US Pat. No. 11,115,519

SUBSCRIPTION-BASED WIRELESS SERVICE FOR A HEARING DEVICE


1. A wireless hearing device system for providing a wireless service in accordance with a subscription, comprising:a hearing device configured to provide hearing enhancement and to selectively provide one of a plurality of wireless services in accordance with a subscription of the hearing device to the wireless service, the wireless service being unrelated to the hearing enhancement, the hearing device comprising:wireless circuitry configured to communicate with an external appliance and to provide the wireless service via a wireless signal;
a microphone;
a processor configured to enhance sounds received by the microphone to provide the hearing enhancement;
a memory; and
speaker configured for placement in the ear; and

a personal computing device configured to communicatively couple to the hearing device and provide, to the hearing device, parameters associated with the external appliance,
wherein the wireless hearing device system is configured to validate a subscription of the hearing device to the wireless service using subscription data retrieved from a remote server, and wherein the wireless hearing device system is configured to enable or disable the wireless service responsive to subscription determination.

US Pat. No. 11,115,518

DISPLAY METHOD AND TERMINAL

HUAWEI TECHNOLOGIES CO., ...


1. A display method, implemented by a terminal, the display method comprising:displaying, in a first target region or a second target region, a status bar comprising one or more icons associated with a function of the terminal, wherein the one or more icons comprise a Bluetooth icon, a Wi-Fi icon, or an airplane mode icon, wherein the terminal comprises a front panel component comprising at least one of a camera or an earpiece and disposed in a reserved region, and a touchscreen comprising the a main display region, the first target region, and the second target region, wherein the first target region and the second target region are separated by the reserved region;
receiving an expanding operation on the first target region or the second target region; and
in response to receiving the expanding operation, displaying the one or more icons or the status bar comprising the one or more icons in the main display region for controlling the function of the terminal.

US Pat. No. 11,115,517

METHOD AND APPARATUS FOR PREVENTING SCREEN OFF DURING AUTOMATIC RESPONSE SYSTEM SERVICE IN ELECTRONIC DEVICE

Samsung Electronics Co., ...


1. An electronic device comprising:a proximity sensor;
a display;
at least one memory configured to store instructions; and
at least one processor that is, when executing the instructions, configured to:while a call service is provided, control the display based on whether an external object is located within a designated distance or not; and
based on identifying that an input for executing a function is received while the call service is provided, control the display to maintain a screen-ON regardless of whether an external object is located within a designated distance or not.


US Pat. No. 11,115,516

SUPPORT DEVICE

SHFNZHEN ZHIDAWEI TECHNOL...


1. A support device, comprising a mounting frame and a clamping base;wherein the mounting frame comprises a main frame body and a joint structure, electronic products are installed on a front side of the main frame body, and the joint structure is connected with a rear side of the main frame body;
the joint structure is detachably connected with the clamping base; when the joint structure is detachably connected with the the clamping base, the joint structure adjusts positions relative to the clamping base and is fixedly clamped;
the clamping base comprises a main base body: the main base body comprises a transfer cavity, a plug-in interface, and a transfer interface; the plug-in interface and the transfer interface are communicated with the transfer cavity, and the plug-in interface is communicated with the transfer interface;
the joint structure comprises a boss and a limiting component: one end of the boss is connected with a rear side surface of the main frame body, and another end of the boss extends towards a position distal to the main frame body: one end of the limiting component is connected with the boss; an outer contour of a cross section of the boss is a long-strip oval: two planes facing oppositely and two arcuate surfaces facing oppositely are disposed on an outer side of the boss; and
when the joint structure is disposed on the main base body, any one of the the arcuate surfaces of the boss directly faces the plug-in interface and is laterally inserted into the transfer interface through the plug-in interface: at this moment, another end of the limiting component is located in the transfer cavity and clamped into the transfer interface: when the joint structure is disposed on the main base body, the joint structure rotates relative to the main base body so that the plug-in interface faces any one of the planes.

US Pat. No. 11,115,515

METHOD FOR PLAYING SOUND AND MULTI-SCREEN TERMINAL


1. A method for playing sound, comprising:detecting, by a multi-screen terminal, a current opening/closing angle or angles between the respective display screens; and
selecting, by the multi-screen terminal according to the detected current opening/closing angle or angles between the respective display screens, a group of prestored audio drive parameters, and outputting the group of audio drive parameters to a power amplification module of the multi-screen terminal; or,
determining whether the detected current opening/closing angle or angles between the respective display screens and the current audio drive parameters are prestored opening/closing angle or angles and audio drive parameters corresponding to an optimal sound field playing effect, respectively, and if not, giving a prompt as to whether the current opening/closing angle or angles between the respective display screens and/or the current audio drive parameters need to be adjusted;
wherein the step of selecting, by the multi-screen terminal according to the detected current opening/closing angle or angles between the respective display screens, a group of prestored audio drive parameters, and outputting the group of audio drive parameters to the power amplification module of the multi-screen terminal comprises:
selecting, by the multi-screen terminal, prestored audio drive parameters corresponding to the detected current opening/closing angle or angles between the respective display screens, and outputting the selected audio drive parameters to the power amplification module; or,
calculating, by the multi-screen terminal, similarity between the detected current opening/closing angle or angles between the respective display screens and prestored opening/closing angles between the respective display screens, and selecting the audio drive parameters corresponding to a prestored opening/closing angle or angles with the maximum similarity with the current opening/closing angle or angles, and outputting the selected audio drive parameters to the power amplification module;
wherein assuming that the prestored opening/closing angles between the respective display screens are arrays A1 to An, where n is the number of sets of correspondence relationships among the prestored opening/closing angles between the respective display screens and the sound field playing effects, and the detected current opening/closing angle or angles between the respective display screens form an array B, the step of calculating, by the multi-screen terminal, similarity between the detected current opening/closing angle or angles between the respective display screens and prestored opening/closing angles between the respective display screens comprises:
calculating differences between corresponding array elements in the array B and in each of the arrays A1-An and variance and/or weighted average of each group of differences; wherein
the smaller the calculated variance and/or weighted average of the differences between the array elements in the array B and the array elements in an array Ai, the greater the similarity between the array B and the array Ai, where i is a natural number between 1 and n.

US Pat. No. 11,115,514

MOBILE TERMINAL

LG ELECTRONICS INC., Seo...


1. A mobile terminal comprising:a housing having a front side, a rear side and lateral sides;
a cover window disposed on the front side of the housing and comprising a display area and a bezel area, wherein the bezel area includes printed color under an edge of the cover window;
an OLED display unit disposed between the cover window and the front side of the housing; and
a sensing unit disposed under the OLED display unit,
wherein the OLED display unit comprises:
a substrate having a hole below the display area of the cover window;
a transistor layer including thin film transistors and being disposed on the substrate and having a hole corresponding to the hole of the substrate;
an organic light emitting layer disposed on the transistor layer and having a hole corresponding to the hole of the transistor layer; and
an encapsulation layer disposed on the organic light emitting layer and having a hole corresponding to the hole of the organic light emitting layer, and
wherein the sensing unit senses a light transmitted through the holes.

