US Pat. No. 11,070,559

SYSTEM AND METHOD FOR SUPPORTING OBJECT-BASED SECURITY

ORACLE INTERNATIONAL CORP...


1. A system for supporting object-based security in an application server environment, comprising:one or more microprocessors;
an application server environment executing on the one or more microprocessors, wherein the application server provides Java message service (JMS) resources for consumption by a client application;
a security subject stored in an object associated with the client application configured to access one or more of the JMS resources, wherein the object associated with the client application is a Java Naming and Directory Interface (JNDI) context;
wherein the security subject in the JNDI context is created based on either anonymous credentials or credentials provided by a current thread used to create the JNDI initial context, and wherein the JNDI context is created from a JNDI context factory enabled to support object-based security using a property in the JNDI context factory;
wherein the security subject stored in said object is configured to be used in each of a plurality of calls from the client application to access the one or more the JMS resources.

US Pat. No. 11,070,558

PERMISSION MANAGEMENT AND RESOURCE CONTROL

Advanced New Technologies...


1. A computer-implemented method, comprising:receiving, by a server, an association request initiated by a user of a first account;
identifying an account identifier of a second account based on the association request;
associating the first account with the second account based on the account identifier;
in response to associating the first account with the second account, granting a partial permission to the first account for accessing the second account, wherein the partial permission comprises permission to vote on an operation to be performed by the second account;
determining, by the server, that a requested operation on the second account is an operation to be voted on by the first account;
initiating, by the server, a voting operation by the first account;
determining, by the server, whether a result of the voting operation meets a predetermined condition; and
in response to determining that the result of the voting operation meets the predetermined condition, allowing the requested operation on the second account, or
in response to determining that the result of the voting operation does not meet the predetermined condition, rejecting the requested operation on the second account.

US Pat. No. 11,070,557

DELAYED SERVING OF PROTECTED CONTENT

SHAPE SECURITY, INC., Sa...


1. A computer system comprising:one or more hardware processors;
at least one memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to:
identify that a request has been made by a client for a requested resource comprising a first portion and a second portion that is initially withheld from the client;
serve or cause service of, for execution on the client, first content comprising the first portion of the requested resource and reconnaissance code that, when executed at the client, gathers data at the client that indicates whether the client is human-controlled or bot-controlled;
receive the data gathered by the reconnaissance code;
determine, based on the data, that the client is not bot-controlled;
in response to determining that the client is not bot-controlled, serve or cause service of, to the client, the second portion of the requested resource.

US Pat. No. 11,070,556

CONTEXT-BASED POSSESSION-LESS ACCESS OF SECURE INFORMATION

Thycotic Software, LLC, ...


1. An access system comprising:one or more processors; andone or more computer readable storage media having program instructions stored thereon which, when executed by the one or more processors, cause the access system to:
direct a browser session to display an indication of an availability of secure information;
responsive to receiving a trigger for the secure information, send, to a transparent proxy system, a request for the secure information;
subsequent to receiving, from the transparent proxy system, the secure information with formatting instructions for preventing access by an end user to the secure information, provide the secure information to a protected resource;
in response to determining that the protected resource is protected, send, to the transparent proxy system, a request for login credentials associated with the protected resource;
receive, from the transparent proxy system and without intervention of a user associated with a client device, login credentials;

populate a login form of the protected resource with the login credentials; andsubmit the login form for access to the protected resource by the user, without saving the login credentials to a memory within the access system, wherein, subsequent to submitting the login credentials, the login credentials are no longer accessible by the access system.


US Pat. No. 11,070,555

USER PROFILE PROVISIONING IN WLAN

Telefonaktiebolaget LM Er...


1. A method for operating an entity of a WLAN network, comprising:receiving an access request from a subscriber of a mobile communications network, wherein the access request is based on a mobile network identity used in the mobile communications network to authenticate the subscriber,
receiving, from an authentication entity configured to authenticate a subscriber in the mobile communications network, mobility control information for the subscriber which comprises subscriber specific information how radio resources of a radio network part of the mobile communications network should be used,
determining a radio resource usage of the subscriber in the WLAN network taking into account the received mobility control information,wherein determining the radio resource usage comprises determining a condition under which a data connection of the subscriber is steered from the WLAN network to the mobile communications network based on the received mobility control information, and
wherein the mobility control information is received for a first subscriber from a first mobile communications network and for a second subscriber from a second mobile communications network, wherein the radio resource usage of the two subscribers in the WLAN network is determined taking into account the mobility control information from the corresponding mobile communications network.


US Pat. No. 11,070,554

AUTHENTICATION MODULE FOR MOBILE DEVICES

PayPal, Inc., San Jose, ...


1. A mobile device, comprising:one or more computer-readable memories storing program instructions; and
one or more processors configured to execute the program instructions to cause the mobile device to perform operations comprising:
analyzing a user interface on the mobile device, the analyzing including detecting a Hypertext Markup Language (HTML) element and/or a string associated with authentication information indicating a request for the authentication information;
determining, based on the analyzing, that the authentication information has been requested from the mobile device by a requesting device;
in response to the determining that authentication information has been requested by the requesting device, identifying requestor information corresponding to the requesting device;
detecting that a user interface element corresponding to a transmission of the authentication information has been selected on the mobile device;
accessing a blacklist database containing one or more risk indications indicating security risks to the mobile device;
determining, based on the accessing, whether the requestor information is associated with the one or more risk indications; and
in response to determining that the requestor information is associated with the one or more risk indications, implementing one or more security measures including intercepting the transmission of the authentication information prior to the authentication information being received by the requesting device and altering one or more fields of the user interface that correspond to the requested authentication information, the altering configured to prevent an entry of the requested authentication information into the mobile device and indicate to a user of the mobile device that the requestor information is associated with the one or more risk indications.

US Pat. No. 11,070,553

APPARATUS AND METHOD FOR CONTEXT-BASED STORAGE AND RETRIEVAL OF MULTIMEDIA CONTENT

SAP SE, Walldorf (DE)


1. A method for retrieving stored multimedia content comprising:receiving at least a partial search term entered by a user in an enterprise;
generating one or more candidate search terms from the partial search term using user-context data of other users in the enterprise who have roles in the enterprise similar to the user's role in the enterprise, the user-context data of other users including preferences, viewing history, and history of selection of topics during search sessions;
displaying on a display device the generated one or more candidate search terms;
receiving a candidate search term selected from among the generated one or more candidate search terms;
using the selected candidate search term and user-context data representative of a current context of the user to identify one or more search results from among the stored multimedia content, the user-context data of the user including data that is representative of the user's role in the enterprise and the user's current environment including the user's geographic location in the enterprise;
displaying on the display device a list of the one or more identified search results, which can then be presented to the user; and
presenting to the user a search result selected from among the one or more identified search results.

US Pat. No. 11,070,551

SYSTEM AND METHOD FOR REMOTE ACCESS TO A PERSONAL COMPUTER AS A SERVICE USING A REMOTE DESKTOP PROTOCOL AND WINDOWS HELLO SUPPORT

Dell Products L.P., Roun...


1. An information handling system comprising:a biometric sensor device; and
a client device coupled to the biometric sensor device, the client device including a processor having access to memory media storing instructions executable by the processor to perform operations comprising:receive a gesture of a target user captured by the biometric sensor device;
in response to receiving the gesture of the target user, unlock secure access information of the information handling system including encrypted biometric information of the target user and server-side unlock information based on the gesture and the encrypted biometric information of the target user utilizing client-side software of the client device, wherein the secure access information is stored at the biometric sensor device; and
communicate the encrypted biometric information of the target user and the server-side unlock information to a server device via a network utilizing a remote desktop protocol (RDP) to cause server-side software of the server device to:unlock server-side access information of the server device based on the server-side unlock information; and
authenticate the target user based on the encrypted biometric information of the target user and the server-side access information.



US Pat. No. 11,070,550

DEVICE FOR IDENTIFYING A PERSON AND A METHOD THEREOF

WELL BEING DIGITAL LIMITE...


1. A device for continual physiological monitoring of and identifying a person comprising:a physiological monitor; and
a biometric identity reader;
the biometric identity reader and the physiological monitor arranged such that the biometric identity reader is capable of reading biometric information of the person and the physiological monitor is capable of reading physiological information of the person at the same time to authenticate the physiological information as being of the person;
wherein the device is configured such that:
when the physiological information is authenticated as being of the person, the biometric identity reader is capable of discontinuing the reading of the biometric identity of the person while the physiological monitor continues reading physiological information of the person; and
if the physiological monitor is detected to have been moved away from the person, the device is capable of requiring the biometric identity reader to read the biometric information of the person and the physiological monitor to read the physiological information of the person at the same time again to re-authenticate the physiological information as being of the person.

US Pat. No. 11,070,549

ELECTRONIC MECHANISM TO SELF-AUTHENTICATE AND AUTOMATE ACTIONS

PAYPAL, INC., San Jose, ...


1. A system, comprising:one or more biometric sensors;
a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:detecting, via the one or more biometric sensors, first biometric user identification data of a first user;
determining that the first biometric user identification data does not match second biometric user identification data stored on the system;
initiating a search, in response to the determining that the first biometric user identification data does not match second biometric user identification data and via one or more wireless electronic communication protocols, for a first device, wherein the first biometric user identification data is stored on the first device;
receiving, from the first device, a notification that the first biometric user identification data is stored on the first device;
determining a type of the first biometric user identification data; and
electronically exchanging data with the first device after the receiving the notification, wherein the electronically exchanging the data comprises electronically exchanging a predefined type of transaction data based on the determined type of the first biometric user identification data.


US Pat. No. 11,070,548

TOKENIZED ONLINE APPLICATION SESSIONS

PAYPAL, INC., San Jose, ...


1. A system, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:receiving, from a first application, a first request for a first token that is associated with first information, wherein the first request for the first token is part of an application session between a plurality of applications that includes the first application;
providing a master token to an owning application of the plurality of applications after the receiving the first request for the first token, wherein the owning application controls the application session and the master token is mapped to the first token;
associating the first information with the master token;
maintaining an association of the first token with the first information such that none of the plurality of applications is able to reverse the first token to obtain the first information without the association;
providing the first token to the first application;
receiving the first token from a second application of the plurality of applications;
determining, in response to receiving the first token, the first information from the association of the first token with the first information; and
providing the first information to the second application, wherein the first information enables an action to be performed by the second application based on the first information.


US Pat. No. 11,070,547

ELECTRONIC CONTROL DEVICE, A COMMUNICATION MANAGEMENT METHOD PERFORMABLE AND A NON-TRANSITORY STORAGE MEDIUM CONFIGURED TO RESTRICT PREDETERMINED COMMUNICATION IN AN IN-VEHICLE NETWORK

TOYOTA JIDOSHA KABUSHIKI ...


1. An electronic control device that is connected to an in-vehicle network and is configured to restrict a predetermined communication in the in-vehicle network, the electronic control device comprising a central processing unit (CPU), and the CPU is programmed toaccept connection of a key device;
verify the key device;
permit the predetermined communication in the in-vehicle network when the verification of the key device succeeds;
receive a communication frame transmitted to the in-vehicle network; and
generate an error in the communication frame when an identification code corresponding to the predetermined communication is included in the communication frame,
wherein the key device is an electronic key that stores predetermined information or a key that unlocks car doors based on a physical shape.

US Pat. No. 11,070,546

TWO-USER AUTHENTICATION

Nokia Technologies Oy, E...


1. An apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus comprising said at least one processing core and said at least one memory at least to:receive from a first device a digital key;
receive from a second device an encrypted data item;
decrypt the encrypted data item using the digital key to obtain a first decrypted data item, decrypt the first decrypted data item to obtain a second decrypted data item and
verify the second decrypted data item matches a reference data item, and responsive to the second decrypted data item matching the reference data item, grant access to at least one of the first device and the second device, wherein the at least one memory and the computer program code are configured to, with the at least one processing core, cause the apparatus to decrypt the encrypted data item using, at least in part, an exclusive-or, XOR, operation with the digital key and the encrypted data item.

US Pat. No. 11,070,545

SECURE COMMUNICATION

PIKSEL, INC., Wilmington...


1. A system comprising:a first device of a user, the first device having a user interface;
a second device of the user, the second device having a user interface; and
a server configured to:store an association between each of the first device, the second device and the user;
store an association of the second device with user content;
arrange the user interface of the first device as a remote control for the content associated with the second device, such that when content is displayed on the second device, the user interface of the first device controls that content,
wherein the user initiates a secure communication process at the user interface of the second device to initiate a transaction at the server, wherein in response the server is further configured to:
retrieve the stored association identifying the first device associated with the second device for the user;
send a request from the server to the first device identified by that stored association for display on the user interface of the first device; and
receive a detected user input at the user interface of the first device;
wherein responsive to the detected user input at the user interface of the first device being a confirmation, the server is further configured to complete the transaction for the user, initiated by the second device, at the server.


US Pat. No. 11,070,544

RESOURCE ACCESS MANAGEMENT AND SECURE AUTHORIZATION SYSTEMS AND METHODS

Intertrust Technologies C...


1. A method performed by an authentication service system for authenticating a right of a user to access a resource managed by a service provider system, the method comprising:provisioning a client device associated with the user with a first secure key and at least one of a shared secret value common to the authentication service system and the client device and information that may be used to generate the shared secret value, wherein the client device includes software configured to securely store the first secure key in a protected processing environment and the at least one of the shared secret value and the information that may be used to generate the shared secret value;
receiving, from the service provider system, authentication credentials provided to the service provider system by the user, the authentication credentials comprising a first secure token generated by the client device using, at least in part, the first secure key and the shared secret value;
retrieving, based on the authentication credentials, a second secure key;
generating, using the second secure key and the shared secret value common to the authentication service-system and the client device, a second secure token, wherein generating the second secure token comprises performing a computation using the second secure key and the shared secret value common to the authentication service system and the client device as inputs to the computation;
comparing the first secure token with the second secure token;
generating an authentication result based on a result of the comparison; and
transmitting the authentication result to the service provider system.

US Pat. No. 11,070,543

MULTI-PERSONA MANAGEMENT AND DEVICES

AirWatch, LLC, Atlanta, ...


1. A method comprising:configuring a first end-user environment in a device, wherein the first end-user environment stores data in association with a first subscriber identity module (SIM) persona on the device;
configuring a second end-user environment in the device, wherein the second end-user environment stores data in association with a second SIM persona on the device, and the second end-user environment is remotely managed over a network by a management system, wherein configuring the second end-user environment comprises generating a plurality of compliance rules based on an operating system executed by the second end-user environment;
identifying a trigger event from the device at an instance in which the device is actively operating the first end-user environment;
verifying authorization of the device to access the second end-user environment;
causing the device to switch to the second end-user environment in an instance in which the device has been verified as having the authorization to access the second end-user environment, wherein the second end-user environment is configured to enforce the plurality of compliance rules for the operating system executed by the second end-user environment; and
in response to receiving a request from the device to access a network resource from the device, determining a level of content access that the device has for the network resource based at least in part on an active use of the second end-user environment and based at least in part on an authorization credential associated with the device and associated with a user group, wherein the authorization credential indicates the level of content access for the network resource for a respective member of the user group.

US Pat. No. 11,070,542

SYSTEMS AND METHODS FOR CERTIFICATE CHAIN VALIDATION OF SECURE ELEMENTS

Visa International Servic...


1. A method for authenticating a device by an authentication server, the method comprising:storing a parent public key of a parent certificate, the parent public key stored in association with a first identifier value and in association with a first hash value of a modulus of the parent public key;
receiving a child certificate from the device, the child certificate containing an identifier field, a data field, and a signature based on the identifier field and not based on the data field, the identifier field comprising a second identifier value, the second identifier value being different from the first identifier value, the data field comprising a second hash value, the second hash value of the data field of the child certificate being the same as the first hash value;
determining that the second identifier value of the identifier field of the child certificate is not associated with the parent public key;
identifying the parent public key based on the second hash value; and
validating the child certificate using the parent public key.

US Pat. No. 11,070,541

CERTIFICATE MANAGEMENT METHOD AND APPARATUS IN NETWORK FUNCTIONS VIRTUALIZATION ARCHITECTURE

HUAWEI TECHNOLOGIES CO., ...


1. A method implemented by a network functions virtualization (NFV) management and network orchestration (MANO) system and comprising:obtaining first indication information of a virtualized network function component (VNFC), wherein the first indication information is in an instantiation request message or a virtualized network function component descriptor (VNFCD) of the VNFC, and wherein the first indication information indicates a decision network element for determining a storage network element;
determining, according to a determining result of the decision network element, the storage network element for storing all of a certificate of the VNFC without dividing the certificate, wherein the storage network element is different from the VNFC;
creating a storage space in the storage network element for storing the certificate; and
sending an address of the storage space to the VNFC.

US Pat. No. 11,070,540

DYNAMIC PROVISIONING OF USER GROUPS WITHIN COMPUTER NETWORKS BASED ON USER ATTRIBUTES

Juniper Networks, Inc., ...


1. A service provider network acting as an identity provider, wherein the service provider network comprises a controller administering access, by a plurality of tenants, to resources within the service provider network, wherein the controller is configured to:receive, from a service application, a request to authenticate a first user associated with a tenant, wherein the request to authenticate the first user includes a first set of attributes, wherein the first set of attributes include information identifying one or more of the plurality of tenants and one or more roles of a plurality of roles associated with the one or more of the plurality of tenants;
process the request to authenticate the first user by identifying, based on the first set of attributes, a first user group associated with the first user, wherein the first user group is one of a set of user groups, and wherein each user group of the set of user groups corresponds to an association between a tenant of the plurality of tenants and a respective role of the plurality of roles;
send first user authentication information to the service application, wherein the first user authentication information identifies the user group associated with the first user;
receive, from the service application, a request to authenticate a second user, wherein the request to authenticate the second user includes a second set of attributes, wherein the second set of attributes include information identifying one or more of the plurality of tenants and one or more roles of the plurality of roles;
process the request to authenticate the second user by determining, based on the second set of attributes, that a second user group associated with the second user does not exist;
create, based on the second set of attributes, the second user group; and

send second user authentication information to the service application, wherein the second user authentication information identifies the user group associated with the second user, wherein the second user group is one of the set of user groups.

US Pat. No. 11,070,539

NETWORK SECURITY DYNAMIC ACCESS CONTROL AND POLICY ENFORCEMENT

ArecaBay, Inc., San Mate...


1. A computer-implemented method for providing access control to a protected resource using run-time transaction data between a client application and a service application in a zero trust environment, the service application accessing the protected resource in response to a request from the client application, the computer-implemented method comprising:deploying a ticket-based access control layer providing an access control function to the protected resource;
monitoring the run-time transaction information between the client application and the service application during a connection session, wherein the run-time transaction information comprising session information relating to the connection session that is only visible during run-time of the connection session, the client application communicating with the service application to request data from the protected resource;
receiving, at an access control manager, the run-time transaction information;
generating, at the access control manager, a validated access ticket using at least in part the run-time transaction information, wherein the access ticket is generated using dynamic run-time transaction information;
providing the validated access ticket to the ticket-based access control layer; and
applying, at the ticket-based access control layer, access control rules using the validated access ticket to grant or deny access to the protected resource in response to a request for data from the service application.

US Pat. No. 11,070,538

TECHNICAL LAYER FOR PORTABLE ELECTRONIC ASSISTANT

Sprint Communications Com...


1. A method of controlling an environment using a roaming electronic assistant, comprising:establishing, by an electronic assistant server application executing on a computer system, communication with a plurality of home environment control devices in a home environment and with at least one home entertainment device in the home environment via a home electronic assistant client application executing on a home electronic assistant appliance in the home environment;
receiving, by the electronic assistant server application from the home electronic assistant client application, user environment setting preferences for the home environment control devices and user voice commands used by a user to interact via the home electronic assistant appliance with the home environment control devices;
receiving user entertainment service authorizations and user entertainment authorization credentials from the at least one home entertainment device by the electronic assistant server application;
sending the user environment setting preferences, the user voice commands, the user entertainment service authorizations, and the user entertainment authorization credentials by the electronic assistant server application to a data store;
establishing communication by the electronic assistant server application with a destination location to which the user is scheduled to travel;
receiving information about application programming interfaces (APIs) of destination environment control devices located in the destination location by the electronic assistant server application;
receiving information about APIs of destination entertainment devices in the destination location by the electronic assistant server application;
reading the user environment setting preferences, the user voice commands, the user entertainment authorizations, and the user entertainment authorization credentials from the data store;
establishing, by the electronic assistant server application based on the API information, communication with the destination environment control devices and the destination entertainment devices via a roaming electronic assistant client application executing on a travel electronic assistant appliance; and
transmitting, by the electronic assistant server application, the user environment setting preferences, the user voice commands, the user entertainment authorizations, and the user entertainment authorization credentials to the roaming electronic assistant client application, whereby a presentation layer of the electronic assistant server application is enabled to control the environment of the user at the destination location based on the user environment setting preferences, the user voice commands, the user entertainment service authorizations, and the user entertainment authorization credentials.

US Pat. No. 11,070,537

STATELESS METHOD FOR SECURING AND AUTHENTICATING A TELECOMMUNICATION

CASSIDIAN CYBERSECURITY S...


1. A method of communication between a first communicating entity and a second communicating entity,wherein the first communicating entity generates at least a data message comprising useful data and an authentication header, said method performed by the first communication entity and said method comprising:generating a message identifier from a given parameter and from a date and inserting the message identifier into the authentication header;
inserting a plurality of authentication data comprising at least one user identifier and one equipment identifier into the authentication header;
determining and inserting a security profile into the authentication header defining:conditions of encryption, in an encryption parameter, of the useful data of the data message by the first communicating entity; and
conditions of generation of a signature, in a signature parameter, of the data message and the format of said generated signature;

inserting the useful data into the data message to be transmitted,
wherein the second communicating entity on receiving said data message from the first communicating entity decodes the authentication header to:control the message identifier to determine if the data message has been transmitted in a predefined time lapse;
control the user identifier and the equipment identifier by comparing values of said user and equipment identifiers with data stored in a memory of the second communicating entity to determine if an equipment associated with the equipment identifier or a user associated with the user identifier has been suspended or revoked;
control the encryption parameter of the security profile of said data message received to decrypt the useful data with a private key of the second communicating entity;
control the signature parameter of the security profile of said data message received to verify the signature by means of a public key of the first communicating entity.



US Pat. No. 11,070,536

SYSTEMS AND METHODS FOR A SECURE SUBSCRIPTION BASED VEHICLE DATA SERVICE

Honeywell International I...


1. A data service system for providing to a vehicle access to data services, the data service system comprising:a hardware processor in communication with a network interface;
a private key vault device coupled to the processor;
a vehicle data service protocol executed by the processor, wherein the vehicle data service protocol establishes a communication session for data service exchanges with a vehicle communication manager onboard the vehicle via the network interface;
wherein the vehicle data service protocol includes a session validation sequence that causes the processor to:input a session request message received from the vehicle; and
send a session reply message to the vehicle in response to the session request message, wherein the session reply message includes a public operational authentication key, a public operational encryption key, and is signed using a subscriber validation private key associated with an embedded public key stored within the vehicle communication manager.


