221

METHODS AND DEVICES FOR CONTROLLING THE TIMING OF NETWORK OBJECT ALLOCATION IN A COMMUNICATIONS NETWORK

ALIBABA GROUP HOLDING LIM...

1. A method comprising:determining, by a server, a communication context of an allocation source and an allocation destination on a communication application, the communication context comprising a mode of communication of a communication application executed by the allocation source and the allocation destination;
receiving, at the server, an object allocation message submitted by the allocation source via the communications application to allocate a number of to-be-allocated objects from an object set associated with the allocation source to the allocation destination, the object allocation message including an identification of the allocation source, the number of to-be-allocated objects, and an object allocation time, the object allocation destination being determined based on the communication context, the object allocation time generated by performing an operation selected from the group consisting of: selecting a preferred number associated with the allocation destination, and discarding one or more numbers not preferred by the allocation destination;
extracting, by the server from the object set associated with the allocation source, objects corresponding to the number of to-be-allocated objects; and
controlling, by the server, acquisition times when the allocation destination will acquire the objects, so that the acquisition times do not happen before the object allocation time.

US Pat. No. 11,032,220

ARCHITECTURE FOR PERFORMING ACTIONS IN A THIRD-PARTY SERVICE BY AN EMAIL CLIENT

AirWatch LLC, Atlanta, G...

1. A system comprising:at least one computing device comprising a processor and a memory; and
a management service executable by the at least one computing device, the management service causing the at least one computing device to at least:
initiate enrollment of a client device with the management service as a managed device;
initiate installation of an email client on the client device, wherein the email client is installed as a managed application that is managed by the management service;
generate an email service profile associated with a third-party service, wherein the email service profile specifies a regular expression that the email client can apply to identify an email associated with the third-party service, wherein the email client can identify the email message using the regular expression and take an action in the third-party service based upon the email message, the third-party service being different from an email account corresponding to the email message; and
initiate installation of the email service profile on the client device by the management service, wherein the email service profile is installed as a configuration profile on the client device, wherein the configuration profile is installed through a management application programming interface (API) provided by an operating system of client device, the management API accessible by a management component installed on the client device with elevated privileges.

US Pat. No. 11,032,219

NETWORK AWARE APPLICATION DEPENDENT ADAPTIVE PROTOCOL SELECTION FOR IOT COMMUNICATIONS

Intel Corporation, Santa...

8. A device comprising:a processor;
a network interface; and
a non-transitory machine readable medium, comprising instructions, which when performed by the processor, cause the processor to:
discover, by communications with the remote device, a set of at least two supported application-layer communications protocols of a remote device;
receive a message from a source application executing on the computer processor;
select a first application-layer communications protocol from of the set of supported application-layer communications protocols for transmission of the message, the selection based upon a characteristic of a computer network used to communicate with the remote device and a communication characteristic of the source application of the message;
construct the message according to the first application-layer communications protocol;
transmit the message to the remote device over the computer network using the first application-layer communications protocol and the network interface; and
subsequent to transmitting the message:
select a second application-layer communications protocol from the set of supported application-layer communication protocols, the second application-layer communications protocol different from the first application-layer communications protocol;
construct a second message from the source application according to the second application-layer communications protocol; and
transmit the second message to the remote device over the computer network using the second application-layer communications protocol.

US Pat. No. 11,032,218

METHOD AND SYSTEM OF CONVERTING EMAIL MESSAGE TO AI CHAT

Capital One Services, LLC...

1. A method of establishing an interactive communication session between a client device and a back-end computing system request, comprising:receiving, via an application programming interface (API) call from a web server of an organization computing system, a dialogue request contained in a hypertext transfer protocol (HTTP) request that was generated in response to a user selection of a hyperlink, wherein the hyperlink is embedded in an electronic mail message;
parsing, by a back-end computing system, the dialogue request to determine a user that initiated the dialogue request and a topic corresponding to the dialogue request;
responsive to the dialogue request, generating, by the back-end computing system, a text message in reply to the dialogue request triggered by the user selection of the hyperlink based on the topic of the dialogue request;
transmitting, by the back-end computing system, the text message to a client application executing on a remote client device of the user based on the parsing;
receiving, by the back-end computing system, an additional text message from the remote client device in response to the text message;
identifying, by the back-end computing system, an additional request contained in the additional text message;
generating, by the back-end computing system, a reply text message comprising an additional response to the additional request; and
transmitting, by the back-end computing system, the reply text message to the client application executing on the remote client device.

US Pat. No. 11,032,217

REUSING ENTITIES IN AUTOMATED TASK-BASED MULTI-ROUND CONVERSATION

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of automated multi-round task-based conversation with a user, the computer-implemented method comprising:in a first round conversation between a user and a data processing system involving at least one first task, cognitively identifying, by the data processing system, one or more first entity needed to perform the at least one first task and one or more first intent, based on a first input statement received by the data processing system from the user;
predicting, by the data processing system, at least one of the one or more first entity to be reused in a subsequent conversation based on the first round conversation and at least one conversation prior to the first round conversation, resulting in one or more reusable first entity;
in a second round conversation between the user and the data processing system involving at least one second task different from the at least one first task, the second round conversation being subsequent to the first round conversation, cognitively identifying, by the data processing system, one or more second entity needed to perform the at least one second task and one or more second intent, based on a second input statement received by the data processing system from the user; and
reusing, by the data processing system, at least one of the one or more reusable first entity in the second round conversation resulting in at least one reused first entity, wherein the at least one reused first entity matches at least one of the one or more second entity.

US Pat. No. 11,032,216

MERGING READ REQUESTS IN NETWORK DEVICE ARCHITECTURE

Marvell Asia Pte, Ltd., ...

9. A method of reading data from memory in a network device, the method comprising:receiving, at a memory controller device of a network device, read requests to read packet data corresponding to packets from a packet memory of the network device, the read requests including respective addresses in the packet memory at which respective packet data are stored, wherein the packet data correspond to packets that are received by the network device from one or more network links;
storing, by the memory controller device, received read requests in a buffer;
selectively merging, by the memory controller device, a newly received read request with a previously received read request that is stored in the buffer to form a merged read request in response to a determination that the newly received read request is to read stored packet data from an address of the packet memory that matches the address of the previously received request that is stored in the buffer; and
serving, by the memory controller device, the merged read request, without separately serving both the newly received read request and the previously received read request, including providing data retrieved from an address of the packet memory specified in the merged read request to respective read client devices that issued the newly received read request and the previously received read request.

US Pat. No. 11,032,215

ALLOCATING VIRTUAL RESOURCE BASED ON BLOCK CHAIN

Advanced New Technologies...

1. A computer-implemented method for allocating a virtual resource, the method comprising:receiving, by a node in a blockchain, resource allocation transaction data sent by a client, wherein the resource allocation transaction data comprises a target user identifier of a target user engaging in a service managed by a service operator;
responsive to receiving the resource allocation transaction data, invoking, by the node in the blockchain, verification logic in a smart contract deployed in the blockchain to verify that a service indicator of the target user within a preset service cycle satisfies a virtual resource allocation condition;
responsive to invoking the verification logic in the smart contract, obtaining, by the node in the blockchain, a user list, wherein the user list comprises a list of user identifiers corresponding to service indicators that satisfy the virtual resource allocation condition; and
when the user list does not comprise the target user identifier, determining a first amount of virtual resources held in a blockchain account corresponding to the target user identifier on the blockchain and transferring the first amount of the virtual resources held in the blockchain account into a virtual resource pool, or
when the user list comprises the target user identifier, invoking virtual resource allocation logic in the smart contract to allocate a second amount of the virtual resources to the target user from the virtual resource pool and transfer the second amount of the virtual resources to the blockchain account corresponding to the target user identifier,
wherein the virtual resources are associated with the service operator that manages the service.

US Pat. No. 11,032,214

METHOD, APPARATUS, AND SYSTEM FOR MANAGING NETWORK SLICE INSTANCE

Huawei Technologies Co., ...

1. A method, comprising:receiving, by a first network device, a network slice instance creation request from a transmit end device, wherein the network slice instance creation request requests to create a target network slice instance, and the network slice instance creation request comprises description information of the target network slice instance;
determining, by the first network device, a network function for the target network slice instance based on the description information of the target network slice instance;
in response to the network function being a virtualized network function, instructing, by the first network device, a third network device to create the network function;
sending, by the first network device after creation of the network function, network function configuration indication information to a second network device based on the description information, wherein the network function configuration indication information instructs the second network device to configure the network function of the target network slice instance;
receiving, by the first network device, network function configuration response information sent by the second network device, wherein the network function configuration response information indicates that configuration of the network function of the target network slice instance is completed; and
sending, by the first network device, network slice instance creation response information to the transmit end device, wherein the network slice instance creation response information indicates that creation of the target network slice instance is completed.

US Pat. No. 11,032,213

CENTRALIZED MANAGEMENT OF COMPUTING RESOURCES ACROSS SERVICE PROVIDER NETWORKS

Amazon Technologies, Inc....

1. A computer-implemented method comprising:providing, by a first service provider network, a development interface to create infrastructure schemas that define resource types for provisioning computing resources in service provider networks, wherein individual ones of the infrastructure schemas are specific to different service provider networks;
receiving, through the development interface, parameters relating to a first infrastructure schema defining a first resource type to be created for the first service provider network;
creating the first infrastructure schema defined for the first service provider network using the development interface based at least in part on the parameters, the first infrastructure schema defining the first resource type for provisioning in the first service provider network;
publishing the first infrastructure schema in a repository associated with the first service provider network;
receiving a second infrastructure schema defined for the second service provider network and created using the development interface, the second infrastructure schema defining a second resource type for provisioning in a second service provider network;
publishing the second infrastructure schema in the repository associated with the first service provider network;
receiving, from a user account associated with the first service provider network, an infrastructure template that defines configuration data for provisioning a computing resource corresponding to the second resource type;
validating the infrastructure template against the second infrastructure schema defining the second resource type; and
utilizing the infrastructure template defining the configuration data to provision the computing resource in the second service provider network on behalf of the user account.

US Pat. No. 11,032,212

SYSTEMS AND METHODS FOR PROVISION OF A GUARANTEED BATCH

Google LLC, Mountain Vie...

1. A method comprising:receiving, at data processing hardware, a request corresponding to a batch workload for execution on computing resources of a computing environment, the request comprising a list of tasks requesting execution on the computing resources;
determining, by the data processing hardware, a resource allocation budget uniquely associated with a user that initiates the request, the resource allocation budget representing a maximum amount of computing resources the user can consume from the computing environment that is less than a total amount of computing resources of the computing environment;
determining, by the data processing hardware, resource commitments for the user associated with the request, the resource commitments corresponding to a job queue for the user;
identifying, by the data processing hardware, a specification corresponding to the request that indicates dependencies for one or more tasks of the list of tasks; and
allocating, by the data processing hardware, computing resources to tasks of the request based on the resource allocation budget, the resource commitments, and the dependencies of the list of tasks.

US Pat. No. 11,032,211

COMMUNICATIONS HUB

OOMA, INC., Sunnyvale, C...

1. A method for end point data communications anonymization for a local communications hub disposed in a local residence, the method comprising:receiving by the local communications hub a first request from a computing device, the first request being addressed to a server;
requesting by the local communications hub, from a remote service, a randomly selected first remote communications hub;
randomly selecting, by the remote service, the first remote communications hub from a plurality of remote communications hubs, the first remote communications hub being disposed in a geographically or topologically distinct location relative to the computing device;
modifying the first request, by the local communications hub, to generate a first modified request by encapsulating the first request with remote headers, wherein the remote headers have a destination address of the remote service;
sending the first modified request from the remote service to the first remote communications hub, the first remote communications hub modifying the first modified request to produce a second modified request, and the first remote communications hub forwarding the second modified request to the server, wherein the modifying includes extracting traffic data from the first modified request and the second modified request indicates the first remote communications hub as a source address;
receiving, at the first remote communications hub, a first response to the second modified request from the server;
modifying, by the first remote communications hub, the received first response to produce a first modified response, wherein modifying includes re-encapsulating the first response with headers having the remote service as a first modified response destination address;
modifying the first modified response, by the remote service, to produce a second modified response, wherein the second modified response is modified to have a second modified source address of the server and a second modified destination address of the computing device; and
providing the second modified response to the local communications hub and on to the computing device.

US Pat. No. 11,032,210

SOFTWARE LOAD BALANCER TO MAXIMIZE UTILIZATION

PayPal, Inc., San Jose, ...

1. A system comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
in response to receiving a sequence of requests for computing services, determining that a first request for computing services from the sequence of requests for computing services corresponds to a first command group from a plurality of command groups, wherein the plurality of command groups is determined based on a response time distribution for processing a plurality of historic requests for computing services;
distributing the first request for computing services to a first computing node in a first ordered list of computing nodes configured to process requests corresponding to the first command group, wherein each computing node in the first ordered list of computing nodes comprises a computing machine;
determining whether the first computing node has reached a first compute capability threshold; and
in response to determining that the first computing node has reached the first compute capability threshold, distributing a second request for computing services from the sequence of requests for computing services to a second computing node in the first ordered list of computing nodes.

US Pat. No. 11,032,209

MULTIMEDIA CONTENT CROSS SCREEN SYNCHRONIZATION APPARATUS AND METHOD, AND DISPLAY DEVICE AND SERVER

Industrial Technology Res...

1. A multimedia content cross screen synchronization apparatus, adapted to interact with a mobile device, the multimedia content cross screen synchronization apparatus comprising:a video player, providing a plurality of stream channels to a user to select, wherein each of the stream channels displays a multimedia content, the multimedia contents displayed by at least two channels of the stream channels contain different prompt messages, each of the at least two channels contains only one unique predefined prompt message out of the different prompt messages, and the prompt messages in different channels of the at least two channels of the stream channels prompt the user to perform different corresponding behaviours on the mobile device, wherein the mobile device senses one of the different corresponding behaviours performed on the mobile device to generate a behaviour sensing result as a feedback signal; and
a server, receiving the feedback signal including the behaviour sensing result, provided by the mobile device based on sensing the only one unique predefined prompt message selected by the user, to determine which one of the at least two channels is currently viewed by the user, and selecting a corresponding application service from a plurality of application services according to the feedback signal transmitted from the mobile device, so as to provide the corresponding application service to the mobile device, wherein the feedback signal corresponds to the prompt message contained by the multimedia content of one of the stream channels, wherein prompting the user to perform the different corresponding behaviours on the mobile device comprises clicking a touch panel of the mobile device, clicking an icon displayed by the mobile device, sliding on the touch panel of the mobile device, shaking the mobile device, turning over the mobile device, tapping the mobile device, making the mobile device to move along a specific trajectory in space, or talking to the mobile device.

US Pat. No. 11,032,208

INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT

KABUSHIKl KAISHA TOSHIBA,...

1. An information processing apparatus comprising:one or more processors configured to:
perform a prefetching process that prefetches a scheduling entry corresponding a future time period in advance from scheduling information including one or more scheduling entries, each entry of which at least contains a transmission state and an interval for each of one or more transmission queues; and
perform a scheduling process that determines a starting time of transmission for one or more frames waiting for transmission in each queue, based on the scheduling entry, wherein
at least one of timing of the prefetching process and timing of the scheduling process is determined, based on a result of comparison of a time difference and one or more thresholds, where the time difference is a difference between current time and future time, the future time being a candidate for starting time of transmission, and
the processors are configured to:
evaluate each frame waiting for transmission in each queue and determine one or more schedulable frames, when the time difference is more than a first threshold, and the time difference is not more than a third threshold, wherein the first threshold is equal to or less than the third threshold,
perform no evaluation to determine one or more schedulable frames, when the time difference is equal to or less than the first threshold, or the time difference is more than the third threshold, and
schedule the starting time of transmission of the one or more schedulable frames.

US Pat. No. 11,032,207

LINK AGGREGATION WITH FLOATING PRIMARY LINK

QUALCOMM INCORPORATED, S...

18. A method performed by a wireless station (STA), comprising:establishing a primary communication link between the STA and an access point (AP), the primary communication link being associated with one or more first wireless channels, access to the primary communication link being based on contention among the STA and the AP;
selectively accessing a secondary communication link between the STA and the AP based at least in part on having access to the primary communication link, the secondary communication link being associated with one or more second wireless channels;
receiving primary link information from the AP indicating a change in the primary communication link; and
dynamically changing the primary communication link from the one or more first wireless channels to the one or more second wireless channels based at least in part on the primary link information.

US Pat. No. 11,032,206

PACKET-CONTENT BASED WRED PROTECTION

MELLANOX TECHNOLOGIES TLV...