US Pat. No. 11,115,513

MOBILE TELEPHONE CASE FACILITATING WIRELESS CHARGING


1. A mobile telephone case comprising:a housing structured to receive a mobile telephone;
said housing including a perimeter frame disposed about a perimeter of the mobile telephone and structured to substantially cover and protect the mobile telephone;
said housing further including an at least partially open front face structured to provide access to a display screen of the mobile telephone;
said housing further comprising a protective rear panel, said protective rear panel being at least partially movable between an open orientation and a closed orientation, concurrent to said housing being operatively disposed on the mobile telephone;
said protective rear panel structured to substantially cover and protect a rear surface of the mobile telephone when in said closed orientation; and
said protective rear panel comprising at least a portion thereof being at least partially separable from said perimeter frame to define said open orientation that provides direct proximity and unimpeded wireless charging access to the rear surface of the mobile telephone.

US Pat. No. 11,115,512

SMARTPHONE CASES WITH INTEGRATED ELECTRONIC BINOCULARS


1. Smartphone binoculars, comprising:a case configured to receive an existing smartphone physically separate from the case;
wherein the case has a first outer surface facing in a first direction and a second outer surface facing in a second direction opposite to the first direction;
a pair of spaced-apart right and left imagery-gathering devices disposed on the first outer surface of the case;
right and left image sensors operative to convert the imagery gathered by the right and left image-gathering devices into electrical signals representative of the right and left imagery;
a pair of spaced-apart, physically separated right and left image-displaying devices disposed on the second outer surface of the case; and
electronic circuitry disposed within the case and in electrical communication with the right and left image sensors and the right and left image-displaying devices, the electronic circuitry being operative to receive the electrical signals from the right and left image sensors and simultaneously display the imagery gathered by the right and left image-gathering devices on the right and left image-displaying devices, respectively.

US Pat. No. 11,115,511

COMMUNICATION DEVICE HAVING CONFIGURABLE HOUSING ASSEMBLY WITH MULTIPLE ANTENNAS

Motorola Mobility LLC, C...


1. A communication device comprising:a housing assembly having first and second housing portions connected for relative movement between an open position and a closed position;
at least four antennas each having an elongated shape and configured to communicate in at least a low band, a first and a third antenna of the at least four antennas supported by the first housing portion, a second and a fourth antenna of the at least four antennas supported by the second housing portion, the first and second antennas proximate and aligned in parallel to each other when the housing assembly is in the closed position and positioned separated from each other when the housing assembly is in the open position, the third and fourth antennas proximate and aligned in parallel to each other when the housing assembly is in the closed position and positioned separated from each other when the housing assembly is in the open position;
a housing position sensor that detects when the housing assembly is in the closed position and when the housing assembly is in an at least partially open position;
a radio frequency (RF) front end communicatively coupled to the at least four antennas and having two or more transceivers to utilize the at least four antennas for simultaneous dual connectivity for low band communication; and
a controller communicatively coupled to the housing position sensor and the RF front end, and which:in response to determining that the housing assembly is in the at least partially open position, configures the RF front end to communicate via the first, second, third and fourth antennas independently; and
in response to determining that the housing assembly is in the closed position, configures the RF front end to communicate via the first and the second antennas as a first antenna array and to communicate via the third and the fourth antennas as a second antenna array.


US Pat. No. 11,115,510

COMMUNICATION DEVICE HAVING ANTENNA ARRAYS CONFIGURED BASED ON OPEN/CLOSED POSITION OF HOUSING

Motorola Mobility LLC, C...


1. A communication device comprising:a base housing;
a movable housing positionably coupled to the base housing and movable between a closed position and an open position; and
a housing sensor positioned to detect the closed position and the open position of the movable housing, each of the closed position and open position being associated with alternate ones of a first mode of antenna communication and a second mode of antenna communication;
a first sub-array of at least one first antenna housed within the base housing;
a second sub-array of at least one second antenna housed within the movable housing and positioned in one of the open and the closed positions to be aligned with the first sub-array to form an antenna array and to be unaligned with the first-sub-array when positioned in another one of the open and the closed positions;
wherein the second sub-array is positioned to be aligned with the first sub-array to form the antenna array when the movable housing is in the open position and to be unaligned with the first-sub-array when the movable housing is in the closed position;
a modem communicatively coupled to each antenna of the at least one first antenna and the at least one second antenna to communicate with a node via the at least one first antenna and the at least one second antenna; and
a controller communicatively coupled to the housing sensor and the modem, and which:monitors the housing sensor to identify an open/closed position of the movable housing;
in response to the open/closed position of the movable housing being associated with a first mode of communication, configure the modem to use the first antenna and the second antenna; and
in response to the open/closed position of the movable housing being associated with a second mode of communication, configure the modem to operate the first antenna and the at least one second antenna independently.


US Pat. No. 11,115,509

ELECTRONIC DEVICE WITH METAL FRAME ANTENNA

Samsung Electronics Co., ...


1. A foldable electronic device comprising:a flexible display; and
a foldable housing accommodating the flexible display, the foldable housing including:a first housing part having two opposite sides, the first housing part including a first edge portion, the first edge portion including two conductive portions and a first non-conductive portion disposed between the two conductive portions of the first edge portion, and
a second housing part having two opposite sides, the second housing part including a second edge portion, the second edge portion including two conductive portions and a second non-conductive portion disposed between the two conductive portions of the second edge portion,

wherein the foldable housing is configured such that the first non-conductive portion and the second non-conductive portion are disposed to be in alignment with each other when the foldable housing is fully folded,
wherein a first conductive portion of the two conductive portions of the first edge portion is electrically connected to communication circuitry such that a radio frequency communication signal is transmitted or received via the first conductive portion of the first edge portion, and
wherein a first portion of the flexible display is accommodated in the first housing part, and a second portion of the flexible display is accommodated in the second housing part.

US Pat. No. 11,115,508

WIRELESS COMMUNICATION DEVICE AND CASE ASSEMBLY

HTC CORPORATION, Taoyuan...


1. A case assembly, comprising:a metal case, comprising an inner side and an outer side, the inner side is opposite to the outer side, and comprising a hollow portion and an antenna portion, the hollow portion is adjacent to a side of the antenna portion; and
a plastic cladding body, disposed on the metal case, completely covering the outer side of the metal case, partially covering the inner side of the metal case, and filling in the hollow portion;
wherein a material interface of the metal case and the plastic cladding body is disposed in the hollow portion.