US Pat. No. 11,070,535

SYSTEMS AND METHODS FOR SMARTKEY INFORMATION MANAGEMENT

PKWARE, INC., Milwaukee,...


1. A smartkey-based computer file access system, said system including:a user computer system operating a smartkey encryption/decryption application, wherein said smartkey encryption/decryption application receives:
a smartkey team name data for a team;
a first user password data; wherein said first user is a member of said team
a second user password data; wherein said second user is a member of said team
a team public key data; and
a team private key data,
wherein said smartkey encryption/decryption application forms a smartkey electronic data structure including:
said smartkey team name data in unencrypted form;
a team encrypted master key data, wherein said team encrypted master key data is formed by said smartkey encryption/decryption application by determining a master key data derived from random data and encrypting said master key using said team public key data;
a first user password-accessible team encrypted master key data comprising:said team public key data; and
said team private key data, encrypted by said first user password to form a first user encrypted team key data; and

a second user password-accessible team encrypted master key data comprising:said team public key data; and
said team private key data, encrypted by said second user password to form a second user encrypted team key data,

wherein said smartkey encryption/decryption application receives an electronic data file,
wherein said smartkey encryption/decryption application forms a session key associated with said electronic data file and encrypts said data file to form an encrypted data file using said session key,
wherein said smartkey encryption/decryption application encrypts said session key using said team encrypted master key data and stores the result as a team encrypted session key data in said smartkey electronic data structure; and
a smartkey provider computer system, wherein said smartkey encryption/decryption application initiates the transmission of said smartkey electronic data structure from said user computer system to said smartkey computer provider system,
wherein said smartkey electronic data structure is stored at said smartkey computer provider system and a second user computer system operating an instance of said smartkey encryption/decryption application, wherein said second user computer system receives:
a target smartkey team name data;
said encrypted data file; and
a user password data representing a user to be allowed to decrypt said encrypted data file, wherein said user is a member of said team,
wherein said second computer system transmits said target smartkey team name data to said smartkey provider system,
wherein said smartkey provider system searches a plurality of stored smartkey electronic data structures, identifies a smartkey electronic data structure including smartkey team name data matching said target smartkey team name data, and transmits said smartkey data structure to said second computer system,
wherein said second computer system uses said user password data to decrypt said user password-accessible encrypted team key data to obtain said team private key data,
wherein said second computer system uses said team private key data to decrypt said team encrypted master key data to obtain said master key data,
wherein said second computer system uses said master key data to decrypt said team encrypted session key data to obtain said session key data, and
wherein said second computer system uses said session data to decrypt said encrypted data.

US Pat. No. 11,070,534

SYSTEMS AND PROCESSES FOR VAULTLESS TOKENIZATION AND ENCRYPTION

BLUEFIN PAYMENT SYSTEMS L...


1. A data security system having a processor coupled to a memory comprising:an iframe and tokenization system comprising:an iframe service for producing iframes in communication with a token service;
the token service for creating and detokenizing format preserving vaultless tokens, wherein the iframe and tokenization system is communicatively connected to a partner system and configured to:receive an iframe request from a browser accessing the partner system, the iframe request comprising a template identifier representing a template defining one or more obfuscation parameters for data to be received by an iframe;
provide the iframe to the browser accessing the partner system to be presented at the browser according to the template;
receive certain data input into the iframe from the browser;
vaultlessly tokenize a first portion of the certain data as one or more data tokens via the token service according to the one or more obfuscation parameters;
encrypt a second portion of the certain data as format preserving encryption via an encryption service operatively connected to the token service according to the one or more obfuscation parameters;
store the one or more data tokens in a cache;
create a token identifier comprising an obfuscated version of the template identifier;
transmit the token identifier to the browser to be passed to the partner system;
upon receiving the token identifier from the partner system, transmit the one or more data tokens to the partner system; and
extract the second portion of the certain data by decrypting the format preserving encryption based on the one or more obfuscation parameters.



US Pat. No. 11,070,533

ENCRYPTED SERVER NAME INDICATION INSPECTION

Forcepoint LLC, Austin, ...


1. A computer-implementable method for managing network communication, comprising:determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server;
if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and
if the network policy provides for decryption of identifying information associated with the server:replacing the original encryption key information with modified encryption key information associated with the security device; and
communicating the server response to the client with the modified encryption key information associated with the security device.


US Pat. No. 11,070,532

METHODS FOR COMMUNICATING DATA UTILIZING SESSIONLESS DYNAMIC ENCRYPTION


1. A method to provide secure communications between two parties, comprising:a client creating and registering a digitally unclonable function (DUF) device identifier for a client's DUF device and providing the DUF device identifier to an existing authentication system;
selecting an encryption generator;
generating a unique, dynamic hash value from the client's DUF device from dynamic, input data using a DUF protocol;
using the unique, dynamic hash value as a seed value for generating an encryption key;
encrypting sender data using the encryption key;
the client packaging the encrypted sender data plus a clear text version of the DUF device identifier and a client identifier to create a client package and sending the client package to a recipient where the client package is processed by a Q-Server;
the recipient using the Q-Server to generate a Q-Server DUF dynamic hash value;
using the Q-Server generated DUF dynamic hash value as a seed value to generate a decryption key, which is the same as the encryption key; and
the Q-Server using the decryption key and the DUF device identifier to decrypt the encrypted sender data;
wherein the unique, dynamic hash value generated from the dynamic input data is unique to each transaction and the Q-Server generated DUF dynamic hash value is also based on each corresponding transaction in order to generate the decryption key; and
wherein the unique, dynamic hash value and the Q-Server generated DUF dynamic hash value are each generated from input data of each transaction and a client authentication input.

US Pat. No. 11,070,531

DATA COMMUNICATION SYSTEM AND METHOD

Gurulogic Microsystems Oy...


1. A data communication system for a local network, the data communication system comprising at least one network node and a plurality of network devices associated with the at least one network node, wherein:the at least one network node is configured to provide a network node service to a plurality of clients or bots executing on the plurality of network devices, wherein individual clients or bots of the plurality of clients or bots are communicably and only programmatically coupled around the network node service in a programmatic star configuration to create the local network, further wherein the network node service is configured to validate and authenticate local services provided by the plurality of clients or bots within the local network;
a source client or bot is configured to communicate data together with metadata to one or more destination clients or bots within the local network in real time or near real time, by relaying the data through the network node service; and
the source client or bot is configured to encrypt information content of the data prior to communicating the data to the one or more destination clients or bots, wherein the source client or bot is configured to employ a key store to encrypt the information content of the data, the key store being stored in the source client or bot and the one or more destination clients or bots;

wherein the metadata comprises:encryption information indicative of a unique identifier (ID) of the key store and a key index of a key material to be derived from the key store for subsequent decryption of the encrypted information content of the data, and
group information indicative of the one or more destination clients or bots to which the data is to be communicated, wherein the source client or bot and the one or more destination clients or bots together form a group; and
the data communication system is configured to register, with a registration service, services provided by the plurality of clients or bots.

US Pat. No. 11,070,530

SYSTEM AND METHOD FOR AUTHENTICATING USERS

PACID TECHNOLOGIES, LLC, ...


1. A computing device, comprising a processor and a memory communicably coupled to the processor, said memory storing an application for execution by said processor, which application, when executed by said processor, configures said processor to:generate a secret in response to the computing device receiving a unique user input, and to store said secret at the computing device along with an identifier so as to be retrievable when said unique user input is again provided by a user of the computing device;
upon receipt of a first communication including said identifier associated with the secret, prompt the user of the computing device for said unique user input;
in response to receiving said unique user input, verify said unique user input; and
in response to verifying said unique user input, transmit via a communication interface of the computing device to a remote computer-based station a second communication encoded using the secret, said second communication to authenticate the user to the remote computer-based station.

US Pat. No. 11,070,529

METHOD FOR WIRELESS FIDELITY CONNECTION AND RELATED PRODUCTS

GUANGDONG OPPO MOBILE TEL...


1. A method for wireless fidelity (Wi-Fi) connection, comprising:obtaining an input password used for connecting a terminal to a target access point (AP);
obtaining, according to property information of the target AP, N target Wi-Fi connection records corresponding to the target AP from historical Wi-Fi connection data in response to an unsuccessful verification of the input password, the historical Wi-Fi connection data containing M Wi-Fi connection records, M being a positive integer, and N being a positive integer smaller than or equal to M;
saving the N target Wi-Fi connection records to a predetermined list;
obtaining, from the predetermined list, K passwords corresponding to the N target Wi-Fi connection records, K being an integer less than or equal to N; and
connecting the terminal to the target AP according to the K passwords.

US Pat. No. 11,070,528

REMOTE DATA QUERIES ON SECURE DEVICES

DvSum, LLC, Sunnyvale, C...


1. A non-transitory tangible machine readable medium comprising instructions configured to cause at least one processor on an assistant computing device to perform a process comprising:a) receiving a request over a network from a requesting computing device to query a dataset located on a remote computing device, the remote computing device residing in a secured data center;
b) identifying access credential requirements to allow the requesting computing device to access the remote computing device identified in the request;
c) generating access credentials, employing at least in part, the access credential requirements;
d) encrypting the access credentials to generate encrypted access credentials;
e) communicating the encrypted access credentials to the requesting computing device;
f) receiving at least one set of encrypted results from the requesting computing device;
g) decrypting the encrypted results to obtain results; and
h) communicating the results to the requesting computing device.

US Pat. No. 11,070,527

SECURING PLATFORM LINK WITH ENCRYPTION

Intel Corporation, Santa...


1. A computing device comprising:a memory to store a cryptographic key;
a security engine comprising circuitry, the security engine to setup a protected link between the computing device and a second computing device, wherein communication over the link is to comply with a communication protocol that allows packets to be reordered during transit;
a packet engine comprising circuitry, the packet engine to generate a plurality of packets according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet; and
an encryption engine comprising circuitry, the encryption engine to encrypt data of the plurality of packets for transmission over the protected link, wherein the encryption engine is to encrypt data of the first packet based on the cryptographic key and a first value of a counter and to encrypt data of the second packet based on the cryptographic key and a second value of the counter.

US Pat. No. 11,070,526

METHOD AND DEVICE FOR SUPPORTING MULTIPLE WIRELESS PROTOCOLS WITH A MEDIUM ACCESS CONTROL PREPROCESSOR

CISCO TECHNOLOGY, INC., ...


1. A method comprising:at a device including a wireless transceiver, one or more processors, and a non-transitory memory:
obtaining a multi-protocol schedule, wherein the multi-protocol schedule includes scheduling information characterizing packets associated with a plurality of wireless protocols, wherein each of the plurality of wireless protocols is associated with a respective virtual gateway of a plurality of virtual gateways and wherein the scheduling information includes, at least in part, a plurality of time slots, wherein each time slot of the plurality of time slots is assigned to each of a wireless protocol of the plurality of wireless protocols;
detecting, by the wireless transceiver, a first packet related to a first wireless protocol of the plurality of wireless protocols based on the multi-protocol schedule, wherein at least one time slot of the plurality of time slots is for packets related to the first wireless protocol of the plurality of wireless protocols and the scheduling information further includes at least one of channel information for the packets related to the first wireless protocol of the plurality of wireless protocols and key information for decrypting the packets related to the first wireless protocol of the plurality of wireless protocols; and
transmitting, by the wireless transceiver, the first packet related to the first wireless protocol to a first virtual gateway of the plurality of virtual gateways.

US Pat. No. 11,070,525

METHOD AND SYSTEM OF PRIVACY ENABLEMENT IN A FAMILY NETWORKING COMPUTING PLATFORM


1. A computerized method of a managing an online social network comprising:providing an online social network, wherein the online social network comprises aset of nodes, wherein each node represents a user and a set of relationships between each node;
managing a private profile setting in the online social network by:in the settings of the user's dashboard of the online social networking-computing, providing the user an option to change to a private user from a public user;

detecting that the user has selected to be a private user; andassigning a unique networking-computing platform identifier to the private user, wherein the unique networking-computing platform identifier is required to search for the private user in the online social network, wherein the private user cannot make any comment to another user's post, and wherein the private user is enabled to like the user's post; and wherein when the private user likes a post, all other members can see the like, and that the like was made by an anonymous private user without showing an identity of the private user.


US Pat. No. 11,070,524

DEIDENTIFIED ACCESS OF CONTENT

PEARSON EDUCATION, INC., ...


1. A system, comprising:a network interface controller (NIC) configured to allow communication with a user device via a network;
a data storage storing a plurality of identifier portions, wherein each identifier portion in the plurality of identifier portions is associated with a test strand, a remediation content, and a score range for the test strand, wherein the test strand associated with each identifier portion is associated with a testing content;
a processor; and
a memory including computer-executable instructions which, when executed by the processor, cause the processor to perform operations including:receiving, from the user device using the NIC, an electronic transmission encoding an identifier string, the identifier string including a number of alphanumeric characters;
parsing the identifier string into a plurality of received identifier portions by subdividing the identifier string, each of the received identifier portions including alphanumeric characters; and
for each received identifier portion in the plurality of received identifier portions:identifying, in the data storage, an identifier portion that matches the received identifier portion,
identifying, in the data storage, the remediation content associated with the identifier portion that matches the received identifier portion, and
causing transmission of the remediation content to the user device to facilitate display of the remediation content at the user device.



US Pat. No. 11,070,523

DIGITAL DATA TRANSMISSION SYSTEM, DEVICE AND METHOD WITH AN IDENTITY-MASKING MECHANISM

NATIONAL UNIVERSITY OF KA...


1. A digital data transmission system comprising:a communication network system;
at least one transmitter device operated to generate at least one originally unmasked digital data prior to data transmission therefrom;
said at least one transmitter device connected with the communication network system and provided with at least one identity-masking mechanism to convert at least one identification data into at least one source identity-masking mark and at least one destination identity-masking mark which is combined with said at least one originally unmasked digital data in said at least one transmitter device to form or generate an originally source-marked data with said at least one source identity-masking mark and an originally destination-marked data with said at least one destination identity-masking mark, with the at least one transmitter device formed as an originally identity-masked transmitter device prior to data transmission from the at least one originally identity-masked transmitter device such that no unmasked data of transmitter devices is transmitted in said communication network system;
the at least one originally identity-masked transmitter device provided with the identity-masking mechanism to transmit the originally source-marked data with said at least one source identity-masking mark and the originally destination-marked data with said at least one destination identity-masking mark in a data transmission operation via the communication network system; and
at least one receiver device connected with the communication network system and provided with a self-identification data, with the at least one receiver device formed as at least one identity-masked receiver device prior to data transmission from the at least one transmitter device, with the at least one receiver device communicating with the at least one originally identity-masked transmitter device via the communication network system;
wherein the at least one identity-masked receiver device is applied to verify the originally source-marked data with said at least one source identity-masking mark or the originally destination-marked data with said at least one destination identity-masking mark with the self-identification data, with refusing to access the originally source-marked data with said at least one source identity-masking mark or the originally destination-marked data with said at least one destination identity-masking mark if the originally source-marked data with said at least one source identity-masking mark or the originally destination-marked data with said at least one destination identity-masking mark is not successfully verified with the self-identification data; or with receiving or accessing the originally source-marked data with said at least one source identity-masking mark or the originally destination-marked data with said at least one destination identity-masking mark if the originally source-marked data with said at least one source identity-masking mark or the originally destination-marked data with said at least one destination identity-masking mark is successfully verified with the self-identification data; and
wherein the source or destination identity-maskinq mark includes at least one source or destination address, at least one source or destination network card address, at least one source or destination Media Access Control (MAC) address, at least one source or destination Internet Protocol (IP) address or combinations thereof.

US Pat. No. 11,070,522

REMOVING ANOMALIES FROM SECURITY POLICIES OF A NETWORK SECURITY DEVICE

Juniper Networks, Inc., ...


1. A method comprising:determining, by a security management system, that one or more packets match a lower-priority rule and a higher-priority rule of a set of ordered rules of a network security device;
in response to determining that the one or more packets match the lower-priority rule and the higher-priority rule, generating, by the security management system, a transformed set of ordered rules by converting the lower-priority rule to a mutually exclusive rule such that the one or more packets that originally match the lower-priority rule and the higher-priority rule do not match the converted lower-priority rule; and
in response to converting the lower-priority rule to the mutually exclusive rule, optimizing, by the security management system, the transformed set of ordered rules for application by the network security device to subsequent packets.

US Pat. No. 11,070,521

APPLICATION ATTACHMENT BASED FIREWALL MANAGEMENT

VMware, Inc., Palo Alto,...


1. A method of managing firewall rules for virtual machines in a computing environment, the method comprising:maintaining firewall rules for application groups available for attachment to the virtual machines on one or more host computing systems, wherein each firewall rule of the firewall rules defines network packet forwarding policies corresponding to an application group of the application groups, wherein each of the application groups comprises at least one application available for attachment, and wherein at least one of the application groups comprises two or more applications available for attachment;
identifying an application group of the application groups for attachment to one or more virtual machines of the virtual machines, wherein the attachment of the application group comprises mounting one or more storage volumes that store the application group to the one or more virtual machines and overlaying contents of the one or more storage volumes to appear in a local disk for each of the one or more virtual machines to make the application group executable by the one or more virtual machines, and wherein the one or more storage volumes comprise one or more virtual disks; and
in response to identifying the application group for attachment, adding the one or more virtual machines to a security group for a firewall rule of the firewall rules associated with the application group to apply network packet forwarding polices corresponding to the application group to communications associated with the one or more virtual machines.

US Pat. No. 11,070,520

HIERARCHICAL NETWORK MANAGERS

NICIRA, INC., Palo Alto,...


1. A method for managing a logical overlay network, the method comprising:at a network management server that coordinates creation and management of logical networks in a plurality of connected physical domains, each respective physical domain comprising a respective plurality of host computers:receiving a specification for the logical overlay network, the specification comprising (i) a plurality of logical network data compute nodes (DCNs) and (ii) a set of at least two physical domains in which the DCNs are located, wherein the DCNs in each of the respective physical domains execute on a respective set of the host computers in the respective physical domain;
storing data regarding the logical overlay network specification in a data store; and
sending instructions to local domain managers at each of the at least two physical domains in which the logical network DCNs are located with data regarding the logical overlay network in order for the local domain managers at each of the at least two physical domains to create the logical overlay network in their respective domains by configuring the respective set of host computers in their respective physical domains and thereby allow the logical network DCNs to communicate with each other across the physical domains.


US Pat. No. 11,070,518

METHOD AND SYSTEM FOR ASSIGNING NUMBER FOR ROUTING CALL FROM ELECTRONIC DEVICE

YANDEX EUROPE AG, Lucern...


1. A computer-implemented method for routing a call from an electronic device, associated with a user, to a first target organization, the method being executed by a server coupled to:a digital content display;
a content item database comprising a plurality of digital content items; and
a telephone number repository hosting:a pool of unique numbers;

the method comprising:receiving a request for a first digital content item from the content item database, the first digital content item being destined to the user and not being personalized for the user;
generating the first digital content item with an indication of one of the pool of unique numbers;
mapping the one of the pool of unique numbers to the user and the first digital content item in order to map the routed call to the first digital item as being a source of the routed call;
after a predetermined activity time, disassociating the one of the pool of unique numbers from the first digital content item and placing the one of the pool of unique numbers into a quarantine pool; and
after a predetermined quarantine time, removing the one of the pool of unique numbers from the quarantine pool and assigning the one of the pool of unique numbers to a second target organization, the second target organization having been selected by:determining a first business profile associated with the first target organization based on at least one of a plurality of business profile parameters and the parameter weights applied to the at least one of the plurality of business profile parameters, the at least one business profile parameter being at least one of:data provided by the target organization during registration;
and data associated with the target organization from auxiliary sources,
wherein for each business profile parameter, the method comprises determining a parameter weight based on:
?a parameter weight database; and
?time passed since placing the one of the pool of unique numbers into the quarantine pool;

determining a second business profile associated with the second target organization based on the at least one business profile parameter and the parameter weights applied to the at least one of the plurality of business profile parameters; and
verifying that the first business profile and the second business profile are different with a profile difference being above a predetermined threshold.



US Pat. No. 11,070,517

BRIDGING WITH WEB MANAGER ACCESS

Lantronix, Inc., Irvine,...


1. A network device, comprising:an access point client having a first DHCP client and a DNS client; and
a processor in communication with the access point client, the processor programmed to determine whether a link associated with an external device is connected with the access point client, and if a port address received by the network device is a port address of an application running on the external device, directing a content of a packet to a stack stored in a memory of the network device,
wherein the processor is programmed to stop the first DHCP client of the access point client in response to the determination and verification of the external device utilizing a second DHCP client, wherein the processor is programmed to listen for a DHCP ACK response message from the external device in order to stop the first DHCP client, and wherein if the listened DHCP ACK response message is not received via the link to the external device, or if the directed content of the packet having already been applied to the stored stack, the processor is programmed to continue to listen and determine whether at least one of the link and any other link are up,
wherein the processor is programmed to apply at least one of the retrieved selected settings to a protocol stack of the network device, wherein the at least one of the selected settings applied to the protocol stack of the network device is an IP address of the external device.

US Pat. No. 11,070,516

DIRECTORY SERVICE STATE MANAGER

Semperis, New York, NY (...


1. A method comprising:receiving a plurality of change events of a directory service, wherein the plurality of change events comprise synchronization data of the directory service;
accessing a plurality of change events of a computing device, wherein the computing device is associated with the directory service and the plurality of change events of the computing device comprise log data of the computing device;
correlating the synchronization data of the directory service and the log data of the computing device to identify correlated changes;
generating enriched modification data based on the synchronization data of the directory service and the correlated changes; and
detecting an inconsistency of the directory service using the enriched modification data, wherein the detecting comprises identifying a modification of the directory service that is absent a corresponding change event from the computing device.

US Pat. No. 11,070,515

DISCOVERY-LESS VIRTUAL ADDRESSING IN SOFTWARE DEFINED NETWORKS

INTERNATIONAL BUSINESS MA...


1. A method comprising:parsing, using a processor and a memory, a virtual address of a destination virtual entity of a packet into a set of virtual address components;
tokenizing a subset of the virtual address components into a token;
converting the token into at least a portion of a hostname;
looking up a real network address corresponding to the hostname; and
causing the packet to be transmitted to the real network address, wherein the real network address corresponds to a host machine on a physical network, the destination virtual entity operating on the host machine.

US Pat. No. 11,070,514

SYSTEM AND METHOD FOR DOMAIN NAME SYSTEM (DNS) SERVICE SELECTION

Verizon Patent and Licens...


1. A method comprising:receiving, by a name server device, a domain name system (DNS) request from an end device to resolve a hostname to an Internet Protocol (IP) address associated with an application service;
determining, by the name server device, that the hostname can be resolved using a local database;
determining, by the name server device, that the application service is available from multiple multi-access edge computing (MEC) networks that are not a closest MEC network in physical proximity to the end device;
determining, by the name server device, a first network path criteria value for each of the multiple MEC networks associated with a network path segment between the name server device and each of the multiple MEC networks;
selecting, by the name server device, a set of first MEC networks from the multiple MEC networks based on the first network path criteria values that are within a first range of values;
determining, by the name server device, a second network path criteria value for each of the first MEC networks associated with the network path segment between the name server device and each of the first MEC networks;
selecting, by the name server device, a second MEC network from among the first MEC networks based on the second network path criteria value;
resolving, by the name server device, the hostname to the IP address based on the second MEC network;
generating, by the name server device, a DNS response that includes the resolved IP address; and
transmitting, by the name server device, the DNS response to the end device.