1. A network element, comprising:multiple ports, configured to serve as ingress ports and egress ports for receiving and transmitting packets from and to a network;
a buffer which queues the packets received from the ingress ports;
a weighted random early detection (WRED) system which is configured to determine when a fill level of the buffer requires random packet dropping to avoid congestion, to determine first flows from which packets are to be dropped when random packet dropping is required, to drop packets which are not TCP-SYN or TCP-FIN packets from the first flows in accordance with a first dropping probability and to drop TCP-SYN packets of the first flows with a second dropping probability lower than the first dropping probability; and
a forwarding system which forwards the queued packets, which were not dropped, to the egress ports.

US Pat. No. 11,032,205

FLOW CONTROL METHOD AND SWITCHING DEVICE

Huawei Technologies Co., ...

1. A method, comprising:when congestion is detected, determining, by a first switching device, a key flow based on a preset condition, wherein the key flow is one data flow selected from a plurality of data flows associated with a receive queue in the first switching device;
generating, by the first switching device, a back pressure message comprising a flow attribute value of the key flow; and
sending, by the first switching device, the back pressure message to an upstream device of the key flow, wherein the back pressure message instructs the upstream device of the key flow to pause sending of the key flow, the upstream device of the key flow is a second switching device and is connected to the first switching device, and the back pressure message has no impact on a sending of another data flow of the plurality of data flows other than the key flow by the upstream device of the key flow.

US Pat. No. 11,032,204

ENHANCING CAPACITY OF A DIRECT COMMUNICATION LINK

Viasat, Inc., Carlsbad, ...

1. A method comprising:coupling a network gateway device on a mobile platform with a plurality of user communication devices on the mobile platform via respective local communication links;
coupling the network gateway device with a ground station via a direct communication link, the ground station coupled with a network, the network comprising at least one source node for a message library, wherein the direct communication link comprises a satellite communication link between the ground station and the network gateway device;
coupling the network gateway device with a variable redundancy delivery network on the mobile platform;
receiving messages of the message library delivered to the network gateway device from the ground station in response to requests by the plurality of user communication devices;
storing the messages delivered by the direct communication link according to a storage policy for delivery from the variable redundancy delivery network to the plurality of user communication devices, the storage policy determined based at least in part on system variables of the variable redundancy delivery network and a probability density of the messages being requested by the plurality of user communication devices, the storage policy comprising a plurality of redundancy levels associated with a corresponding plurality of ranges of the probability density,
adapting the storage policy based at least in part on a change of one or more of the system variables of the variable redundancy delivery network; and
storing, subsequent to the change of the one or more of the system variables, the messages delivered by the direct communication link according to the adapted storage policy for delivery from the variable redundancy delivery network to the plurality of user communication devices.

US Pat. No. 11,032,203

PROVIDING PREDICTABLE QUALITY OF SERVICE TRAFFIC STEERING

Juniper Networks, Inc., ...

1. A method, comprising:receiving, by a first network device of a network, first traffic and second traffic,
wherein the first traffic and the second traffic originated from an endpoint device associated with the network;
assigning, by the first network device, a first priority to the first traffic and a second priority to the second traffic,
wherein the first priority is greater than the second priority;
providing, by the first network device and to a second network device, a first message requesting whether the second network device can process the first traffic with the first priority;
receiving, by the first network device, from the second network device, and based on the first message, a first response with a first value indicating that the second network device can process the first traffic with the first priority;
providing, by the first network device and to the second network device, a second message with a second value specifying:
the first priority for a first security association, and
the second priority for a second security association;
establishing, by the first network device and with the second network device, a path that includes the first security association and the second security association;
providing, by the first network device and to the second network device, the first traffic, with the first priority, via the first security association of the path;
providing, by the first network device and to the second network device, the second traffic, with the second priority, via the second security association of the path;
providing, by the first network device and to a third network device, a third message requesting whether the third network device can process the first traffic with the first priority and the second traffic with the second priority;
receiving, by the first network device, from the third network device, and based on the third message, a second response with a first value indicating that the third network device cannot process the first traffic with the first priority,
the first value indicating that the third network device is non-enabled for processing the first traffic with the first priority;
establishing, by the first network device and with the third network device, another path that includes the second security association; and
providing, by the first network device and based on the second response, the first traffic with the first priority and the second traffic with the second priority via the other path.

US Pat. No. 11,032,202

LOAD BALANCING IN DATA HOSTING SYSTEMS

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method in a data hosting network having a plurality of node elements, the method comprising:receiving, by a node element, a first data packet from a client, the first data packet including initial address space data comprising an initial destination network address and port identifier of the first data packet;
executing, by the first node element, first network address translation rules with respect to the first data packet, the first network address translation rules being executed to generate translated address space data of the first data packet by translating the initial destination network address and port identifier of the first data packet for routing of the first data packet to a host of the data hosting network;
generating, by a container cluster management device, an entry in a network address translation table based on the initial address space data and the translated address space data of the first data packet, the generated entry comprising data related to the translated destination network address and port identifier of the first data packet, and an initial source network address and port identifier of the first data packet;
receiving, by the node element, a second data packet from the client, the second data packet including initial address space data comprising an initial destination network address and port identifier of the second data packet;
identifying, by the node element, the generated entry in the network address translation table based on correspondence between the initial address space data of the first data packet and initial address space data of the second data packet;
executing, by the node element, second network address translation rules with respect to the second data packet according to the identified entry to translate the initial address space data of the second data packet, the second network address translation rules being executed based on the translated destination network address and port identifier of the first data packet to translate data related to the initial destination network address and port identifier of the second data packet; and
routing, by the node element, the second data packet with respect to the initial and translated address space data of the second data packet, wherein a response data packet is routed directly to the client upon servicing of the second data packet based on data related to an initial source network address and port identifier of the second data packet.

US Pat. No. 11,032,201

MULTI-PHASE IP-FLOW-BASED CLASSIFIER WITH DOMAIN NAME AND HTTP HEADER AWARENESS

HUGHES NETWORK SYSTEMS, L...

1. A method comprising:detecting an IP flow from traffic data in a communication network;
identifying a web page start from the IP flow;
determining, at a gateway or terminal, when the web page is measurable based, at least in part, on transaction information for the web page and elapsed time since occurrence of a past transaction for a browser and current web page combination; and
for each web page determined to be measurable, the method further comprising:
creating an entry indicative of the measurable web page retrieval for the browser, in a page cache which stores information pertaining to HTTP transactions, the entry being based, at least in part, on a 48-bit hash of an IP address of the browser together with contents of the browser's user-agent field;
storing a first timestamp corresponding to a start of the web page retrieval;
detecting a web page end from subsequent IP flows;
storing a second timestamp corresponding to an end of the web page retrieval; and
generating statistical data associated with a response time for the web page based, at least in part, on the first timestamp and the second timestamp.

US Pat. No. 11,032,200

APPARATUS FOR TRANSMITTING BROADCAST SIGNAL, APPARATUS FOR RECEIVING BROADCAST SIGNAL, METHOD FOR TRANSMITTING BROADCAST SIGNAL AND METHOD FOR RECEIVING BROADCAST SIGNAL

LG ELECTRONICS INC., Seo...

1. A method for transmitting a broadcast signal in a digital transmitter, the method comprising:generating, by a processor, service data of a broadcast service and service signaling information for signaling the service data, the service data including first service components delivered on a Moving Picture Experts Group (MPEG) Media Transport Protocol (MMTP) session or second service components delivered on a Real-Time Object Delivery over Unidirectional Transport (ROUTE) session;
generating, by the processor, a table for supporting a channel scan, wherein the table includes bootstrap information and protocol information for a type of delivery protocol of the service signaling information,
wherein the table provides for a receiver to encounter a broadcast emission at first,
wherein the protocol information included in the table relates to the MMTP or the ROUTE,
wherein the service signaling information includes USBD (User Service Bundle Description), S-TSID (Service-based Transport Session Instance Description) and DASH MPD (Dynamic Adaptive Streaming over HTTP Media Presentation Description) in a ROUTE delivery,
wherein when the protocol information relates to the MMTP, the bootstrap information includes first destination IP (Internet Protocol) address information and first destination port information,
wherein when the protocol information relates to the ROUTE, the bootstrap information includes second destination IP address information, second destination port information and source IP address information;
generating, by the processor, a broadcast signal including the service signaling information, the table, and the first or second service components; and
transmitting, by a broadcasting antenna, the generated broadcast signal.

US Pat. No. 11,032,199

METHODS AND APPARATUS FOR PROVIDING TRAFFIC FORWARDER VIA DYNAMIC OVERLAY NETWORK

ViaSat, Inc., Carlsbad, ...

1. A method for facilitating network communication utilizing a group of virtual forwarders (“VFds”), comprising:establishing a dynamic service chaining overlay between a network controller and a first VFd for allowing the network controller to manage the first VFd;
providing an underlay component between a data center and the first VFd for facilitating network communication between the data center and the first VFd;
receiving a first packet via a first point-to-point (“PTP”) connection via an overlay network; and
forwarding at least a portion of the first packet to a first service component via a second PTP connection from the overlay network to a network infrastructure layer.

US Pat. No. 11,032,198

METHOD AND APPARATUS FOR GENERATING ACL TABLE

Huawei Technologies Co., ...

1. A method for generating an access control list (ACL) table, the method comprising:obtaining a port type of each of at least one port of a first network device;
selecting, based on the port type of each of the at least one port, one or more target ports whose port type is a preset type from all ports of the first network device;
generating a corresponding first-type ACL entry for each of the one or more target ports;
generating a second-type ACL entry corresponding to a routing table of the first network device, wherein an action of the second-type ACL entry is redirecting to the routing table, wherein the second-type ACL entry is generated by compressing one or more another first-type ACL entries corresponding to at least one non-target port of the first network device, based on a minimum hop count from each of the at least one non-target port to one of one or more second network devices, wherein each of the at least one non-target port is any port different than the selected one or more target ports of the first network device; and
adding the second-type ACL entry and the corresponding first-type ACL entry generated for each of the one or more target ports to an ACL table of the first network device.

US Pat. No. 11,032,197

REROUTE DETECTION IN SEGMENT ROUTING DATA PLANE

Cisco Technology, Inc., ...

1. A method, comprising:receiving, at a first node in a segment routing domain of a communications network, a test message comprising a header, wherein
the first node is not an ingress node, to the segment routing domain, for the test message,
the header comprises a segment identifier stack comprising one or more segment identifiers, and
the segment routing domain is configured to use the segment identifier stack for routing the test message;
detecting a first indicator of a reroute requirement for the test message; and
sending an outgoing message to a second node determined using the header, wherein
sending the outgoing message comprises including in the outgoing message a second indicator indicating that the test message has been rerouted,
at least one of the first indicator or the second indicator comprises a single backup-path segment identifier introduced into the segment identifier stack during the course of a reroute of the test message,
the single backup-path segment identifier indicates, at a destination node for the test message, that the test message has been rerouted, and
the backup-path segment identifier comprises a segment identifier assigned uniquely to a particular node in the segment routing domain and introduced in place of a primary-path segment identifier assigned to the particular node, or
the backup-path segment identifier comprises a segment identifier used as a backup-path indicator by multiple nodes in the segment routing domain and introduced in addition to a primary-path segment identifier assigned to a particular node in the segment routing domain.

US Pat. No. 11,032,196

PER PATH AND PER LINK TRAFFIC ACCOUNTING

Juniper Networks, Inc., ...

1. A first device, comprising:one or more memories; and
one or more processors to:
receive a packet that includes information identifying a path through a network,
the packet being received from an external network, and
the first device being a point of ingress for the network;
configure a header of the packet to include a set of packet accounting identifiers that identifies the first device and the path, and to include, in the header of the packet, an indicator that indicates a presence of the set of packet accounting identifiers in the header of the packet and indicates that the set of packet accounting identifiers is to be used to account for traffic and not for traffic forwarding;
configure the header of the packet to include a set of packet forwarding identifiers, different from the set of packet accounting identifiers, that identifies a set of devices associated with the path and via which the packet is to be forwarded; and
provide the packet to a second device, of the set of devices associated with the path, via a link between the first device and the second device, to enable the second device to perform an action based on the set of packet accounting identifiers.

US Pat. No. 11,032,195

BROADCAST SIGNAL TRANSMISSION DEVICE, BROADCAST SIGNAL RECEPTION DEVICE, BROADCAST SIGNAL TRANSMISSION METHOD, AND BROADCAST SIGNAL RECEPTION METHOD

LG ELECTRONICS INC., Seo...

1. A method of transmitting a broadcast signal, the method comprising:processing one or more input packets to generate one or more link layer packets, a link layer packet including a header and a payload,
the header including packet type information representing a type of an input packet in the payload and payload configuration information representing a configuration of the payload,
the payload configuration information representing whether the link layer packet carries a single input packet or not,
wherein the type of the input packet is either an Internet Protocol (IP) packet or a Movie Picture Exports Group (MPEG) Transport Stream (TS) packet,
wherein the payload configuration information is set to:
a first value in response to a link layer packet including a single input packet,
a second value in response to a link layer packet including more than one input packet or a part of one input packet,
the second value represents that a link layer packet includes more than one input packet concatenated or a segmented part of one input packet,
in response to the link layer packet including the single input packet, header mode information in the header is set to:
a third value for no additional header included in the link layer packet, or
a fourth value for an additional header included in the link layer packet;
processing the one or more link layer packets to generate the broadcast signal; and
transmitting the broadcast signal.

US Pat. No. 11,032,194

TRANSMITTING APPARATUS AND SIGNAL PROCESSING METHOD USING REMOVAL OF TRANSPORT STEAM PACKET HEADER

SAMSUNG ELECTRONICS CO., ...

1. A transmitting apparatus comprising at least one processor configured to implement:a packet generator generating a packet comprising a header and a payload; and
a transmitter transmitting the generated packet,
wherein the header comprises a base header,
wherein the base header comprises a first field, a second field and a third field,
wherein the first field comprises a value indicating that a packet type of an input packet is a transport stream (TS) packet,
wherein the second field comprises a value indicating a number of TS packets included in the payload,
wherein the third field comprises a first value or a second value,
wherein the first value indicates presence of an additional header, and the second value indicates absence of the additional header,
wherein if TS header compression is performed, the third field comprises the first value, and
wherein a header of a TS packet among the TS packets included in the payload is removed by the TS header compression.

US Pat. No. 11,032,193

IN-SITU OPERATION, ADMINISTRATION, AND MAINTENANCE IN SEGMENT ROUTING WITH MULTIPROTOCOL LABEL SWITCHING NETWORKS

CISCO TECHNOLOGY, INC., ...

1. A method for providing in-situ operation, administration, and maintenance (IOAM) data in a Segment Routing-Multiprotocol Label Switching (SR-MPLS) network, the method comprising:receiving a data packet that includes an MPLS label stack comprising a plurality of segment identifiers (SIDs) including one or more first SIDs that prompt respective first one or more network nodes of a plurality of network nodes in the SR-MPLS network to implement one or more IOAM functions, and one or more second SIDs that prompt respective second one or more network nodes of the plurality of network nodes to process the data packet without implementing the one or more IOAM functions, wherein the MPLS label stack includes a given SID associated with a first network node of the plurality of network nodes;
determining whether the given SID is one of the one or more first SIDs or one of the one or more second SIDs;
upon determining that the given SID is the one of the one or more first SIDs, implementing an IOAM function at the first network node, wherein the IOAM function includes collecting IOAM data and generating a histogram including statistics using the IOAM data; and
upon determining that the given SID is the one of the one or more second SIDs, processing the data packet without implementing the IOAM function at the first network node.

US Pat. No. 11,032,192

SIGNALING A PLANNED OFF-LINING, SUCH AS FOR MAINTENANCE, OF A NODE OR NODE COMPONENT SUPPORTING A LABEL SWITCHED PATH (LSP), AND USING SUCH SIGNALING

Juniper Networks, Inc., ...

1. A computer-implemented method for use in a system having an established label switched path (LSP) and including a transit router and an ingress router, the computer-implemented method comprising:a) receiving an instruction that the transit router, or a component of the transit router supporting the established LSP, will be taken down for maintenance at some time in the future, for some defined duration;
b) generating at least one maintenance notification message (1) specifying the established LSP, (2) including information directly or indirectly specifying the time, and (3) including information specifying the defined duration; and
c) transmitting the at least one maintenance notification message to at least one of (A) an upstream neighbor node in the established LSP, and (B) a central controller.

US Pat. No. 11,032,191

ON-BOARD COMMUNICATION SYSTEM AND METHOD FOR CONTROLLING ON-BOARD COMMUNICATION SYSTEM

TOYOTA JIDOSHA KABUSHIKI ...