US Pat. No. 11,115,507

SERVICE DISCOVERY

Cable Television Laborato...


1. A service discovery system for facilitating automatic discovery by a device, the device being connected to a first network associated with a gateway configured to interface communications between the first network and a second network, the system comprising:a server processor in operable communication with the gateway; and
a memory having non-transitory instructions stored therein, which, when executed by the server processor, cause the server processor to:register services available over the first network as a function of a device profile transmitted to the gateway by a plurality of IP and non-IP devices connected to the first network; and
provide a formatted listing of the registered services to the device connected to the first network, in response to receipt of a corresponding request for a list of registered services, the formatted listing including an identification of:(i) an address for each service associated with one corresponding device of the plurality of IP and non-IP devices as an address of the corresponding device; and
(ii) an IP address for each service associated with one of the non-IP devices as the IP address of the gateway.



US Pat. No. 11,115,506

INNER VXLAN TUNNEL PACKET DETECTION

LENOVO Enterprise Solutio...


1. An apparatus comprising:a virtual extensible local area network (“VXLAN”) stripper, at an intermediate network device, configured to strip encapsulation headers in layers above a VXLAN packet encapsulating a Layer 2 (“L2”) frame of a data packet in response to receiving the data packet over a VXLAN, the intermediate network device located on a data pathway between VXLAN tunneling endpoints;
a L2 frame type reader, at the intermediate network device, configured to read a L2 frame type stored in a VXLAN header in the VXLAN packet to determine if the L2 frame type is a data protocol or a command protocol, in response to the VXLAN stripper stripping the encapsulation headers; and
a VXLAN re-encapsulator, at the intermediate network device, configured to re-encapsulate the VXLAN packet in a same format as the layers and associated encapsulation headers stripped from the received data packet in response to the L2 frame type, read by the L2 frame type reader, being a data protocol indicating the L2 frame comprises data for transmission.

US Pat. No. 11,115,505

FACILITATING CUSTOM CONTENT EXTRACTION RULE CONFIGURATION FOR REMOTE CAPTURE AGENTS

Splunk Inc., San Francis...


1. A computer-implemented method, comprising:receiving, via a graphical user interface (GUI), input defining a custom content extraction rule, wherein the input specifies:a source field in network packets to be monitored by a remote capture agent, wherein the source field contains structured data,
an extraction rule to be used to extract data from the structured data to obtain extracted data, and
a field name to be used to identify the extracted data in timestamped events to be generated by the remote capture agent;

generating configuration information based on the input;
sending the configuration information to the remote capture agent, wherein the configuration information causes the remote capture agent to generate timestamped events, wherein the timestamped events include extracted data obtained by applying the custom content extraction rule to network packets monitored by the remote capture agent, and wherein the extracted data is identified in the timestamped events using the field name;
receiving the timestamped events from the remote capture agent, wherein each of the timestamped events includes extracted data identified by the field name; and
storing the timestamped events in a data store, wherein storage of the timestamped events in the data store enables execution of queries based on the field name.

US Pat. No. 11,115,504

BATCH PROCESSING FOR QUIC

Microsoft Technology Lice...


1. A system for batched User Datagram Protocol (UDP) processing, the system comprising:at least one processor; and
at least one memory comprising computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the at least one processor to:combine multiple UDP packets into a plurality of packet batches to indicate on a plurality of sockets based at least in part on a packet batch size, each packet batch of the plurality of packet batches to be indicated to a corresponding one of the plurality of sockets with message boundary information to convey the plurality of packet batches to a network stack, the message boundary information indicating portions of a payload of the plurality of packet batches that correspond to a plurality of individual messages and identifying a size of the individual messages corresponding to the payload of each of the UDP packets that have been combined;
perform one call for each indicated socket of the plurality of sockets based on the packet batch size to convey each packet batch of the plurality of packet batches to the network stack, wherein the network stack performs a single look up operation and a single network security inspection operation once per packet batch; and
in response to performing the one call, send the plurality of packet batches via the network stack, wherein (i) on a send operation, the plurality of packet batches are sent from the network stack to a network adapter for transmission over a network, and (ii) on a receive operation, the plurality of packet batches are sent from the network stack to an applicationn, wherein a maximum segment size (MSS) parameter is used to offload generation and attaching of a UDP/IP header to each packet batch, the UDP/IP header and the payloads forming the plurality of packet batches and configured using a QUIC transport layer protocol.


US Pat. No. 11,115,503

SYSTEMS AND METHODS FOR INTERFACING NETWORKS REGARDLESS OF COMMUNICATION SCHEME

Coupang Corp., Seoul (KR...


1. A computer-implemented system for interfacing communication networks, the system comprising:a memory storing instructions; and
at least one processor configured to execute the instructions for:receiving a first message from a first communication network among a set of communication networks;
parsing the first message to obtain a first variable corresponding to the first communication network and a second variable corresponding to a first destination, the first communication network using a first communication protocol and the first destination using a second communication protocol;
converting the first message into a predetermined format for the second communication protocol based on the first variable and the second variable; and
transmitting the first message to the first destination;

wherein converting the first message into the predetermined format comprises: determining an interface map between the first communication protocol and the predetermined format of the second communication protocol; parsing the first message to identify a plurality of data variables; and assigning values of the plurality of data variables of the first message to corresponding data variables of the predetermined format based on the interface map.

US Pat. No. 11,115,502

SYSTEM FOR REAL-TIME MANAGEMENT OF SESSION OBJECTS AND FOR APPLICATION PROGRAMMING INTERFACE (API) MOCKING

Bank of America Corporati...


1. A method for real-time management of a plurality of session objects and for replicating, to a minimum degree sufficient to maintain operability of a virtual assistant application, a plurality of application programming interfaces (APIs), the method comprising:receiving, at a backend services server cluster, the backend services server cluster comprising the plurality of APIs, an API request, from a virtual assistant testing environment;
re-routing the API request from the backend services server cluster to a mocked-up services server located at a remote location from the backend services server cluster, the mocked-up services server is a server that replicates, to the extent necessary to operate an executable executing within the virtual assistant testing environment, the cluster of backend services servers, the replicating comprising replicating a human-like profile, said human-like profile comprising a first name, a date of birth, a state of residence and address information;
processing, at the mocked-up services server, a JavaScript Object Notation (JSON) response to the API request, the JSON response comprising real-time data, the real-time data being based on a profile active at the mocked-up services server;
transmitting the JSON response, from the mocked-up services server to the virtual assistant testing environment, said transmitting being injected into a JSON response channel, said JSON response channel for communications between the backend services server cluster and the virtual assistant testing environment; and
executing, within the virtual assistant testing environment, a feature test, using the received JSON response, wherein the virtual assistant testing environment is oblivious to the rerouting of the request and an origin on the JSON response.