US Pat. No. 11,070,513

DNS-BASED METHOD OF TRANSMITTING DATA

Zedly, Inc., Weston, FL ...


1. A DNS-based method of transmitting data, comprising the steps of:encoding selected data as an alphanumeric character string on a user device;
generating a uniform resource locator having a first part and a second part, wherein the first part is constructed from the alphanumeric character string and wherein the second part is a unique part configured to prevent itself from being stored;
transmitting the uniform resource locator from the user device to a local domain name system server;
forwarding the uniform resource locator from the local domain name system server to an authoritative domain name system server associated with a domain name of the second part;
authenticating the domain name of the second part,
decoding the domain name of the second part into the original selected data upon a successful authentication,
transmitting a set of response bytes from the authoritative domain name system server to the local domain name system server; the set of response bytes being dynamically created and responsive to the encoded selected data; and
transmitting the set of response bytes from the local domain name system server to the user device.

US Pat. No. 11,070,512

SERVER PORT VIRTUALIZATION FOR GUEST LOGICAL UNIT NUMBER (LUN) MASKING IN A HOST DIRECT ATTACH CONFIGURATION

INTERNATIONAL BUSINESS MA...


9. A computer program product for, by a processor, server port virtualization for guest logical unit number (LUN) masking in a host direct attach configuration using a storage adapter, in a computing environment, the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:an executable portion that simulates an F switch port by an N storage port of the storage adapter of a storage system to enable either N-port virtualization (NPV) or N-port identification (ID) virtualization (NPIV) in the host direct attach configuration, wherein the host direct attach configuration includes physically attaching an N server port of a host directly to the N storage port of the storage adapter of the storage system without connecting the N server port to the N storage port through an intermediate switching device;
an executable portion that sends, to a peer host, a fabric login (FLOGI) by the N storage port simulating the F switch port, wherein the FLOGI is received by from the peer host while acting as the N storage port;
an executable portion that receives, from the peer host, a FLOGI acceptance response, the FLOGI acceptance response inclusive of a fiber channel (FC) ID assigned to the peer host;
an executable portion that accepts the FLOGI acceptance response from the peer host; and
an executable portion that performs a domain name system (DNS) operation, within firmware of the storage system, to cause each virtualized N-port ID to be mapped to the FC-ID in a domain format of domain, area, port, wherein, upon accepting the FLOGI acceptance response from the peer host, the FC-ID is assigned to a peer world wide port name (WWPN) while simulating the F switch port, and wherein upon receiving the FLOGI, the firmware distinguishes and automatically adapts between a standard N port-to-F port FLOGI process using the intermediate switching device, a non-virtualized, direct attach N port-to-N port FLOGI process, and a virtualized, direct attach N-port-to-N port FLOGI process implementing the NPV or NPIV.

US Pat. No. 11,070,511

MANAGING ELECTRONIC MESSAGES WITH A MESSAGE TRANSFER AGENT

HubSpot, Inc., Cambridge...


1. A method for managing sending of a batch of emails via at least one message transfer authority, comprising:receiving a message recipient list;
receiving a message to be sent to the message recipient list;
evaluating a message delivery readiness indicator for at least one recipient in the message recipient list, wherein the message delivery readiness indicator is based at least in part on a quantity of data content of a recipient contact record;
based on a result of the evaluating:removing one or more recipients, if any, for which the message delivery readiness indicator does not indicate readiness;
locking the message recipient list from further changes;
generating a set of customized messages based on the received message for at least a portion of the locked message recipient list, wherein the messages in the generated set of customized messages are different for each of the at least a portion of the recipients in the locked message recipient list;
calculating a probability of engagement metric for each generated customized message comprising a probability of recipient engagement;
determining:at least one node and an IP address of a networked server in an Internet Protocol-based network from which the generated message will originate; and
at least one message transfer agent for transferring the generated customized message to the at least one recipient;

coordinating the networked server to send the generated customized message from the IP address via the at least one determined message transfer agent, wherein at least one of the IP address and the at least one determined message transfer agent are determined based on the probability of engagement metric; and
repeating the steps of calculating, determining and coordinating until the set of generated customized messages has been sent.


US Pat. No. 11,070,510

OBTAINING SUMMARY CONTENT FROM SERVER

Snap Inc., Santa Monica,...


1. A method comprising:accessing, by one or more processors on a server, a plurality of messages of a communication session implemented by a messaging application on a user device;
generating, by the server, a summary of the communication session based on the plurality of messages, the generating the summary comprising:determining that a first message of the plurality of messages that was received prior to a second message of the plurality of messages includes a video or an image, the second message including only text; and
in response to determining that the first message includes the video or image and that the second message includes only text, selecting the first message for the summary instead of the second message;

transmitting, by the server, data associated with the summary to the user device; and
causing the user device to display of a summary view of the communication session based on the data received by the user device from the server.

US Pat. No. 11,070,509

INTERACTION BAR FOR REAL-TIME INTERACTIONS WITH CONTENT ON A SOCIAL NETWORKING SYSTEM

Facebook, Inc., Menlo Pa...


1. A method comprising:storing a content item page associated with a content item in a social networking system, the content item page including a content item header containing information about the content item;
receiving an interaction with the content item performed by a first user of the social networking system including an interaction type;
receiving an indication that a second user of the social networking system is viewing the content item page;
responsive to 1) receiving the interaction and 2) the second user viewing a first portion of the content item page including the top of the content item page, presenting, in real-time, an expanded content item header of a first size at a static position in a display, wherein the expanded content item header includes a user identifier of a third user who generated the content item and an interaction bar describing the interaction including the interaction type from the first user and identifying the first user; and
responsive to 1) receiving the interaction and 2) the second user viewing a second portion of the content item page not including the top of the content item page, presenting, in real-time, a reduced content item header at the static position in the display, the reduced content item header comprising a second size smaller than the first size, wherein the reduced content item header rotates between displaying the user identifier and the interaction bar describing the interaction including the interaction type,
wherein the interaction with the content item is of an interaction type that comprises at least one of the first user liking the content item; the first user posting a comment on the content item; the first user interacting with a comment posted on the content item; and the first user sharing the content item with other users of the social networking system.

US Pat. No. 11,070,508

DETERMINING AN EFFECT ON DISSEMINATION OF INFORMATION RELATED TO AN EVENT BASED ON A DYNAMIC CONFIDENCE LEVEL ASSOCIATED WITH THE EVENT

GOOGLE LLC, Mountain Vie...


1. A method implemented by one or more processors, the method comprising:identifying a message of a user, wherein the message includes a plurality of terms and is an electronic communication sent or received by the user;
determining an event based on the terms of the message;
determining an initial event confidence level, for the event, based on the message;
determining, based on the initial event confidence level:to cause certain output, that is related to the event, to be rendered via at least one client computing device of the user, without causing certain additional output, that is related to the event, to be provided via the at least one client computing device of the user; and

subsequent to causing the certain output to be provided:determining a new event confidence level, for the event, based on one or more additional computer-based actions, of the user, that are associated with the event; and
determining, based on the new event confidence level:to cause the certain additional output, that is related to the event, to be provided via the at least one client computing device of the user.



US Pat. No. 11,070,507

ENABLING WEARABLES TO COGNITIVELY ALTER NOTIFICATIONS AND IMPROVE SLEEP CYCLES

International Business Ma...


7. A computer system for cognitively adjusting a notification alert delivery time, the computer system comprising:one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage media, and program instructions stored on at least one of the one or more tangible storage media for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising:

determining an importance of the received message notification based on a plurality of notification attributes and a plurality of person attributes that are each associated with the received message notification;in response to determining to alert a user of the received message notification based on the determined importance, identifying a current user sleep stage; and
in response to determining the current user sleep stage will not minimally impact the user, tuning one or more wearable technology device parameters for a next sleep stage, wherein tuning the one or more wearable technology device parameters for a next sleep stage further comprises:calculating a minimum amount of time left in a user sleep cycle, wherein the minimum amount of time left in the user sleep cycle is calculated as T=ANTDmin+n+tprev, and wherein T is the time left in the user sleep cycle, ANTDmin is a minimum allowable notification time delay of the current and remaining sleep stages, n is a total amount of time elapsed in the current sleep stage, and tprev is a sum of an elapsed time in each previously completed sleep stage.


US Pat. No. 11,070,506

EMAIL NOTIFICATION SYSTEM

VMware, Inc., Palo Alto,...


1. A method for providing push notifications to a client device, comprising:receiving, at a server remote from the client device, a hash of an email address associated with a user of the client device;
generating, at the server, a key pairing including a public key and a private key, the public and private keys both being associated with the hashed email address;
providing the public key to the client device;
receiving, from the client device, encrypted user credentials encrypted by the client device using the public key;
decrypting the encrypted user credentials using the private key;
generating, at the server, a callback Uniform Resource Locator (URL) comprising at least a portion of the encrypted user credentials embedded in the callback URL;
instructing an email service to contact the callback URL in response to an email account associated with the user credentials receiving a new email;
receiving contact at the callback URL from the email service; and
in response to receiving contact at the callback URL, fetching email information from the email service by accessing the email service using decrypted user credentials obtained by decrypting the encrypted user credentials embedded in the callback URL.

US Pat. No. 11,070,505

GROUP CHAT INITIATING METHOD ON BASIS OF SHARED DOCUMENT, DEVICE AND APPARATUS THEREFOR, AND STORAGE MEDIUM

BEIJING BYTEDANCE NETWORK...


1. A computer-implemented method, comprising:determining a first user account that accesses a shared document;
querying the shared document to obtain a first identifier of a chat group inserted into the shared document;
displaying, according to a state of whether the first user account has joined into the chat group, a group chat control corresponding to the state in the shared document, wherein the group chat control is used for joining the chat group or for displaying an interface of the chat group; and
sending, in response to an operation on the group chat control, a corresponding group chat request.

US Pat. No. 11,070,504

COMMUNICATION ROUTING BASED ON PHYSICAL STATUS

MICROSOFT TECHNOLOGY LICE...


1. A computing system comprising:one or more processors;
one or more computer-readable media having thereon computer-executable instructions that are structured such that, when executed by the one or more processors, cause the computing system to perform steps for routing communications to one or more members of a group identified by a physical status of that group, the steps comprising:
detecting a communication that identifies a physical status that is to be used at least in part to determine one or more intended recipients of the communication; and
in response to detecting the communication and determining the identified physical status:performing one or more queries on a sensed feature store to determine one or more entities associated with the identified physical status, the sensed feature store comprising information regarding a plurality of entities which have been observed in a physical space;
using the results of the queries, identifying one or more members of a group, each identified member of the group being associated with a physical status that matches the physical status identified in the communication; and
dispatching the communication to at least one of the one or more identified members of the group.


US Pat. No. 11,070,503

METHOD AND SYSTEM FOR CREATING A PERSONALIZED E-MAIL


1. A method for creating a personalized E-mail within a mail client, comprising the steps of:creating a signature as part of the E-mail on the basis of interaction between a user and the mail client, and
simultaneously in real time performing the following steps:obtaining a portrait image of the user by a camera directly in real time as a result of the interaction with the user to create the signature,
automatically including the obtained portrait image of the user in the signature at the time of obtaining the portrait image, and
triggering the sending of the E-mail simultaneously in response to interaction of the user to create the signature and to obtain the portrait image.


US Pat. No. 11,070,502

TECHNIQUES FOR NOTIFICATIONS OF ENTITY REFERENCES IN A MESSAGING THREAD

FACEBOOK, INC., Menlo Pa...


1. A computer-implemented method, comprising:receiving, at a client device, a notification in a messaging application that an entity reference to a user associated with the client device appears in a group messaging thread, the group messaging thread having as participants one or more other users associated with one or more other client devices;
displaying, in a user interface of the messaging application, a notification of the appearance of the entity reference in the group message thread, the notification comprising a mention-navigation control; and
responsive to receiving selection of the mention-navigation control:displaying the group message thread in the messaging application; and
automatically scrolling, in the user interface of the messaging application, the group message thread to display a message containing the entity reference.


US Pat. No. 11,070,501

COMPUTERIZED SYSTEM AND METHOD FOR AUTOMATICALLY DETERMINING AND PROVIDING DIGITAL CONTENT WITHIN AN ELECTRONIC COMMUNICATION SYSTEM

VERIZON MEDIA INC., New ...


1. A method comprising:receiving, over a network at a messaging server associated with an electronic communication platform, input from a user associated with creation of a message to at least one recipient;
identifying, via the messaging server, a set of digital image files within a digital image file collection associated with the user, said digital image files in the collection uploaded by the user and stored in a database in association with an account of the user on said electronic communication platform;
analyzing, via the messaging server, attributes of each of the identified set of digital image files, and based on said analysis, identifying near-duplicate image files within said set of digital image files, said near-duplicate image files being at least a two image files having similar attributes at least satisfying a threshold value of similarity;
grouping, via the messaging server based on said analysis, said identified near-duplicate image files, said grouping comprising identifying each instance of said image files having similar attributes and grouping them into individual groups according to the identified similar attributes;
identifying, via the messaging server, a representative digital image file for each grouping, said identification of the representative digital image file comprising analyzing, for each group, said attributes of the image files, the attributes of each image indicating popularity information and positional information indicating an initial position among other image files within each grouping;
determining, by the messaging server, based on said analysis, a digital image file that has a highest quality value among the group, wherein for each group said representative digital image file is the determined digital image file with the highest quality value, the highest quality value based at least on the popularity information and positional information;
determining, via the messaging server, an attribute score for each group;
determining, via the messaging server, a shareability value for the representative digital image files of each group based on said attribute score for each group, said shareability values corresponding to at least the highest quality value for each representative digital image file, each shareability value providing an indication as to how likely the user is to share the representative digital image file over the network;
compiling, via the messaging server, a ranked set of groups of digital image files based on the shareability value of each representative digital image file, the ranked set of groups being ordered according to the shareability value of each group's representative digital image;
comparing values of the attributes of each of the image files in a group, and based on said comparison, determining an order of the image files; and
causing to be displayed, via the messaging server, an interface object within an interface of the communication platform in association with the message, said interface object comprising a displayed, interactive depiction of the ranked set of groups of digital image files.

US Pat. No. 11,070,500

THIRD-PARTY INTEGRATION IN ACTIVITY FEEDS

Dropbox, Inc., San Franc...


1. A computer-implemented method for providing an activity feed by a content management system comprising:receiving activity information associated with an activity involving a content item, the activity involving the content item occurring at a third-party service, wherein the content item is managed by the content management system and accessible by a user, the content management system being associated with a platform different from the third-party service;
identifying permissions granted to the user on the third-party service by maintaining a mapping at a server library at the content management system between a user account at the third-party service and a user account of the content management system, and referencing the mapping to determine whether the user account of the third-party service is mapped to the user account at the content management system; and
based on the activity information and the permissions, providing an activity notification about the activity associated with the content item within an activity feed interface provided by the content management system.

US Pat. No. 11,070,499

ANALYSIS OF CONTENT SHARING IN A MESSAGING PLATFORM

Twitter, Inc., San Franc...


9. A method comprising:identifying engagement data specifying engagements by engaging accounts of a plurality of user accounts of a messaging platform with a broadcasted message authored by a context account of the platform;
generating, using the engagement data, propagation data representing propagation of the broadcasted message between engaging accounts represented in a connection graph,wherein nodes of the connection graph represent the plurality of user accounts of the platform, and edges of the connection graph link nodes and represent relationships between respective user accounts represented by linked nodes, and
wherein the propagation data specifies engagement locations that each represent a physical location in which users of the engaging accounts are located; and

sending, to a user account of a user associated with a respective device previously identified by the platform as being located at one of the engagement locations, a recommendation to connect to the context account.

US Pat. No. 11,070,498

COMPUTER-IMPLEMENTED METHOD AND SYSTEM FOR ENABLING NETWORK COMMUNICATION USING SPONSORED CHAT LINKS


1. A computer-implemented method comprising:receiving, via a data network, a sponsored concept submitted by a sponsoring company, the sponsored concept indicating particular subject matter about which the sponsoring company would like to converse, the sponsored concept being mapped to meta-information about the sponsoring company;
receiving a first topic of interest submitted by a first user in a search query, the first topic of interest indicating particular subject matter about which the first user would like to converse, the search query being associated with a control applet corresponding to the first user, the control applet being an executable code component, the control applet providing a connection path in the data network to the first user;
determining, by use of a data processor and prior to establishing a conversation, if the sponsored concept and the first topic of interest fit within match criteria by comparing the sponsored concept with the first topic of interest;
generating for the first user, by use of the data processor, if the sponsored concept and the first topic of interest fit within match criteria, a link enabling the first user to establish a conversation between the first user and an agent of the sponsoring company, the link being a user interface element corresponding to the sponsored concept that can be activated by the first user; and
upon activation of the link by the first user, using the activated link corresponding to the sponsored concept to launch a communication applet, the communication applet being an executable code component, using the communication applet to identify a control applet associated with the corresponding sponsored concept and send an identifier associated with the sponsored concept to a server using the communication applet, the server receiving the identifier associated with the sponsored concept and identifying the control applet associated with the sponsored concept from a list of connections to other computing systems, and using the control applet associated with the sponsored concept and a connection path associated with a computing system of the agent to establish the conversation between the first user and the agent of the sponsoring company, the connection path being generated at each login of the agent of the sponsoring company, the connection path being generated in part from the meta-information.

US Pat. No. 11,070,497

SYSTEMS AND METHODS FOR TRANSFERRING MESSAGING TO AUTOMATION

LIVEPERSON, INC., New Yo...


1. A computer-implemented method comprising:receiving a request for a conversation;
determining an intent for the conversation, wherein the intent is determined from the request;
identifying one or more types of bots based on the intent;
dynamically determining one or more options for facilitating a transfer of the conversation to a type of bot from a terminal device operated by an agent, wherein when an option is selected, a conversation with a selected type of bot is facilitated, and wherein the conversation with the selected type of bot is monitored at the terminal device by the agent;
dynamically determining feedback on the conversation, wherein the feedback is dynamically determined based on a real-time evaluation of responses exchanged during the conversation;
determining a polarity for the conversation based on the feedback, wherein the polarity is determined using the feedback as input to a model trained to determine polarities of conversations; and
applying the conversation, the intent, the polarity, and attributes of the selected type of bot to a second model to train the second model to determine a future intent for the one or more types of bots.

US Pat. No. 11,070,496

METHOD AND APPARATUS FOR PROVIDING VULNERABILITY FEEDBACK

JPMORGAN CHASE BANK, N.A....


1. A method for transmitting vulnerability feedback to a code developer device by utilizing one or more processors and one or more memories, the method comprising:establishing a first communication path between an application and a build automation tool via a communication network;
establishing a second communication path between the application and a scanning tool via the communication network;
receiving data from the build automation tool via the first communication path, the data containing links to source code in a version control system and security scans;
creating a task based on the received data and adding the task to an application processing queue;
receiving security scan data from the scanning tool via the second communication path;
receiving production scan data from the version control system;
comparing the security scan data with the production scan data;
determining, based on comparing, whether the security scan data includes new vulnerability data that is not currently included in the production scan data; and
automatically transmitting an electronic notification to a code developer device when it is determined that the security scan data includes new vulnerability data and that the task needs resolution,
wherein the automatically transmitting an electronic notification further comprises:
receiving identification information of a code developer associated with the production scan data from the version control system;
linking the identification information to the code developer device; and
automatically transmitting the electronic notification directly to the code developer device via an instant messaging tool when it is determined that the security scan data includes new vulnerability data and that the task needs resolution.

US Pat. No. 11,070,495

SYSTEMS AND METHODS FOR A CHATBOT COMMUNICATION FRAMEWORK

DISH NETWORK L.L.C., Eng...


1. A computer implemented method in an electronic communications system comprising a plurality of chatbots, the method comprising:receiving, by at least one computer processor associated with a leader chatbot, a request associated with a potential follower chatbot to subscribe to a social framework of a plurality of follower chatbots and the leader chatbot to communicate with one or more of the plurality of follower chatbots via the leader chatbot;
determining, by at least one computer processor associated with the leader chatbot, whether the potential follower chatbot complies with default standards for subscription to the social framework;
receiving, by at least one computer processor associated with the leader chatbot, a unique set of rules from the potential follower chatbot based on a determination that the potential follower chatbot complies with the default standards for subscription to the social framework, wherein the unique set of rules are specifically for identity verification of the follower chatbot and define how the identity of the follower chatbot is to be verified;
associating, by at least one computer processor associated with the leader chatbot, the unique set of rules with the follower chatbot;
storing, by at least one computer processor associated with the leader chatbot, the association of the unique set of rules with the follower chatbot for future verification of identity of the potential follower chatbot; and
subscribing, by at least one computer processor associated with the leader chatbot, the potential follower chatbot as a follower chatbot subscribed to the social framework to enable the follower chatbot subscribed to the social framework to communicate with the one or more of the plurality of the follower chatbots via the leader chatbot.

US Pat. No. 11,070,494

MANAGING EMAIL CONTENT IN AN ACTIVITY STREAM

INTERNATIONAL BUSINESS MA...


1. A computer program product for managing email content in an activity stream, the computer program product comprising:a non-transitory computer readable storage medium comprising computer usable program code embodied therewith, the computer usable program code comprising computer usable program code, when executed by a processor, to:allow generation of at least one of a forward of or a reply to the email content in the activity stream.


US Pat. No. 11,070,493

SIMPLIFIED LOW PROFILE MODULE WITH LIGHT GUIDE FOR PENDANT, SURFACE MOUNT, WALL MOUNT AND STAND ALONE LUMINAIRES

IDEAL Industries Lighting...


1. An LED support structure for use with a cavity in a waveguide made of optically transmissive material, the LED support structure comprising:an LED support structure defining a first surface;
a plurality of LED devices mounted on the first surface;
an elongate reflective member extending outwardly from the LED support structure beyond the plurality of LED devices; and
a reflective element attached to an end of the elongate reflective member opposite the first surface, wherein at least one of the reflective element and the LED support structure is connected to the elongate reflective member such that a portion of the waveguide is captured between the reflective element and the LED support structure.

US Pat. No. 11,070,492

POOLING PUBLIC CLOUD RESOURCES FROM DIFFERENT SUBSCRIPTIONS USING RESERVATIONS

VMware, Inc., Palo Alto,...


1. A method of managing virtualized computing resources provided by a public cloud, comprising:mapping subscriptions in the public cloud to reservations, wherein each of the reservations is mapped to an entire subscription or to a portion of a subscription, wherein each subscription corresponds to a resource pool, wherein a portion of a subscription corresponds to a subset of the resource pool associated with the subscription, wherein at least one of the reservations corresponds to a first portion of at least one of the subscriptions;
allocating the reservations among a plurality of principals;
receiving a request to provision a workload from a user associated with a first principal of the plurality of principals, wherein the workload includes metadata describing constraints of the workload;
generating a deployment plan for the workload based on the metadata therein and the at least one of the reservations, the deployment plan specifying the at least one of the subscriptions,
wherein generating the deployment plan comprises:selecting the at least one of the reservations from one or more reservations that satisfy the constraints of the workload, wherein the constraints of the workload specify required computing resources, and wherein the at least one of the reservations selected includes constraints on the virtualized computing resources that match the constraints of the workload; and

transmitting a deployment request to the public cloud using the at least one of the subscriptions specified in the deployment plan.