1. An on-board communication system configured to perform data communication with a server located outside a vehicle, the on-board communication system comprising:an on-board communication device;
a plurality of on-board devices configured to perform data communication with the server via the on-board communication device;
a first communication line connecting each of the plurality of on-board devices and another one of the plurality of on-board devices separately from the rest of the plurality of on-board devices; and
at least one second communication line connecting one of the plurality of on-board devices and the on-board communication device separately from the rest of the plurality of on-board devices, wherein
each of the plurality of on-board devices includes
a communication device controller configured to control data communication performed between the on-board communication device and the server, and
a priority setting portion configured to set priority ranks of the plurality of on-board devices for controlling the on-board communication device,
the plurality of on-board devices includes at least one first on-board device, which is connected to the on-board communication device by at least the first communication line, the second communication line, and another one of the plurality of on-board devices, and at least one second on-board device, which is connected to the on-board communication device by the second communication line without any one of the plurality of on-board devices connected between the at least one second on-board device and the on-board communication device, and
when each of the plurality of on-board devices performs data communication with the server and if one of the plurality of on-board devices is set to a higher priority rank than the rest of the plurality of on-board devices, communication data managed by the one of the plurality of on-board devices and the rest of the plurality of on-board devices is transmitted to the one of the plurality of on-board devices and data communication with the server is performed by the on-board communication device through the one of the plurality of on-board devices,
wherein the on-board communication system further comprises at least one third on-board device that is not connected to the on-board communication device by the first communication line and the second communication line but connected to the on-board communication device by a third communication line, which differs from the first communication line and the second communication line, and
wherein the on-board communication system further comprises at least one third on-board device that is not connected to the on-board communication device by the first communication line and the second communication line but directly connected to the on-board communication device by a third communication line, which differs from the first communication line and the second communication line.

US Pat. No. 11,032,190

METHODS AND SYSTEMS FOR NETWORK SECURITY UNIVERSAL CONTROL POINT

CORSA TECHNOLOGY INC.

1. A system for handling packet flows between a pair of network security zones in a communications network, and protecting one of the network security zones from an attack originating in the other network security zone, the system comprising:a receiver to receive a packet flow that is sent from a first network security zone of the network security zones toward a second network security zone of the network security zones, wherein the packet flow is a group of data packets with a set of common characteristics, wherein the set of common characteristics includes at least Internet Protocol (IP) source and destination addresses and IP protocol;
an enforcement module, coupled to the receiver, to direct all of the data packets of the packet flow to a network protection or packet inspection service chain based on a packet handling classification of the packet flow wherein the service chain has a plurality of identical service chain instances to perform a service on packets, wherein the enforcement module is configured to direct all of the data packets of the packet flow to one of the service chain instances within the service chain;
a transmitter, coupled to the enforcement module, to transmit all of the data packets of the packet flow processed by the one of the service chain instances to the second network security zone,
the enforcement module comprising a Field Programmable Gate Array,
wherein the data packets of the packet flow traveling between the first security zone and the second security zone through the system do not require an address of the system for packet forwarding purposes,
wherein the system is configured to enforce internally or externally derived security rules comprising redirecting the data packets of the packet flow, dropping the data packets of the packet flow, and rate limiting the data packets of the packet flow.

US Pat. No. 11,032,189

METHOD FOR TRANSMITTING PACKET WHEN RADIO LINK FAILURE IS DETECTED IN WIRELESS COMMUNICATION SYSTEM AND APPARATUS THEREFOR

LG ELECTRONICS INC., Seo...

1. A method for transmitting a packet by a Packet Data Convergence Protocol (PDCP) entity of a user equipment in a wireless communication system, the method comprising:delivering a first packet to a first Radio Link Control (RLC) entity and a second packet to a second RLC entity;
transmitting the first and second packets through the first and second RLC entities; and
based on detecting a radio link failure (RLF) related to the first RLC entity, retransmitting the first packet through the second RLC entity based on not receiving acknowledgement information of the first packet from the first RLC entity,
wherein, based on not receiving acknowledgement information of the second packet from the second RLC entity, the first packet is retransmitted through the second RLC entity after a retransmission of the second packet, and
wherein, based on receiving the acknowledgement information of the second packet from the second RLC entity and delivering a third packet to the second RLC entity for an initial transmission, the first packet is retransmitted through the second RLC entity prior to the initial transmission of the third packet.

US Pat. No. 11,032,188

METHOD AND APPARATUS FOR PATH SELECTION

Riverbed Technology, Inc....

1. A method for configuring path selection in a network, wherein the network comprises a first router, a second router, a third router, a fourth router, and an intermediary device, wherein the intermediary device is interposed between the first router and the second router, wherein the third router and the fourth router are coupled to the second router, and wherein the method comprising:periodically sending probe packets through multiple paths in the network;
flagging a path as having a fault if a response to a probe packet includes an error message or if no response is received to the probe packet within a predetermined time period;
configuring the second router to use Differentiated Services Code Point (DSCP) while routing packets so that packets with a first DSCP value are routed through the third router, and packets with a second DSCP value are routed through the fourth router; and
configuring the intermediary device to:
transparently intercept a packet forwarded by the first router to the second router,
determine that the packet is to be routed through (1) the third router if a path that passes through the fourth router has a fault, or (2) the fourth router if a path that passes through the third router has a fault,
modify a DSCP field in the packet based on said determining, and
forward the packet to the second router.

US Pat. No. 11,032,187

APPARATUS AND METHODS FOR IMPLEMENTING A LOGICAL NETWORK WITHIN A BACKHAUL DISTRIBUTION NETWORK

Time Warner Cable Enterpr...

1. A computerized network apparatus, the computerized network apparatus comprising:a network interface configured to support data communication of the computerized network apparatus with a node of a backhaul network;
processor apparatus; and
storage apparatus in data communication with the processor apparatus and comprising a non-transitory computer readable medium comprising at least one computer program configured to, when executed by the processor apparatus, cause the computerized network apparatus to:
configure a plurality of distribution hubs within the backhaul distribution network as a plurality of label switching network routers, the plurality of distribution hubs in data communication with the computerized network apparatus via the network interface;
enable at least a data link layer interface on each of a plurality of nodes of the backhaul distribution network;
enable a logical network for the plurality of nodes;
identify a level of Internet Service Provider (ISP) network traffic associated with the backhaul distribution network; and
based at least in part on the identified level of ISP network traffic, configure one or more additional nodes within the backhaul distribution network to be added to the logical network.

US Pat. No. 11,032,186

FIRST HOP ROUTER IDENTIFICATION IN DISTRIBUTED VIRTUALIZED NETWORKS

VMware, Inc., Palo Alto,...

1. A method comprising:receiving, by a router, a multicast message on an incoming interface;
in response to receiving the multicast message:
generating and transmitting a hello multicast message;
determining whether any response to the hello multicast message has been received on the incoming interface; and
in response to determining that no response to the hello multicast message has been received on the incoming interface, determining, by the router, the router is a first hop router for the multicast message;
in response to determining that the router is the first hop router for the multicast message:
determining, by the router, an IP address of a rendezvous point for the multicast message;
encapsulating the multicast message into a unicast message and including, in the unicast message, the IP address of the rendezvous point as a destination address; and
transmitting the unicast message to the rendezvous point.

US Pat. No. 11,032,185

COMMUNICATION SYSTEM, EDGE NODE, COMMUNICATION METHOD AND PROGRAM

NEC CORPORATION, Tokyo (...

1. A communication system comprising:a forwarding node, provided in a transport network, that forwards a packet between bases according to a path configured in advance;
a first edge node that, for a flooded packet transmitted from a first base to a second base connected to the transport network, first sets path selection information for selecting a return path for transmitting the packet from the second base to the first base, and then transmits the flooded packet to the second base via the path configured in advance; and
a second edge node that, when receiving the flooded packet, selects the return path on the basis of the path selection information from a plurality of path candidates configured in advance between the first base and the second base and learns the path in association with information indicating a transmission source, and transmits the packet addressed to the information indicating the transmission source via the return path, wherein
the first edge node stores the path selection information and the plurality of path candidates configured in advance between the first base and the second base, and holds priority information for each of the path candidates, the priority information used to select the return path,
wherein the first and the second bases are each a network comprising a plurality of terminals.

US Pat. No. 11,032,184

METHOD AND DEVICE FOR COLLECTING TRAFFIC FLOW VALUE OF BGP COMMUNITY ATTRIBUTE OR BGP EXTENDED COMMUNITY ATTRIBUTE

China Mobile Communicatio...

1. A method for collecting a traffic flow information of a Border Gateway Protocol (BGP) community attribute or BGP extended community attribute, applied to a first device, the method comprising:obtaining at least one of BGP community attribute information or BGP extended community attribute information corresponding to a traffic flow according to a traffic flow reporting instruction; and
reporting at least one of the obtained BGP community attribute information or BGP extended community attribute information to a second device through a traffic flow reporting protocol,
wherein the traffic flow reporting protocol comprises one or more Information Elements (IEs) defined to report the at least one of the BGP community attribute information or the BGP extending community attribute information.

US Pat. No. 11,032,183

ROUTING INFORMATION VALIDATION IN SDN ENVIRONMENTS

NICIRA, INC., Palo Alto,...

1. A method for a computer system to validate routing information in a software-defined networking (SDN) environment that includes a first autonomous system and a second autonomous system, the method comprising:obtaining routing information associated with a logical router in the first autonomous system, wherein the routing information specifies multiple first routes to respective multiple first networks, and wherein the multiple first routes specified in the routing information include a particular first route injected by a malicious hacker through prefix hijacking;
obtaining network topology information associated with the first autonomous system, wherein the network topology information specifies currently deployed multiple second routes that connect the logical router to respective multiple second networks in which multiple virtualized computing instances are located in the first autonomous system;
prior to configuring the logical router to generate any route advertisement information destined for the second autonomous system, validating the routing information based on the network topology information by determining whether attributes associated with the multiple first routes specified by the routing information match attributes associated with the multiple second routes specified by the network topology information; and
in response to determination that the particular first route from amongst the multiple first routes is invalid due to a mismatch with the attributes associated with the multiple second routes, configuring the logical router to generate route advertisement information that conforms to the multiple second routes and that is destined for the second autonomous system, wherein the route advertisement information includes a subset of the multiple first routes that have attributes matching the attributes of the multiple second routes but excludes the invalid particular first route.

US Pat. No. 11,032,182

AUDITING OF CONTENT RELATED EVENTS

Verizon Media Inc., New ...

1. A computer-implemented method for monitoring the display of electronic content on client devices:receiving, by a server processor, a request for a media page from a user device;
sending, by the server processor, the media page to the user device, the media page including a selection of one or more streams of dynamic content;
receiving, by a server processor, a request for a stream of dynamic content from the user device;
transmitting, by the server processor, the stream of dynamic content to the user device, the stream of dynamic content including a first programming content and a first electronic content;
receiving, at the server processor, indication from the user device that the first electronic content has transpired on a display of the user device;
parsing, by the server processor, the received indication to determine presentation time information, the presentation time information indicating one or more times the first electronic content presented at the display of the client device;
and
based on the parsing of the received indication, transmitting, by the server processor, the presentation time information to a receiving entity associated with the first electronic content.

US Pat. No. 11,032,181

MACHINE LEARNING APPROACH FOR DYNAMIC ADJUSTMENT OF BFD TIMERS IN SD-WAN NETWORKS

Cisco Technology, Inc., ...

1. A method, comprising:obtaining, by a device, performance data regarding failures of a tunnel in a network;
generating, by the device, a failure profile for the tunnel by applying machine learning to the performance data regarding the failures of the tunnel;
determining, by the device and based on the failure profile for the tunnel, whether the tunnel exhibits failure flapping behavior, wherein the failure flapping behavior is indicative of oscillation between up and down states; and
adjusting, by the device, one or more Bidirectional Forwarding Detection (BFD) probing timers used to detect failures of the tunnel, based on the determination as to whether the tunnel exhibits failure flapping behavior by increasing, based on a determination that the tunnel exhibits failure flapping behavior attributable to a misconfigured BFD probing timer, an interval timer or a timeout timer, wherein the interval timer controls a frequency at which BFD probes are sent via the tunnel, further wherein the timeout timer controls when the tunnel is deemed to have failed after a BFD probe is sent via the tunnel and was unacknowledged.

US Pat. No. 11,032,180

SUBSTITUTING WINDOW ENDPOINTS USING A HEALTH MONITOR

Microsoft Technology Lice...

1. A computer-implemented method for maintaining a plurality of idle substitution endpoints as substitutes for working window endpoints, the method comprising:in response to receiving an awake message:
switching a health monitor from a first state to a second state,
performing, with the health monitor, a first status check by:
determining an endpoint iteration to query, wherein the endpoint iteration includes at least a portion of the plurality of idle substitution endpoints,
sending a status request to each of the idle substitution endpoints in the endpoint iteration,
receiving a response to the status request from each of the idle substitution endpoints in the endpoint iteration,
updating a status maintained by the health monitor of each of the idle substitution endpoints in the endpoint iteration based on the response to the status request received from each of the idle substitution endpoints in the endpoint iteration, and
returning the health monitor to the first state, and
in response to an idle substitution endpoint included in the endpoint iteration changing from a dead status to an alive status between the first status check and a second status check, increasing a frequency of status checks for the idle substitution endpoint.

US Pat. No. 11,032,179

HETEROGENEOUS FLOW CONGESTION CONTROL

Telefonaktiebolaget LM Er...

1. A method for estimating congestion associated with a network path between a sending node and a receiving node, the method performed by the receiving node, the method comprising:receiving a first plurality of packets from the sending node;
calculating a first average delay experienced by the packets in the first plurality;
determining a delay variation in accordance with a difference between the first average delay and a second average delay associated with a second plurality of packets previously received from the sending node, divided by a duration of time between reception of the first plurality of packets and reception of the second plurality of packets, wherein the delay variation indicates a trend in the average delay associated with the network path over time;
determining a congestion metric associated with the network path in accordance with the delay variation; and
transmitting the congestion metric to the sending node.

US Pat. No. 11,032,178

SYSTEM AND METHOD FOR CREATING, DEPLOYING, AND ADMINISTERING DISTINCT VIRTUAL COMPUTER NETWORKS

1. A computer system for managing a plurality of separate and distinct virtual computer networks, comprising:at least one processor; and
a memory device that stores a managing application that adapts the at least one processor to:
create the plurality of separate and distinct virtual computer networks, with at least two having different topologies, using a virtual computer network template system including a plurality of virtual computer network subcomponents and virtual computer network subcomponent templates, wherein each of the created separate and distinct virtual computer networks is assembled from templated instances of the virtual computer network subcomponents that are grouped into corresponding virtual computer network templates, each of the separate and distinct virtual computer networks having at least one specially designed virtual machine, wherein the specially designed virtual machine is configured from corresponding virtual computer network subcomponents, virtual computer network subcomponent templates, or cloned instances of the virtual computer network subcomponent templates, wherein each specially designed virtual machine includes:
a plurality of unique soft points specific to the specially designed virtual machine, wherein the soft points include data unique to each individual virtual computer network subcomponent, virtual computer network subcomponent template, or cloned instance of the virtual computer network subcomponent templates that is stored for the specially designed virtual machine that allows each to exist separately and independently from any other instance of that subcomponent used in the plurality of virtual computer networks, wherein each specially designed virtual machine is configured to have its soft points stored in a storage medium apart from the specially designed virtual machine for protecting the uniqueness of the soft points; and
a plurality of hard points that includes data common between at least two specially designed virtual machines, wherein the hard points includes data common across one or more virtual computer network components, virtual computer network subcomponents, virtual computer network subcomponent templates, or cloned instance of the virtual computer network subcomponent templates and/or the specially designed virtual machine, wherein each specially designed virtual machine is configured to have its hard points stored in a storage medium apart from the specially designed virtual machine, wherein the hard points are separated and isolated from the soft points;wherein the managing application further adapts the at least one processor to:make a modification to a virtual computer network subcomponent template;
push the modification of the virtual computer network subcomponent template to at least one virtual computer network subcomponent of the plurality of virtual computer subcomponents, wherein the virtual computer network subcomponents of a first separate and distinct virtual computer network of the plurality are not codependent with the virtual computer network subcomponents of a second separate and distinct virtual computer network of the plurality, wherein a modification to a virtual computer network subcomponent template need not be pushed to every corresponding virtualized computer network subcomponent in the plurality of virtual computer networks, allowing the virtual computer network subcomponents of the plurality of virtual computer networks to evolve separately and independently of any other instance where corresponding virtual computer network subcomponents are used; and
make the modification to the at least one virtual network subcomponent of the plurality of virtual computer networks without affecting either the uniqueness of the soft points or the hard points, wherein the modification is made to an instance of the at least one virtual network subcomponent of the virtual computer network without interfering with any of the instances of the other virtual network subcomponents.