US Pat. No. 11,115,501

GATEWAY, CLIENT DEVICE AND METHODS FOR FACILITATING COMMUNICATION BETWEEN A CLIENT DEVICE AND AN APPLICATION SERVER

TELEFONAKTIEBOLAGET LM ER...


1. A method performed by a gateway for facilitating communication between a client device and an application server by obtaining and using a credential associated with the client device without the client device having to store the credential or provide the credential to the gateway, the method comprising:the gateway obtaining a message transmitted by the client device;
after obtaining the message, the gateway sending a request for an electronically transferable subscriber identity module (SIM), the request comprising an identifier based on an identity of the client device;
the gateway receiving a response indicating that the electronically transferable SIM, generated based on the identifier, is available;
the gateway downloading the electronically transferable SIM;
the gateway storing the downloaded electronically transferable SIM with an association to the client device, thereby associating the downloaded electronically transferable SIM with the client device, wherein the downloaded electronically transferable SIM comprises the credential;
after downloading the electronically transferable SIM, the gateway receiving a client communication transmitted by the client device, wherein the client communication is destined for the application server;
the gateway encrypting the received client communication that was transmitted by the client device using the downloaded electronically transferable SIM that is associated with the client device; and
the gateway forwarding the encrypted client communication to the application server, wherein
the gateway does not send the electronically transferable SIM to the client device.

US Pat. No. 11,115,500

REQUEST ROUTING UTILIZING CLIENT LOCATION INFORMATION

Amazon Technologies, Inc....


1. A computer-implemented method comprising:as implemented by one or more computing devices configured with specific executable instructions:obtaining a domain name system (DNS) query from a client computing device at a first DNS server, wherein the DNS query corresponds to a requested resource associated with an original resource identifier and wherein the first DNS server corresponds to a content delivery network (CDN) service provider;
obtaining a query Internet Protocol (IP) address associated with the DNS query at the first DNS server;
obtaining a location-based identifier associated with the query IP address;
determining a destination identifier associated with the DNS query, wherein the destination identifier is determined based on the location-based identifier; and
selecting a network point of presence associated with the CDN service provider based on the destination identifier.


US Pat. No. 11,115,499

SYSTEMS AND METHODS FOR MANAGING COMPUTER-BASED REQUESTS

MASSACHUSETTS MUTUAL LIFE...


1. A method comprising:displaying, by a server, a dashboard having a plurality of requests on at least one agent computer of a plurality of agent computers, each request having a timestamp corresponding to when each request was received from at least one client computing device of a plurality of client computing devices, each request is associated with an indicator corresponding to a counter value;
retrieving, by the server, a characteristic associated with each client computing device from a database, the characteristic corresponding to a predetermined time period for satisfaction of a service associated with each client computing device, the characteristic associated with each client computing device further corresponding to a grouping of one or more client computing devices;
determining, by the server, whether the timestamp of a request received from the at least one client computing device is within the predetermined time period for the satisfaction of the service associated with its corresponding client computing device;
dynamically incrementing, by the server, the counter value associated with the request upon determining that the timestamp of the request received from the at least one client computing device is within the predetermined time period for the satisfaction of the service associated with its corresponding client computing device;
determining, by the server, whether the counter value satisfies a threshold value indicative of a level of importance for at least one group for the request;
automatically adjusting, by the server, a record of the request displayed on the dashboard to indicate a priority service when the counter value satisfies the threshold value; and
when the record of the request is associated with the priority service, automatically routing, by the server, the request to a first agent computer of the plurality of agent computers available for processing the request.

US Pat. No. 11,115,498

MULTI-PATH MANAGEMENT

INTERDIGITAL CE PATENT HO...


1. A client device, comprising:at least two network interfaces for sending messages to a server based on a transfer protocol;
at least one processor configured for:
upon requests for resources from said server, establishing a master connection with said server at an application layer by creating at least two slave connections at a network layer, wherein each slave connection is bound to one of said at least two network interfaces; and
performing a scheduling operation for distributing requests to said server over the at least two slave connections.

US Pat. No. 11,115,497

TECHNOLOGIES FOR PROVIDING ADVANCED RESOURCE MANAGEMENT IN A DISAGGREGATED ENVIRONMENT

Intel Corporation, Santa...


1. A compute device comprising:an interface to couple the compute device with a plurality of sleds in a disaggregated system; and
circuitry to:obtain a workload to be executed by a set of resources in the disaggregated system;
query, through the interface, a sled from among the plurality of sleds to identify an estimated time to complete execution of a portion of the workload to be accelerated by a field programmable gate array (FPGA) executing a kernel; and
assign, in response to a determination that the estimated time to complete execution of the portion of the workload satisfies a target quality of service associated with the workload, the portion of the workload to the sled for acceleration.


US Pat. No. 11,115,496

DYNAMICALLY-ORGANIZED SYSTEM FOR DISTRIBUTED CALCULATIONS

Advanced New Technologies...


1. A computer-implemented method, comprising:receiving, by an agent node server, a data request from a terminal device requesting a distributed calculation, wherein the distributed calculation is an operation that computes an aggregation of quantitative data associated with a user, and wherein the quantitative data is distributed among a plurality of service node servers such that some service node servers store data to be used in the distributed calculation and some service node servers do not store data to be used in the distributed calculation;
in response to receiving the data request, transmitting, by the agent node server, over a network, an inquiry message to the plurality of service node servers, wherein the inquiry message comprises identification data of the user;
determining, by each service node server of the plurality of service node servers, whether to participate in the distributed calculation based on determining whether the service node server stores quantitative data to be used in the distributed calculation;
sending, by each service node server of a plurality of service node servers storing data to be used in the distributed calculation, a confirmation message to the agent node server representing that the service node server will participate in the distributed calculation;
sending, by at least one service node server that does not store data to be used in the distributed calculation, an obfuscation message to the agent node server;
receiving, over the network, by the agent node server, a plurality of confirmation messages and at least one obfuscation message, the confirmation messages and the at least one obfuscation message defining which of the plurality of service node servers store data to be used in the distributed calculation and which of the plurality of service node servers that do not store data to be used in the distributed calculation will serve as obfuscation servers for the distributed calculation; and
performing the distributed calculation using the plurality of service node servers storing data to be used in the distributed calculation and one or more of the plurality of service node servers that do not store data to be used in the distributed calculation.

US Pat. No. 11,115,495

SERVER, METHOD OF CONTROLLING SERVER, AND PROGRAM

GREE, Inc., Minato-ku (J...