US Pat. No. 11,070,491

CONTROL SYSTEM AND COMMUNICATION METHOD

OMRON Corporation, Kyoto...


1. A control system, which controls a manufacturing device or a production facility, comprising:a first control device connected to a network in which data is updated at every predetermined cycle, and
a second control device connected to the network and time-synchronized with the first control device;
wherein the first control device transmits to the manufacturing device or the production facility, at every predetermined cycle, first data used for controlling the manufacturing device or the production facility, using a first communication band among communication bands possessed by the network; and
the second control device transmits to the manufacturing device or the production facility second data used for setting and managing the manufacturing device or the production facility, using a second communication band other than the first communication band among the communication bands possessed by the network, wherein
the first control device cyclically transmits to the manufacturing device or the production facility the first data using the first communication band, and transmits to the manufacturing device or the production facility the second data using a part of the second communication band, and
the second control device transmits to the manufacturing device or the production facility the second data using a communication band other than the part of the second communication band,
the first communication band and the second communication band refer to a time width in a time division manner, a frequency in a frequency division manner, or a code sequence in a code division manner.

US Pat. No. 11,070,490

OPPORTUNISTIC DELIVERY OF CACHEABLE CONTENT IN A COMMUNICATIONS NETWORK

ViaSat, Inc., Carlsbad, ...


1. A communication system for transmitting data between a content server and at least one consumer premise equipment (CPE), comprising:at least one gateway in communication with the content server through a server optimizer, the at least one gateway configured for communication with at least one subscriber terminal via a satellite link;
at least one client optimizer to access a storage system at the subscriber terminal, the at least one CPE in communication with the client optimizer to make a request for data to the content server, wherein the client optimizer is configured to determine if the data of the request is available in the storage system, and:when the data is available, retrieve the data from the storage system without transmitting the request to the gateway,
when the data is not available, transmit the request to the server optimizer by way of the at least one gateway;

the server optimizer to, upon receipt of a request for data:transmit the request to the content server and receive requested data therefrom,
determine content scoring for the requested data at least in part based on object popularity in the context of other requests received at the server optimizer or at least one other server optimizer,
determining to opportunistically multicast the requested data in a multicast service flow to a plurality of subscriber terminals based on the content scoring including broadcasting control data regarding the requested data to the plurality of subscriber terminals,
convert the requested data to multicast traffic that is broadcast over the satellite link to any client optimizers of the plurality of subscriber terminals configured to receive the multicast traffic based on the control data; and

the client optimizer being further configured to:receive the multicast traffic,
convert the multicast traffic to a unicast stream based on the control data and communicate the requested data to the storage system for storage of the requested data in the storage system accessible by the CPE.


US Pat. No. 11,070,489

RESOURCE CONSUMPTION CONTROL

International Business Ma...


1. A method, comprising:identifying, by a processor, a resource exhaustion predicted based on an available resource and a consumption speed of the available resource in a bare-metal server;
determining, by the processor, whether the resource exhaustion will have an impact on a Service Level Agreement (SLA) based on a predicted time of the resource exhaustion being less than a response time of a human operation team to alleviate the resource exhaustion; and
responsive to determining the resource exhaustion will have an impact on the SLA, initiating, by the processor, a control of the consumption speed to slow down the resource exhaustion to maintain the SLA.

US Pat. No. 11,070,488

SYSTEM AND METHOD TO CONTROL A CROSS DOMAIN WORKFLOW BASED ON A HIERARCHICAL ENGINE FRAMEWORK

Electronics and Telecommu...


1. A workflow control system for controlling a workflow based on a hierarchical engine framework, the workflow control system comprising:an edge system comprising an edge networking entity configured to provide connectivity with a terminal, an intelligent computing entity configured to execute at least one engine for analyzing data of the terminal collected through the edge networking entity and processing a workflow, and an edge gateway entity configured to provide a function of interworking with another system through a data pipeline built based on the hierarchical engine framework; and
an intelligent control system configured to control the workflow based on the at least one engine and the data pipeline,
wherein the hierarchical engine framework is an architecture in which engines of an engine group executing a workflow are structured according to layers, and
wherein the data pipeline is a data path for transferring the data collected or analyzed by the edge system from the edge system to the other system.

US Pat. No. 11,070,487

CONTROLLING OF COMMUNICATION NETWORK COMPRISING VIRTUALIZED NETWORK FUNCTIONS


1. A method comprising:obtaining in virtual network operation an indication related to an instantiation of at least one new virtualized communication function or application providing services related to a communication network, wherein the instantiated at least one new virtualized communication function or application is a potential signaling partner in virtual network operation in a communication conducted via a communication network,
processing the obtained indication for determining or recognizing the at least one new virtualized communication function or application being instantiated in virtual network operation,
checking, with regard to a communication to be conducted in the communication network with a network element or network function, a communication function or application in a communication network, whether the at least one new virtualized communication function or application is providing suitable services related to the communication in virtual network operation, and
selecting, on the basis of the result of the check, a network element or network function, communication function or application in the communication network with which a communication in virtual network operation is to be conducted.

US Pat. No. 11,070,486

OVERALL PERFORMANCE WHEN A SUBSYSTEM BECOMES OVERLOADED

Verizon Media Inc., New ...


1. A method, comprising:receiving, by a first computing system including one or more servers, a request for information via a network from a client device;
determining, by the first computing system, whether a second computing system including one or more second servers is available to respond to requests from the first computing system;
obtaining, by the first computing system, the information requested by the client device, wherein the obtaining comprises:in response to determining that the second computing system is not available to respond to requests from the first computing system, obtaining, by the first computing system, the information requested by the client device by:obtaining, by the first computing system, one or more parameter values of the request, wherein one or more first parameter values correspond to a first category of file and one or more second parameter values correspond to a second category of file;
obtaining, by the first computing system from a user profile in one or more memories of the first computing system, one or more estimated data values using the one or more parameter values, wherein the one or more estimated data values identify the first category of file, wherein the user profile is indicative of a plurality of features of a user associated with the client device; and
generating, by the first computing system, the information requested by the client device based, at least in part, on the one or more estimated data values without communicating with the second computing system;

and

transmitting, by the first computing system, a response including the information to the client device.

US Pat. No. 11,070,485

MULTIMEDIA CONTENT STEERING

Netflix, Inc., Los Gatos...


1. A computer-implemented method comprising:accessing information related to a playback session in which at least a portion of requested multimedia content is streamed over a network to a client electronic device, the accessed information comprising one or more properties associated with the client electronic device, the network including a plurality of end nodes that are each configured to host and serve multimedia content;
accessing network topology information for the network to identify which route through the network was used to provide the requested multimedia content during the playback session, including indicating which end node was used to provide the multimedia content;
accessing one or more network steering factors that indicate why the requested multimedia content was steered through the identified network route;
determining, based on at least one of the network steering factors, which end node would have been more suited to providing the requested multimedia content for the playback session; and
transferring at least a portion of the requested multimedia content to the determined end node, such that the determined end node to which the requested multimedia content was transferred provisions the requested multimedia content during subsequent playback sessions.

US Pat. No. 11,070,484

METHOD AND APPARATUS FOR IMPROVING COMMUNICATION PERFORMANCE THROUGH NETWORK CODING

CODE ON NETWORK CODING LL...


1. A computer-implemented method in which a computer system is configured to perform operations comprising:forming a plurality of first network coded packets by a first source node, each of said first network coded packets comprising a combination of a number of first original packets at said first source node;
forming a plurality of second network coded packets by a second source node, each of said second network coded packets comprising a combination of a number of second original packets at said second source node;
treating the first original packets and the first network coded packets as error-free, transmitting said plurality of first network coded packets from the first source node to an intermediate node via a network;
treating the second original packets and the second network coded packets as error-free, transmitting said plurality of second network coded packets from the second source node to the intermediate node via the network;
forming a plurality of further network coded packets by further network coding said first network coded packets and said second network coded packets at the intermediate node, the further network coded packets comprising a combination of at least one of a number of the first network coded packets and a number of the second network coded packets; and
treating the further network coded packets as error-free, transmitting said plurality of further network coded packets from the intermediate node to at least one destination node.

US Pat. No. 11,070,483

DISCOVERING AND MITIGATING MTU/FRAGMENTATION ISSUES IN A COMPUTER NETWORK

Cisco Technology, Inc., ...


1. A method comprising:receiving, at a maximum transmission unit (MTU) mismatch assessment service, a notification of a mismatch between a packet size of a packet sent by a source to a destination in a network and an MTU of an intermediate router between the source and destination in the network;
predicting, by the service and using a machine learning-based model, whether the mismatch is likely to reoccur in the future at a frequency or a volume greater than a predefined threshold;
determining, by the service, that the mismatch represents a persistent MTU mismatch condition at the intermediate router when it is predicted that the mismatch is likely to reoccur in the future at a frequency or a volume greater than the predefined threshold;
identifying, by the service, a target router in the network to receive a configuration adjustment instruction, based on the persistent MTU mismatch condition; and
sending, by the service, the configuration adjustment instruction to the target router, to alleviate the persistent MTU mismatch condition at the intermediate router.

US Pat. No. 11,070,482

SYSTEM AND METHOD FOR INFORMATION DELIVERY WITH MULTIPLE POINT TRANSMISSION

Futurewei Technologies, I...


1. A method comprising:receiving, by a first transmission point (TP), downlink data packets of a single radio bearer that are scheduled for multipoint transmission by at least the first TP and a second TP;
transmitting, by the first TP, radio resource control (RRC) signaling to a user equipment (UE), the RRC signaling configuring the UE to receive the downlink data packets over the single radio bearer from both a radio link control (RLC) entity of the first TP and an RLC entity of the second TP;
sending, by the first TP, a second subset of the downlink data packets of the single radio bearer directly from a packet data convergence protocol (PDCP) entity of the first TP to the RLC entity of the second TP such that the second subset of downlink data packets are sent from the first TP to the second TP without the second subset of downlink data packets passing through the RLC entity of the first TP and without the second subset of downlink data packets passing through any PDCP entity of the second TP, the second subset of downlink data packets being transmitted from the RLC entity of the second TP to the UE; and
transmitting, by the first TP, a first subset of the downlink data packets of the single radio bearer to the UE.

US Pat. No. 11,070,481

PREDICTIVE MANAGEMENT OF A NETWORK BUFFER

Cable Television Laborato...


1. A method for managing a network element including at least a first buffer and a second buffer, the first buffer including a first queue, the second buffer including a second queue, each of the first queue and the second queue correspondingly enqueuing packets at an input and to dequeuing packets at an output, the method comprising:predicting sojourn time for each packet prior to being enqueued into one of the first queue and the second queue, the sojourn time estimating time needed for the corresponding packet to travel through one of the first queue and the second queue; and
one of dropping and not dropping each packet based at least in part on the corresponding sojourn time.

US Pat. No. 11,070,480

METHOD AND COMPUTING DEVICES FOR ENFORCING PACKET ORDER BASED ON PACKET MARKING

Kaloom Inc., Montreal (C...


1. A computing device comprising:a plurality of communication interfaces providing access to a corresponding plurality of communication links; and
a processing unit for:transmitting Internet Protocol (IP) packets of an IP flow via a first communication interface among the plurality of communication interfaces providing access to a corresponding first communication link among the plurality of communication links;
transmitting IP packets of at least one other IP flow via the first communication interface;
determining a failure of the first communication link;
upon the determination of the failure, marking the IP packets of the IP flow with a first flag and transmitting the IP packets of the IP flow via a second communication interface among the plurality of communication interfaces providing access to a corresponding second communication link among the plurality of communication links, and marking the IP packets of the at least one other IP flow with the first flag and transmitting the IP packets of the at least one other IP flow via the second communication interface or another communication interface among the plurality of communication interfaces different from the first communication interface and providing access to a corresponding communication link among the plurality of communication links different from the first link;
determining that the first communication link has recovered from the failure; and
upon the determination of the recovery from the failure, marking the IP packets of the IP flow with a second flag different from the first flag and transmitting the IP packets of the IP flow via the first communication interface providing access to the corresponding first communication link, and marking the IP packets of the at least one other IP flow with the second flag and transmitting the IP packets of the at least one other IP flow via the first communication interface providing access to the corresponding first communication link.


US Pat. No. 11,070,479

DYNAMIC RESOURCE ALLOCATION BASED UPON NETWORK FLOW CONTROL

NetApp, Inc., San Jose, ...


1. A method comprising:identifying communication availability signals indicating that a network communication channel is available for transmitting data;
identifying communication unavailability signals indicating that the network communication channel is unavailable for transmitting data of data transmission requests; and
dynamically adjusting a resource allocation of computing resources based upon the communication availability signals and the communication unavailability signals, wherein the resource allocation is modified based upon a number of communication availability signals being less than a first threshold.

US Pat. No. 11,070,478

METHOD AND SWITCH FOR MANAGING TRAFFIC IN TRANSPORT NETWORK

TELEFONAKTIEBOLAGET LM ER...


1. A method for managing traffic of a plurality of packets in a plurality of packet flows transmitted using a time-slotted interface, the packet flows traversing a plurality of switches of a transport network according to an assigned path from a source node to a destination node, the method comprising:determining an end-to-end latency of a plurality of packets traversing a current switch in packet flows;
assigning priority values to the packets traversing the current switch, wherein a priority value of a packet depends on the determined end-to-end latency of the packets; and
allocating a time slot in an output interface of the current switch to the packet having the highest priority value among the packets competing for the time slot.

US Pat. No. 11,070,477

DISTRIBUTED SOFTWARE DEFINED WIRELESS PACKET CORE SYSTEM

Google LLC, Mountain Vie...


1. A distributed software defined network (SDN) packet core system comprising:a policy module configured to manage policies for client devices associated with the distributed SDN packet core system; and
a plurality of computer devices arranged geographically in proximity, and communicatively coupled, to a respective plurality of radio access points associated with at least two radio access technologies (RATs) and separate from the plurality of computer devices, the computer devices being configured to execute software modules for processing control messages and data packets of communication flows associated with the respective radio access points as part of supporting a plurality of local SDN infrastructure instances, the software modules including:
a plurality of RAT-specific control-plane modules associated with the at least two radio access technologies (RATS), each RAT-specific control-plane module configured to execute signaling and control operations for communication flows associated with a respective RAT; and
at least one data-plane controller configured to receive packet processing requests from at least one RAT-specific control-plane module and forward the requests to one or more data-plane instances established as part of at least one of the plurality of local infrastructure SDN instances, wherein each of the one or more data plane instances includes a configuration module and at least one data-plane module, the configuration module configured to translate packet processing requests received from the at least one data-plane controller into a configuration specific to the at least one data-plane module;
wherein the at least one data-plane controller is configured to interact with the RAT-specific control-plane modules using a RAT-independent interface employing communication flow rules, receive one or more counter reports from one or more of the data-plane instances, determine at least one control-plane module to receive the one or more data counter reports, and forward the one or more data counter reports to the at least one control-plane module determined.

US Pat. No. 11,070,476

MIGRATION FROM A LEGACY NETWORK APPLIANCE TO A NETWORK FUNCTION VIRTUALIZATION (NFV) APPLIANCE

Intel Corporation, Santa...


1. A method comprising:configuring a packet migration Internet Protocol (IP) filter rule to select packets for which processing of the packets is to be migrated from a proprietary dedicated hardware legacy network appliance to a selected one of one or more network function virtualization (NFV) appliances;
receiving a packet;
applying the packet migration IP filter rule to the received packet;
when the received packet does not match the packet migration IP filter rule, sending the received packet to the proprietary dedicated hardware legacy network appliance for processing of the received packet; and
when the received packet does match the packet migration IP filter rule:generating metadata for the packet, the packet metadata including a set of proprietary dedicated hardware legacy network appliance to NFV appliances distributions;
selecting a most reliable NFV appliance from the set based at least in part on the packet metadata;
determining if the selected most reliable NFV appliance is valid;
when the selected most reliable NFV appliance is valid, sending the received packet to the selected most reliable NFV appliance for processing of the received packet; and
when the selected most reliable NFV appliance is not valid, sending the received packet to the proprietary dedicated hardware legacy network appliance for processing of the received packet.


US Pat. No. 11,070,475

TRANSPARENT MIGRATION OF VIRTUAL NETWORK FUNCTIONS

Google LLC, Mountain Vie...


1. A method comprising:identifying, by data processing hardware, a middlebox receiving network flow between virtual network endpoints in a virtual network layer, performing stateful network functions in the virtual network layer using the received network flow between the virtual network endpoints, and communicating with one or more backend virtual machines corresponding to the virtual network endpoints, the middlebox comprising a load balancer configured to balance network load between network connections and the one or more backend virtual machines, the load balancer comprising a connection table mapping each network connection to a corresponding one of the one or more backend virtual machines;
receiving, at the data processing hardware, flow statistics corresponding to the network flow of the middlebox;
determining, by the data processing hardware, whether the flow statistics satisfy an offload rule, the offload rule indicating when to migrate the network flow from the middlebox to an end host; and
when the flow statistics satisfy the offload rule, migrating, by the data processing hardware, the network flow from the middlebox to the end host.

US Pat. No. 11,070,474

SELECTIVE LOAD BALANCING FOR SPRAYING OVER FABRIC PATHS

Juniper Networks, Inc., ...


1. A method comprising:receiving, by processing circuitry of a network device, a data stream to be transmitted on a switch fabric of the network device, the switch fabric coupling a plurality of packet processors to a plurality of fabric endpoints of the switch fabric;
determining, by the processing circuitry, a plurality of credit counts, each credit count being assigned to a respective subchannel of a plurality of subchannels, each subchannel of the plurality of subchannels corresponding to a respective fabric path through the switch fabric from an ingress fabric endpoint to an egress fabric endpoint of the plurality of fabric endpoints;
determining, by the processing circuitry, per-subchannel occupancy of a memory for the plurality of subchannels, wherein the per-subchannel occupancy indicates whether a number of bytes for each subchannel of the plurality of subchannels is less than an occupancy threshold;
selecting, by the processing circuitry, a subchannel of the plurality of subchannels for transmitting a cell of a plurality of cells for the data stream in response to determining a credit count of the plurality of credit counts that is assigned to the selected subchannel is greater than a credit threshold for the selected subchannel and in response to determining that the per-subchannel occupancy indicates that the number of bytes for the subchannel is less than the occupancy threshold; and
outputting, by the processing circuitry, data for the cell to the memory for output by the selected subchannel.

US Pat. No. 11,070,473

VIRTUAL PRIVATE NETWORK (VPN)-AS-A-SERVICE WITH LOAD-BALANCED TUNNEL ENDPOINTS

Akamai Technologies, Inc....


1. An apparatus operative within a virtual private network (VPN) cluster that comprises a set of machines, comprising:one or more hardware processors;
computer memory holding computer program instructions executable by the one or more hardware processors and configured to:establish and maintain a partitioned namespace, each partition in the partitioned namespace having a set of sequence numbers uniquely associated with a given one of the set of machines in the VPN cluster to provide replay protection;
receive a set of data flows over a single logical tunnel connected between an external computing entity and the apparatus, the set of data flows including at least one data flow having associated therewith a flow identifier hash value;
upon being selected as a leader by a leader election routine executing across the set of machines, implement a load balancing routine with respect to a load presented by the set of data flows over the single logical tunnel, thereby load balancing the data flows over the single logical tunnel such that the load within the single logical tunnel is shared among the set of machines and the replay protection is maintained, the flow identifier hash value determining a particular one of the set of machines in the VPN cluster to receive and process the at least one data flow persistently; and
associate a sequence number with a response generated by the particular machine, the sequence number being from the set of sequence numbers uniquely associated with the particular machine;

wherein the apparatus is positioned to receive the set of data flows at a content delivery network (CDN) edge region located at an ingress point to the content delivery network, thereby acting as a VPN cluster concentrator with respect to the set of data flows, the apparatus providing at least one CDN-specific Transmission Control Protocol (TCP) optimization and at least one CDN-specific routing optimization together with further transport of the data flows to another CDN edge region across the content delivery network, wherein the at least one TCP optimization is one of: packet loss mitigation, and TCP buffer management.

US Pat. No. 11,070,472

DYNAMICALLY MAPPING HASH INDICES TO MEMBER INTERFACES

Juniper Networks, Inc., ...


1. A method comprising:configuring, by a network device, an aggregated interface comprising a plurality of member interfaces for respective member links, wherein the member links are associated with respective net weights, and wherein each of a plurality of hash indices of a hash data structure for the aggregated interface is mapped to one of the member interfaces;
generating, by the network device, a first binary tree having nodes each having one or more of a plurality of utilization values for the respective hash indices;
generating, by the network device, a second binary tree having respective nodes representing the member interfaces, the nodes of the second binary tree ordered by the respective net weights associated with the member interfaces for the nodes;
configuring, by the network device, the hash data structure by mapping utilization values of the nodes of the first binary tree to the nodes of the second binary tree; and
selectively forwarding, by the network device, traffic via the member interfaces according to the hash data structure.

US Pat. No. 11,070,471

SWITCH FABRIC FOR NETWORKED VIRTUAL MACHINES


1. A leaf switch for a switch fabric, the leaf switch comprising:a plurality of downlink ports for receiving and transmitting Virtual Local Area Network (VLAN) packets;
an uplink port for receiving and transmitting encapsulated packets;
a local tenant identifier (LTID) table having entries associating a Virtual Local Area Network IDentifier (VLAN_ID) and downlink port to a Global Tenant IDentifier (GTID);
a local forwarding information base (LFIB) having entries which provide a downlink port and new MAC address, from a GTID and at least one of a Media Access Controller (MAC) or Internet Protocol (IP) address;
a packet forwarding engine receiving VLAN packets from the downlink ports and encapsulated packets from the uplink port, the packet forwarding engine coupled to the LTID table and also the LFIB table;
the leaf packet forwarding engine, upon receiving a VLAN packet having a VLAN_ID and destination address from a downlink port, examining the LTID table to determine whether an entry exists containing a GTID corresponding to the downlink port and VLAN_ID;
if a matching LTID entry is found, the packet forwarding engine thereafter using the associated GTID with the VLAN packet destination address to examine the LFIB table to determine whether an entry exists containing a downlink port;
if a matching LFIB entry exists for the GTID and VLAN packet destination address, the packet forwarding engine thereafter changing the VLAN_ID field to a new VLAN_ID selected from an entry in the LTID table matching the GTID and downlink port identified in the LFIB table;
thereafter forwarding the VLAN packet to the downlink port identified in the LFIB table;
where the VLAN packet is a layer 3 IP packet and when a matching LFIB entry exists for the GTID and VLAN packet IP destination address with the matching LFIB entry containing a downlink leaf port and new MAC address, the VLAN packet is modified such that:
the modified VLAN packet has a MAC destination address set to the new MAC address, and the modified VLAN packet has a MAC source address set to a MAC source address of the leaf switch selected downlink port.

US Pat. No. 11,070,470

HOST ROUTER IN A VIRTUAL COMPUTING INSTANCE

VMware, Inc., Palo Alto,...