US Pat. No. 11,032,177

NETWORK ACTIVITY VALIDATION

Alarm.com Incorporated, ...

1. A monitoring system that is configured to monitor a property, the monitoring system comprising:a sensor that is located at the property and that is configured to generate sensor data that reflects an attribute of the property; and
a monitor control unit that comprises at least one processor configured to:
receive data identifying network activity for an online account, the network activity being a firewall application setting change for a firewall application associated with a computer located at the property and the online account being an online firewall account;
determine a user associated with the online firewall account;
based on the sensor data, determine a current physical activity in which the user is participating within the property by determining that the user is participating in a sport;
access stored data that indicates, for a plurality of physical activities including the current physical activity of the sport, a level of user interaction required to participate in each of the plurality of physical activities;
analyze, using the accessed data, the current physical activity of participating in the sport;
based on analyzing, using the accessed data, the current physical activity of participating in the sport, determine a likelihood that the user initiated the firewall application setting change for the firewall application associated with the computer located at the property while participating in the current physical activity of the sport within the property;
determine whether the likelihood satisfies a threshold likelihood; and
in response to determining that the likelihood does not satisfy the threshold likelihood, provide an alert about the network activity to the user associated with the online firewall account.

US Pat. No. 11,032,176

DETERMINING LINK CONDITIONS OF A CLIENT LAN/WAN FROM MEASUREMENT POINT TO CLIENT DEVICES AND APPLICATION SERVERS OF INTEREST

Hughes Network Systems, L...

1. A method comprising:logging a plurality of statistics obtained through passive monitoring of standard operational statistics of a networking protocol, via a protocol proxy device of a client terminal node of a client network, for each of one or more network connections of the client network, wherein each network connection provides for packet data communications between the client terminal node and a respective client device over a respective link over the client network, and wherein the client terminal node provides access to a wide area data communications network for each client device via the respective network connection over the respective link over the client network;
determining one or more connection metrics for at least one of the one or more network connections, wherein each connection metric for a particular network connection is determined based on one or more of the logged statistics associated with the particular network connection;
determining one or more performance conditions with respect to the at least one of the one or more network connections, wherein each performance condition with respect to a particular network connection is determined based on an analysis of a respective one or more of the connection metrics determined for the respective network connection; and
diagnosing a degradation in performance over one of the links over the client network based on the one or more performance conditions determined with respect to at least one of the network connections over the one link.

US Pat. No. 11,032,175

PACKET LOSS ISOLATION TEST

Hughes Network Systems, ...

1. A method for isolating packet loss on a hierarchical packet network, the method comprising:connecting a first Network Element (NE) to a second NE via a varying path traversing multiple network segments;
discovering, with the first NE, a set of segment-demarcation expect-to-echo nodes along the varying path;
ascertaining, with the first NE, a request-to-echo configuration for each node in the set;
emitting a sample size of requests-to-echo in a respective request-to-echo configuration for each node in the set at a sample rate;
receiving results of the sample size of requests-to-echo to generate a packet-loss sample;
calculating a rate-of-loss for the packet-loss sample;
accumulating multiple packet-loss samples over a reporting interval; and
calculating an accumulated rate-of-loss for the reporting interval with the multiple packet- loss samples,
wherein the emitting emits packets marked with different Class of Service (CoS)-categorizers per packet-loss sample in a round-robin fashion for the reporting interval.

US Pat. No. 11,032,174

SERVICE CHAIN FAULT DETECTION METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A service chain fault detection method implemented by a service forwarding entity (SFE), the service chain fault detection method comprising:obtaining a first fault tracing detection request packet on a service chain, wherein the first fault tracing detection request packet comprises a path identifier (ID), and wherein the path ID identifies a path of the service chain;
determining to communicate with a first service function (SF) node on the service chain by sending the first fault tracing detection request packet to the first SF node;
obtaining an ID of the first SF node; and
sending the path ID, the ID of the first SF node and an ID of the SFE to a device for initiating fault detection in response to obtaining a first fault tracing detection request packet on the path of the service chain.

US Pat. No. 11,032,173

SYSTEM FOR DETECTING AND REPORTING ANOMALIES IN A NETWORK OF MOVING THINGS, FOR EXAMPLE INCLUDING A NETWORK OF AUTONOMOUS VEHICLES

Veniam, Inc., Mountain V...

1. An anomaly detection system for a vehicle communication network, the anomaly detection system comprising:an anomaly detection module comprising a processor and a memory,
wherein the anomaly detection module is operable to, at least:
receive a metric provided by an Access Point (AP) of the vehicle communication network;
determine at least a first portion of a report based, at least in part, on the received metric, the determined at least a first portion of the report comprising a severity classification of the report;
determine, based at least in part on the severity classification, to communicate the report to a destination;
select, based at least in part on the severity classification, a selected communication technology from a plurality of different communication technologies that are available to communicate the report to the destination; and
communicate the report to the destination utilizing the selected communication technology.

US Pat. No. 11,032,172

ASYNCHRONOUS WIRELESS DATA TRANSMISSION SYSTEM AND METHOD FOR ASYNCHRONOUSLY TRANSMITTING SAMPLES OF A MEASURED VARIABLE BY A WIRELESS SENSOR

Johnson Controls Technolo...

1. An asynchronous wireless data transmission system, the system comprising:a wireless sensor comprising:
a measurement device configured to collect a plurality of samples of a measured variable at a plurality of different sampling times;
memory configured to store the plurality of samples of the measured variable;
a transmission generator configured to generate a compressed data object comprising at least one of the plurality of samples of the measured variable or a filtered plurality of samples of the measured variable; and
a wireless radio configured to transmit the compressed data object as a single transmission at a transmission time asynchronous with at least one of the sampling times; and
a data recipient device comprising:
an object decompressor configured to extract at least one of the plurality of samples of the measured variable or the filtered plurality of samples of the measured variable from the compressed data object.

US Pat. No. 11,032,171

ROUTER OF A DOMESTIC NETWORK, SUPERVISION INTERFACE AND METHOD FOR SUPERVISING THE USE OF A DOMESTIC NETWORK

ORANGE, Paris (FR)

1. A router of a domestic local area network able to be connected to aplurality of communication terminals and a remote network, the router comprising:
a transmitter and a receiver configured to exchange real-time data with the plurality of communication terminals over the domestic local area network;
a processor; and
a non-transitory computer-readable medium comprising instructions stored thereon, which when executed by the processor configure the router to:
monitor the real-time data exchanged with each of the plurality of communication terminals over the domestic local area network;
implement a supervisor of resources of the domestic local area network used by at least one of the communication terminals connected to the domestic local area network on the basis of the real-time data;
propose real-time data of use of the resources of the domestic local area network for each of the plurality of communication terminals allowing a comparison with one another and/or with overall throughputs, wherein a problem from the proposed real-time data is detected by either the supervisor and/or by way of a supervision interface, wherein the supervision interface comprises a generator of reproduction data dependent on the proposed real-time data provided by the supervisor on the basis of real-time data of use by at least one of the communication terminals; and
at a given instant, in response to the proposed real-time data or to an input received by the router from one of the communication terminals through the supervision interface implemented by the communication terminal based on the real-time data, transmit a command to at least one of the communication terminals to postpone execution of a process by the at least one communication terminal.

US Pat. No. 11,032,170

REMOTELY-DEPLOYED AUTOMATED COMPUTER NETWORK DIAGNOSTIC TOOL

Bank of America Corporati...

9. A remotely-deployed, automated, computer network diagnostic system, the system comprising computer executable code stored in non-transitory memory and configured to run on a processor, wherein the system is configured to:deploy a diagnostic script from a central network node to a first network endpoint using an automated network agent tool;
run the diagnostic script on the first network endpoint via the automated network agent tool;
generate a first set of diagnostic data in response to the running the diagnostic script on the first network endpoint;
deploy the diagnostic script from the central network node to one or more additional network endpoints using the automated network agent tool;
run the diagnostic script on the one or more additional network endpoints using the automated network agent tool;
generate one or more additional sets of diagnostic data in response to the running the diagnostic script on the one or more additional network endpoints;
collate the first set of diagnostic data and the one or more additional sets of diagnostic data into a collated set of diagnostic data;
using a big-data analysis tool, analyze the collated set of diagnostic data based on a set of performance metrics; and
based on the analyzing, generate:
a diagnostic network report; and/or
a flag when a network performance issue is detected;wherein running the diagnostic script on a network endpoint is configured to:compile a set of uniform resource locators (URLs), wherein each URL in the set of URLs is associated with one of a plurality of URL categories, each URL category associated with a unique network routing protocol, and the set of URLs comprises at least two URLs that are associated with URL categories that are different from each other;
compile a set of proxy servers;
test a plurality of network paths from the network endpoint, the plurality of network paths determined based at least in part on the set of URLs and the set of proxy servers; and
generate a set of diagnostic data, said diagnostic data comprising:
a success status for each network path from the plurality of network paths;
a latency performance score for each network path from the plurality of network paths; and
a response size measurement for each network path from the plurality of network paths.

US Pat. No. 11,032,169

SYSTEM AND METHOD FOR SERVERLESS MONITORING

CAPITAL ONE SERVICES, LLC...

1. A method comprising:receiving, at a server, from a plurality of cloud providers, a plurality of event objects;
normalizing, via a processor of the server, each event object in the plurality of event objects via a plurality of handlers respectively associated with the plurality of cloud providers, resulting in normalized event objects,
wherein for each event object the handler in the plurality of handlers which normalizes a respective event object is selected based on the cloud provider in the plurality of cloud providers which provided the respective event object; and
forwarding, for each normalized event object in the normalized event objects, the normalized event object from the server to a service provider in a plurality of service providers,
wherein the service provider is selected based on metadata of the normalized event object.

US Pat. No. 11,032,168

MECHANISM FOR PERFORMANCE MONITORING, ALERTING AND AUTO RECOVERY IN VDI SYSTEM

AMZETTA TECHNOLOGIES, LLC...

1. A method of monitoring a virtual desktop infrastructure (VDI) system, comprising:storing, by a monitoring device of the VDI system, health and performance data of one or more hypervisors of the VDI system in a data store, wherein the data store is a database on a data device separate from the monitoring device and an alert device of the VDI system, wherein the alert device accesses the data store through a database access layer at the alert device, wherein the datastore stores an alert configuration and alert data;
determining, at the alert device, that a first hypervisor of the one or more hypervisors is in an alert condition based on the health and performance data and the alert configuration stored in the data store, and determining corresponding alert data stored in the data store to be included in an alert massage;
continuously monitoring, by the alert device, the datastore to detect the alert data based on a status indication associated with the alert data that is stored in the data store and indicates that the alert data have not been sent to an alert destination;
in response to detecting the alert data in the data store, terminating, by the alert device and in accordance with the alert condition, idle user sessions running on virtual machines of the first hypervisor or shutting down virtual machines of the first hypervisor that are not used by any user;
determining, by the alert device, the alert destination based on the alert configuration and the alert condition;
selecting, by the alert device, a communication interface from a plurality of communication interfaces based on the alert destination and the alert data to be included in the alert message;
connecting, by the alert device, with the communication interface based on the alert configuration;
sending, by the alert device, the alert message including the alert data in accordance with the alert condition to the alert destination via the communication interface; and
updating, by the alert device, the status indication associated with the alert data stored in the data store to indicate that the alert data have been sent to the alert destination.

US Pat. No. 11,032,167

PRECURSOR REJECTION FILTER

Apple Inc., Cupertino, C...

1. An apparatus comprising:a data source configured to convey packets;
a filter including:
N delay elements, wherein N is an integer value;
K multipliers, wherein K is an integer value, and wherein a first one of the K multipliers is coupled an input to a first one of the N delay elements, and wherein the remaining ones of the K multipliers are coupled to outputs of corresponding ones of the N delay elements; and
K multiplexers coupled to provide coefficients to the K multipliers, wherein ones of the K multiplexers are coupled to receive one of a first plurality of coefficients on a respective first input and one of a second plurality of coefficients on a respective second input; and
control circuitry configured to provide selection signals to the K multiplexers to cause respective ones of the first plurality of coefficients to be provided to the K multipliers responsive to the data source conveying communication packets to the filter, and further cause respective ones of the second plurality of coefficients to be provided to the K multipliers responsive to the data source providing a sensing packet to the filter, wherein ones of the second plurality of coefficients are determined based on a response of an analog front end circuit coupled to the filter.

US Pat. No. 11,032,166

SECONDARY ROBOT COMMANDS IN ROBOT SWARMS

Disney Enterprises, Inc.,...

1. A method, comprising:receiving, at a plurality of devices in a swarm of devices, wherein the swarm of devices is an ad hoc swarm configured to communicate via a shared protocol, a packet included in a signal broadcast within an environment from a transmitting device in the swarm of devices;
wherein each receiving device of the swarm of devices:
parses the packet for a command associated with a primary effect and a secondary effect;
in response to determining that the receiving device is paired with the transmitting device, implements, by the receiving device, the primary effect; and
in response to determining that the receiving device is not paired with the transmitting device, implements, by the receiving device, the secondary effect.

US Pat. No. 11,032,165

METHOD AND APPARATUS FOR INTEROPERABLY PERFORMING SERVICES AND SYSTEM SUPPORTING THE SAME

Samsung Electronics Co., ...

1. A method for performing a service in a portable terminal with a service interoperation device, the method comprising:searching, by the portable terminal, external devices;
identifying the service interoperation device corresponding to a characteristic of the service among the searched external devices;
recommending the service interoperation device;
performing the service in interoperation with the recommended service interoperation device; and
displaying a configuration image including the recommended service interoperation device performing the service,
wherein performing the service comprises:
determining functions of the service interoperation device and the portable terminal;
transceiving data of the service and commands for processing the data of the service between the service interoperation device and the portable terminal, according to the determined functions; and
displaying a control image based on the determined functions.

US Pat. No. 11,032,164

EDGE-BASED CLOUD APPLICATION ACCELERATION

COX COMMUNICATIONS, INC.,...

1. A system for providing an online marketplace for edge computing resources, comprising:at least one processor;
a memory storage device including instructions that when executed by the at least one processor are configured to:
receive a request from a third party for an edge computing resource on which a set of third-party services associated with a third-party resource can be deployed for performing a third-party service functionality, wherein the request includes a location condition and attribute data that define one or more characteristics of a computational resource for performing the third-party service functionality;
determine one or more optimized edge computing resources that satisfy the location condition and the attribute data;
provide a listing of the one or more optimized edge computing resources;
receive a third-party selection of an edge computing resource of the one or more optimized edge computing resources; and
provide a configuration portal for transmitting a data file to a resource management and orchestration system, wherein the data file includes instructions for instantiating the set of third-party services as a virtualized network function (VNF) and deploying the VNF on the selected optimized edge computing resource for performing the third-party service functionality.

US Pat. No. 11,032,163

METHOD AND SYSTEM FOR SELECTION AND ORCHESTRATION OF MULTI-ACCESS EDGE COMPUTING RESOURCES

Verizon Patent and Licens...

1. A network device comprising:a memory to store instructions; and
one or more processors configured to execute the instructions to:
store, in the memory, a map of a geographic area with unique identifiable regions (UIRs) that each include cells for one or more different wireless stations of a transport network,
receive application parameters, for a designated coverage area, for an application to be serviced using multi-access edge computing (MEC) resources,
associate the designated coverage area with one or more target UIRs from the map of the geographic area,
deploy, when the MEC resources are available to support the application parameters, an instance of the application at a MEC cluster, wherein the deployed instance of the application meets the application parameters for the one or more target UIRs, and
update a MEC-domain name service (DNS) for the deployed instance of the application at the MEC cluster.

US Pat. No. 11,032,162

MOTHOD, NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM, AND COMPUTER SYSTEM FOR ENDPOINT TO PERFORM EAST-WEST SERVICE INSERTION IN PUBLIC CLOUD ENVIRONMENTS

VMWARE, INC., Palo Alto,...

1. A method for a first endpoint to perform east-west service insertion in a public cloud environment that includes a first virtual network and a second virtual network, wherein the method comprises:detecting an egress packet that is destined for a second endpoint, wherein both the first endpoint and the second endpoint are located in the first virtual network; and
in response to determination that service insertion is required for the egress packet by matching one or more characteristics of the egress packet to a service insertion rule configured for the first endpoint,
based on the service insertion rule, identifying a service path that is configured to process the egress packet according to one or more services;
generating an encapsulated packet by encapsulating the egress packet with an outer header that is addressed from the first endpoint to a network device, wherein the network device is located in the first virtual network or the second virtual network, and connects the first endpoint with the service path; and
sending the encapsulated packet to cause the network device to send the egress packet towards the service path, thereby steering the egress packet towards the service path for processing.

US Pat. No. 11,032,161

DETERMINING OPTIMUM SOFTWARE UPDATE TRANSMISSION PARAMETERS

Oracle International Corp...