1. A server comprisingcircuitry configured to:
receive a first signal relating to a first image from a first communication terminal;
receive a second signal relating to a second image from the first communication terminal or from a second communication terminal different form the first communication terminal; and
transmit third image data corresponding to a third image different from the first image and the second image to an origin communication terminal which has transmitted the first signal and the second signal to the server when the first image and the second image satisfy a certain combination requirement that is determined by comparing a combination of the first and second images against a plurality of predetermined combinations of images to determine whether the certain combination requirement is satisfied, wherein
when the server receives the second signal from the first communication terminal, the origin communication terminal is the first communication terminal, and
when the server receives the second signal from the second communication terminal, the origin communication terminal is both the first communication terminal and the second communication terminal,
wherein the third image is different from the first image and second image at least in that neither of the first and second images are included in the third image.

US Pat. No. 11,115,494

PROFILE CLUSTERING FOR HOMOGENOUS INSTANCE ANALYSIS

INTERNATIONAL BUSINESS MA...


1. A computer-implemented method comprising:collecting, by a processor, for each of a plurality of homogenous instances in a cloud computing environment, respective profiling information, the profiling information comprising counter data;
generating a map based on the collected profiling information, wherein the map comprises associations between process identifiers, code modules, and effective address ranges;
identifying a code unit for analysis;
aggregating counters corresponding to the code unit for each of the plurality of homogenous instances from the respective profiling information, wherein aggregating the counter data corresponding to the code unit comprises looking up an effective address of sampled code in the code unit, and process identifier of the code unit, in the map; and
determining a cluster comprising a subset of the plurality of homogenous instances based on the aggregated counters.

US Pat. No. 11,115,493

SYSTEMS AND METHODS FOR DECREASING LATENCY IN DATA PACKET PROVISION

PEARSON EDUCATION, INC., ...


1. A system comprising:a server comprising a computing device coupled to a network and including at least one processor executing within a memory instructions which, when executed, cause the system to:select, from a user profile database coupled to the network, a unique identifier for a user;
generate, based on at least one historic attribute associated in the user profile database with the unique identifier, a model predicting a likelihood of inputting, by the user, a correct response to a question stored in association with a response data as a data packet, and further associated with a learning material within a content library database;
identify, based on the model, a plurality of potential next actions according to at least one possible user response to the question, input by the user;
transmit the question through the network to be displayed on a user device operated by the user;
receive a user response to the question, input by the user; and
automatically select a next action from the plurality of potential next actions, according to the user response, further comprising:updating, based on the user response to the question:a user profile, in the user profile database, for the user, and
an updated plurality of potential next actions;

selecting, from the updated plurality of potential next actions, an updated next action for the user; and
generating a contingent recommendation according to the updated next action; and

transmit the contingent recommendation through the network to the user device, wherein the contingent recommendation is generated as a function of the model.


US Pat. No. 11,115,492

METHODS AND SYSTEM FOR DETERMINING PARAMETERS FOR A PRODUCT BASED ON ANALYSIS OF INPUT MEDIA

eBay, Inc., San Jose, CA...


1. A computer-implemented method, comprising:capturing, by a camera of a virtual assistant device, input media that includes a graphical representation of a user performing an activity;
generating, by the virtual assistant device, activity characteristics data by processing the input media using a trained image recognition model configured to automatically identify the activity and at least one characteristic of the activity, the activity characteristics data defining:task sequence characteristics that indicate a plurality of tasks that are performed by the user during performance of the activity; and
output characteristics that indicate an output that is produced by the user resulting from performance of the activity;

determining, by the virtual assistant device, a first duration of time indicating an amount of time spent by the user during the performing the activity based on the input media;
determining, by the virtual assistant device, parameters for a product based on the activity characteristics data, the product being usable for completing the activity without performing at least one of the plurality of tasks and in a second duration of time that is less than the first duration of time;
responsive to determining the parameters for the product based on the activity characteristics data:communicating, by virtual assistant device, a message to a device disposed with the user, the message specifying the product and describing a difference between the first and second durations of time; and
initiating, by the virtual assistant device, purchase of the product without input from the user.


US Pat. No. 11,115,491

RESIDENTIAL CACHE APPLIANCE UTILIZING A SOCIAL NETWORK

Facebook, Inc., Menlo Pa...


1. A method, comprising:receiving, at a system including one or more servers, an indication to share a content item associated with a residential cache appliance and a first social networking account, wherein the residential cache appliance is at least in part managed in association with the first social networking account;
associating, at the system including the one or more servers, a network address of the residential cache appliance with the content item;
maintaining, at a storage associated with the system, a cache map of available residential cache appliances to implement a distributed cache store, wherein for one or more of the available residential cache appliances, the cache map identifies at least an associated social networking account, an associated network address, associated cache appliance stored content items, and an associated setting;
receiving, at the system and from a requester device associated with a second social networking account, a request for the content item; and
in response to the request, directing, by the system based at least in part on the cache map, the requester device to the residential cache appliance to obtain at least a portion of the content item.

US Pat. No. 11,115,490

HOST BASED READ CACHE FOR SAN SUPPORTING NVMEF WITH E2E VALIDATION

EMC IP Holding Company LL...


1. A method, comprising:providing a shared non-volatile memory express over fabric (NVMeF)/remote direct memory access over converged ethernet (RoCE) space among designated client systems;
upon a first read operation for data from one of the client systems to a storage array, receiving metadata with a read response from the storage array, the read response including the data from the storage array, the metadata including a location of the data based on a drive number associated with a drive, an offset for the data on the drive, and a signature for the data;
performing, by the one of the client systems, a second read operation for the data to the storage array, the second read operation using the metadata to perform a direct non-volatile memory express over fabric (NVMeF) read from the storage array and bypassing a software stack of the storage array; and
upon receiving the data at the one of the client systems, using the signature from the metadata to perform validation on the data;
wherein each of the client systems in the shared NVMeF/RoCE space is provided with its own copy of the metadata that enables the client systems to perform the second read operation bypassing the software stack.

US Pat. No. 11,115,489

CROSS-DOMAIN BROKERING PROTOCOL CLOUD PROXY

Citrix Systems, Inc., Fo...


1. A system comprising:one or more virtual desktop applications (VDAs) executing on a first physical computing device and hosted within a customer domain;
one or more desktop delivery controllers (DDCs) executing on a second physical computing device and hosted within one or more service provider domains different from the customer domain, wherein the one or more DDCs are configured to provide broker services to the one or more VDAs;
a broker proxy module hosted within the customer domain; and
a plurality of VDA proxy modules hosted within the one or more service provider domains,
wherein the broker proxy module is configured to:receive, from one or more of the plurality of VDA proxy modules, metrics associated with a health of the broker services;
receiving, from the one or more VDAs, a request for broker services;
determine, based on the metrics, a first VDA proxy module of the plurality of VDA proxy modules; and
send, to the first VDA proxy module, the request for broker services, wherein the first VDA proxy module is configured to transmit the request to the one or more DDCs as if the one or more VDAs and the one or more DDCs were hosted within a single domain.