1. A system for providing gateway services, the system comprising:a host machine comprising:a physical network interface;
a forwarding element coupled to the physical network interface;
a virtual computing instance comprising:an interface coupled to the forwarding element;
a host switch configured to forward packets based on a destination medium access control (MAC) address of the packets;
a host router comprising a plurality of router ports, the host router being configured to forward packets based on a destination internet protocol (IP) address of the packets; and
a plurality of service interfaces coupled to the plurality of router ports, each of the plurality of service interfaces associated with a software component configured to provide a service by processing packets,


wherein:the physical network interface is configured to receive a first packet comprising a first destination MAC address associated with the interface;
the forwarding element is configured to forward the first packet to the interface based on the first destination MAC address;
the interface is configured to forward the first packet to the host switch;
the host switch is configured to forward the first packet to the host router based on the first destination MAC address;
the host router is configured to forward the first packet to a first port of the plurality of router ports based on a first destination IP address of the first packet, the first port being associated with a first service interface associated with the first destination IP address; and
a software component associated with the first service interface is configured to process the first packet.


US Pat. No. 11,070,469

SCALING BORDER GATEWAY PROTOCOL SERVICES

Juniper Networks, Inc., ...


1. A method comprising:instantiating, by a computing system, a plurality of containerized routing protocol modules, each capable of storing routing information about a network having a plurality of routers;
performing, by the computing system, network address translation to enable each of the containerized routing protocol modules to communicate with any of the plurality of routers using a public address associated with the computing system;
configuring, by the computing system, each of the containerized routing protocol modules to use the public address to peer with a different subset of the plurality of routers so that each of the containerized routing protocol modules share routing information with a different subset of the plurality of routers; and
configuring, by the computing system, each of the containerized routing protocol modules to peer with each other to share routing information received from the different subsets of the plurality of routers.

US Pat. No. 11,070,468

SERVERLESS SEGMENT ROUTING (SR)-LABEL DISTRIBUTION PROTOCOL (LDP) STITCHING

Juniper Networks, Inc., ...


11. A data forwarding device belonging to both (1) a segment routing (SR) domain and (2) a label distribution protocol (LDP) domain, the data forwarding device comprising:a) at least one processor;
b) at least one communications interface; and
c) a computer-readable storage system storing processor-executable instructions which, when executed by the at least one processor, cause the data forwarding device to perform a method including1) receiving, via the at least one communications interface of the data forwarding device, information uniquely associated with each of one or more nodes in the LDP domain,
2) associating, for each of the one or more nodes in the LDP domain, a unique SR segment identifier (SID) with the information uniquely associated with the node in the LDP domain, to generate one or more SR SID-to-LDP node associations,
3) storing on the computer-readable storage system, the generated one or more SR SID-to-LDP node associations, and
4) transmitting, via the at least one communications interface of the data forwarding device, the one or more SR SID-to-LDP node associations for propagation to at least one other node in the SR domain, whereby the at least one other node in the SR domain will become aware of the one or more nodes in the LDP domain,

wherein the act of transmitting the one or more SR SID-to-LDP node associations for propagation to at least one other node in the SR domain, whereby the at least one other node in the SR domain will become aware of the one or more nodes in the LDP domain, is performed using an interior gateway protocol (IGP) message carrying a type, length, value (TLV) binding, or an interior gateway protocol (IGP) message carrying a type, length, value (TLV), and
wherein the TLV further encodes, explicitly, that the LDP node is in an LDP domain outside of the SR domain.

US Pat. No. 11,070,467

EXPEDITED ROUTE RECOVERY AND LOAD BALANCING IN A MULTI-RADIO MESH NETWORK

Amazon Technologies, Inc....


1. A mesh network device comprising: a wireless local area network (WLAN) radio;an event-driven radio that is enabled to transmit data only upon detection of an event; and an application processor coupled to the WLAN radio and the event-driven radio, wherein the application processor comprises multi-radio mesh control logic, wherein the multi-radio mesh control logic:
detects a link failure of a first mesh link in a wireless mesh path between a source mesh network device and a destination mesh network device;
enables the event-driven radio to transmit data responsive to detection of the link failure;
sends, via the WLAN radio, a first frame with a path error (PERR) element to the source mesh network device over a second mesh link to a precursor mesh network device in the wireless mesh path, the PERR element identifying the link failure of the first mesh link; encapsulates a copy of the PERR element into a payload of a second frame; and
sends, via the event-driven radio, the second frame to the source mesh network device.

US Pat. No. 11,070,466

METHOD FOR LINK AGGREGATION AND RELATED DEVICES

GUANGDONG OPPO MOBILE TEL...


1. A method for link aggregation being applied to an electronic device comprising an application layer, a framework layer, and a kernel layer, the method comprising:detecting a touch operation on an operation interface via the application layer;
enabling, in response to the touch operation, a link aggregation function via the framework layer, the link aggregation function being enabled by establishing a first wireless link and at least one second wireless link;
determining, in response to enablement of the link aggregation function, a link selection strategy via the kernel layer, and establishing a mapping relation between data streams and wireless links according to the link selection strategy to transmit data stream on a designated link; and
determining, according to a transmission rate of the first wireless link and a transmission rate of each of the at least one second wireless link, the link selection strategy via the kernel layer comprising:obtaining a first peak transmission rate of the first wireless link and a first peak transmission rate of each of the at least one second wireless link at a current time point via the kernel layer;
determining, according to the first peak transmission rate of the first wireless link, a data stream allocation weight for the first wireless link via the kernel layer, and determining, according to the first peak transmission rate of each of the at least one second wireless link, a data stream allocation weight for each of the at least one second wireless link via the kernel layer; and
determining, according to the data stream allocation weight for the first wireless link and the data stream allocation weight for each of the at least one second wireless link, the link selection strategy via the kernel layer.


US Pat. No. 11,070,465

DISTRIBUTION OF MULTICAST INFORMATION IN A ROUTING SYSTEM

128 Technology, Inc., Bu...


1. A routing system for providing multicast access control, the routing system comprising:a plurality of routers comprising:a multicast source router; and
a plurality of multicast receiver routers,

wherein the plurality of routers are configured to provide a multicast service,
wherein the plurality of routers are configured to enforce multicast access control policies for the multicast service, and
wherein the multicast access control policies comprise:a tenant-based receiver access policy that specifies at least one receiver tenant allowed to receive packets from the multicast service, wherein the plurality of routers are further configured to accept multicast join requests for joining a multicast group for the multicast service only from interfaces of the plurality of multicast receiver routers that are associated with the at least one receiver tenant specified by the tenant-based receiver policy; and
a sender access policy that specifies the multicast source router as allowed to send packets to the multicast service for distribution to the specified at least one receiver tenant.


US Pat. No. 11,070,464

OPTIMIZED MULTICAST FORWARDING WITH A CACHE

Juniper Networks, Inc., ...


1. A method comprising:receiving, by a packet processor of a plurality of packet processors of a network device in a multicast domain, a multicast packet that includes a multicast identifier that specifies a set of one or more egress network devices of the multicast domain;
configuring, by the packet processor and in response to determining that a cache does not include the multicast identifier, a first level of the cache to include the multicast identifier as an index of the cache, an identifier of one or more egress packet processors of the network device that is to forward the multicast packet to the set of one or more egress network devices, and one or more actions to forward the multicast packet toward one or more corresponding egress network devices of the set of one or more egress network devices specified by the multicast identifier, wherein the first level of the cache is configured based on a Bit Index Explicit Replication (BIER) forwarding table (BIFT) including respective multicast identifiers of the one or more corresponding egress network devices and a next hop database specifying outgoing interfaces to reach the one or more corresponding egress network devices;
configuring, by the packet processor and for the one or more actions, a second level of the cache, based on the BIFT and the next hop database, to include next hop information for the one or more corresponding egress network devices and the respective multicast identifiers for the one or more corresponding egress network devices, wherein configuring the second level of the cache comprises deriving the respective multicast identifiers of the second level of the cache from the next hop database of the network device and not from the multicast packet; and
in response to receiving a subsequent multicast packet including the multicast identifier that specifies the set of one or more egress network devices, performing, by the packet processor, a lookup of the cache without performing a lookup of the BIER forwarding table and the next hop database, wherein performing the lookup of the cache comprises at least one of:performing a lookup of the first level of the cache to determine the one or more egress packet processors to which a copy of the subsequent multicast packet is to be forwarded, and
performing a lookup of the second level of the cache to determine the respective multicast identifiers by which the copy of the subsequent multicast packet is to be encapsulated in order to forward the copy of the subsequent multicast packet to the one or more corresponding egress network devices.


US Pat. No. 11,070,463

GUARANTEED BANDWIDTH FOR SEGMENT ROUTED (SR) PATHS

Juniper Networks, Inc., ...


1. A computer-implemented method for determining at least one bandwidth-guaranteed segment routing (SR) path through a network from an ingress device to an egress device, the computer-implemented method comprising:a) receiving, as input, a bandwidth demand value;
b) obtaining network information;
c) determining a constrained shortest multipath (CSGi) from the ingress device to the egress device;
d) determining a set of SR segment-list(s) (Si=[sl1i, sl2i . . . slni]) that are needed to steer traffic over CSGi; and
e) tuning each of a plurality of loadshares in a set of segment link loadshares Li that the ingress device uses to steer portions of the bandwidth demand to the egress device, using all of1) Si and the per segment-list loadshare (Li=[l1i, l2i, . . . lni]),
2) the per segment equal cost multipath (“ECMP”), and
3) the per link residual capacity,

such that the bandwidth capacity over CSGi is maximized or such that the bandwidth capacity meets a threshold value.

US Pat. No. 11,070,462

APPARATUS AND METHOD FOR OPTIMIZED ROUTE INVALIDATION USING MODIFIED NO-PATH DAO SIGNALING

Huawei Technologies Co., ...


1. A method for invalidating a previous routing path on switching of a parent node, the method comprising:determining, by a common ancestor node of a network, switching of the parent node of a node based on an update message received from the node using a new routing path established based on the switching of the parent node; and
generating, by the common ancestor node, a No-Path message based on the update message, wherein the No-Path message is for invalidating the previous routing path associated with the node on the switching of the parent node, and
wherein the update message comprises at least one bit authorizing generation of the No-Path message by the common ancestor node, and the at least one bit is placed in at least one of a target container or a transit information container in the update message.

US Pat. No. 11,070,461

SYSTEM FOR DIVIDING A TREE DATA STRUCTURE TO IMPROVE TRAVERSAL OPERATIONS

AMAZON TECHNOLOGIES, INC....


1. A system comprising:one or more memories storing computer-executable instructions; and
one or more hardware processors to execute the computer-executable instructions to:access a tree data structure that includes a plurality of nodes representing one or more of catalog data, transaction data, or network data;
divide the tree data structure into at least a first linear chain of nodes and a second linear chain of nodes;wherein the first linear chain of nodes includes a first subset of the plurality of nodes and each node of the first linear chain is associated with two or fewer neighboring nodes that are within the first linear chain; and
wherein the second linear chain of nodes includes a second subset of the plurality of nodes and each node of the second linear chain is associated with two or fewer neighboring nodes that are within the second linear chain;

generate first chain data indicative of the first subset;
generate second chain data indicative of the second subset;
receive a query indicative of a value for a path of nodes between a first node of the first subset and a second node of the second subset, the value indicative of one or more of: a characteristic of one or more items within a catalog, one or more characteristics of a financial transaction, or a path associated with transmission of a data packet within one or more networks;
based on the first chain data, traverse at least a portion of the first linear chain of nodes;
traverse the tree data structure from the first linear chain of nodes to the second linear chain of nodes;
based on the second chain data, traverse at least a portion of the second linear chain of nodes;
generate a response to the query based on values determined by traversal of the at least a portion of the first linear chain of nodes, traversal of the tree data structure from the first linear chain of nodes to the second linear chain of nodes, and traversal of the at least a portion of the second linear chain of nodes; and
output the response to the query.


US Pat. No. 11,070,460

SYSTEM AND METHOD FOR NEXT HOP BGP ROUTING IN A NETWORK

Level 3 Communications, L...


1. A method comprising:establishing, utilizing a first network edge device, a border gateway protocol (BGP) session with a first edge device of a border network in communication with a telecommunications network, the BGP session providing first routing information for transmitting communication packets to a destination address through the first network edge device of the border network;
receiving, utilizing a second network edge device, second routing information from a second edge device of the border network in communication with the telecommunications network, the second routing information for transmitting communication packets to the destination address through the second network edge device of the border network; and
transmitting internal BGP information from the first network edge device and the second network edge device to at least one device of the telecommunications network, the internal BGP information comprising the destination address and a group-specific next-hop identifier.

US Pat. No. 11,070,459

FRAMEWORK FOR UNIVERSALLY SPECIFIED AFFINITY TOPOLOGIES WITH PARTIAL PATH INVALIDATION AND GENERALIZED NETWORK FLOWS

Hewlett Packard Enterpris...


1. A method comprising:generating a set of candidate fabric graphs, the candidate fabric graphs having a same root node, and each candidate fabric graph including:a directed tree graph having vertices representing network switches and arcs representing simplex communication links in a network,
a set of partial path validation rules, where each partial path validation rule of the set is a Boolean formula based on at least one network state variable and evaluates to TRUE if a unique path from a vertex associated with the each partial path validation rule to the root node is currently operational, and
node roles defining roles that network switches in the each candidate fabric graph may serve;

establishing relative preferences for the candidate fabric graphs in the set of candidate fabric graphs; and
ordering the candidate fabric graphs in the set of candidate fabric graphs based on the relative preferences;
providing at least a portion of the set of candidate fabric graphs to each of the network switches represented by the vertices, wherein the portion of the set of candidate fabric graphs provided to a network switch are relevant to the network switch; and
at each of the network switches, evaluating in preference order the set of candidate fabric graphs provided to the network switch based on the partial path validation rules of the set of candidate fabric graphs and the node role of the network switch.

US Pat. No. 11,070,458

ENCRYPTED TRAFFIC ANALYSIS CONTROL MECHANISMS

Cisco Technology, Inc., ...


1. A method comprising:monitoring, by a service, collection of telemetry data by a telemetry exporter in a network, wherein the telemetry exporter collects the telemetry data from a plurality of interfaces via which a plurality of encrypted traffic flows flow, and wherein the telemetry exporter sends the collected telemetry data to a traffic analysis service for analysis;
determining, by the service, that a cost associated with the collection of the telemetry data by the telemetry exporter exceeds a cost threshold;
selecting, by the service, a subset of the interfaces from which telemetry data is to be collected by the telemetry exporter based on profiling data of a particular endpoint device associated with a particular one of the selected interfaces, when a determination that the cost associated with the collection of the telemetry data exceeds the cost threshold; and
controlling, by the service, the telemetry exporter to collect telemetry data only from the selected subset of interfaces among the plurality of interfaces,
wherein the selecting of the subset of interfaces from which telemetry data is to be collected by the telemetry exporter comprises:identifying, by the service, the particular endpoint device associated with the particular one of the selected interfaces; and
selecting, by the service, the particular interface for inclusion in the subset based on the profiling data of the particular endpoint device.


US Pat. No. 11,070,457

REMEDIAL ACTION BASED ON MONITORED WIRELESS THROUGHPUT

ARRIS Enterprises LLC, S...


1. A transmitting electronic device, comprising:an antenna; and
an interface circuit, coupled to the antenna, configured to wirelessly communicate with one or more receiving electronic devices, wherein the interface circuit is configured to:monitor, at one or more nodes of the transmitting electronic device, the wireless communication with one of the receiving electronic devices in a wireless local area network, wherein the wireless communication is compatible with an IEEE 802.11 communication protocol;
calculate a throughput metric based on measurements obtained during the monitoring, the calculating comprises determining an observed distribution of data rates;
compare the throughput metric to a threshold; and
selectively perform a remedial action based on the comparison, wherein the remedial action comprises denying subsequent association requests from an additional receiving electronic device.


US Pat. No. 11,070,456

METHODS TO MONITOR RESOURCES THROUGH HTTP/2

Convida Wireless, LLC, W...


1. An apparatus comprising a processor and a memory, the apparatus further including computer executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:receive a monitor request from a client to monitor a resource, wherein the monitor request includes a list of ports the client is willing to leave open and a resource the client will monitor in case of a connection loss;
send a message to the client to indicate a port to monitor in case of a loss of a first hypertext transfer protocol version 2 (HTTP/2) connection with the client, the first HTTP/2 connection for sending a monitor response to inform the client about a change of state of the monitored resource;
upon a change of state of the monitored resource when the first HTTP/2 connection is not available, send a message initiating a connection to the client via the port;
receive a connection establishment signal from the client;
link a new HTTP/2 connection to the monitor request; and
send, using the new connection, a monitor response to inform the client about the change of state of the monitored resource using the new HTTP/2 connection.

US Pat. No. 11,070,455

STORAGE SYSTEM LATENCY OUTLIER DETECTION

Hewlett Packard Enterpris...


1. A method performed by a system comprising a hardware processor, comprising:capturing latency metrics representing latencies in a data storage network, the latencies comprising amounts of time used by devices in the data storage network to respond to data requests;
identifying periods of high latency based on the captured latency metrics;
applying a statistical median absolute deviation (MAD) operation to the latency metrics in the identified periods of high latency, the statistical MAD operation generating an MAD value based on the latency metrics in the identified periods of high latency;
identifying, based on the MAD value, outliers in the latency metrics in the identified periods of high latency;
calculating median values of the identified outliers;
normalizing the median values of the identified outliers;
scoring the normalized median values of the identified outliers to produce respective anomaly scores that represent anomalies in the data storage network; and
performing, by data storage network management machine-readable instructions that are executed in the system and that control an operation of a device of the devices in the data storage network, an action based on the anomaly scores to resolve the anomalies.

US Pat. No. 11,070,454

SYSTEM FOR ROUTING FUNCTIONALITY PACKETS BASED ON MONITORING REAL-TIME INDICATORS

BANK OF AMERICA CORPORATI...


1. A system for routing functionality packets based on monitoring real-time indicators, the system comprising:at least one network communication interface;
at least one non-transitory storage device; and
at least one processing device coupled to the at least one non-transitory storage device and the at least one network communication interface, wherein the at least one processing device is configured to:collect activity data from one or more monitoring devices over a period of time, wherein the activity data is associated with one or more users comprising at least one user;
collect failure data associated with one or more operations of an entity;
extract operation data associated with the one or more operations of the entity;
process the activity data, the operation data, and the failure data to generate computed data;
continuously gather real-time input data from the one or more monitoring devices, wherein the real-time input data is associated with the at least one user;
aggregate and process the real-time input data and the computed data, wherein processing comprises comparing the real-time input data and the computed data; and
in response to aggregating and processing the real-time input data and the computed data, dynamically identify a real-time anomaly associated with the at least one user.


US Pat. No. 11,070,453

PROVIDING NETWORK TRAFFIC ENDPOINT RECOMMENDATION BASED ON NETWORK TRAFFIC DATA ANALYSIS

Microsoft Technology Lice...


1. A system comprising:at least one processor; and
at least one memory communicatively coupled to the at least one processor and comprising computer program code that, when executed by the at least one processor, cause the system to:
for a plurality of originating IP subnets associated with a customer of a network service infrastructure, collect latency data associated with accessing a plurality of endpoints within the network by a plurality of end user devices associated with the customer, wherein the end user devices are clustered based on source address, footprint, and traffic analysis performed for the customer;
calculate performance scores for a plurality of geographic regions based at least on the collected latency data and a load estimation model, wherein the geographic regions are associated with the customer and the geographic regions are determined based on a geography of the endpoints and a relative network location of the endpoints;
generate a reduced set of IP subnets by eliminating subnets that have negligible traffic based on a traffic threshold;
form associations between network traffic and the clustered end user devices;
based on the associations, select a subset of the calculated performance scores based on the network traffic of end user devices of one of the reduced set of IP subnets;
generate estimates of future network behavior for the network traffic for the one of the reduced set of IP subnets;
compare one or more performance scores of the one of the reduced set of IP subnets to the generated estimates and one or more predefined performance score thresholds;
identify, based on the comparison, the selected subset of the calculated performance scores, and a volume of the network traffic from the one or more of the plurality of geographic regions, an endpoint recommendation for improving the performance scores for the customer; and
configure the network based on the endpoint recommendation.

US Pat. No. 11,070,452

NETWORK DASHBOARD WITH MULTIFACETED UTILIZATION VISUALIZATIONS

Juniper Networks, Inc., ...


1. A method comprising:determining, by a computing system, information about a plurality of computing instances within a network, wherein the plurality of computing instances includes a first computing instance and a second computing instance, and wherein the network includes a message bus on which metric information associated with the network is published;
monitoring, by the computing system, metric values for the first computing instance, wherein the metric values represent information about usage of a first resource associated with the first computing instance;
monitoring, by the computing system, summary metric values for the plurality of computing instances, wherein the summary metric values are based on metric values for all of the plurality of computing instances during a time window;
determining, by the computing system and based on the metric values for the first computing instance and the summary metric values, a representative value range for the metric values for the first computing instance, wherein the representative value range is one of a plurality of representative value ranges that are determined using the summary metric values; and
generating, by the computing system, data enabling presentation of a user interface that includes a plurality of display elements, each corresponding to selected computing instances within the network after filtering the plurality of computing instances to make non-selected computing instances less visible, and wherein the plurality of display elements includes a first display element that has an appearance indicating the representative value range for the metric values for the first computing instance.

US Pat. No. 11,070,451

METHOD AND SYSTEM FOR INDUCING PSEUDO HTTPS COMMUNICATIONS BETWEEN ONE OR MORE EMULATED SERVERS AND EMULATED CLIENTS TO TEST A DEVICE THEREBETWEEN

Spirent Communications, I...


18. A testing system including at least eight processor cores coupled to memory, the memory loaded with computer instructions to test handling of HTTPS sessions of a multitude of clients with a plurality of servers by a switching, bridging or routing device (referred to as the “device or system under test” or “DUT”), the testing system including at least first and second ports that are coupled to ports on the DUT, the instructions, when executed on the at least eight processors cores, implement actions comprising:using a plurality of client state machines running on at least four of the eight processor cores, communicating through the DUT with a plurality of server state machines running on at least four additional processor cores of the eight processor cores;
for each connection between (i) a client represented by a client state machine, of the plurality of client state machines, and (ii) a server represented by a server state machine, of the plurality of server state machines, setting up an HTTPS session through the DUT, the setting up of the HTTPS session including:establishing an HTTPS session between the client and the server through the DUT;
negotiating an encryption protocol and exchanging keys; and
completing an HTTPS handshake;

following the setup of between 100,000 HTTPS sessions and 10,000,000 HTTPS sessions, conducting a stress test on the DUT using the 100,000 HTTPS to 10,000,000 HTTPS sessions, the stress test including:generating address and packet header information in conformance with an HTTPS standard of the 100,000 HTTPS to 10,000,000 HTTPS sessions;
combining patterned payload data with the generated address and packet header information to form test packets without using the negotiated encryption protocol to encrypt the patterned payload data, such that the payload data included in the formed test packets is not encrypted using the encryption protocol negotiated by the 100,000 HTTPS to 10,000,000 HTTPS sessions; and
transmitting the test packets including the payload data that is not encrypted using the negotiated encryption protocol through the DUT using the 100,000 HTTPS to 10,000,000 HTTPS sessions; and
compiling and reporting results of the stress test.