1. One or more non-transitory machine-readable media storing instructions which, when executed by one or more processors, cause:obtaining a software update to be transmitted to and installed on a set of servers of a computer network;
determining, for transmitting the software update, a first set of one or more values for a set of one or more transmission parameters;
wherein the first set of values for the set of transmission parameters comprises a first number for a count of concurrent streams;
during a first time period: transmitting, in the first number of concurrent streams, at least a first portion of the software update to at least a first subset of the set of servers;
determining service performance data, corresponding to the first time period, associated with at least the first subset of the set of servers serving requests of a set of one or more tenants of the computer network;
based at least on a comparison between (a) the service performance data and (b) one or more quality of service (QoS) requirements: modifying the first set of values to determine a second set of values for the set of transmission parameters;
wherein the second set of values for the set of transmission parameters comprises a second number for the count of concurrent streams;
during a second time period: transmitting, in the second number of concurrent streams, at least a second portion of the software update to at least a second subset of the set of servers.

US Pat. No. 11,032,160

SERVERLESS ELASTIC SCALE API GATEWAY MANAGEMENT SYSTEM AND METHOD OF AN API SERVICE CONTROL PLANE SYSTEM

BOOMI, INC., Round Rock,...

1. An information handling system operating a serverless elastic-scale application programming interface (API) gateway management system comprising:a network interface device receiving user-specified gateway operation policies for execution of an API at a user-selected gateway, including a service level agreement (SLA) setting in a first format;
a processor of an API service control plane system generating an initial gateway configuration file in a second format via a first gateway type policy translator selected from a plurality of gateway type policy translators, the initial gateway configuration file instructing the user-selected gateway to provision the API at an initial preset number of nodes to meet the user-specified gateway operation policies;
the network interface device transmitting the initial gateway configuration file to the user-selected gateway;
a rate limiting service tracking an external agent call rate at which an external agent makes calls to the API at the user-selected gateway;
the network interface device receiving an indication that the external agent has made a new call to the API at the user-selected gateway;
a service level agreement (SLA) monitor service determining the external agent call rate tracked at the rate limiting service exceeds a preset rate limit defined within the user-specified gateway operation policies by the SLA setting; and
the SLA monitor service transmitting an instruction to the user-selected gateway to reject the new call to the API.

US Pat. No. 11,032,159

APPARATUS FOR PREFORMANCE ANALYSIS OF VIRTUAL NETWORK FUNCTIONS IN NETWORK FUNCTIONAL VIRTUALIZATION PLATFORM AND METHOD THEREOF

Korea Advanced Institute ...

1. A performance analysis apparatus of Virtual Network Function (VNF), the apparatus that analyzes performance of the VNF within a Network Function Virtualization (NFV) platform comprising:an NFV environment constituting unit configured to generate a service chain composed of VNFs, using a VNF policy configuration of the VNF and configured to deploy the VNFs corresponding to the service chain in the NFV platform;
a performance monitoring unit configured to monitor internal forms of the VNFs by measuring a performance feature of each component within the NFV platform and a performance feature for the service chain; and
an analysis unit configured to specify a performance degradation VNF that degrades performance in the service chain to derive a cause, wherein the analysis unit includes:
a classification unit configured to cluster service chains, each of which is composed of the VNFs, as service chains indicating normal phenomenon or abnormal phenomenon;
a derivation unit configured to derive abnormal VNF within the service chains indicating the abnormal phenomenon and abnormal VNF within VNFs indicating the abnormal phenomenon to derive the abnormal phenomenon based on an internal operation state frequency and time; and
a result unit configured to analyze an abnormal state between derived common abnormal VNF sets, to specify the performance degradation VNF, and to identify triggered cause.

US Pat. No. 11,032,158

COMPUTERIZED SYSTEMS AND METHODS FOR PROCESSING HIGH-VOLUME LOG FILES FROM VIRTUAL SERVERS

Coupang Corp., Seoul (KR...

1. A computer-implemented system for live analysis of virtual server logs, the system comprising:a memory storing instructions; and
at least one processor configured to execute the instructions to perform operations comprising:
receiving a plurality of log entries comprising test data and metadata created based on requests sent by consumer devices;
processing the plurality of log entries, wherein processing the plurality of log entries comprises determining test versions corresponding to the plurality of log entries based on the test data;
storing the processed plurality of log entries in a database having an inverted index;
comparing an exposure ratio to a range, the exposure ratio being based on a first amount of log entries associated with a first test version and a second amount of log entries associated with a second test version, and the range comprising a target ratio; and
upon determining the exposure ratio is outside of the range, directing at least one request from a consumer device to a default test version.

US Pat. No. 11,032,157

ADAPTABLE REAL-TIME COMMUNICATIONS PLUGIN FOR VIRTUAL DESKTOP INFRASTRUCTURE SOLUTIONS

Microsoft Technology Lice...

1. A client computing device, comprising:one or more processors;
one or more memory devices that store computer program logic for execution by the one or more processors, the computer program logic comprising:
a remote desktop client that is configured to present a user interface of a communications application executing in a cloud computing environment within a user interface of the client computing device, the remote desktop client being further configured to receive redirected communication from the communications application for the purposes of enabling peer-to-peer audio and/or video communication between the client computing device and a remote computing device as opposed to audio and/or video communication via the communications application; and
a plugin, comprising:
a real-time communication manager configured to receive the redirected communication from the remote desktop client and translate the redirected communication into a format compatible with a framework for enabling real-time communication;
a real-time communication component configured to connect the client computing device and the remote computing device for the purposes of audio and/or video communication based on the translated communication; and
a media capture component configured to determine a hardware-based media processing capability of the client computing device by using an application programming interface (API) specific to an operating system (OS) of the client computing device, use the hardware-based media processing capability to process media captured from a media source of the client computing device, and provide the processed media to the real-time communication component to be transmitted to the remote computing device, the hardware-based media processing capability comprising one of a video codec, an audio codec, hardware-accelerated video processing or hardware-accelerated audio processing.

US Pat. No. 11,032,156

CRASH-CONSISTENT MULTI-VOLUME BACKUP GENERATION

Amazon Technologies, Inc....

1. A computing system comprising:one or more control plane components of a network-accessible service implemented at a provider network; and
a set of servers in data communication with the one or more control plane components, the set of servers having collectively stored thereon identification information representing that a plurality of volumes are attached to an identified instance;
wherein the one or more control plane components are configured to at least:
obtain a multi-volume snapshot request to generate a set of crash-consistent snapshots corresponding to the identified instance, wherein each snapshot in the set of snapshots represents data of a different one of the plurality of volumes at a same point in time;
based at least in part on the identification information, identify the plurality of volumes attached to the identified instance;
generate a user interface configured to provide a status of a snapshot generation for the plurality of volumes; and
for an individual volume of the plurality of volumes:
obtain volume geometry information identifying locations of a set of partitions of the individual volume, the set of partitions hosted on one or more servers of the set of servers;
cause generation of a snapshot of a first partition in the set of partitions at the same point in time;
in response to determining that generation of a snapshot of a second partition in the set of partitions has failed, suspend the snapshot generation for the plurality of volumes and automatically delete any already generated snapshot data including at least the snapshot of the first partition; and
update the user interface to provide the status of the snapshot generation for the plurality of volumes based at least in part on the determination that the generation of the snapshot of the second partition has failed.

US Pat. No. 11,032,155

NETWORK MAPPING SYSTEM

NICIRA, INC., Palo Alto,...

1. A method for generating a multi-layer network map from network configuration data, the method comprising:receiving network configuration data that defines network components and connections between the network components for a network that spans one or more datacenters;
based on the received network configuration data, generating a plurality of network data layers for a multi-layer interactive map of the network; and
generating a visual representation of the network for each network data layer, each visual representation comprising a map of the network at a different level of hierarchy, wherein generating the visual representation of the network comprises:
generating a visual representation of a first network data layer with a plurality of logical network components and a set of logical connections between the logical network components,
generating a visual representation of a second network data layer with a plurality of physical network components that implement the logical network components, and
generating a visual representation of a third network data layer with the plurality of physical network components that implement the logical network components, additional physical network components, and connections between the physical network components.

US Pat. No. 11,032,154

GRAPHICAL USER INTERFACE FOR DISPLAYING A HIERARCHICAL NETWORK TOPOLOGY IN A SINGLE SITE VIEW

CISCO TECHNOLOGY, INC., ...

1. A computer-implemented method comprising:detecting a selection of a first site indicator that is associated with a first tab from a plurality of tabs associated with a network topology map in a computer-generated graphical user interface;
in response to detecting the selection of the first site indicator, causing presentation of an expanded view of the first tab depicting a first set of nodes at a first physical site;
determining that a first node of the first set of nodes is linked to a second node of the first set of nodes, the first node representing a first internetworking device at the first physical site and the second node representing a first building unit at the first physical site;
in response to determining that the first node is linked to the second node, causing presentation of a first communication link between the first node and the second node in the expanded view of the first tab;
determining, via network communication, that the first node is linked to a second physical site external to the first physical site;
causing presentation of a second communication link between the first node and the second physical site in the expanded view of the first tab in the network topology map, wherein the second physical site is displayed in a collapsed view of a second tab adjacent to the expanded view of the first tab in the computer-generated graphical user interface, wherein the first communication link connecting the first node representing the first internetworking device at the first physical site and the second node representing the first building unit at the first physical site is presented visually differently than the second communication link between the first node representing the first internetworking device at the first physical site and the second physical site, wherein the first building unit represents a plurality of inter-networking devices located in a building site, wherein the expanded view of the first tab comprises a graphical boundary that represents a geographic boundary of the first physical site, wherein the first node is depicted in the expanded view as internal to the graphical boundary, wherein the first site indicator is depicted as external to the graphical boundary, and wherein presenting the first communication link comprises causing the first communication link to overlay the graphical boundary.

US Pat. No. 11,032,153

METHOD, MEDIUM, AND SERVER SYSTEM FOR ALLOCATING AND TRACKING RESOURCE DISTRIBUTIONS IN COMPUTER NETWORKS

CLASSWALLET, Miami, FL (...

1. A method of managing resource distributions in a computer network, comprising:receiving, from a first server, information about a first resource provider that has provided resources to each of a plurality of resource recipients, wherein the information includes resource distribution data indicating respective provisions of resources to each of the plurality of resource recipients and respective restrictions that segment use of the respective provisions of resources such that the respective provisions of resources are separated from distinct resources provided by a second resource provider;
in response to receiving the information, displaying on a display in a graphical user interface:
(i) a first user interface region that allows the first resource provider to search for each of the plurality of resource recipients, and
(ii) a second user interface region, including a first set of respective affordances associated with a first resource recipient, the first set of the respective affordances allowing the first resource provider to manage provisions of resources to the first resource recipient, and a second set of the respective affordances associated with a second resource recipient, the second set of the respective affordances allowing the first resource provider to manage provisions of resources to the second resource recipient;
in response to receiving a request via the first user interface region to search for a first resource recipient, updating the second user interface region of the graphical user interface to cease displaying the second set of the respective affordances, such that only the first set of respective affordances is displayed within the second user interface region, including indicating in the second user interface region that the first resource recipient is uniquely identified as associated with a respective provision of resources;
in response to receiving a selection, from within the second user interface region, of one of the affordances from the first set of the respective affordances associated with the first resource recipient:
transmitting, to the first server, one or more updates to a provision of resources for the first resource recipient;
receiving a confirmation from the first server for the one or more updates; and
in response to receiving the confirmation, updating the second user interface region of the graphical user interface to reflect the one or more updates; and
after the first resource recipient uses a portion of the provision of resources to obtain one or more available items from a second server that is distinct from the first server and also uses the distinct resources to obtain one or more other items, providing the first resource provider with access to a report showing details of the first resource recipient's use of the portion of the provision of resources to obtain the one or more available items, without showing details of the first resource recipient's use of the distinct resources to obtain the one or more other items.

US Pat. No. 11,032,152

MACHINE-LEARNING BASED SELF-POPULATING DASHBOARD FOR RESOURCE UTILIZATION MONITORING IN HYPER-CONVERGED INFORMATION TECHNOLOGY ENVIRONMENTS

Dell Products L.P., Hopk...

1. A method for dynamically populating a user interface, comprising:obtaining a resource utilization monitoring (RUM) request comprising a target resource utilization parameter (RUP) and a parameter alarm condition (PAC);
identifying, from a set of nodes, a first node that exhibits the target RUP, wherein the target RUP satisfies the PAC;
selecting, for the target RUP, a set of potential causal parameters (PCPs) comprising a first PCP and a second PCP;
obtaining, associated with the first node, a first aggregated parameter data (APD) for the target RUP, a second APD for the first PCP, and a third APD for the second PCP;
generating a first parameter graph set (PGS) comprising a first graphical representation for the target RUP based on the first APD, a second graphical representation for the first PCP based on the second APD, and a third graphical representation for the second PCP based on the third APD; and
populating a first portion of the user interface reserved for the first node using the first PGS.

US Pat. No. 11,032,151

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR PROVIDING DYNAMICALLY CONFIGURABLE, DISTRIBUTED NETWORK VISIBILITY DEVICE

KEYSIGHT TECHNOLOGIES, IN...

1. A method for providing a dynamically configurable, distributed network visibility device, the method comprising:providing at least one target network visibility device for monitoring network packets, wherein the at least one target network visibility device comprises a network packet broker or a network tool optimizer including a P4-configurable switching module, at least one network port for receiving packets from a monitored network, and at least one tool port for providing the monitored packets to at least one network tool;
providing a controller for receiving a P4 code package including or compilable into a P4 device image and a non-P4 plugin;
loading the P4 device image into the P4-configurable switching module of the at least one target network visibility device and using the P4 device image to configure the at least one target network visibility device to implement a desired network visibility device feature, wherein the desired network visibility device feature includes at least one of packet filtering, packet de-duplication, and packet statistics generation by the network packet broker or the network tool optimizer for the packets from the monitored network; and
using the non-P4 plugin to automatically render a user interface of the at least one target network visibility device, wherein using the non-P4 plugin to automatically render the user interface includes providing P4 source code including P4 code annotations referencing the non-P4 plugin to the controller and generating, by the controller, using the P4 code annotations and the plugin, the user interface, wherein the P4 code annotations include P4Info generated by a P4 compiler, which, when read by the controller, causes the controller to invoke the non-P4 plugin.

US Pat. No. 11,032,150

AUTOMATIC PREDICTION OF BEHAVIOR AND TOPOLOGY OF A NETWORK USING LIMITED INFORMATION

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for automatically predicting a topology of a network comprising a plurality of nodes, the method comprising:selecting, by a processor, a path performance metric among a plurality of available metrics;
obtaining, by the processor, a value of the selected path performance metric only for each node pair within a selected subset of node pairs among the plurality of nodes;
using, by the processor, the obtained values of the selected path performance metric to train a machine-learning model to predict a value of the selected path performance metric for all node pairs of the plurality of nodes outside the selected subset; and
using, by the processor, the obtained values and the predicted values of the selected path performance metric to construct a topology of the network,
wherein the path performance metric of a given node pair of the selected subset is based on a communication exchanged between nodes of the given node pair, and
wherein node pairs of the selected subset number less than node pairs of the nodes outside the subset,
wherein the machine-learning model is a neural network including a plurality of layers, where each layer includes a plurality of neurons corresponding to an estimated number of links within the network, and
wherein each neuron is associated with a corresponding one of the node pairs of the selected subset, and when the neural network is operated on input data indicating a given node pair of the node pairs outside the selected subset, a given neuron among the neurons indicates a probability that a link associated with the given neuron is present within a path between nodes of the given node pair.

US Pat. No. 11,032,149

CLASSIFICATION AND RELATIONSHIP CORRELATION LEARNING ENGINE FOR THE AUTOMATED MANAGEMENT OF COMPLEX AND DISTRIBUTED NETWORKS

Crenacrans Consulting Ser...

1. A method for managing a first network, the method comprising:obtaining, at a first server, one or more features from the first network;
classifying and labelling the one or more features obtained from the first network;
defining, using the classified and labelled one or more features, a first training domain, wherein the first training domain comprises a first feature associated with a first measurable property and a second feature associated with a second measurable property different from the first measurable property;
creating, by the first server, a first steady state model of the first network using, in part, the first training domain;
monitoring, by the first server, the first network by comparing a first current state model to the first steady state model;
determining that the first feature is causing the first current state model of the first network to deviate from the first steady state model;
determining, by the first server, whether the first feature is capable of accepting direct feedback; and
remediating the second feature to bring the first network into compliance with the first steady state model based on a determination that the first feature is not capable of accepting direct feedback, wherein the first training domain identifies a relationship between the first feature and the second feature.