US Pat. No. 11,115,488

EVENT TRACKING AND NOTIFICATION BASED ON SENSED DATA

Bank of America Corporati...


1. A method, comprising:receiving event data, wherein the event data is indicative of previous events for an entity;
obtaining at least one event parameter about the entity;
extracting a subset of the event data based on the at least one event parameter;
detecting a first event characteristic from the subset based on the at least one event parameter;
receiving sensed data about the entity;
detecting a first current event from the sensed data;
detecting whether a first joint occurrence of the first current event and the detected first event characteristic has occurred;
determining a first action about the entity when the first joint occurrence is detected;
detecting a third event characteristic from the subset based on the at least one event parameter;
detecting a third current event and a fourth current event from the sensed data;
obtaining a correlation measure of the third current event and the third event characteristic, wherein the correlation measure is greater than a predetermined threshold and wherein the correlation measure is indicative of how likely that the third current event and the third event characteristic occur together;
detecting whether a fourth joint occurrence of the correlation measure and the fourth detected current event has occurred;
determining a fifth action about the entity when the fourth joint occurrence is detected;
selecting a first client computing device from a plurality of client computing devices;
generating a first notification message indicative of the first action and the fifth action; and
sending, to the first client computing device, the first notification message directing the first client computing device to perform the first action and the fifth action.

US Pat. No. 11,115,487

SERVER AND METHOD FOR SERVICE MATCHING AND RESOURCE MATCHING

FREE BIONICS TAIWAN INC.,...


1. A resource matching method for use in a server, the method comprising:storing, by the server, a first resource available information and a second resource available information, wherein the first resource available information corresponds to an equipment owner identification, the first resource available information comprises a first equipment information, a first location information and a first time information which correspond to an equipment;
receiving, by the server, a user request from a user device, wherein the user request comprises an equipment request, a location request and a time request;
determining, by the server, that the equipment request matches the first equipment information, the location request matches the first location information and the time request matches the first time information;
creating, by the server, a first list based on the determination of that that the equipment request matches the first equipment information, the location request matches the first location information and the time request matches the first time information, wherein the first list records the equipment with the equipment owner identification;
transmitting, by the server, the first list to the user device so that the user device selects the equipment and transmits a first response message;
receiving, by the server, the first response message;
determining, by the server, a resource matching information according to the first response message and the second resource available information in response to the user request; and
transmitting, by the server, the resource matching information to the user device.

US Pat. No. 11,115,486

DATA RE-USE ACROSS DOCUMENTS

Microsoft Technology Lice...


1. A method performed by a computing system, the method comprising:receiving, at a data store, data from a source application;
storing, at the data store, the data as a persistent data object that is compatible with a plurality of applications and document types;
associating, by the computing system, the persistent data object with a unique identifier;
in response to a request for the persistent data object, accessing the persistent data object based on its unique identifier;
sending the persistent data object to a first computing device programmed to execute a destination application configured to incorporate, by the destination application, the persistent data object into a destination document;
receiving, at the data store from a second computing device, an update to the persistent data object, the update generated in a user document edited by the second computing device; and
in response to determining that the persistent data object has been incorporated by the first computing device in the destination document, sending, by the data store to the first computing device, data indicative of the update to the persistent data object, the destination application programmed to update the persistent data object as incorporated in the destination document;
wherein the persistent data object is associated with a class that is associated with class-specific logic that is operable to enable the destination computing device to render the data independently of rendering capabilities of the destination application; and
wherein the persistent data object is associated with a grouping mechanism, and wherein the persistent data object is associated with a shared attribute value that indicates which group the persistent data object belongs to.

US Pat. No. 11,115,485

NETWORK-BASED SYSTEM FOR CONNECTING MOBILE NETWORK USERS


1. A social interaction system, comprising:a network-connected server executing software from a non-transitory medium coupled to a data repository;
a plurality of network-connected smart phones by which individual members are enabled to communicate with the server and with one another, each smart phone executing a global-positioning system (GPS) application, and each smart phone associated with a specific individual member;
an application executing on individual ones of the smart phones, the application providing interactive interfaces on a touch screen of the smart phones by which the individual members are enabled to interact with functions of the server and with smart phones of other individual members, the functions provided through execution of the software at the server;
individual member profiles stored in the data repository created by the individual members using specifically the smart phone associated with the individual member, the member profiles comprising photographs captured by the smart phone associated with the individual member creating the profile, a biography comprising age, education, gender, birthplace, education history, and professional history, a greeting video created by the individual member using the smart phone associated with the individual member creating the profile, and a list of interests;
business profiles stored in the data repository identifying business members of the social interaction system, the business profiles comprising name, nature and location of the business, and information regarding real-time activity at the business;
wherein the system dynamically creates geographic regions determined by OPS coordinates of both individual members whose smart phones are active, GPS location of member businesses and GPS proximity of the individual member's active smart phones and GPS locations of member businesses, and wherein, upon a first member becoming active in a specific region by logging into the application using the network-connected smart phone, the system presents to that newly active first member on the touch screen of the smart phone associated with that member, a specific list of activity interests, and invites the first member to select one or more of the activity interests presented, wherein, upon the first member selecting one or more of the activity interests, indicates to the first member an identifier and a photo from the profiles for second members who are both active in the same region, and who have selected an activity interest common to one of the activity interests selected by the first member, and wherein the first member is then enabled by a specific touchscreen action to communicate to the system at the server an interest in one of the second members active in the same region and having indicated a common activity interest, and wherein the system then indicates to the second member the interest of the first member, and enables the second member to respond interested or not interested, and if the response of the second member is interested, declares a match, and, upon a match being declared the first member is enabled by links in an interactive interface on the touchscreen of the smart phone, to access the biography in the second members profile, to initiate a telephone call initiated through the system without revealing the first member's telephone number, to send the greeting video from the first member's profile, to send a text message, and to activate communication by Facetime™ or Skype™, and wherein the first and second members matched are made aware of member businesses within the region, and wherein information about member businesses active in the region a provided to both the first and the second member either by link or by pop-up window, enabling the matched members to meet at one or another of the active member businesses in the region.

US Pat. No. 11,115,484

CONTROL APPARATUS AND CONTROL METHOD

FUJITSU LIMITED, Kawasak...