US Pat. No. 11,070,450

NETWORK TAP WITH CLOCK ADAPTATION

PROFITAP HQ B.V., Eindho...


1. A network tap capable of multi gigabit speeds, comprising:a first network connector for connecting to a first network device;
a second network connector for connecting to a second network device;
a third network connector for connecting to a monitoring device;
a phase locked loop; and
circuitry connecting an output of said first network connector to an input of said second network connector, an output of said second network connector to an input of said first network connector, an output of at least one of said first network connector and said second network connector to an input of said third network connector, an output of said circuitry to an input of said phase locked loop and an output of said phase locked loop to an input of said circuitry, said inputs and outputs of said network connectors receiving and providing signals inside said network tap;
wherein said circuitry is configured to:extract a clock signal from a first signal received from said output of said first network connector or said output of said second network connector;
provide said clock signal to said phase locked loop;
receive a reference clock signal derived from the extracted clock signal from said phase locked loop;
clock a second signal to be provided to said input of the other one of said first network connector and said second network connector using said received reference clock signal when a link has been established between said first network device and said first network connector and a link has been established between said second network device and said second network connector; and
force an internal network port connected to one of said first network connector and said second network connector to act as slave, and an internal network port connected to the other one of said first network connector and said second network connector to act as master, and wherein said first signal is received from said output of said network connector connected to said internal network port forced to act as slave and said second signal is provided to said output port of said network connector connected to said internal network port forced to act as master,
and wherein said circuitry is configured to clock said second signal using said reference clock signal derived from said extracted clock signal when said first signal does not instruct said network tap to pass a synchronization signal in said first signal on to said second signal.


US Pat. No. 11,070,449

INTELLIGENT APPLICATION DEPLOYMENT TO DISTRIBUTED LEDGER TECHNOLOGY NODES

BANK OF AMERICA CORPORATI...


1. An intelligent application deployment system for deploying applications to distributed network technology (DLT) nodes, the system comprising:one or more memory components;
one or more processor components;
computer-readable instructions stored on the one or more memory components and configured to cause the one or more processor components to:receive a request from an authorized user to deploy an application code to one or more designated DLT network nodes;
determine that the one or more designated DLT network nodes are not compatible with the application code;
compare a set of characteristics associated with the application code to a set of characteristics associated with previously identified DLT networks, wherein the set of characteristics associated with previously identified DLT networks is stored in a database communicatively coupled to the system;
based on the comparison, determine a second DLT network with compatible characteristics for the application code on which to deploy the received application code, wherein the second DLT network comprises a set of one or more nodes associated with the second DLT network;
generate a deployment script, wherein the deployment script comprises executable instructions compatible with the second DLT network and to be performed by the one or more nodes associated with the second DLT network to implement the application code; and

install the application code, wherein installing the application comprises executing the deployment script at the one or more nodes associated with the second DLT network.

US Pat. No. 11,070,448

PROVISIONING SERVER FOR AUTOMATED DATA PROVIDER PROVISIONING AND ASSOCIATED METHODS

The Toronto-Dominion Bank...


1. A provisioning server for automated data provider provisioning, comprising:a processor;
a communication subsystem coupled to the processor;
a memory coupled to the processor; and
a provisioning module stored in the memory, the provisioning module comprising executable instructions that, in response to execution by the processor, cause the provisioning server to:receive a signal via the communication subsystem from a first data transfer network, the signal including a message containing a data transfer instruction for a second data transfer network distinct from the first data transfer network, the data transfer instruction being from a first account in the second data transfer network associated with a first entity to a second account in the second data transfer network associated with a second entity;
identify the first account from a user account database using a messaging address of a sender of the message, the messaging address identifying the sender of the message in the first data transfer network, wherein the user account database comprises mappings between user account identifiers and messaging addresses and first provisioning data for provisioning data transfers with user accounts in the second data transfer network;
automatically perform a data provider addition procedure in response to a determination that the message matches one or more message classification rules for a data provider addition request, the data provider addition procedure comprising:comparing the data transfer instruction to a plurality of data transfer instruction templates in a data transfer instruction template database to identify any matching data transfer instruction template;
in response to a determination that the data transfer instruction matches a data transfer instruction template in the data transfer instruction template database:extracting data from the data transfer instruction for the data provider addition based on the matching data transfer instruction template;
parsing the extracted data in accordance with the matching data transfer instruction template to identify an account identifier of the second account associated with the second entity;
determining from a data provider database distinct from the user account database second provisioning data for provisioning data transfers to the second account associated with the second entity using the account identifier of the second account, the data provider database comprising provisioning data for provisioning data transfers with a plurality of data providers registered with the provisioning server, the data provider database comprising data provider information comprising data provider names for the plurality of data providers registered with the provisioning server;
generating a data provider record including the data provider name, account identifier and the second provisioning data of the second account associated with the second entity; and
storing the data provider record in a data provider list of the first account in the user account database.




US Pat. No. 11,070,447

SYSTEM AND METHOD FOR IMPLEMENTING AND MANAGING VIRTUAL NETWORKS

MIDO HOLDINGS LTD., Laus...


1. A computing method, wherein said computing method is performed by system having at least one computing device including a processor and a memory coupled to the processor, the computing method comprising:maintaining a shared database accessible from an underlying network having a plurality of nodes, the shared database storing a virtual network topology and virtual device configurations for a plurality of virtual network devices,
receiving a network packet arriving at a first network interface of a first node of the underlying network,
determining an action for processing the network packet based on a simulation of the packet's traversal of the virtual network topology including the plurality of virtual network devices, wherein the virtual network topology includes a plurality of virtual ports corresponding to the plurality of virtual network devices, wherein each virtual port corresponds to one of an exterior facing port associated with a network interface of a node of the underlying network, or an interior facing port associated with a virtual link between virtual network devices;
wherein the simulation includescreating a packet protocol header pattern by identifying each field of a packet header that is read during the traversal of the virtual network topology, wherein the packet protocol header pattern includes a wildcard for any field of the packet header that was not read during the simulation;
determining a plurality of actions for modifying the packet header based on a configuration of each virtual device traversed by the packet during the simulation; and
communicating the packet protocol header pattern and the determined plurality of actions to the shared database, storing the packet protocol header pattern and the determined plurality of actions as a flow rule in the shared database; and

receiving a subsequent packet;
upon receiving the subsequent packet, selecting a flow rule from the shared database by matching a header of the subsequent packet with the stored packet protocol header pattern, and then modifying the subsequent packet based on the determined plurality of actions of the flow rule, such that the modified subsequent packet header is configured as the subsequent packet would be emitted at a second network interface of a second node of the underlying network based on all the actions applied through the traversal of the virtual network topology;
forwarding the packet from the first node to the second node as a payload of a tunneling protocol packet having a tunnel key that encodes a globally unique identifier of one of a plurality of network interfaces of the second node through which the packet will be emitted; and
emitting the packet from the network interface of the second of the plurality of computing nodes without performing the simulation on the second node.

US Pat. No. 11,070,446

INTELLIGENT NETWORK RESOURCE ORCHESTRATION SYSTEM AND METHOD FOR INTERNET ENABLED DEVICE APPLICATIONS AND SERVICES


1. A network device, the network device comprising:a processor; and
a memory coupled with the processor, the memory storing executable instructions that when executed by the processor cause the processor to effectuate operations comprising:receiving a message;
identifying a plurality of application servers based on the message, wherein the message comprises:a request for a service; and
a service chaining order that provides a sequential order or a concurrent order to perform respective parts of the service using the plurality of application servers;

identifying application server parameters for the plurality of application servers;
using a lookup table to correlate the application server parameters to one or more network communication parameters;
modifying the one or more network communication parameters of the message based on the application server parameters for the plurality of application servers;
causing the network device to manage communications between an Internet of things (IoT) device and the plurality of application servers in accordance with the one or more network communication parameters;
mapping a hierarchy for the plurality of application servers; and
based on the mapping, providing instructions for how a device of a network sends messages to each of the respective application servers of the plurality of application servers.


US Pat. No. 11,070,445

SYSTEM AND METHOD FOR OPTIMIZATION OF AN OVER-THE-TOP (OTT) PLATFORM

TAMBORA SYSTEMS SINGAPORE...


1. A method for resource optimization in an over-the-top (OTT) platform to improve Quality of Experience (QoE) of viewing a video in one or more end-user devices connected to a mobile communication network, the method comprising:providing a system communicatively coupled to said one or more end-user devices, said mobile communication network, and said OTT platform through said mobile communication network;
receiving, by said system, said user device sensory data from said one or more end-user devices;
receiving, by said system, said OTT platform sensory data from said OTT platform;
receiving, by said system, said mobile network operator sensory data from said mobile communication network;
processing, by said system, said received user device sensory data, said received mobile network sensory data and said OTT platform sensory data to obtain processed data for determining changes required in a resolution of said video provided to said end-user devices by said OTT platform, if said resolution of said video is below a threshold value; and
providing instructions to said OTT platform to stream said video to one or more of said end-user devices receiving said video with said resolution below said threshold value, wherein said instructions comprise one of:
instructions to transmit said video at a constant resolution at or above said threshold value to each of said one or more of said end-user devices; and
instructions to transmit said video over a constant bandwidth to each of said one or more of said end-user devices, wherein transmitting said video at one of said constant resolution and said constant bandwidth prevents transcoding and transrating at OTT platform and conserves resources at said OTT platform.

US Pat. No. 11,070,444

SDN CONTROL PLANE PERFORMANCE TESTING

Nokia Technologies Oy, E...


1. An apparatus, comprising:at least one processor; and
at least one memory including a set of instructions;
wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to at least:receive, based on querying of a software defined network (SDN) control plane, a description of a topology of an SDN data plane; and
configure, based on the description of the topology of the SDN data plane, a cloned SDN data plane configured to emulate the SDN data plane.


US Pat. No. 11,070,443

METHODS AND APPARATUS FOR CENTRALIZED OPERATIONAL MANAGEMENT OF HETEROGENOUS NETWORK DEVICES THROUGH SOFTWARE-BASED NODE UNIFICATION

Juniper Networks, Inc., ...


1. A method, comprising:merging a plurality of management device schema commands from a plurality of network management device packages with a unified schema to produce unified schema information, the plurality of network management device packages being associated with a plurality of network management devices;
converting a unified schema command signal into a plurality of management device schema command signals using the unified schema, the unified schema command signal associated with the unified schema information, each management device schema command signal from the plurality of management device schema command signals being associated with a management device schema command from the plurality of management device schema commands;
when the unified schema command signal includes a device-list option, sending each management device schema command signal from the plurality of management device schema command signals to a node unifier daemon causing the node unifier daemon to send each management device schema command signal from the plurality of management device schema command signals to a network management device that is from a subset of the plurality of network management devices and that is associated with that management device schema command signal; and
when the unified schema command signal does not include a device-list option sending each management device schema command signal from the plurality of management device schema command signals to a network management device that is from the subset of the plurality of network management devices and that is associated with the management device schema command associated with that management device schema command signal.

US Pat. No. 11,070,442

METHOD AND NETWORK FOR MANAGING AND ORCHESTRATING VIRTUAL NETWORK FUNCTIONS AND NETWORK APPLICATIONS

NEC LABORATORIES EUROPE G...


1. A method for jointly managing and orchestrating virtual application functions and virtual network functions through a single management and orchestration (MANO) framework within a network, the method comprising:creating, by a MANO Orchestrator of the MANO framework, at least one virtual network application and a mobile edge computing (MEC) service platform, the MEC service platform including one or more virtual network functions (VNFs);
providing a virtual application function (VAF) as a container for the at least one virtual network application, the VAF being mapped and connected to the one or more VNFs of the MEC platform such that the VAF is configured to utilize services provided by the one or more VNFs of the MEC platform;
providing, in the MANO framework, a VAF manager (VAFM) configured to perform lifecycle management for the VAF and a VNF manager (VNFM) configured to perform lifecycle management for the one or more VNFs of the MEC platform;
providing a first set of interfaces, the first set of interfaces including an interface between the VAFM and the MANO Orchestrator, an interface between the VAF and the VAFM, and an interface between the VAFM and a virtualized infrastructure manager (VIM) of the MANO framework; and
providing a second set of interfaces, the second set of interfaces including an interface between the VNFM and the MANO Orchestrator, an interface between the at least one VNF and the VNFM, and an interface between the VNFM and the VIM of the MANO framework.

US Pat. No. 11,070,441

MODEL TRAINING FOR ON-PREMISE EXECUTION IN A NETWORK ASSURANCE SYSTEM

Cisco Technology, Inc., ...


1. A method comprising:maintaining, by a network assurance service, a data lake of network telemetry data obtained by the service from one or more computer networks;
generating, by the service, a machine learning model for on-premise execution in a particular computer network to detect network issues in the particular network by repeatedly:selecting a candidate set of model settings based in part on the data lake of network telemetry data,
training a machine learning model using network telemetry data from the data lake that matches the candidate set of model settings, and
testing performance of the trained model using an emulator that emulates network issues in the particular network; and

deploying, by the service, the generated machine learning model to the particular computer network for on-premise execution.

US Pat. No. 11,070,440

EFFICIENT DETECTION AND PREDICTION OF DATA PATTERN CHANGES IN A CLOUD-BASED APPLICATION ACCELERATION AS A SERVICE ENVIRONMENT

ARYAKA NETWORKS, INC., N...


1. A method comprising:sampling, through a server of a cloud computing network comprising a plurality of subscribers of application acceleration as a service provided by the cloud computing network at a corresponding plurality of client devices communicatively coupled to the server, time series data associated with each network entity of a plurality of network entities of the cloud computing network for each feature thereof into a smaller time interval compared to that of the time series data as a first data series comprising a maximum value of the sampled time series data for the each feature within the smaller time interval and a second data series comprising a minimum value of the sampled time series data for the each feature within the smaller time interval;
generating, through the server, a reference data band based on:predicting a first future data set of the each network entity for the each feature based on the first data series and a second future data set of the each network entity for the each feature based on the second data series;
combining the first future data set and the second future data set for each future time interval thereof; and
transforming the combined first future data set and the second future data set for the each future time interval into the reference data band;

based on regarding a maximum of the first future data set as a maximum expected value of the reference data band and a minimum of the second future data set as a minimum expected value of the reference data band, detecting, through the server, at least one anomaly in real-time data associated with the each network entity for the each feature thereof based on determining whether the real-time data falls outside the maximum expected value and the minimum expected value of the reference data band in accordance with computing a score for the at least one anomaly indicative of anomalousness thereof, the computation of the score involving both relative scoring and absolute deviation scoring, the absolute deviation scoring being based on previous data deviations from reference data bands analogous to the reference data band associated with the each network entity, and the absolute deviation scoring further comprising:preserving, through the server, a first discrete data distribution for the each network entity for the each feature for associated anomalies with values higher than the maximum expected value of the reference data band and a second discrete data distribution for the each network entity for the each feature for other associated anomalies with values lower than the minimum expected value of the reference data band, both the first discrete data distribution and the second discrete data distribution having a probability mass function of the previous data deviations from the reference data bands analogous to the reference data band associated with the each network entity; and
computing, through the server, a cumulative probability utilizing a deviation value of the detected at least one anomaly from the reference data band; and

determining, through the server, an event associated with a pattern of change of the real-time data associated with the each network entity based on executing an optimization algorithm to determine, among all features of the each network entity, a series of anomalies comprising the detected at least one anomaly that constitutes a sequence of patterned anomalies in accordance with scanning detected anomalies associated with the real-time data associated with the each network entity including the detected at least one anomaly.

US Pat. No. 11,070,439

HIERARCHICAL NETWORK ANALYSIS SERVICE

Microsoft Technology Lice...


1. A computing system comprising:a memory;
one or more processors communicatively coupled with the memory; and
one or more hierarchical analytics modules stored in the memory and executable by the one or more processors to:receive network data from one or more networks;
filter the network data based on a filtering item corresponding to one or more of a location, a topology level, a device type, a data center, an application, or a service associated with the one or more networks;
perform a first set of analyses on the network data from the one or more networks to produce a first result identifying one or more impact events related to the one or more networks, wherein an impact event is an event for which there is a measurable difference in network performance after the event;
perform a second set of analyses on the first result to produce a second result representing a diagnostic of a link or a device of the one or more networks, wherein the second result identifies at least one problem that is a possible cause of an error associated with the link or the device or at least one pattern of failure associated with the link or the device; and
send formatted data corresponding to the second result to a requestor.


US Pat. No. 11,070,438

APPARATUS, SYSTEM, AND METHOD FOR COLLECTING NETWORK STATISTICS INFORMATION

Juniper Networks, Inc, S...


1. A method comprising:implementing, within a network device, at least one sensor designed to collect network statistics information about a plurality of logical network interfaces of the network device;
receiving, at the network device, one or more requests sent by a client to obtain network statistics information about a group of logical network interfaces of the network device;
identifying a set of network addresses assigned to the group of logical network interfaces based at least in part on the one or more requests sent by the client;
determining a first range of network addresses in connection with the set of network addresses by:identifying a network address with a lowest value within the set of network addresses;
identifying an additional network address with a highest value within the set of network addresses; and
setting the first range of network addresses to include each network address between the lowest value and the highest value;

determining, in connection with the set of network addresses, a second range of network addresses that is not sequential with the first range of network addresses; and
providing, to the sensor, an instruction that prompts the sensor to:simultaneously collect network statistics information about each logical network interface whose network address is within the first range of network addresses or the second range of network addresses; and
utilize the collected network statistics information to enable the network device to handle network traffic in connection with at least one logical network interface included in the group of logical network interfaces.


US Pat. No. 11,070,437

NETWORK INTERCONNECT AS A SWITCH

David I-Keong Wong, Frem...


1. A multi-unit switching device, comprising one or more of ICAS modules each comprising:n port groups, each port group comprising n?1 interfaces, wherein n is an integer equal or larger than 3;
an interconnecting network implementing a full mesh topology, wherein each of the n port groups connects one of the n?1 interfaces to another of the n port groups statically, respectively; and
a plurality of first layer switches each configured and grouped into one or more of the n port groups each connects to the n port groups of a different said ICAS module respectively, wherein a number of the plurality of first layer switches is n, wherein the plurality of first layer switches is indexed with an integer from 0 to n?1;
wherein the n?1 interfaces of the n port groups are labeled with the same indexes as those of connected n port groups; wherein an interface with index j of one of then port groups with index i is connected to an interface with index i of one of the n port groups with index j, where i is in the range of 0 to n?1, j is in the range 0 to n?1, wherein i does not equal to j, and wherein the interconnecting network comprises all connections between the n port groups; and
wherein said ICAS modules are implemented on one or more PCBs in an optical media or an electric circuit manner; wherein the multi-unit switching device further comprises a plurality of switching devices, MCU- or CPU-based control cards, power modules, and cooling fan modules, and a multi-unit rackmount chassis, wherein each of the ICAS modules is connected to the plurality of switching devices, such that the ICAS module interconnects at least two interfaces of each n port group each of different switching devices to form a full mesh non-blocking interconnection, wherein the rest of the interfaces of each n port groups for interconnecting different switching devices are configured as interfaces for uplink of an external network; and wherein said ICAS modules and the switching devices are implemented on the one or more PCBs as fabric cards and line cards respectively and housed in the multi-unit rackmount chassis.

US Pat. No. 11,070,436

COMMUNICATION CONTROL APPARATUS, COMMUNICATION APPARATUS, CONTROL METHODS THEREOF, AND SYSTEM

CANON KABUSHIKI KAISHA, ...


1. A system which includes a plurality of communication apparatuses grouped into groups, a delivery apparatus that delivers content to the communication apparatuses that belong to the groups, and a communication control apparatus that performs grouping,wherein the communication control apparatus includes a processor and a memory coupled to the processor and storing instructions that, when executed by the processor, cause the processor to:
group the plurality of communication apparatuses and construct a hierarchical delivery topology;
determine a content reproduction start time to start reproducing the content for each of the groups;
notify the communication apparatuses in each of the groups of the content reproduction start time;
perform control such that the content is delivered in order from a group having an earlier content reproduction start time to a group having a later content reproduction start time;
acquire transmittability of the delivery apparatus;
acquire transmittability of the communication apparatuses; and
acquire bit rates of the content,
wherein the processor determines total transmittability of the communication apparatuses of each of the groups and a total of the bit rates, and perform grouping such that either higher one of the total transmittability and the total bit rate does not exceed transmittability of the communication apparatuses of a group in a higher hierarchical level,
wherein each of the communication apparatuses is configured to:
receive the content;
store the received content; and
reproduce the stored content according to the reproduction start time notified from the communication control apparatus.

US Pat. No. 11,070,435

SERVICE MODEL RE-COMPUTATION BASED ON CONFIGURATION ITEM CHANGE TYPE

ServiceNow, Inc., Santa ...


12. A method comprising:maintaining, by one or more server devices of a computational instance, a database that contains a plurality of configuration item (CI) records corresponding to a set of computing devices within a managed network, a set of software applications configured to execute on the set of computing devices, and a network-based service that is provided by execution of the set of software applications, wherein the managed network is associated with the computational instance, wherein the database contains a definition of a service model that represents the set of computing devices, the set of software applications, and relationships therebetween that facilitate providing the network-based service, and wherein the service model includes a service environment having multiple service layers that are hierarchically-arranged;
receiving, by the one or more server devices, from the managed network, an indication of a change to a CI record of the plurality of CI records;
storing, in the database, the CI record as changed;
adding, by the one or more server devices, to a change record table stored within the database, a change record corresponding to the change to the CI record, wherein the change record: (i) references the CI record and a service layer of the multiple service layers, and (ii) specifies a change type that is indicative of whether the change affects a topology of the service model;
based on the change type, selecting, by the one or more server devices, for the service layer a service model re-computation mode from among a plurality of service model re-computation modes, wherein selecting the service model re-computation mode comprises:in response to the change type indicating that the change does not affect the topology of the service model, selecting a fast re-computation mode; and
in response to the change type indicating that the change does affect the topology of the service model, selecting a full re-computation mode; and

re-computing, by the one or more server devices, the service layer of the service environment in accordance with the selected service model re-computation mode.

US Pat. No. 11,070,434

COMMUNICATIONS NETWORK NODE

Microsoft Technology Lice...


1. A node of a communications network comprising a plurality of interconnected nodes, the node comprising:a memory storing information about a topology of a network, configuration data comprising attributes of the network, and information about a routing protocol of the network;
the memory storing a comparison function derived from a best path definition of the routing protocol; and
a path finding component which computes at a processor, a routing table specifying which neighbors of the node incoming data received at the node is to be routed to, where computing the routing table comprises searching for optimal paths between the node and a destination node through one or more other nodes of the interconnected nodes, using the information about the topology of the network and the configuration data, using the comparison function to compare two or more network export messages, where each of the two or more network export messages is a message sent by the node through each neighboring node of the interconnected nodes to the destination node to advertise each sub-network that is reachable from the node, and using the comparison function to guide the search by processing the two or more network export messages in an order based on the comparing; and
based on comparison, determine the optimal paths between the node and the destination node, wherein optimal paths between the node and the destination node is optimal with respect to one or more of the attributes;
wherein the path finding component comprises a queue of network export messages about sub-networks of the communications network being considered in paths searched by the path finding component, and wherein the path finding component orders the network export messages in the queue using the comparison function and explores paths from individual sub-networks of network export messages of the queue in an exploration order which follows the exploration order.