US Pat. No. 11,032,148

MANAGING NETWORK COMMUNICATION OF AN UNMANNED AUTONOMOUS VEHICLE

QUALCOMM Incorporated, S...

1. A method of managing network communication of an unmanned autonomous vehicle (UAV), comprising:determining an altitude of the UAV;
determining, based on the altitude of the UAV, an interference metric that represents a level of radio frequency interference between the UAV and one or more base stations of a communication network;
adjusting one or more communication parameters of a communication link between the UAV and the one or more base stations of the communication network based on the interference metric, wherein the one or more communication parameters comprise a quality of service of the communication link, a packet size of the communication link, a modulation and coding scheme of the communication link, a handover parameter of the communication link, a bandwidth used for the communication link, or a frequency used over the communication link, and
transmitting one or more signals, from the UAV to the one or more base stations of the communication network, based on the adjusted one or more communication parameters.

US Pat. No. 11,032,147

ACCELERATION OF NODE CONFIGURATION FOR TWAMP WITH A LARGE NUMBER OF TEST SESSIONS

Spirent Communications, I...

1. A method of reducing setup time of a Two-Way Active Measurement Protocol (TWAMP) control phase of a TWAMP protocol including the TWAMP control phase and a TWAMP test phase, the method including:communicating, by a control client of a first network host, with receiving servers to set up pairwise test sessions between a session-sender on the first network host and session-reflectors on other hosts using receiver port allocations from an accept-port data structure populated from a parsed configuration file;
receiving and checking blocks of Accept-Session messages from a receiving server at one of the session-reflectors and handling either case of (i) acceptance of a proposed receiver port included in the parsed configuration file or (ii) a counter proposal of an alternate-and-available port returned from the receiving server to be used for a particular two-way (TW) measurement session, instead of the proposed receiver port;
updating the accept-port data structure by storing information identifying the alternate-and-available port received in a particular Accept-Session message; and
using information identifying ports stored in the accept-port data structure to initiate TWAMP messages in the pairwise test sessions.

US Pat. No. 11,032,146

MIGRATION OF EXISTING COMPUTING SYSTEMS TO CLOUD COMPUTING SITES OR VIRTUAL MACHINES

Commvault Systems, Inc., ...

1. A method implemented by one or more processors having computer-executable instructions stored on one or more non-transitory computer readable media, comprising:identifying a non-production copy of data and metadata obtained from a non-virtualized computing device, wherein:
the non-production copy is stored on non-production storage media separate from the non-virtualized computing device and separate from a destination virtual machine, and
the non-production copy of data is stored in a non-native format different from a native application format used to store a production copy of data;
determining a configuration of the non-virtualized computing device to obtain configuration data for the non-virtualized computing device, wherein the configuration of the non-virtualized computing device is determined from a non-production copy of the configuration of the non-virtualized computing device;
analyzing usage trends of the non-virtualized computing device;
instructing a cloud service provider to create the destination virtual machine based on the configuration data of the non-virtualized computing device, wherein the instructions to create the destination virtual machine include instructions to automatically alter a configuration of the destination virtual machine based on the analyzed usage trends of the non-virtualized computing device;
instructing the destination virtual machine to restore from the non-production storage media the non-production copy of data and metadata obtained from the non-virtualized computing device; and
updating a mapping of a logical network address to route client computing devices from the non-virtualized computing device to the destination virtual machine.

US Pat. No. 11,032,145

METHODS AND SYSTEMS THAT PROVISION APPLICATIONS ACROSS MULTIPLE COMPUTER SYSTEMS

VMware, Inc., Palo Alto,...

1. An automated-application subsystem of an automated-application-release-management system within a cloud-computing facility having multiple servers, data-storage devices, and one or more internal networks, the automated-application subsystem comprising:an application-blueprint-generation subsystem that generates an application blueprint;
a resource-profile storage component that stores resource profiles, each resource profile describing computational resources that are allocable from computing facilities;
computational-resource processors that each retrieves resource profiles from the resource-profile storage component, filters the computational resources described in the retrieved resource profiles, and returns candidate computational resources to an application provisioning engine; and
the application-provisioning engine, to which an application blueprint is input, that requests candidate resources from the computational-resource processors, maps each computational resource specified in the application blueprint to a candidate resource and that uses the mapping to allocate computational resources for execution of the application described by the application blueprint.

US Pat. No. 11,032,144

NETWORK CONTROL SYSTEM, METHOD AND PROGRAM

NEC CORPORATION, Tokyo (...

1. A network control system comprising:a link design unit that is implemented by a processor and that decides, as a configuration of one network formed by connecting a plurality of nodes having a communication function, a configuration of a plurality of distributed networks included in the one network and specific links for forming the one network by connecting the plurality of distributed networks; and
a network configuration switching unit that is implemented by the processor and that switches the configuration of the network by logically enabling or disabling the specific links on request at least in a state where links other than the specific links are enabled,
wherein the link design unit decides the configuration of the plurality of distributed networks and the specific links based on a cluster hierarchical structure corresponding to a formation process of the one network which is formed as a result of sequentially adding links, which connect the nodes, based on a connection weight decided in accordance with a degree of spread or complexity of the network after connection.

US Pat. No. 11,032,143

ASSIGNMENT OF NETWORK CONFIGURATION FOR A WIRED NETWORK USING A WIRELESS NETWORK

NetApp, Inc., Sunnyvale,...

1. An apparatus representing a storage node or a compute node of a plurality of nodes to be configured as part of a cluster, the apparatus comprising:a processor;
a wired network interface coupled to the processor and operable to make use of a wired network as a data plane for the cluster;
a second network interface coupled to the processor, the second network interface capable of wireless communication via a wireless network acting as a configuration plane for the cluster; and
a memory coupled to the processor, the memory including program instructions executable by the processor to,
perform out-of-band configuration of the wired network interface by:
requesting configuration information for the wired network interface by broadcasting the first beacon within the wireless network via the second network interface;
receiving a second beacon via the second network interface, the second beacon including the configuration information; and
applying the configuration information to configure the wired network interface.

US Pat. No. 11,032,142

SWITCHING METHOD, BASE STATION AND TERMINAL

GUANGDONG OPPO MOBILE TEL...

1. A switching method, comprising:configuring, by a base station, a switching message for a narrow-bandwidth receiving mode, the switching message comprising time when a terminal is indicated to enter the narrow-bandwidth receiving mode and a position of a narrow bandwidth on a frequency band when the narrow-bandwidth receiving mode is entered;
sending the switching message to the terminal to indicate the terminal to switch to the narrow bandwidth specified in the switching message for information reception, the narrow bandwidth being smaller than a system bandwidth; and
sending time information of stopping narrow-band signal detection and restarting signal detection to the terminal, wherein the time information of stopping narrow-band signal detection is sent by the base station to the terminal to indicate the terminal to enter a dormant state at a moment when narrow-band signal detection is stopped.

US Pat. No. 11,032,141

SIGNAL PROCESSING APPARATUS AND PARAMETER SETTING METHOD FOR THE APPARATUS

DENSO TEN Limited, Kobe ...

1. A signal processing apparatus comprising:a microcomputer that includes:
a first memory that stores a single setting file including: a common portion that holds at least one common parameter that is used in common for a plurality of functions performed by the signal processing apparatus; a plurality of individual portions that each individually hold parameters for one of the plurality of functions; a work area; and a changer that holds change information to change the at least one common parameter in the common portion separate from the at least one common parameter;
a controller; and
a library; and
a signal processor that processes a communication signal and includes a second memory;
wherein the controller is configured to (a) implement sending of the common portion, the plurality of individual portions, the work area and the changer from the first memory to the library, (b) implement sending of the common portion, the plurality of individual portions and the work area from the library to the second memory, (c) select a selected function of the plurality of functions, (d) implement copying of the individual portion that holds the parameters for the selected function to a work area of the second memory, (e) implement, in the second memory, change of at least one parameter in the common portion based on the change information held by the changer, and (f) instruct the signal processor to process the communication signal using i) the individual portion copied to the work area of the second memory and ii) the at least one common parameter of the common portion that has been changed based on the change information from the changer.

US Pat. No. 11,032,140

USING A TEMPLATE TO UPDATE A STACK OF RESOURCES

Amazon Technologies, Inc....

14. A system, comprising:one or more processors; and
program instructions that are executed by the one or more processors to:
instantiate a stack of resources, specified in a first template, that operate together;
receive a request that includes a second template that specifies a configuration that differs from the first template's specification for the same stack of resources;
compute, based upon the one or more differences introduced by the second template for the same stack of resources, one or more differences for one or more resources in the instantiated stack of resources; and
determine, based at least in part on one or more computed differences, a set of changes to be made to the resources of the stack; and
perform the set of changes to be made to the resources of the stack.

US Pat. No. 11,032,139

WIRELESS DEVICES AND SYSTEMS INCLUDING EXAMPLES OF CONFIGURATION DURING AN ACTIVE TIME PERIOD

Micron Technology, Inc., ...

1. A method, comprising:during a first cycle of a discontinuous reception (DRX) cycle or a discontinuous transmission (DTX) cycle:
processing first data to generate second data using a first configuration of processing units; and
processing the second data to generate third data using a second configuration of the processing units that comprises a configuration different than the first configuration; and
during a second cycle of the DRX cycle or the DTX cycle:
transmitting a radio frequency (RF) signal that is based at least in part on the third data.

US Pat. No. 11,032,138

MANAGING TRAFFIC CONTROL IN A NETWORK MITIGATING DDOS

Level 3 Communications, L...

1. A method of managing routes of data traffic within a network, the method comprising performing, by a computer system:providing a user interface for a user to input a destination address and a routing action, wherein the user interface provides a plurality of routing actions from which to select, wherein the plurality of routing actions includes a discarding routing action to be performed at the plurality of border routers, a null routing action separate from the discarding routing action, and a diversion routing action that specifies a computing device within the network that is not a destination address where the computing device filters network traffic to mitigate denial of service attacks on the destination address based on rules;
receiving a first destination address and a first routing action via the user interface;
receiving, via the user interface, a future time for which the first routing action is to be used; and
upon reaching the future time:
updating a configuration file to specify the first routing action to be performed for the destination address;
converting the configuration file into router management commands; and
sending the router management commands to a plurality of border routers of the network.

US Pat. No. 11,032,137

WEARABLE ELECTRONIC DEVICE, MAIN ELECTRONIC DEVICE, SYSTEM AND CONTROL METHOD THEREOF

Samsung Electronics Co., ...

1. A mobile phone, comprising:a display;
a communication circuit;
a memory configured to store instructions; and
at least one processor configured to execute the stored instructions to:
control the communication circuit to establish a wireless connection between a wearable electronic device and the mobile phone,
display, on the display of the mobile phone, a user interface (UI) including an object for selecting a user configuration setting of a notification function of the mobile phone to one of activate or deactivate the notification function of the mobile phone, wherein the notification function includes displaying notification information on an event of the mobile phone, and wherein deactivating the notification function causes the notification information on the event of the mobile phone not to be displayed,
receive, via the display, a touch input via the object included in the displayed UI, in response to receiving the touch input,
change the user configuration setting of the notification function of the mobile phone to activate or deactivate the notification function of the mobile phone, and
control the communication circuit to transmit a first control signal to the wearable electronic device such that a user configuration setting of a notification function of the wearable electronic device is activated or deactivated according to the changed user configuration setting of the notification function of the mobile phone,
apply, in response to a difference between the user configuration setting of the notification function of the wearable electronic device and the user configuration setting of the notification function of the mobile phone, a more recently changed user configuration setting from the user configuration setting of the notification function of the wearable electronic device and the user configuration setting of the notification function of the mobile phone as the user configuration setting of the notification function of the mobile phone,
receive, from the wearable electronic device, information indicating whether a user of the wearable electronic device is sleeping,
after receiving the information, receive a short message service (SMS) message,
determine whether the user is sleeping using the information,
when the user is determined to be sleeping, refrain from transmitting a notification related to the SMS message to the wearable electronic device,
when the user is determined to be awake, transmit the notification related to the SMS message to the wearable electronic device,
after transmitting the notification related to the SMS message, determine whether confirmation for the notification is received from the wearable electronic device, and
when the confirmation is not received from the wearable electronic device for a specified time after transmitting the notification, transmit the notification to another wearable electronic device.

US Pat. No. 11,032,136

DISCOVERY OF NETWORK CAMERA DEVICES

Microsoft Technology Lice...

1. A system for camera device discovery and enumeration, the system comprising:at least one processor; and
at least one memory comprising computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the at least one processor to:
detect a camera device connected to a computing device using a Universal Plug and Play (UPnP) protocol;
generate a generic camera device object corresponding to the detected camera device with a user-mode camera driver to implement a direct interface to the camera device, the user-mode camera driver associated with an operating system executing on the computing device and defining a generic registration module allowing the operating system to identify the detected camera device;
register the generated generic camera device object with the operating system to provide the direct interface from the operating system to the camera device and to make the camera device available to a plurality of applications executing on the computing device, the generated generic camera device object registered with a kernel stream in a User-Mode Driver Framework (UMDF) of the operating system, wherein the user-mode camera driver is configured to refer to the kernel stream by invoking a UMDF interface; and
command the camera device from at least one of the plurality of applications via the registered generic camera device object through the operating system, wherein the user-mode camera driver translates an application command from the at least one of the plurality of applications to a control command to control the detected camera device based on a camera type of the detected camera device, and wherein the user-mode camera driver is a single driver configured to generate generic camera device objects that enables discovery and communication with camera devices of different types.

US Pat. No. 11,032,135

METHOD FOR VNF MANAGERS PLACEMENT IN LARGE-SCALE AND DISTRIBUTED NFV SYSTEMS

Telefonaktiebolaget LM Er...

1. A method for placement of virtual network functions managers (VNFMs) in a network functions virtualization (NFV) system, comprising:determining a number of VNFMs for the NFV system;
determining a type for each VNFM;
generating a set of neighbor VNFMs placement solutions, each VNFM placement solution being generated by determining a plurality of associations between the VNFMs and VNF instances in the system, and each VNFM placement solution determining a placement for each VNFM over distributed Network Function Virtualization Infrastructure Points of Presence (NFVI-PoPs);
selecting a VNFMs placement solution among the set of VNFMs placement solutions which minimizes operational cost; and
placing the VNFMs on the NFVI-PoPs, assigning the VNF instances to the VNFMs according to the VNFMs placement solution and activating the VNFMs.

US Pat. No. 11,032,134

PROVIDING AND MANAGING AN ADAPTER AS A SERVICE (AAAS) BROKERING SERVICE

INTERNATIONAL BUSINESS MA...

1. A method, by a processor, for managing an adapter as a service (AaaS) in a computing environment, comprising:registering a plurality of types of adapters provided by one or more providers with an adapter as a service (AaaS) entity, wherein the AaaS entity maintains the registered plurality of types of adapters and functions as an exchange between one or more users and the one or more providers to provide access to a plurality of identity and access management (IAM) systems;
responsive to registering the plurality of types of adapters with the AaaS entity, providing a browsable list of each of the plurality of types of adapters registered with the AaaS entity for selection by the one or more users; and
provisioning and de-provisioning, by respective adapters of the plurality of types of adapters on the browsable list, user accounts of the one or more users to one or more applications associated with the plurality of IAM systems, wherein the AaaS entity acts as a brokering service to perform the provisioning and de-provisioning by configuring the plurality of types of adapters on-demand as required by the one or more providers to access the one or more applications corresponding thereto.

US Pat. No. 11,032,133

UNIVERSAL SCALING CONTROLLER FOR SOFTWARE NETWORK FUNCTIONS

Nefeli Networks, Inc., B...

1. A method comprising:receiving, at a switch of a network, a batch of data units during a first period of time, the network further comprising i) one or more network function (NF) instances of an NF service, and ii) a scaling controller;
transmitting, from the switch to a first NF instance of the one or more NF instances, one or more units of data of the batch of data units during the first period of time;
determining, by the switch or by one or more controllers of the network, an estimated maximum safe data unit rate for the first NF instance;
determining, by the switch or by the one or more controllers, a representative estimated maximum safe data unit rate for the NF service using the estimated maximum safe data unit rate;
determining, by the switch or by the one or more controllers, an incoming data unit rate of the NF service; and
determining, at the scaling controller, a total number of NF instances of the NF service to be provisioned in the network using the determined incoming data unit rate of the NF service and the representative estimated maximum safe data unit rate of the NF service.

US Pat. No. 11,032,132

RESOURCE LINK BINDING MANAGEMENT

Convida Wireless, LLC, W...