1. A control apparatus comprising:one or more memories configured to store a reception history; and
one or more processors coupled to the one or more memories, the one or more processors being configured toin response to reception of a first message which has a first timestamp indicating a time point at which the first message has been generated, obtain a group from among one or more of messages stored in the reception history, each of the one or more messages stored in the reception history being a message which has been received prior to the received first message, the obtained group including a part of or whole of the one or more messages stored in the reception history, each message included in the obtained group having a second timestamp which indicates a time point at which the each message has been generated, the time point indicated by the second timestamp being a time point later than a time point indicated by a first timestamp associated with the received first message,
in response to the obtaining of the group, generate a correction notification by using each message included in the obtained group, the correction notification including first information with respect to the first message and second information with respect to each message included in the obtained group, and
in response to the generating of the correction notification, transmit the generated correction notification to an apparatus to which the first message is to be transmitted next, the transmitting of the generated correction notification being configured to cause the apparatus to correct order of processes in accordance with the first message indicated by the first information and the each message indicated by the second information.


US Pat. No. 11,115,483

METHODS AND APPARATUS FOR CENSUS AND PANEL MATCHING USING SESSION IDENTIFIERS POSITIONED IN AN HTTP HEADER

The Nielsen Company (US),...


1. A method comprising:retrieving a first session identifier linked to a device, the device generating a request for media;
positioning the first session identifier in a hypertext transport secure (HTTPS) header property of a network message;
transmitting the first session identifier in the HTTPS header property of the network message to a proxy server for parsing of the HTTPS header property to retrieve the first session identifier, wherein the first session identifier is a census identifier for a session generated as a result of the request for the media; and
transmitting a second session identifier positioned in the HTTPS header property when the second session identifier is different from the first session identifier.

US Pat. No. 11,115,482

SYSTEM AND METHOD FOR CORRELATING KEEP-ALIVE CONNECTION COMMUNICATIONS WITH UNARY CONNECTION COMMUNICATIONS

XEVO INC., Bellevue, WA ...


1. A computer-implemented method, comprising:storing configuration information that maps topic connection information for a keep-alive connection between a head unit of a vehicle and a connection broker with microservice connection information for one or more microservices;
subscribing with the connection broker to one or more topics associated with the one or more microservices via the keep-alive connection based on the configuration information;
receiving, from the connection broker, a message published to the keep-alive connection having a published topic that corresponds to a subscribed topic of the one or more subscribed topics;
selecting the microservice connection information that maps to the published topic for the message based on the configuration information;
establishing a unary connection with a microservice of the one or more microservices based on the selected microservice connection information; and
providing payload information from the message to the microservice via the unary connection.

US Pat. No. 11,115,481

TRANSMISSION CONTROL OF PROTOCOL STATE EXCHANGE FOR DYNAMIC STATEFUL SERVICE INSERTION

A10 Networks, Inc., San ...


1. A system for a Transmission Control Protocol (TCP) state handoff of a data traffic flow, the system comprising:a hardware state machine unit operable to:determine a TCP state at predetermined times, wherein the TCP state includes data concerning a session between a client and a server;

a hardware transaction processing unit operable to:receive a request to apply a predetermined policy to the session, the session being processed by the hardware transaction processing unit, wherein the applying the predetermined policy includes transferring the processing of the session to a hardware access control unit; and
based on the request, transferring the processing of the session from the hardware transaction processing unit to the hardware access control unit by sending a session request associated with the session between the client and the server to the hardware access control unit; and

the hardware access control unit operable to:based on the session request, process the session based on the TCP state, the processing including:re-establishing, by the hardware access control unit, the session between the client and the server based on the TCP state, the hardware access control unit acting exclusively as a proxy between the client and the server in the session;
communicating data packets associated with the session by:receiving, by the hardware access control unit, a first portion of the data packets directly from the client and sending, by the hardware access control unit, the first portion of the data packets directly to the server; and
receiving, by the hardware access control unit, a second portion of the data packets directly from the server and sending, by the hardware access control unit, the second portion of the data packets directly to the client; and

applying the predetermined policy to the data packets associated with the session.



US Pat. No. 11,115,480

LAYER FOUR OPTIMIZATION FOR A VIRTUAL NETWORK DEFINED OVER PUBLIC CLOUD

VMWARE, INC., Palo Alto,...


1. A method of performing a layer 4 (L4) connection split operation on a first computer that is along a path traversed from a source machine to a destination machine, the method comprising:at the first computer that is along the path with a second computer, both the first and second computers deployed in cloud datacenters and operating as cloud relays that perform L4 connection splits between machines operating outside of the cloud datacenters, the machines including the source and destination machines:creating a plurality of pre-established connections with the second computer and instantiating a plurality of connection-handling threads for processing connection requests as the connection requests are received before receiving a connection request from the source machine for a connection to the destination machine;
receiving, from the source machine, the connection request for a connection to the destination machine;
selecting a particular connection from the plurality of pre-established connections; and
using the particular connection with the second computer, and a previously instantiated connection-handling thread, to relay the received connection request from the source machine to the destination machine.


US Pat. No. 11,115,479

ENHANCED ONLINE PRIVACY

Google LLC, Mountain Vie...


1. A method, comprising:assigning, to a client device and by a service apparatus, a given service identifier that uniquely represents the user in a service domain of the service apparatus;
receiving, by a service apparatus and from a client device, tag information in a network call to the service apparatus that was generated by firing of a tag embedded in a resource of a publisher, the tag information specifying a given publisher identifier for the publisher and a client identifier that is (i) assigned to a user of the client device by the publisher and (ii) uniquely represents the user of the client device in a publisher domain of the publisher, wherein the service domain differs from the publisher domain, and the given service identifier assigned by the service apparatus differs from the client identifier assigned by the publisher;
creating, by the service apparatus and in a data structure, a mapping of the given service identifier to the client identifier;
receiving, from the publisher and by way of an application programming interface (API), a list of client identifiers that have been (i) assigned to a set of users by the publisher and (ii) uniquely represent each user in the set of users in the publisher domain;
determining that the list of client identifiers received from the publisher includes the client identifier that (i) was received in the tag information, (ii) is mapped to the given service identifier in the data structure, and (iii) uniquely represents the user of the client device in the publisher domain;
storing, by the service apparatus, the given service identifier that is mapped to the client identifier in a list of matched service identifiers based on the determination that the list of client identifiers includes the given client identifier;
receiving, by the service apparatus, multiple content requests from multiple different client devices accessing services provided by the service apparatus in the service domain; and
responding to the content requests based on whether the client devices provide service identifiers that are included in the list of matched service identifiers, including:transmitting first content reserved for the set of users that are assigned a client identifier in the list of client identifiers a corresponding service identifier that is included in the list of matched service identifiers; and
transmitting second content that is not reserved for the set of users that are assigned a client identifier in the list of client identifiers in response to the content request not including the corresponding service identifier that is included in the list of matched service identifiers.