US Pat. No. 11,070,433

NETWORK FUNCTION NF MANAGEMENT METHOD AND NF MANAGEMENT DEVICE

HUAWEI TECHNOLOGIES CO., ...


1. A network function (NF) management method performed by an NF management device, comprising:receiving an NF discovery request from a first NF component, wherein the NF discovery request comprises an NF identifier and an expected network slice identifier, the NF identifier identifies a second NF type;
obtaining component information of a second NF component based on the NF identifier and the expected network slice identifier, wherein the second NF component supports the second NF type and is located in a network slice identified by the expected network slice identifier, and the component information of the second NF component comprises a discovery policy of the second NF component and a second NF component identifier;
determining, based on the discovery policy in the component information, that the first NF component can access the second NF component; and
sending the second NF component identifier to the first NF component.

US Pat. No. 11,070,432

DYNAMIC AND CUSTOMIZABLE VIRTUAL NETWORK FUNCTIONS

CISCO TECHNOLOGY, INC., ...


1. A method comprising:creating, at a virtual network function manager, a lifecycle management policy in an extensible lifecycle management data model associated with a virtual network function, the lifecycle management policy in the extensible lifecycle management data model comprising a condition defining a lifecycle event associated with the virtual network function and an action to perform during a specific lifecycle stage upon satisfaction of the condition;
based on the lifecycle management policy, monitoring the virtual network function to detect satisfaction of the condition; and
in response to detecting satisfaction of the condition, executing, based on the lifecycle management policy in the extensible lifecycle management data model, the action associated with the lifecycle management policy, wherein the action updates a copy of a storage volume associated with the virtual network function and uses the updated copy of the storage volume to alter the virtual network function without undeploying the virtual network function.

US Pat. No. 11,070,431

SYSTEM AND METHOD FOR NETWORK VALIDATION ARCHITECTURE FOR CLUSTERED AND FEDERATED STORAGE SYSTEMS

EMC IP Holding Company, L...


1. A computer-implemented method comprising:performing, by a single unified architecture, an initial network validation, wherein the initial network validation is performed before a storage cluster is fully configured;
performing, by the single unified architecture, a cluster expansion validation, wherein the cluster expansion validation is performed before at least one of a new storage application and a new storage controller is added into the storage cluster;
performing, by the single unified architecture, a pre-reconfiguration validation, wherein the pre-reconfiguration validation is performed as a network reconfiguration operation in the storage cluster before a network reconfiguration request is processed; and
performing, by the single unified architecture, ongoing network validation, wherein the ongoing network validation is performed periodically as a background process.

US Pat. No. 11,070,430

PERSONA/INDIVIDUAL BASED ACTIONS BASED ON COMMUNITY SPECIFIC TRIGGER


1. A computer-implemented method, comprising:selecting a community including member devices, wherein the member devices are associated with a distributed job, wherein the member devices include mobile devices in proximity;
sharing, with the community, information of one or more member devices, the information of the one or more member devices includes power connection, charge status, and internet connectivity;
identifying, based on the shared information, a trigger related to the distributed job;
spawning an automated action set related to the trigger, wherein the automated action set includes at least one of automated action by the member devices or automated action by a remote device communicatively coupled to at least one of the member devices; and
executing, in response to the trigger, the automated action set, wherein the automated action set includes sending an alert.

US Pat. No. 11,070,429

TRACKING STATE OF COMPONENTS WITHIN A NETWORK ELEMENT

Arista Networks, Inc., S...


1. A network element, comprising:a control plane including a first agent, the first agent configured to transmit updates on state and status of the network element to one or more collector nodes during network element operation; and
a data plane to forward network data from an ingress interface to an egress interface.

US Pat. No. 11,070,428

SYSTEM AND METHOD FOR EXCHANGING CONFIGURATION INFORMATION BETWEEN TWO NODES IN A WIRELESS NETWORK

ZTE CORPORATION, Guangdo...


1. A method implemented on a distributed unit (DU), the method comprising:generating a first message that comprises first configuration information associated with the DU; and
transmitting the first message to a centralized unit (CU) for exchanging configuration information with the CU, wherein the DU and the CU cooperate to serve at least one cell in a wireless network as a same base station, wherein the first configuration information comprises:identification information of the DU for the CU to identify the DU;
a list of public land mobile networks or tracking area identities supported by the DU;
a protocol version of the DU; and
information about network slices supported by the DU per each tracking area identity.


US Pat. No. 11,070,427

METHOD AND APPARATUS FOR TRANSMISSION OVER VIRTUAL TUNNEL

ADVANCED SEMICONDUCTOR EN...


1. An electronic device for updating firmware in a target device over-the-air, the electronic device comprising:a processor;
a memory;
a dispatching module configured to establish a communication link between the electronic device and the target device by:
receiving a signal from the target device;
and establishing the communication link between the electronic device and the target device in response to the signal wherein the communication link is a virtual tunnel; and
a firmware over-the-air (FOTA) core configured to receive information corresponding to updated firmware via the established communication link, wherein the FOTA core is connected with the target device through a hardware interface and wherein the FOTA core uses the established communication link to establish a connection with a server, wherein the FOTA core is further configured to send a request to the server and to receive information corresponding to current firmware of the target device from the server subsequent to an identification of the target device.

US Pat. No. 11,070,426

MECHANISMS FOR THE ADAPTIVE CONTROL OF SERVICE LAYER OPERATIONS

Convida Wireless, LLC, W...


1. A method implemented in a service layer entity of a communications network, the method comprising:activating, at the service layer entity, one or more adaptation rules for modifying one or more characteristics of the service layer entity based on one or more operational metrics of the service layer entity, wherein the operational metrics of the service layer entity comprise one or more service layer metrics;
receiving, from another entity in communication with the service layer entity, a request to perform an operation at the service layer entity;
determining, at the service layer entity and based on the one or more adaptation rules, that the operation is not capable of being executed by the service layer entity; and
transmitting, by the service layer entity, a request for additional resources to be utilized by the service layer entity.

US Pat. No. 11,070,425

METHOD AND SYSTEM OF DETECTING DEVICE REARRANGEMENT IN MANUFACTURING FIELD

Hitachi, Ltd., Tokyo (JP...


1. A method for a system comprising a first network coupled to a plurality of programmable logic controllers (PLCs) and one or more assets, and a second network coupled to a server managing a camera monitoring the one or more assets, and an asset manager managing the one or more assets, the method comprising:for received images from the camera being indicative of an asset from the one or more assets being moved:monitoring the asset being moved to a final location through the camera;
determining a PLC from the plurality of PLCs that is associated with the final location;
transmitting information to the asset manager indicative of a change of the asset being moved to the final location and the PLC determined to be associated with the asset being moved based on the final location;
reconfiguring the first network according to the change indicated by the information regarding the asset being moved; and
processing data from the reconfigured first network;
wherein the determining the PLC from the plurality of PLCs that is associated with the final location comprises determining the PLC from the plurality of PLCs that is managing an area associated with the final location.


US Pat. No. 11,070,424

SYSTEM AND METHOD FOR DYNAMIC NAME CONFIGURATION IN CONTENT-CENTRIC NETWORKS

CISCO TECHNOLOGY, INC., ...


1. A computer-executable method for automatic configuration of a device in a content-centric network (CCN), the method comprising:sending, by the device in the CCN, a predetermined Interest, wherein the predetermined Interest has a name prefix in a predetermined namespace;
receiving a Content Object in response to the predetermined Interest, wherein the Content Object includes at least configuration information; and
configuring the device based on the configuration information received in the Content Object, wherein configuring the device comprises:populating default entries in a Forwarding Information Base (FIB); and
configuring one or more namespaces that correspond to one or more services.


US Pat. No. 11,070,423

INTENT DEPLOYMENT IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...


1. A method comprising:detecting, at a network device, when a deployment request for the network device from a network controller is stored in a directory corresponding to the network device, wherein deployment information is stored as a value of a first key in the directory and includes information to configure the network device to attain a set of goals;
retrieving by the network device the deployment information from the directory;
configuring the network device to attain the set of goals by the network device applying the retrieved deployment information; and
generating, by the network device, one or more status notifications indicating a status of configuring the network device and storing the one or more status notifications as a value of a second key in the directory to indicate the status to the network controller.

US Pat. No. 11,070,422

ENABLING ENTERPRISE SEGMENTATION WITH 5G SLICES IN A SERVICE PROVIDER NETWORK

CISCO TECHNOLOGY, INC., ...


1. A method comprising:by an enterprise controller of an enterprise network:
sending to a service gateway of a service provider network a request for network slice information about network slices provisioned on a data plane of the service provider network;
maintaining first mappings of user groups for network traffic of the enterprise network to traffic policies to be applied to the network traffic;
determining second mappings of the user groups to ones of the network slices that match the user groups based on the traffic policies and properties associated with the network slices;
responsive to the sending, receiving, from the service gateway, the network slice information including identifiers of the network slices and their properties; and
responsive to receiving a request for the network slice information from a network device at a border of a forwarding plane of the enterprise network, sending the network slice information and the second mappings to the network device to cause the network device to perform configuring the network traffic in the forwarding plane with identifiers of ones of the network slices that match the network traffic based on the second mappings, and to perform forwarding the network traffic configured with the identifiers of the ones of the network slices to the data plane of the service provider network.

US Pat. No. 11,070,421

COMBINED REGISTRATION AND TELEMETRY REPORTING

Microsoft Technology Lice...


1. A method, comprising:receiving, via an application programming interface (API), a multiplexed transmission from a telemetry device, the multiplexed transmission comprising a registration message and telemetry data;
demultiplexing the multiplexed transmission to obtain the registration message and the telemetry data;
registering the telemetry device with a telemetry system based upon the registration message;
sending the telemetry data to the telemetry system;
sending a registration response to the telemetry device, the registration response confirming registration of the telemetry device with the telemetry system; and
receiving, via the API, an additional transmission from the telemetry device, the additional transmission comprising additional telemetry data without a registration message.

US Pat. No. 11,070,420

SYSTEM, DEVICE, AND METHOD FOR CONFIGURING THE HANDLING OF EVENTS

PACIFIC TRACK, LLC, Newp...


1. A system for distributed device event handler configuration, comprising:a) an event handler configuration server; and
b) a plurality of event management devices, which are connected with the event handler configuration server over a network;
wherein the event handler configuration server is configured to enable a configuration user to create and edit an event handling program, comprising at least one event handler, which is configured to handle device events on at least one event management device in the plurality of event management devices;
wherein the event handler configuration server is configured to update the at least one event management device with the event handling program;
wherein the at least one event management device executes the at least one event handler of the event handling program, when the at least one event management device detects a device event, which corresponds with the at least one event handler;
wherein the at least one event management device comprises:a processor;
a non-transitory memory;
an input/output component;
a target compiler, which is configured to compile the event handling program into an event handling executable object for execution on the at least one event management device; and
a program executor, which is configured to execute the event handling executable object;

wherein the event handler configuration server further comprises:a logical event model, which comprises a plurality of logical events, each comprising at least one available logical event action,such that the event handling program references at least one selected logical event from the plurality of logical events, along with at least one selected logical event action from the at least one available logical event action; and


wherein the at least one event management device further comprises:a hardware layer, which provides access to hardware resources, including device events and corresponding device event actions; and

a logical event mapping, which maps each logical event to an associated device event from the hardware layer, and maps each corresponding logical event action to a corresponding device event action provided by the hardware layer;
such that the target compiler is configured to use the logical event mapping to replace each logical event with the associated device event and each corresponding logical event action with the corresponding device event action.

US Pat. No. 11,070,419

METHODS AND SYSTEMS TO TROUBLESHOOT AND LOCALIZE STORAGE FAILURES FOR A MULTITENANT APPLICATION RUN IN A DISTRIBUTED COMPUTING SYSTEM

VMware, Inc., Palo Alto,...


1. A process stored in one or more data-storage devices and executed using one or more processors of a computer system to troubleshoot and localize failures in data storage of a multitenant application run in a distributed computing system, the process comprising:determining network connection status for each data plane node of a database management system for a multitenant database, each data plane node having one or more data cores;
determining availability status of the one or more data cores of each connected data plane node;
isolating the one or more data cores of each disconnected data plane node from data storage ingestion and data queries;
isolating unavailable data cores of each connected data plane node from data storage ingestion and data queries; and
executing recovery to restore the disconnected data plane nodes to receive data storage request and queries from control plane nodes and restore the unavailable data cores to ingest data and respond to data queries.

US Pat. No. 11,070,418

SYSTEM AND METHOD FOR MANAGING DISTRIBUTION OF STATE INFORMATION

Arista Networks, Inc., S...


1. A network device, comprising:a storage storing subscription information; and
a message bus, distinct from a first agent, programmed to:distribute state information regarding the first agent to at least two agents based on the subscription information, wherein the state information is stored in a data structure exclusively managed by the first agent;
after distributing the state information, make a determination that a connection to one of the at least two agents has been closed; and
perform, based on the determination, an action set to prevent attempts to distribute future state information to the one of the at least two agents.


US Pat. No. 11,070,417

SENSOR RELAY APPARATUS AND SENSOR RELAY SYSTEM

NIPPON TELEGRAPH AND TELE...


1. A sensor relay apparatus for relaying and transferring sensor data detected by a plurality of sensor terminals to a processing apparatus, comprising:a storage device configured to store a communication protocol correspondence list in which the plurality of sensor terminals and the processing apparatus and communication protocols are registered in association with each other, and communication formats to be used in the respective communication protocols;
a relay processor configured to specify respective communication protocols associated with a sensor terminal and the processing apparatus by referring to the communication protocol correspondence list stored in the storage device, receive the sensor data from the plurality of sensor terminals by communicating with the plurality of sensor terminals based on the respective communication protocols, convert a format of the sensor data based on a communication format corresponding to the communication protocol which is used to receive the sensor data, and relay and transfer the sensor data to the processing apparatus;
a relay managing circuit configured to update the communication protocol correspondence list or the communication formats stored in the storage device, when a new communication protocol correspondence list or a new communication format is newly notified by the processing apparatus, based on the new communication protocol correspondence list or the new communication format; and
an expansion port configured to connect a communication module for communicating with at least one of the plurality of sensor terminals and the processing apparatus,
wherein the relay processor is configured to re-establish communication with the processing apparatus using a new communication protocol associated with the processing apparatus by referring to the communication protocol correspondence list updated by the relay managing circuit after communication with the processing apparatus is temporarily interrupted when the communication module is removed from the expansion port and a new communication module for the new communication protocol is connected to the expansion port.

US Pat. No. 11,070,416

TIME DOMAIN APPROACH TO DETERMINING A MODULATION OR DEMODULATION IMBALANCE

Apple Inc., Cupertino, C...


1. A communication device, comprising:quadrature generation circuitry configured toreceive a first input radio frequency signal,
adjust an average value of the first input radio frequency signal using a direct current offset block, and
generate quadrature waveforms using the first input radio frequency signal with the adjusted average value using the direct current offset block;

an analog-to-digital converter configured to convert the quadrature waveforms into digital signals; and
an imbalance compensation logic configured toseparate the digital signals into discrete components,
determine an imbalance between the quadrature waveforms due to asymmetric signal pathing of the quadrature waveforms in the quadrature generation circuitry by summing unbiased exponential representations of the discrete components of the digital signals,
determine one or more correction values that compensate for the imbalance, and
apply the one or more correction values to a second input radio frequency signal received from a transmitter.


US Pat. No. 11,070,415

OVERLAP-SAVE FBMC RECEIVER

INSTITUT MINES TELECOM-IM...


11. A method for equalizing and demodulating a Filter-Bank Multicarrier Communications (FBMC) signal, the FBMC signal comprising FBMC symbols, each FBMC symbol comprising data mapped over M subcarriers, oversampled by a factor K, filtered by a prototype filter and transposed in a time-domain, the method comprising the steps of:transposing a block of P*KM samples comprising at least one FBMC symbol into frequency domain samples, where P is an integer greater than one, equalizing said frequency domain samples, by multiplying them by one or more coefficients computed from a propagation channel estimate,
performing P circular convolutions between subsets of said equalized samples and a frequency domain response of a frequency shifted version of the prototype filter, and
summing corresponding outputs of each of the P circular convolutions.

US Pat. No. 11,070,414

COMMUNICATION NODE AND METHOD FOR GENERATING MULTICARRIER SIGNALS BY BACKSCATTERING

Telefonaktiebolaget LM Er...


1. A wireless communication node for generating multicarrier signals by means of backscattering in a wireless communication system, the wireless communication node comprising:a plurality A of antennas configured to receive a radio frequency (RF) signal with a carrier frequency;
a plurality A of switches, each one of the plurality A of switches having a number M of states;
a number of impedance matrices, each impedance matrix comprising a number M of impedances; wherein each one of the plurality A of antennas is coupled to one of the impedance matrices by one of the plurality A switches;
a symbol mapper, a serial to parallel converter, and one or more modulators configured to generate a number A of baseband subcarrier signals based on data symbols to be transmitted;
wherein each one of the number A of baseband subcarrier signals is generated with an antenna specific frequency for each one of the plurality A of antennas;
one or more switch controllers configured to control the states of the plurality A of switches based on the generated number A of baseband subcarrier signals such that a corresponding impedance is selected among the number M of impedances for each one of the plurality A of antennas, and thereby the received RF signal at each one of the plurality A of antennas is modulated by its specific frequency baseband subcarrier signal; and
wherein a group of RF subcarrier signals is generated by reflecting the modulated RF signal from each antenna, and thereby the multicarrier signals are generated from the plurality A of antennas;
wherein A and M are whole integer numbers.

US Pat. No. 11,070,413

RESOURCE MAPPING METHOD AND APPARATUS

Huawei Technologies Co., ...


1. A resource mapping method, comprising:obtaining a modulation symbol, wherein the modulation symbol is generated based on M code words, and M is a positive integer greater than or equal to 1;
determining a mapping pattern from one or more mapping patterns to map the modulation symbol to a time-frequency resource, based on each of the M code words or a user identification (ID) associated with a user equipment;
mapping the modulation symbol to the time-frequency resource according to the determined mapping pattern; wherein
the one or more mapping patterns include:
(a) a pattern of mapping every Q modulation symbols to one mapping unit, the mapping unit comprises F resource units, F is a positive integer greater than or equal to 1, and Q is a positive integer meeting 1?Q?F; and
(b) a sparse mapping pattern, and the sparse mapping pattern is a mapping pattern meeting F?2 and 1?Q

US Pat. No. 11,070,412

METHOD AND APPARATUS FOR SYNCHRONIZATION SIGNAL DESIGN

Samsung Electronics Co., ...


1. A base station for identifying a synchronization signal (SS) in a communication system, the base station comprising:a transceiver; and
a controller coupled with the transceiver and configured to:identify a primary synchronization signal (PSS) within one SS block based on one subcarrier spacing, wherein the PSS is identified based on second information for a physical layer cell identifier (id), and
identify a secondary synchronization signal (SSS) within the one SS block based on the one subcarrier spacing, wherein the SSS is identified based on first information for the physical layer cell id and the second information for the physical layer cell id,

wherein the PSS is located on central 127 subcarriers in a first orthogonal frequency division multiplexing (OFDM) symbol within resource blocks for the one SS block, and the SSS is located on the central 127 subcarriers in a second OFDM symbol within resource blocks for the one SS block, and
wherein the subcarrier spacing is associated with a frequency range, and a length of the PSS and a length of the SSS are 127 for each of frequency ranges.

US Pat. No. 11,070,411

OFDM COMMUNICATIONS SYSTEM WITH METHOD FOR DETERMINATION OF SUBCARRIER OFFSET FOR OFDM SYMBOL GENERATION

Huawei Technologies Co., ...


1. A method comprising:receiving, by an apparatus, signaling for indicating orthogonal frequency division multiplexing (OFDM) signal parameters including a first subcarrier spacing of a first numerology ?, a value of a first offset Ngrid,xstart,? in units of resource blocks (RBs), a quantity Ngrid,xsize,? of usable RBs of the first numerology ? a value of a second offset Ngrid,xstart,?0 in units of RBs, and a quantity Ngrid,xsize,?0 of the usable RBs of a reference numerology ?0, wherein:
x identifies a transmission direction being either downlink (DL) or uplink (UL),
the first offset is between a reference point and a start of the usable RBs of the first numerology ?, and
the second offset is between the reference point and a start of usable RBs of the reference numerology ?0;
generating, by the apparatus, an OFDM signal associated with the first subcarrier spacing of the first numerology ?, the first numerology associated with a third offset between a middle subcarrier frequency of the usable RBs of the first numerology and a carrier frequency f0, wherein a value k0,x? of the first third offset satisfies:k0,x?=(Ngrid,xstart,?+Ngrid,xsize,?/2)NscRB?(Ngrid,xstart,?0+Ngrid,xstart,?0/2)NscRB2?0??

NscRB indicates a quantity of subcarriers in a RB; and
outputting, by the apparatus, the OFDM signal.

US Pat. No. 11,070,410

TRANSMITTER

NOKIA TECHNOLOGIES OY, E...


1. A transmitter, comprising:at least one processor; and
at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the transmitter to perform at least:
inputting information indicating channel quality to a trained neural network based model for a mapper, wherein the trained neural network based model is based on a first algorithm with trainable parameters, during training of which a loss function operating on bits has been used and mapping of matched bit vectors of length k onto 2k constellation points has been jointly learned with constellation geometry, and wherein the trained neural network based model outputs a constellation comprising a plurality of sub-constellations;
receiving bits to be sent from the transmitter;
performing distribution matching using as a target distribution a distribution, which is based a second algorithm with trainable parameters, trained during training of the first algorithm and stored with the trained neural network based model, and channel coding to the received bits to generate matched bits and parity bits;
using the parity bits to select a sub-constellation among the plurality of sub-constellations of the constellation;
using the matched bits and the selected sub-constellation to generate modulated symbols; and
causing sending the modulated symbols.

US Pat. No. 11,070,409

WIRED COMMUNICATION SYSTEM INCLUDING ASYMMETRICAL PHYSICAL LAYER DEVICES

Axonne, Inc., Sunnyvale,...


1. A first physical layer device, comprising:a first transmitter transmitting first data to a second physical layer device over a medium at a first line rate during a first transmit period; and
a first receiver configured to:not receive data during the first transmit period and an echo reflection period occurring after the first transmit period,
wherein the echo reflection period is based on a length of the medium between the first physical layer device and the second physical layer device; and
after the echo reflection period, receive second data from the second physical layer device over the medium at a second line rate that is less than the first line rate.