1. A method performed by a first device, the method comprising:receiving a request to create a link binding entry defining a link binding, wherein the link binding is a unidirectional binding relationship from a source resource to a destination resource, the request to create the link binding entry comprising one or more link binding attributes;
generating a link binding Uniform Resource Identifier (URI) associated with the link binding entry;
sending, to a second device, a link binding notification, the link binding notification comprising an indication of the one or more link binding attributes;
receiving, from the second device, a response to the link binding notification, the response to the link binding notification comprising an indication that one or more of the link binding attributes has been approved; and
creating, based on receiving the response to the link binding notification, a link binding entry comprising the link binding URI.

US Pat. No. 11,032,131

METHODS AND SYSTEMS FOR COMMUNICATION WITH AIR GAPPED COMPUTER SYSTEMS

1. A method, comprising:at a first computer system of a first computer network, the first computer network comprising a plurality of nodes, each communicatively coupled to only other nodes of the first computer network, receiving SYSLOG data from one or more of the nodes of the first computer network and, line by line, converting the SYSLOG data to one or more machine-readable optical labels, and displaying said machine-readable optical labels on a first display device coupled to the first computer system to provide displayed machine-readable optical labels; and
at a second computer system communicatively coupled to a second computer network, the second computer network being physically decoupled from the first computer network by an air gap and communicatively coupled to the first computer network through a one-way information flow across the air gap, receiving via an imaging device coupled to the second computer system images of the displayed machine-readable optical labels displayed on the first display device, converting the images of the displayed machine-readable optical labels to reconstituted SYSLOG data, and providing the reconstituted SYSLOG data to one or more nodes of the second computer network.

US Pat. No. 11,032,130

TROUBLESHOOTING METHOD, APPARATUS, AND SYSTEM

HUAWEI TECHNOLOGIES CO., ...

1. A troubleshooting method, wherein the method comprises:monitoring, by a virtualized network function (VNF), an operating status of at least one virtual machine (VM) inside the VNF;
determining, by the VNF according to a fault when the fault occurs on the VM, whether to perform VM rebuilding recovery, wherein the VNF determines among different types of recovery rebuilding comprising a local rebuilding recovery or a remote rebuilding recovery according to a type of the fault experienced by the VM, wherein the local rebuilding recovery is determined to be performed based at least in part on the determined type of fault being an operating system fault type detected to have occurred with an operating system inside the VM, and wherein the remote rebuilding recovery is determined to be performed based at least in part on the determined type of fault being a communication subhealth fault type detected to have degraded a quality of network communication of the VM; and
sending, by the VNF, a rebuilding recovery request including the determined type of recovery rebuilding to a virtualized network function manager (VNFM) when determining to perform the VM rebuilding recovery, wherein the VNFM is configured to instruct, according to the rebuilding recovery request, a virtualized infrastructure manager (VIM) to perform rebuilding recovery for the VM.

US Pat. No. 11,032,129

INFORMATION PROCESSING APPARATUS, NETWORK SYSTEM, AND COMPUTER-READABLE RECORDING MEDIUM

FUJITSU LIMITED, Kawasak...

1. An information processing apparatus comprising:a memory; and
a processor coupled to the memory and configured to:
perform switching to a transmission device in a standby status of transmission devices in a redundant configuration when a transmission device under operation of the transmission devices in the redundant configuration fails;
store, as normal coupling information, coupling information at a time when a network system, which is constituted by the information processing apparatus and the transmission devices in the redundant configuration, is normal, the coupling information being information on a transmission device port to which a communication control device included in the information processing apparatus is coupled;
when the transmission device to which the communication control device is coupled is repaired or replaced, determine whether or not the coupling information transmitted from the transmission device after the repair or replacement matches with the normal coupling information; and
control communications between the communication control device and the transmission device port to which the communication control device is coupled based on the determination result.

US Pat. No. 11,032,128

USING A LOCAL HUB DEVICE AS A SUBSTITUTE FOR AN UNAVAILABLE BACKEND DEVICE

Amazon Technologies, Inc....

1. A method, comprising:receiving, by an audio/video recording and communication device (A/V device) and from one or more devices, first setting data associated with a network device;
receiving, by the A/V device and from the one or more devices, second setting data associated with a hub device;
establishing, by the A/V device and using the first settings data, a first network connection with the network device;
generating, by the A/V device, first image data;
sending, by the A/V device, the first image data to a backend device using the first communication link;
detecting, by the A/V device, a disruption in the first communication link, the disruption causing the A/V device to be unable to communicate using the first communication link;
based at least in part on detecting the disruption, establishing, by the A/V device and using the second settings data, a second communication link with the hub device;
generating, by the A/V device, second image data; and
sending, by the A/V device, the second image data to the hub device using the second communication link.

US Pat. No. 11,032,127

RESILIENT DOMAIN NAME SERVICE (DNS) RESOLUTION WHEN AN AUTHORITATIVE NAME SERVER IS UNAVAILABLE

VERISIGN, INC., Reston, ...

1. A computer-implemented method for performing domain name system (DNS) resolution, the method comprising:determining that a first authoritative name server that is responsible for a domain name specified in a first DNS query is unavailable;
in response to determining that the first authoritative name server is unavailable:
determining that a first DNS record stored in a first cache has an expired time-to-live (TTL),
obtaining a copying policy associated with the first authoritative name server, wherein the copying policy specifies a second cache from which a given DNS record can be copied to the first cache, and
copying, to the first cache and from the second cache, a second DNS record that has a valid TTL; and
generating a first DNS response to the first DNS query based on the second DNS record.

US Pat. No. 11,032,126

DIAGNOSTIC TRAFFIC GENERATION FOR AUTOMATIC TESTING AND TROUBLESHOOTING

1. An apparatus comprising:a processor; and
a memory coupled with the processor, the memory comprising executable instructions stored thereon that when executed by the processor cause the processor to effectuate operations comprising:
detecting an occurrence of an event;
based on the detected occurrence of the event, activating a virtual machine, wherein the activating the virtual machine comprises providing instructions to configure a virtual machine already instantiated on one or more devices;
monitoring network traffic for the one or more devices, wherein the network traffic comprises test traffic and normal traffic;
separating the test traffic and the normal traffic; and
based on the separated test traffic and the activated virtual machine, determining a health of a system.

US Pat. No. 11,032,125

ROBOTIC SURGICAL DEVICES, SYSTEMS AND RELATED METHODS

Board of Regents of the U...

1. A robotic surgical device comprising:(a) an elongate support beam configured to be positionable through a port into a body cavity of a patient such that a distal portion of the elongate support beam is positioned within the body cavity and a proximal portion of the elongate support beam is positioned outside the body cavity;
(b) a first movable segmented robotic arm operably coupled to the elongate support beam via a first shoulder component, the first movable segmented robotic arm comprising:
(i) a first arm first link;
(ii) a first arm second link;
(iii) a first operational component operably coupled to the first arm second link; and
(iv) at least one first arm motor associated with the first movable segmented robotic arm; and
(c) a second movable segmented robotic arm operably coupled to the elongate support beam via a second shoulder component, the second movable segmented robotic arm comprising:
(i) a second arm first link;
(ii) a second arm second link;
(iii) a second operational component operably coupled to the second arm second link; and
(iv) at least one second arm motor associated with the second movable segmented robotic arm.

US Pat. No. 11,032,124

APPLICATION AWARE DEVICE MONITORING

ThousandEyes LLC, San Fr...

1. A system, comprising:a processor; and
a memory coupled to the processor and configured to provide the processor with instructions configured to:
collect network layer information from one or more agents utilizing a plurality of tests, wherein collecting network layer information from one or more agents utilizing a plurality of tests comprises:
performing end-to-end active network testing to discover layer-3 paths traversed by application traffic, wherein two or more paths that traverse different IP addresses belonging to a same device are grouped into a single merged device-node for visualizing the layer-3 path; and
extracting neighbor connectivity information from each monitored layer-2 device using a neighbor discovery protocol to generate a physical network map including each monitored layer-2 device
collect device layer information from the one or more agents deployed to monitor a plurality of devices in a network computing environment;
correlate the network layer information including neighbor connectivity information, IP forwarding path, routing, and application-layer metrics and the device layer information including a device name, IP address, and a MAC address and port information; and
generate an alert, a report, and/or a graphical visualization based on the correlated network layer and device layer information to facilitate root cause detection for an application performance issue.

US Pat. No. 11,032,123

HIERARCHICAL STORAGE SYSTEM MANAGEMENT

Pure Storage, Inc., Moun...

1. A method comprising:gathering, by a management module of a plurality of management modules, information describing a state of an element in a storage system that is associated with the management module, wherein the storage system includes a plurality of elements;
determining, by the management module, based on the information describing the state of the element, one or more actions to perform for the element;
executing, by the management module, an approved action for the element; and
forwarding, by the management module to a parent management module, a request received from a child management module if the management module is not authorized to approve the request.

US Pat. No. 11,032,122

MULTICAST DELAY DIAGNOSIS METHOD AND APPARATUS

Huawei Technologies Co., ...

1. A multicast delay diagnosis method, wherein the method comprises:sending, by a terminal device, a first domain name resolution request to a network node, wherein the first domain name resolution request is used to instruct the network node to return a first multicast test address;
receiving, by the terminal device, the first multicast test address returned by the network node;
sending, by the terminal device, a first multicast test join request to the network node by using the first multicast test address, and recording a time point for sending the first multicast test join request;
receiving, by the terminal device, a first packet returned by the network node, and recording a time point for receiving the first packet;
calculating, by the terminal device according to the time point for sending the first multicast test join request and the time point for receiving the first packet, a first delay caused when the terminal device joins a multicast test group of the network node, wherein a first portion of a communication chain between a terminal device and a multicast server comprises the communication between the terminal device and the network node; and
determining, by the terminal device, multicast network quality according to the first delay and according to at least a comparison of the first delay with a network delay parameter, wherein the network delay parameter is associated with a normal delay in a network caused by a second portion of the communication chain between the terminal device and the multicast server, wherein the first portion of the communication chain between the terminal device and the multicast server is different from the second portion of the communication chain between the terminal device and the multicast server.

US Pat. No. 11,032,121

SYSTEM AND METHOD FOR COMPRESSION OF RF IQ DATA

Palo Alto Research Center...

1. A computer-implemented method for detecting and reporting information associated with radio frequency (RF) signals, the method comprising:obtaining in-phase and quadrature (IQ) data of the RF signals received at a predetermined center frequency by an RF receiver;
computing statistics associated with time-dependent changes of the IQ data, which comprises:
placing IQ data points included in the IQ data into a plurality of bins in an IQ plane;
computing, for each IQ data point, a change in position in the IQ plane between the IQ data point and a corresponding IQ data point recorded prior to a predetermined time interval; and
computing, for each bin, an average change in position of IQ data points inside the bin;
assembling a data packet to be transmitted over a bandwidth-limited communication channel, wherein the data packet includes a small number of bits representing the computed statistics associated with the time-dependent changes of the IQ data.

US Pat. No. 11,032,120

METHOD FOR TRANSMITTING OR RECEIVING SIGNAL IN WIRELESS COMMUNICATION SYSTEM AND APPARATUS THEREFOR

LG Electronics Inc., Seo...

1. A method performed by a user equipment (UE) operating in a wireless communication system, the method comprising:receiving first information regarding a reference subcarrier spacing (SCS) configuration to configure a reference SCS related to a slot format indicator (SFI); and
receiving, through a UE group common-physical downlink control channel (PDCCH), downlink control information (DCI) that comprises second information regarding a slot format related to a slot of the reference SCS configuration,
wherein, based on comparison between the reference SCS configuration and a first SCS configuration in which the UE is configured to operate, the slot format is applied to a first number of consecutive slots of the first SCS configuration,
wherein the first number is identical to 2 {(first SCS configuration)?(reference SCS configuration)}, and
wherein a length of the first number of the consecutive slots is identical to a length of one slot of the reference SCS configuration in a time domain.

US Pat. No. 11,032,119

METHOD AND SYSTEM FOR COMBINING DFT-TRANSFORMED OFDM AND NON-TRANSFORMED OFDM

Apple Inc., Cupertino, C...

1. An apparatus, comprising:a baseband processor coupled to transmit circuitry and at least one antenna, wherein the baseband processor is configured to:
transmit signaling to a transmitter for transform selection;
receive, based on the transmitted signaling, one of transformed or non-transformed orthogonal frequency division multiplexing (OFDM) uplink signals,
wherein the transformed OFDM uplink signals include a first plurality of symbols that have undergone coding and modulation, discrete Fourier transform (DFT) transformation, and an inverse Fast Fourier transform (IFFT),
wherein the non-transformed OFDM uplink signals include a second plurality of symbols that have undergone coding and modulation and the IFFT; wherein the second plurality of symbols have not undergone the DFT transform; wherein the non-transformed OFDM uplink signals include a plurality of clusters, wherein a cluster is a set of contiguous subcarriers.

US Pat. No. 11,032,118

METHODS AND APPARATUS FOR GENERATION OF PHYSICAL LAYER PROTOCOL DATA UNITS FOR VEHICULAR ENVIRONMENTS

Marvell Asia Pte, Ltd., ...

1. A method for wireless communication, the method comprising: selecting, at a communication device, a frequency bandwidth via which a physical layer (PHY) protocol data unit (PPDU) will be transmitted in a vehicular communication network, wherein the frequency bandwidth is selected from a set of permissible frequency bandwidths that includes a 10 MHz bandwidth and a 20 MHz bandwidth; generating, at a communication device, the PPDUi) according to a downclocking ratio of ½, and
ii) based on an orthogonal frequency division multiplexing (OFDM) numerology defined by an IEEE 802.11ac Standard,
wherein the PPDU is generated to span the selected frequency bandwidth and to include a PHY preamble having a signal field, and wherein:
in response to the selected frequency bandwidth being 10 MHz, the PPDU is generated according to the downclocking ratio of ½ and based on the OFDM numerology defined by the IEEE 802.11ac Standard for 20 MHz PPDUs, and
in response to the selected frequency bandwidth being 20 MHz, the PPDU is generated according to the downclocking ratio of ½ and based on the OFDM numerology defined by the IEEE 802.1 lac Standard for 40 MHz PPDUs;
modulating, at the communication device, the signal field entirely on a single OFDM symbol; and transmitting, by the communication device, the PPDU in the vehicular communication network.

US Pat. No. 11,032,117

MAPPING REFERENCE SIGNALS IN WIRELESS COMMUNICATION SYSTEMS TO AVOID REPETITION

1. A method, comprising:generating, by a transmitter device in a wireless network and comprising a processor, reference signal sequences, comprising generating a first reference signal sequence, and generating a second reference signal sequence that is different from the first reference signal sequence, wherein the reference signal sequences are non-repetitive within a resource block corresponding to an orthogonal frequency division multiplexing symbol for a first antenna port of the transmitter device and a second antenna port of the transmitter device in order to reduce a peak-to-average power ratio of the transmitter device;
mapping, by the transmitter device, the first reference signal sequence and the second reference signal sequence to different ones of resource elements of the resource block; and
transmitting, by the transmitter device, the resource elements to a receiver device based on the mapping.

US Pat. No. 11,032,116

WIRELESS COMMUNICATION METHOD AND DEVICE

PANASONIC INTELLECTUAL PR...

1. An integrated circuit to control a process, the process comprising:mapping a modulation symbol set to a first Orthogonal Frequency Division Multiplexing (OFDM) symbol, to which a type of reference signal also is mapped, in a first subframe;
mapping the same modulation symbol set to a second OFDM symbol, to which the type of reference signal also is mapped and which is different from the first OFDM symbol, in a second subframe that is different from the first subframe; and
transmitting the mapped modulation symbol set with repetitions of the modulation symbol set in the first and second subframes.

US Pat. No. 11,032,115

DEVICE AND METHOD FOR DECODING BOOTSTRAP SIGNAL

Electronics and Telecommu...

1. An apparatus for decoding a bootstrap signal, comprising a processor and a memory storing at least one instruction to be executed by the processor, wherein the at least one instruction is configured to:calculate a relative cyclic shift and a channel gain estimate of a received bootstrap signal and correcting the channel gain estimate using the relative cyclic shift; and
decode the bootstrap signal using the corrected channel gain estimate,
wherein the relative cyclic shift is calculated by applying an IFFT operation in a maximum-likelihood decision rule for the relative cyclic shift,
wherein the channel gain estimate is corrected by averaging multiple channel gain estimates for multiple symbols,
wherein at least one phase difference is compensated in the averaging multiple channel gain estimates by using the relative cyclic shift calculated by applying the IFFT operation in the maximum-likelihood decision rule, and
wherein the channel gain estimate corrected by averaging the multiple channel gain estimates is used in an IFFT operation for calculating a relative cycle shift.

US Pat. No. 11,032,114

APPARATUS AND METHOD FOR SENDING AND RECEIVING BROADCAST SIGNALS

LG ELECTRONICS INC., Seo...

1. A device for processing a broadcast signal, comprising:a tuner to receive the broadcast signal carrying a bootstrap prefixed to the beginning of a signal frame,
the bootstrap including one or more bootstrap symbols, a last bootstrap symbol immediately that is followed by a preamble of the signal frame signaling bootstrap termination,
the bootstrap including first information for representing a structure of the preamble;
a demodulator configured to demodulate the broadcast signal, wherein:
the preamble carries Layer 1 (L1) signaling data for the signal frame,
the preamble includes a plurality of preamble symbols,
a foremost preamble symbol of the preamble symbols has a minimum number of carriers (NoC),
the foremost preamble symbol carries second information for indicating a number of remaining preamble symbols and third information related to NoC for the remaining preamble symbols;
a frequency deinterleaver configured to deinterleave the demodulated broadcast signal based on frequency deinterleaving operation;
a de-framer configured to de-frame the signal frame in the deinterleaved broadcast signal to output Data Pipe (DP) data, the signal frame including one or more subframes carrying the DP data,
a signaling decoder configured to decode the L1 signaling data; and
a decoder to decode the DP data based on the L1 signaling data.

US Pat. No. 11,032,113

APPARATUS AND METHODS FOR HYBRID VECTOR BASED POLAR MODULATOR

QUALCOMM INCORPORATED, S...

1. A polar modulator circuit, comprising:a first phase shifting modulation circuit configured to input a first phase signal to generate a first modulation signal and output the first modulation signal, wherein the first phase signal comprises a first phase of polar component information;
a first power amplifier (PA) coupled to the first phase shifting modulation circuit and configured to input a first state signal, input the first modulation signal, and amplify the first modulation signal, wherein the first modulation signal represents a first link of N links, N is an integer greater than 2 and the first state signal comprises a first magnitude of the polar component information;
a second phase shifting modulation circuit configured to input a second phase signal to generate a second modulation signal, wherein the second phase signal comprises a second phase of the polar component information;
a second PA coupled to the second phase shifting modulation circuit and configured to input a second state signal and amplify the second modulation signal, wherein the second modulation signal represents a second link of the N links and the second state signal comprises a second magnitude of the polar component information;
a third phase shifting modulation circuit configured to input a third phase signal to generate a third modulation signal, wherein the third phase signal comprises a third phase of the polar component information;
a third PA coupled to the third phase shifting modulation circuit and configured to input a third state signal and amplify the third modulation signal, wherein the third modulation signal represents a third link of the N links and the third state signal comprises a third magnitude of the polar component information; and
a summation circuit configured to input the N links and output a modulated transmission signal.

US Pat. No. 11,032,112

MULTI-CARRIER CREST FACTOR REDUCTION

MOTOROLA SOLUTIONS, INC.,...

1. A base station device for multi-carrier crest factor reduction, the base station device comprising:a plurality of radio frequency sources configured to generate a plurality of radio frequency carrier signals that each exhibit a periodic and repetitive envelope modulation component;
a plurality of carrier modulators corresponding to the plurality of radio frequency sources and configured to modulate the plurality of radio frequency carrier signals with information signals and generate a plurality of modulated signals;
a one or more antennae coupled to the plurality of carrier modulators and configured to transmit a multi-carrier signal including the plurality of modulated signals, the multi-carrier signal including a plurality of linear simulcast modulation waveforms having an envelope synchronous to the periodic and repetitive envelope modulation component of the plurality of radio frequency carrier signals; and
an electronic processor coupled to the plurality of carrier modulators and configured to
determine a time offset based on one or more selected from the group consisting of a number of carrier channels in the multi-carrier signal, a distribution of carrier channels in the multi-carrier signal, and a statistical use of each of the plurality of radio frequency carrier signals;
initiate modulation, using the plurality of carrier modulators, of a first subset of the plurality of radio frequency carrier signals at a first time, and
initiate modulation, using the plurality of carrier modulators, of a second subset of the plurality of radio frequency carrier signals at a second time, the second time being the time offset after the first time, wherein at least one of the first subset and the second subset include more than one of the plurality of radio frequency carrier signals.

US Pat. No. 11,032,111

SERDES PRE-EQUALIZER HAVING ADAPTABLE PRESET COEFFICIENT REGISTERS

CREDO TECHNOLOGY GROUP LI...

1. A SerDes communications method that comprises, in a transceiver:selecting one of multiple registers to specify initial pre-equalizer coefficient values, each of the multiple registers corresponding to a different channel model;
updating the initial pre-equalizer coefficient values during a training phase; and
using the updated pre-equalizer coefficient values to convey a transmit data stream.

US Pat. No. 11,032,110

LOW POWER CHIP-TO-CHIP BIDIRECTIONAL COMMUNICATIONS

KANDOU LABS, S.A., Lausa...

1. A method comprising:receiving, at a receiver, symbols of a codeword, the symbols received via wires of a multi-wire bus, the codeword representing an aggregate sum of a plurality of sub-channel constituent codewords, each sub-channel constituent codeword representing a weight applied to an associated sub-channel vector of a plurality of sub-channel vectors of an orthogonal matrix;
generating a plurality of comparator outputs using a plurality of common-mode resistant multi-input comparators (MICs), each common-mode resistant MIC receiving a corresponding subset of the symbols of the codeword and having a set of input coefficients representing a corresponding sub-channel vector of the plurality of sub-channel vectors, each sub-channel vector (i) mutually orthogonal and (ii) orthogonal to a common-mode sub-channel vector, each comparator output indicative of the weight applied to the corresponding sub-channel vector;
outputting a set of forward-channel output bits formed based on the plurality of comparator outputs; and
generating a sequence of bits of a secondary data link carried by common-mode sub-channel constituent codewords using a common-mode MIC receiving all symbols of the codeword and having input coefficients associated with the common-mode sub-channel vector.

US Pat. No. 11,032,109

COMMUNICATION PROCESSING SYSTEM, COMMUNICATION PROCESSING METHOD, COMMUNICATION PROCESSING APPARATUS, COMMUNICATION MANAGING APPARATUS, AND CONTROL METHODS AND CONTROL PROGRAMS OF COMMUNICATION PROCESSING APPARATUS AND COMMUNICATION MANAGING APPARATUS

NEC CORPORATION, Tokyo (...

1. A communication processing apparatus comprising:a first connection unit that connects devices;
a second connection unit that connects to a server;
a switching unit that switches connections of the devices and the server between said first connection unit and said second connection unit;
a determiner that determines whether each of the devices is permitted or unpermitted to connect to the communication processing apparatus; and
a connection controller that controls said switching unit in accordance with a determination result from said determiner,
wherein said connection controller controls said switching unit to disconnect between the server and all of the devices connected to said first connection unit, when said determiner has determined that a device is unpermitted to connect to the communication processing apparatus, and then restore connections of the server and other devices connected to said first connection unit except the unpermitted device, after said first connection unit has disconnected the unpermitted device.

US Pat. No. 11,032,108

FACILITATING PERSONAS IN COMMUNICATION EXCHANGE ENVIRONMENTS

Microsoft Technology Lice...

1. An apparatus comprising:one or more non-transitory computer readable storage media;
one or more processors operatively coupled with the one or more computer readable storage media; and
program instructions stored on the one or more computer readable storage media for facilitating a communication exchange environment that, when executed by the one or more processors, direct the apparatus to at least:
in response to a search request comprising search criteria with which to search for relevant personas and reply criteria with which to populate the relevant personas, identify a plurality of persona identities based on the search criteria;
in response to identifying the plurality of persona identities, identify, by querying a plurality of contact sources, a plurality of contacts associated with the plurality of persona identities;
subsequent to a determination that two or more contacts of the plurality of contacts correspond to a same persona identity of the plurality of persona identities, generate aggregated contact information by aggregating the two or more contacts;
generate a plurality of personas, each of the plurality of personas corresponding to a persona identity of the plurality of persona identities and comprising contact information assembled from at least a portion of the plurality of contacts, wherein a persona of the plurality of personas corresponding to the same persona identity comprises contact information assembled from at least the aggregated contact information; and
based on the reply criteria, initiate a reply to the search request comprising the plurality of personas.

US Pat. No. 11,032,107

GRE TUNNELING WITH REDUCED PACKET ENCRYPTION AT INTERMEDIATE ROUTERS

Juniper Networks, Inc., ...

1. A method, comprising:receiving, by a network node, a packet having an inner internet protocol (IP) header and an outer IP header,
wherein a source address of the outer IP header identifies a tunnel endpoint of a transmitting network node, and a destination address of the outer IP header identifies a tunnel endpoint of the network node,
wherein a source address of the inner IP header identifies a sender address, and a destination address of the inner IP header identifies a recipient address,
wherein the inner IP header is encrypted;
generating, by the network node after receiving the packet, a copy of the packet to obtain a copied packet;
performing, by the network node, decryption on either the packet or the copied packet to identify the recipient address of the inner IP header;
updating, by the network node, the outer IP header of the packet, if the copied packet was decrypted, or updating, by the network node, the outer IP header of the copied packet, if the packet was decrypted, to obtain an updated packet with an updated outer IP header,
wherein the source address of the updated outer IP header is updated to the tunnel endpoint of the network node, and the destination address of the updated outer IP header is updated to a tunnel endpoint of a receiving network node that is associated with the recipient address; and
routing, by the network node, the updated packet according to the updated outer IP header.

US Pat. No. 11,032,106

LAYER 2 TUNNEL PROTOCOL (“L2TP”) NODE PROCESSING OPTIMIZATION USING A DEDICATED HELLO CHANNEL KEEPALIVE MECHANISM

Juniper Networks, Inc., ...

1. A computer-implemented method for use by a node having at least one forwarding component and a control component controlling each of the at least one forwarding component, the method comprising:a) establishing a dedicated channel for tunnel hello keepalive messaging between the node and a peer node, wherein a layer 2 tunnel protocol (L2TP) tunnel is established between the node and the peer node such that the node serves as a local tunnel endpoint and the peer node serves as a peer tunnel endpoint, wherein the dedicated channel operates within the L2TP tunnel, wherein keepalive messages on the dedicated channel are to be processed by one of the at least one forwarding component of the node without needing the control component of the node, and wherein the act of establishing a dedicated channel operating within a L2TP tunnel uses a message that specifies (A) a hello dedicated control channel attribute type, and (B) an attribute value indicating that the hello channel dedicated control channel is supported;
b) exchanging with the peer tunnel endpoint, by the local tunnel endpoint, hello request messages and hello reply messages over the dedicated channel operating within the L2TP tunnel;
c) determining, by the one of the at least one forwarding component of the node without needing the control component of the node, and using the exchanged hello request messages and a hello reply messages, whether a keepalive timeout condition for the L2TP tunnel has been met; and
d) responsive to determining that a keepalive timeout condition for the L2TP tunnel has been met,
i) informing the control component of the node of the keepalive timeout, and
ii) initiating teardown of the L2TP tunnel using the control component of the node, and
otherwise, responsive to failing to determine that a keepalive timeout condition for the L2TP has been met,
continuing the exchange of hello request messages and hello reply messages between the local tunnel endpoint and the peer tunnel endpoint.

US Pat. No. 11,032,105

METHOD FOR IMPLEMENTING GRE TUNNEL, HOME GATEWAY AND AGGREGATION GATEWAY

HUAWEI TECHNOLOGIES CO., ...

1. A home gateway comprising:a non-transitory computer readable medium containing computer-executable instructions; and
a processor configured to execute the computer-executable instructions to perform operations comprising:
establishing a digital subscriber line (DSL) generic routing encapsulation (GRE) tunnel with an aggregation gateway; and
sending a first GRE tunnel notification packet to the aggregation gateway through the DSL GRE tunnel,
wherein the first GRE tunnel notification packet comprises an attribute type field,
wherein the attribute type field comprises an 8 bit value among a plurality of possible values and each value of the plurality of values corresponds to a respective attribute type,
wherein the 8 bit value corresponds to an attribute type of switching to DSL tunnel for instructing the aggregation gateway to transmit traffic to the home gateway only through the DSL GRE tunnel,
wherein sending the first GRE tunnel notification packet to the aggregation gateway causes the aggregation gateway to transmit traffic to the home gateway only through the DSL GRE tunnel.

US Pat. No. 11,032,104

UDP OVER TCP TUNNEL

Adaptiv Networks Inc., G...

1. A method of transporting a plurality of UDP datagrams transmitted with a UDP protocol from a sending application to a receiving application over a network, said method comprising:creating, by the sending application, a TCP tunnel between the sending application and the receiving application;
encapsulating, by the sending application, one of said UDP datagrams in one of said TCP packet;
transmitting, by the sending application, said TCP packets via said TCP tunnel to said receiving application over said network using a TCP/IP protocol;
extracting, by the receiving application, said UDP datagram from said TCP packet and forwarding the extracted said UDP datagram to the receiving application;
maximizing real time performance, by the sending application, of a transmission rate of said TCP packets in response to detection of none or more missing TCP packets; and
detecting and deleting, by the receiving application, retransmitted UDP datagrams.

US Pat. No. 11,032,103

ETHERNET LINK EXTENSION METHOD AND DEVICE

Credo Technology Group Li...

1. An Ethernet link extender that comprises:a first PMA (physical medium attachment) circuit having a transmitter and a receiver that communicate in a sequence of phases with a first node, the sequence including at least an auto-negotiation phase and a subsequent training phase; and
a second PMA circuit having a transmitter and a receiver that communicate in said sequence of phases with a second, different node, the phases in said sequence being simultaneous for the first and second PMA circuits,
the transmitter of the second PMA circuit being coupled to the receiver of the first PMA circuit during the auto-negotiation phase to retransmit communications received from the first node,
the transmitter of the first PMA circuit being coupled to the receiver of the second PMA circuit during the auto-negotiation phase to retransmit communications received from the second node,
the transmitter of the first PMA circuit and the transmitter of the second PMA circuit each including a transmit filter adapted in accordance with back-channel information received from the first and second nodes, respectively, during the training phase, and
the first and second PMA circuits each including a respective training controller that, during the training phase, generates training frames for transmission by the transmitter of the respective PMA circuit based in part on back-channel information and training status information from the receiver of the respective PMA circuit.

US Pat. No. 11,032,102

BRIDGE BETWEEN COMMUNICATION NETWORKS

The Government of the Uni...

1. A non-transitory computer-readable medium, communicatively coupled to a processor, configured to store a command set executable by the processor to effectuate operation of a component set, the component set comprising:a first engagement component configured to engage with a first communication network;
a second engagement component configured to engage with a second communication network;
a bridge component configured to form a bridge between the first communication network and the second communication network;
a global position component configured to identify a global position that pertains to the bridge component;
an assignment component configured to assign a send language to a communication from the first communication network to the second communication network, the send language being based, at least in part, on the global position;
a determination component configured to determine if the send language matches a receive language of the second communication network;
a conversion component configured to convert the communication from the send language to the received language if the determination is that they do not match; and
a transfer component configured to cause the converted communication to transfer to the second communication network when the determination is that they do not match and configured to cause the communication to transfer to the second communication network absent conversion when the determination is that they do match,
where the first communication network and the second communication network are incompatible absent the bridge,
where the bridge effectuates communication between the first communication network and the second communication network such that the first communication network and the second communication network are compatible,
where the first engagement component, the second engagement component, the bridge component, the assignment component, the determination component, the conversion component, the transfer component, the global positioning component, or a combination thereof is implemented, at least in part, by way of non-software.

US Pat. No. 11,032,101

VEHICLE HAVING FAIL-SAFE INTERNAL DATA TRANSFER

NORTHROP GRUMMAN LITEF GM...

1. A vehicle having fail-safe internal data transfer, comprising:a vehicle body;
a wired data transfer network provided on the vehicle body; and
network subscribers provided on the vehicle body, which are connected to one another via network nodes of the data transfer network, wherein the data transfer network has a data-transferring ring wiring,
characterized in that
a minimum area defined by the data-transferring ring wiring is larger than 20% of a maximum cross-sectional area of the vehicle body.

US Pat. No. 11,032,100

COMMUNICATION DEVICES AND METHODS

Infineon Technologies AG,...

1. A communication device, comprising:a transmit circuit configured to generate a transmit signal as a sequence of symbols,
each symbol, in the sequence of symbols, comprising a same predefined quantity of time units and at least one symbol, in the sequence of symbols, being a trigger symbol,
wherein, in each time unit of each symbol, the transmit signal has either a first signal level or a second signal level,
wherein, between a first time unit of each symbol and a last time unit of each symbol, there is at most one transition from the first signal level to the second signal level between two adjacent time units, and
wherein the trigger symbol is encoded as a transition from the first signal level to the second signal level between two particular adjacent time units; and
an interface configured to transmit the transmit signal via a bus.