US Pat. No. 11,070,408

AIR BASED UNMANNED VEHICLE COMMUNICATIONS AND CONTROL


1. A method comprising the steps of:receiving in a device a first modulated signal;
demodulating said first modulated signal into a first demodulated signal;
processing said first demodulated signal into a processed location finder signal;
processing in said device a camera provided signal into a processed camera signal;
providing said processed camera signal to an interface unit of said device;
providing said processed location finder signal for transmission of said processed location finder signal;
receiving in said device a second modulated signal, wherein said second modulated signal is a modulated remote control (RC) signal;
demodulating said modulated RC signal into a second demodulated signal, wherein said second demodulated signal is a demodulated RC signal;
processing said demodulated RC signal into a processed RC signal;
providing said processed RC signal to a processor for control of said device;
receiving in said device a third modulated signal;
demodulating said third modulated signal into a third demodulated signal;
processing said third demodulated signal into a processed data signal;
modulating said processed data signal into a fourth modulated signal; and
transmitting said fourth modulated signal.

US Pat. No. 11,070,407

PARTIAL UPLINK SUBFRAME TRANSMISSIONS ON UNLICENSED CARRIERS

APPLE INC., Cupertino, C...


1. An apparatus of a user equipment (UE), operable for an uplink partial subframe transmission on an unlicensed carrier, the apparatus comprising: one or more processors configured to: select a plurality of uplink (UL) partial subframe configurations based on prospective lengths of a listen before talk (LBT) period, wherein each prospective length of the LBT period provides a prospective starting time; encode data for selected ones of the plurality of UL partial subframe configurations, skipping one or more encodings based on a random counter, to form a plurality of UL partial subframe configuration encodings for a same hybrid automatic repeat request (HARQ) identification (ID) according to different starting positions of the prospective lengths; associate each of the plurality of UL partial subframe configuration encodings with a selected prospective starting time, wherein each selected prospective starting time is associated with a different encoding; identify an actual LBT period; select one of the plurality of UL partial subframe configuration encodings for UL transmission of the data on the unlicensed carrier based on the actual LBT period and a corresponding selected prospective starting time; and a memory interface configured to store in a memory the plurality of UL partial subframe configurations.

US Pat. No. 11,070,406

PULSE-SHAPING FOR HIGH FREQUENCY RADIO NETWORKS

Telefonaktiebolaget LM Er...


1. A method of operating a radio node in a wireless communication network, the method comprising communicating utilising signaling, the communicating utilising signaling being based on performing pulse-shaping pertaining to the signaling; andthe pulse shaping being performed based on periodically extending a frequency distribution of modulation symbols over a first number of subcarriers to a larger, second number of subcarriers, wherein a subset of the first number of subcarriers from one end of the frequency distribution is appended at the other end of the first number of subcarriers.

US Pat. No. 11,070,405

REDUCTION AND/OR MITIGATION OF SPATIAL EMISSIONS IN MULTI-ANTENNA WIRELESS COMMUNICATION SYSTEMS FOR ADVANCED NETWORKS


1. A method, comprising:implementing, by network equipment comprising a processor, a first signal linearization to an input signal of a power amplifier for a defined azimuth direction associated with a first channel frequency of an output signal of the power amplifier; and
implementing, by the network equipment, a second signal linearization to the input signal of the power amplifier for a defined elevation direction associated with the first channel frequency of the output signal, and
based on a determination that a power level in the first channel frequency is less than a defined threshold elevation level, discontinuing, by the network equipment, the implementing of the first signal linearization.

US Pat. No. 11,070,404

METHOD AND APPARATUS FOR DETECTING SIGNAL IN WIRELESS COMMUNICATION SYSTEM

Samsung Electronics Co., ...


1. An operating method of a reception device in a wireless communication system, the method comprising:receiving a signal transmitted through a plurality of antennas of a transmission device;
determining an initial symbol vector based on the signal;
determining a first candidate symbol vector based on a plurality of solution vectors which are obtained by a search on the initial symbol vector;
determining a second candidate symbol vector by flipping at least one symbol value of the first candidate symbol vector; and
determining a symbol vector transmitted from the transmission device based on at least a portion of the second candidate symbol vector.

US Pat. No. 11,070,403

COMPUTER PROGRAM PRODUCT AND METHOD AND APPARATUS FOR ADJUSTING EQUALIZATION

SILICON MOTION, INC., Zh...


1. A non-transitory computer program product for adjusting equalization when executed by a processing unit of a storage device, the non-transitory computer program product comprising program code to:repeatedly adjust a parameter of an equalizer after a symbol decoding error is detected until an adjustment failure is detected or successive waveforms output from the equalizer belong to an eye open state; and
repeatedly transmit a filler to a media access control (MAC) layer to replace a decoding result output from a symbol decoder after detecting the symbol decoding failure until the adjustment failure is detected or successive waveforms output from the equalizer belong to the eye open state.

US Pat. No. 11,070,402

RECEIVING APPARATUS AND RECEIVING METHOD

TOSHIBA MEMORY CORPORATIO...


1. A receiving apparatus comprising:a first sample circuit configured to extract first binary data based on a first voltage and a clock timing of a received signal;
a second sample circuit configured to extract second binary data based on an adjustable second voltage and an adjustable clock timing of the received signal; and
a waveform processor configured to:acquire a plurality of the second binary data from the second sample circuit using a pattern, wherein the pattern includes a plurality of bits indicating presence or absence of the first binary data extracted at a plurality of sampling timings, respectively;
determine an appearance frequency of the received signal based on the plurality of second binary data and the first binary data; and
generate waveform information of the received signal according to the determined appearance frequency.


US Pat. No. 11,070,401

FAST CONTROL INTERFACE

ANALOG DEVICES, INC., Wi...


1. A transceiver configured to interface with a baseband processor, the transceiver comprising:a signal processing part comprising at least one receive channel and at least one transmit channel; and
a control interface part having a control line coupled to the baseband processor and configured to transmit control data to the baseband processor, wherein, in a first mode, the control data comprises a frame header followed by a payload, and in a second mode, the control data comprises a frame header comprising a function code,
wherein, in response to receiving a frame header in the second mode, the baseband processor is configured to perform a function indicated by the function code in the frame header.

US Pat. No. 11,070,400

METHOD FOR DETERMINING TRANSMISSION PARAMETERS OF UPLINK SIGNAL, TERMINAL AND NETWORK DEVICE

GUANGDONG OPPO MOBILE TEL...


1. A method for determining a transmission parameter of an uplink signal, comprising:determining, by a terminal, a first Sounding Reference Signal (SRS) resource set;
receiving, by the terminal, first indication information sent by a network device, the first indication information being used to indicate the terminal to transmit an aperiodic SRS;
determining, by the terminal, a target SRS resource set according to the first indication information and the first SRS resource set;
sending, by the terminal, the aperiodic SRS to the network device on an SRS resource in the target SRS resource set;
receiving, by the terminal, second indication information sent by the network device, the second indication information being used to indicate a target SRS resource in the target SRS resource set; and
determining, by the terminal, a transmission parameter used to transmit an uplink signal according to the target SRS resource.

US Pat. No. 11,070,399

FILTERING CHANNEL RESPONSES FOR MOTION DETECTION

Cognitive Systems Corp., ...


1. A method, comprising:obtaining a set of frequency-domain channel responses based on a set of wireless signals transmitted through a space, each of the frequency-domain channel responses corresponding to a respective wireless signal of the set of wireless signals;
for each frequency-domain channel response:generating a time-domain channel response based on the frequency-domain channel response;
generating a filtered time-domain channel response based on a constraint applied to the time-domain channel response;
generating a reconstructed frequency-domain channel response based on the filtered time-domain channel response;
generating an error signal indicative of a difference between the frequency-domain channel response and the reconstructed frequency-domain channel response; and
determining whether the error signal satisfies a criterion; and

detecting, in response to each of the error signals satisfying the criterion, motion of an object in the space based on the set of frequency-domain channel responses.

US Pat. No. 11,070,398

ELECTRONIC DEVICE SUPPORTING MULTI-BAND WIRELESS COMMUNICATIONS AND METHOD OF CONTROLLING SAME

Samsung Electronics Co., ...


1. A portable communication device comprising:a first communication circuit configured to support a first frequency band to be used for an omnidirectional communication;
a second communication circuit configured to support a second frequency band to be used for a directional communication; and
a processor operatively coupled with the first communication circuit and the second communication circuit, the processor configured to:receive, using the first communication circuit, a first radio signal corresponding to the first frequency band and transmitted from an external electronic device connected to the portable communication device through a omnidirectional communication;
determine whether the portable communication device and the external electronic device are in a line of sight based at least in part on one or more characteristics of the received first radio signal; and
activate, using the second communication circuit, a directional communication between the portable communication device and the external electronic device via a second radio signal corresponding to the second frequency band based at least in part on a determination that the portable communication device and the external electronic device are in the line of sight.


US Pat. No. 11,070,397

ADAPTIVE OTA LEAKAGE CANCELLATION FOR MMWAVE RADAR

QUALCOMM Incorporated, S...


1. A method of performing proximity detection using radio frequency (RF) signals at an electronic device, the method comprising:obtaining a plurality of Channel Impulse Response (CIR) measurements at least in part by, for each transmit/receive pair of a plurality of transmit/receive pairs of antenna elements of the electronic device:transmitting, with transmit circuitry of the electronic device, a respective RF signal, and
obtaining, with receive circuitry of the electronic device, a CIR measurement at least in part by taking a plurality of samples of the respective RF signal, wherein at least a portion of the plurality of samples of the respective RF signal are taken during the transmitting of the respective RF signal;

performing spatial cancellation of Over The Air (OTA) leakage between the transmit circuitry and the receive circuitry at least in part by:determining, based on the CIR measurement, a leakage steering vector in a direction of the OTA leakage between a transmit/receive pair of the plurality of transmit/receive pairs of the antenna elements of the electronic device;
determining a projection to a null space in a direction of the leakage steering vector based on the direction of the OTA leakage; and
canceling at least a portion of the OTA leakage based on the projection to the null space in the direction of the leakage steering vector; and

subsequent to performing the spatial cancellation, determining a proximity of a target, based at least in part on the plurality of CIR measurements.

US Pat. No. 11,070,396

VIRTUAL CLOUD EXCHANGE SYSTEM AND METHOD

Tata Communications Trans...


1. A method for establishing connectivity between a host computer in a customer network and a cloud service provider, the method comprising:providing a customer facing software defined network (SDN) switch and a cloud service provider facing SDN switch;
instantiating, with a processor, a customer facing network routing virtual network function (VNF) and a cloud facing network routing VNF;
configuring, with the processor, a first open virtual switch (vSwitch) associated with the customer facing network routing VNF and a second open vSwitch associated with the cloud facing network routing VNF;
generating with the customer facing SDN switch a first overlay tunnel between the customer facing SDN switch and the first open vSwitch; and
generating with the cloud facing SDN switch a second overlay tunnel between the cloud facing SDN switch and the second open vSwitch.

US Pat. No. 11,070,395

CUSTOMER PREMISES LAN EXPANSION

Nokia of America Corporat...


1. An apparatus, comprising:at least one processor; and
at least one memory including a set of instructions;
wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to:support, by a controller of a network device hosting a customer bridging domain and based on communication with a controller of a private data network hosting a customer component, exchange of forwarding information configured to support bridging of customer traffic between a customer device at a customer premises and the customer component, wherein the forwarding information includes a mapping of an address of the customer component to the customer bridging domain;
receive, at the customer bridging domain via a first tunnel between the customer bridging domain and a customer bridge of the customer premises, a customer packet of the customer device, wherein the customer packet includes a layer 2 destination address of the customer component;
determine, at the customer bridging domain based on the forwarding information and the layer 2 destination address of the customer component, a second tunnel between the customer bridging domain and a switching element of the private data network associated with the customer component; and
send, by the customer bridging domain toward the switching element via the second tunnel, the customer packet.


US Pat. No. 11,070,394

SYSTEM AND METHOD FOR REDUNDANT INDEPENDENT NETWORKS IN A HIGH PERFORMANCE COMPUTING ENVIRONMENT

ORACLE INTERNATIONAL CORP...


1. A system for supporting redundant independent networks in a high performance computing environment, comprising:a computer, the computer comprising one or more microprocessors;
two or more switches;
one or more racks, each of the one or more racks comprising a set of the two or more switches, each set of the two or more switches comprising at least a leaf switch;
a plurality of host channel adapters, at least one of the plurality of host channel adapters comprising a firmware and a processor; and
a plurality of hosts;
wherein two or more rails are provided, the two or more rails providing redundant connectivity between the plurality of hosts, wherein each of the two or more rails are provided on a different set of the two or more switches;
wherein data traffic between the plurality of hosts is isolated to a rail of the two or more rails; and
wherein at least one inter-rail link is provided between each pair of the two or more rails.

US Pat. No. 11,070,393

POWER DELIVERY APPARATUS

GENERAL ELECTRIC TECHNOLO...


1. A power delivery apparatus comprising a power source device, a power sink device and a data transmission link, the power source device connected to one end of the data transmission link, the power sink device selectively connectable to another end of the data transmission link, the data transmission link configured to permit transmission of data between the power source device and the power sink device when the power sink device is connected to the data transmission link, wherein the power source device is configured to apply a periodic sensing voltage to the data transmission link, the power delivery apparatus further including a sensing device configured to detect, via the application of the periodic sensing voltage to the data transmission link, whether the power sink device is connected to the data transmission link, and the power source device is configured so that, in response to the power sink device being detected as connected to the data transmission link, the power source device applies a power supply voltage to the data transmission link to supply electric power to the power sink device via the data transmission link so as to enable a normal operation of the power sink device.

US Pat. No. 11,070,392

SYSTEM AND METHOD FOR PROVISIONING INTERNET ACCESS

Hilton International Hold...


15. A method for provisioning internet access to guests of multiple travel facilities, said method comprising the steps of:providing, in each of a number of travel facilities, a number of access points configured to receive connection requests from personal electronic devices, a gateway device in electronic communication with each of the access points for each respective one of the number of travel facilities and configured to receive the connection requests for the respective one of the number of travel facilities, a property management system (PMS) in electronic communication with the gateway device for the respective one of the number of travel facilities and comprising identifying information for guests registered with the respective one of the number of travel facilities, and a router in connection with the gateway device for the respective one of the number of travel facilities and an internet;
providing an API gateway in electronic communication with all of the gateway devices of all of the number of travel facilities by way of the internet;
providing a central destination server in electronic communication with all of the gateway devices of all of the number of travel facilities and the API gateway by way of the internet and comprising executable software instructions;
periodically retrieving said identifying information from each of the PMS of each of the number of travel facilities;
populating said central destination server with IP addresses for the personal electronic devices, wherein each of said IP addresses is associated with a duration of stay, wherein each duration of stay is determined as a continuous length of stay across multiple of the number of travel facilities as determined from said identifying information periodically retrieved from each of the PMS of each of the number of travel facilities;
receiving a request to connect to the internet from a given one of the personal electronic devices at the gateway for the respective one of the number of travel facilities, wherein said request to connect comprises an IP address of the given one of the personal electronic devices attempting the connection;
relaying the request to the central destination server;
determining that the IP address matches one of the stored IP addresses;
retrieving, form the central destination server, the duration of stay associated with the matching IP address stored at the central destination server;
determining a current time;
determining that the current time is within the duration of stay; and
relaying a command from the central destination server to the gateway device of the respective one of the number of travel facilities to grant internet access.

US Pat. No. 11,070,391

METHOD FOR CONFIGURING, MONITORING OR SUPERVISING A HOME AUTOMATION INSTALLATION

OVERKIZ, Metz-Tessi (FR)...


1. A method for configuring a management unit connected to at least one home automation installation comprising at least one home automation device and at least one central control unit, the method being implemented by the management unit and comprising the following steps of:configuring an alert corresponding to a triggering of a notification and/or an action during a fulfilling of a trigger condition relating to at least one state variable for the at least one home automation device; the step of configuring the alert being carried out on a basis of instructions of a first user having a user profile of a first type, the user profile of the first type having rights that extend over all devices of a given type including the at least one home automation device;
declaring a supervision of a set of home automation devices comprising the at least one home automation device for which the alert has been defined by a second user having a user profile of a second type, the user profile of the second type having rights that extend over the set of home automation devices, the second user supervising the set of home automation devices; and
wherein the at least one home automation device corresponds to a category of devices which are identical or sharing characteristics and at least one definition of a state variable, and wherein the user profile of the first type corresponds to a first category of the user profile which have identical or sharing rights and the user profile of the second type corresponds to a second category of the user profile which have identical or sharing rights different from the rights of the first category of the user profile, wherein the second user upon receipt of the alert can perform maintenance on the at least one home automation device according to the alert.

US Pat. No. 11,070,390

BUILDING SYSTEM WITH A SPACE GRAPH WITH NEW ENTITY RELATIONSHIP UPDATES

Johnson Controls Technolo...


1. A building system for operating a building and managing building information, the building system comprising one or more memory devices configured to store instructions thereon, the instructions causing one or more processors to:generate a space graph based on building data, wherein the space graph is a graph data structure comprising a plurality of nodes representing a plurality of entities, a plurality of edges between the plurality of nodes representing a plurality of relationships between the plurality of entities, and data values of the building data associated with the entities;
receive new building data from one or more building data sources;
generate, based on the new building data, a new relationship between a first entity of the plurality of entities and a second entity of the plurality of entities; and
update the space graph with the new relationship by causing the space graph to store a new edge between a first node of the plurality of nodes representing the first entity and a second node of the plurality of nodes representing the second entity.

US Pat. No. 11,070,389

BUILDING MANAGEMENT SYSTEM WITH AUTOMATED VIBRATION DATA ANALYSIS

Johnson Controls Technolo...


1. A method performed by a Building Management System (BMS) comprising:training a plurality of machine learning models based on historical data relating to one or more machines, the plurality of machine learning models corresponding to components of the one or more machines;
receiving a vibration dataset associated with a machine controlled by the BMS, the vibration dataset including machine metadata, machine operating conditions, and one or more time waveforms;
assembling a feature vector comprising one or more features of the vibration dataset for input to a machine learning model of the plurality of machine learning models, wherein the machine learning model is selected based at least in part upon an identity of a component of the machine, and wherein the machine learning model defines the one or more features to extract from the vibration dataset;
applying the feature vector to the machine learning model in order to generate a condition score for the component; and
generating a suggested maintenance action for the machine or changing a setpoint associated with the machine depending on the condition score.

US Pat. No. 11,070,388

DEVICE SCENARIO MANAGEMENT

VMWARE, INC., Palo Alto,...


1. A system for implementing scenario profiles, the system comprising:at least one computing device; and
at least one application executable in the at least one computing device, wherein the at least one application, when executed, causes the at least one computing device to:identify a client device associated with a scenario, the scenario being associated with a performance of a plurality of different tasks performed by a plurality of client devices having different capabilities;
determine one or more capabilities of the client device;
generate a scenario profile for the client device, the scenario profile defining at least one task of the plurality of different tasks to be performed by the client device during the scenario based at least in part on one or more capabilities of the client device; and
cause the scenario profile to be distributed to the client device.


US Pat. No. 11,070,387

METHOD FOR RECORDING A CENTRAL CONTROL UNIT BELONGING TO A HOME-AUTOMATION FACILITY

SOMFY SAS, Cluses (FR)


1. A method for registering at least one central control unit belonging to a home automation installation; the method being executed by a user terminal and comprising the following steps:i. establishing a connection between the user terminal and the at least one central control unit;
ii. creating an installation identifier, wherein the installation identifier is associated with a group comprising at least one identifier of a user;
iii. sending a discovery message by the user terminal to the at least one central control unit;
iv. receiving by the user terminal at least one reporting message transmitted by the at least one central control unit for the installation in connection with a unique identifier of the at least one central control unit; and
v. registering in an application of the user terminal an attachment of the unique identifier of the at least one central control unit to the installation identifier.

US Pat. No. 11,070,386

CONTROLLING AN AGGREGATE NUMBER OF UNIQUE PIM JOINS IN ONE OR MORE PIM JOIN/PRUNE MESSAGES RECEIVED FROM A PIM NEIGHBOR

Juniper Networks, Inc., ...


1. A computer-implemented method for use on a device running a protocol independent multicast (PIM) protocol, the computer-implemented method comprising:a) receiving PIM join control limit configuration information, wherein the PIM group control limit is a maximum number of unique PIM (source, group) combinations that are to be carried in one or more PIM join/prune messages;
b) storing the received PIM join control limit configuration information;
c) generating a PIM Hello message including the stored PIM join control limit configuration information; and
d) sending the generated PIM Hello message to a PIM neighbor.

US Pat. No. 11,070,385

METHODS AND APPARATUS FOR TAKING A BREAK AFTER SEAMLESS TRANSITION BETWEEN NETWORK CONFERENCES

Zoom Video Communications...


1. A method for taking a break after a transition between network conferences, the method comprising:attending a first network conference by an attendee via a user equipment (UE) using a first conference state and a conferencing application for conference settings;
transmitting a conference inquiry of a second conference to a conference server after retrieving a next conference from a calendar during the first network conference;
displaying Up-Next conference status about the second network conference to the UE after receipt of conference status associated to the second network conference from the conference server;
receiving a request to enter a break mode after joining the second network conference in response to the Up-Next conference status;
joining the second network conference using the first conference state and the conferencing application; and
transmitting a break mode icon to participants in the second network conference.

US Pat. No. 11,070,384

SEMICONDUCTOR DEVICE AND SECURITY SYSTEM

WINBOND ELECTRONICS CORP....


1. A semiconductor device comprising:a unique-information generation circuit configured to operate in a plurality of operation environments to generate unique information, wherein the unique information comprises stable information and unstable information, the stable information is a constant in the plurality of operation environments, and the unstable information is different in at least two of the plurality of operation environments;
a controlling logic configured to detect the unstable information and generate code information based on the detected unstable information, wherein the code information comprises a code sequence formed by the stable information and the unstable information and identification information used to identify the unstable information of the code sequence; and
a memory portion storing the code information,
wherein the controlling logic reads out the code information from the memory portion and outputs the code information to a host device, and,
wherein the controlling logic is further configured to delete the code information and the identification information which are stored in the memory portion in response to a request from the host device.

US Pat. No. 11,070,383

RANDOM CODE GENERATOR

EMEMORY TECHNOLOGY INC., ...


1. A random code generator, comprising:an address Y decoder comprising plural Y control lines, wherein the address Y decoder selectively activates the plural Y control lines according to a first address Y signal;
an address X decoder comprising plural X control lines, wherein the address X decoder selectively activates the plural X control lines according to a first address X signal;
a physically unclonable function entropy pool connected with the plural Y control lines and the plural X control lines, wherein the physically unclonable function entropy pool generates an output data according to the activated Y control lines and the activated X control lines;
a processing circuit connected with the physically unclonable function entropy pool to receive the output data; and
an entropy key storage circuit connected with the physically unclonable function entropy pool to receive plural entropy keys from the physically unclonable function entropy pool,
wherein when the random code generator is in a normal working state, the entropy key storage circuit provides at least one entropy key of the plural entropy keys to the processing circuit, and the processing circuit processes the output data into a random code according to the at least one entropy key;
wherein the address Y decoder and the address X decoder are connected with the entropy key storage circuit to receive a first entropy key and a second entropy key of the plural entropy keys from the entropy key storage circuit, wherein after the address Y decoder performs a scramble action on a second address Y signal and the first entropy key, the first address Y signal is generated, wherein after the address X decoder performs the scramble action on a second address X signal and the second entropy key, the first address X signal is generated.