US Pat. No. 11,115,478

COMPUTER SYSTEM AND METHODS PROVIDING VIRTUAL COMPUTING SESSION CONNECTIONS AND RE-DIRECTS BASED UPON ORDERED LIST OF VIRTUAL DELIVERY AGENTS

CITRIX SYSTEMS, INC., Fo...


1. A computer system comprising:a plurality of client computing devices; and
a plurality of virtual delivery agents (VDAs) configured to connect the client computing devices with virtual computing sessions provided by a plurality of host computing devices;
wherein the client computing devices are configured to request virtual computing sessions from the VDAs using respective connection leases including an ordered list of VDAs, and when requesting a new virtual computing session, each client computing device sending a new session request to a first VDA in the ordered list of its connection lease and, if unable to connect to a virtual computing session through the first VDA, continuing to request a new session from each of the remaining VDAs in the list in descending order until receiving a connection with a new virtual computing session;
wherein the VDAs are configured to re-direct new session requests from the client computing devices to a lower VDA in the ordered list when existing virtual computing sessions for the client computing devices are already active with the host computing device associated with the lower VDA;
wherein at least some of the client computing devices have different ordered lists of VDAs.

US Pat. No. 11,115,477

SESSION CONTROL APPARATUS, SESSION CONTROL METHOD, AND PROGRAM

OMRON Corporation, Kyoto...


1. A session control apparatus for controlling a session between a processing module and a first device that outputs input data to the processing module,the processing module being configured to generate, based on at least one piece of the input data, output data different from the at least one piece of input data,
the processing module storing a defined condition regarding a quality of the input data,
the session control apparatus comprising a processor configured with a program to perform operations comprising:
operation as a switching determination unit configured to determine whether a second device is to be selected, based on a determination as to whether the first device fails to satisfy the condition based on extracting metadata from the input data and checking a quality of the metadata;
operation as a selection unit configured to select the second device in response to the input data failing to satisfy the condition; and
operation as a switching unit configured to switch from the first device and the second device such that the second device outputs data to the processing module.

US Pat. No. 11,115,476

SYSTEM FOR AND METHOD OF CONTROLLING OPERATIONS OF A CAR WASH

DRB SYSTEMS, LLC, Akron,...


1. A method of controlling operations of a car wash comprising:positioning at least one tertiary computing device having one or more processors and a touch screen display along a pathway extending through a tunnel of the car wash;
storing, in memory of at least one secondary server computing device having one or more processors, a workflow executed on the at least one tertiary computing device and including data defining at least a first plurality of actions, a screen display associated with each of the first plurality of actions, a first plurality of graphical elements displayed in one or more of the screen displays associated with the first plurality of actions, and a first predetermined order of displaying the screen displays associated with the first plurality of actions;
fetching, from the at least one secondary server computing device, with the at least one tertiary computing device, the screen displays associated with the first plurality of actions;
positioning the at least one secondary server computing device on-site at the car wash with the at least one tertiary computing device;
displaying, with the touch screen display of the at least one tertiary computing device, successively according to the first predetermined order, each screen display of the screen displays associated with the first plurality of actions;
receiving, with the touch screen display of the at least one tertiary computing device, one or more customer inputs during said displaying;
communicating, from the at least one tertiary computing device to the at least one secondary server computing device, the one or more customer inputs received during said displaying;
directing a command, from the at least one secondary server computing device to at least one electromechanical device within the tunnel of the car wash, in response to the one or more customer inputs received during said communicating;
storing the workflow in a memory of a primary server computing device having one or more processors, off-site of the car wash, in addition to said storing in the memory of the at least one secondary server computing device;
controlling, with at least one of the primary server computing device and the at least one secondary server computing device, a first portion of the data of the workflow from an alteration through the at least one secondary server computing device, wherein the first portion of the data of the workflow includes the first plurality of actions and the first predetermined order;
executing, on at least one of the primary server computing device and the at least one secondary server computing device, a workflow builder module to alter a second portion of the data of the workflow;
said executing also including controlling a second display, with the at least one secondary server computing device, to concurrently display:the first portion of the data of the workflow as a flow diagram including a first plurality of symbols including a start symbol and an end symbol, the first plurality of symbols disposed along a primary path between the start symbol and the end symbol, wherein each symbol of the first plurality of symbols corresponds to at least one of the first plurality of actions and to the respective screen display, the first plurality symbols arranged along the primary path according to the first predetermined order, and
the second portion of the data of the workflow including a first plurality of buttons, each selectable by a user of the workflow builder module, and at least one sub-path, displayed in response to selection of one of the first plurality of buttons, that branches away from a first predetermined position along the primary path and rejoins the primary path at a second predetermined position along the primary path, wherein both the first predetermined position and the second predetermined position lie between the start symbol and the end symbol along the primary path, wherein at least one symbol is disposed along the at least one sub-path between the first predetermined position and the second predetermined position, wherein the at least one symbol disposed along the at least one sub-path corresponds to at least one action not included in the first plurality of actions and to a screen display associated with the at least one action and not included in the first plurality of screen displays; and

displaying, with the display of the at least one tertiary computing device, the screen display not included in the first plurality of screen displays in addition to at least most of the screen displays associated with the first plurality of actions after said controlling the second display.

US Pat. No. 11,115,475

SOFTWARE-DEFINED IMPLANTABLE ULTRASONIC DEVICE FOR USE IN THE INTERNET OF MEDICAL THINGS

Northeastern University, ...


1. A method of controlling a plurality of networked medical devices, the method comprising the steps of:(a) providing a system comprising:an RF/ultrasound communication device;
one or more ultrasound communication devices implantable within a body and capable of ultrasound communication with the RF/ultrasound communication device, each of the ultrasound communication devices comprising:a communication unit comprising an ultrasonic transceiver to transmit and receive ultrasonic signals, the communication unit configured to transmit and receive the ultrasonic signals through biological tissue to and from communication units of other implanted or wearable medical devices in the network of devices, and
a processing unit in communication with the communication unit, the processing unit including a core unit comprising:a logic device including a physical layer of a protocol stack, and
a controller unit including upper layers of the protocol stack, the upper layers including at least a link layer and an application layer, the controller unit further including a data processing module at the application layer for communication with a sensor or actuator,
wherein the link layer is connected with the logic device to send parameters to the physical layer for transmission of ultrasonic signals through the biological tissue and with the data processing module to transfer data or parameters to or from the sensor or actuator, and

wherein the processing unit further comprises an energy management module operative to adjust power usage based on operating requirements by automatically sending signals to wake-up, power up, shut down electronic components, to adjust at runtime a core clock frequency according to processing power required, and to select at runtime a low-power mode; and

one or more sensing devices and/or one or more actuating devices, each in communication with one of the ultrasound communication devices of the system;

(b) configuring the protocol stack and logic device of each ultrasound communication device in the system;
(c) acquiring data from the one or more sensing devices and optionally processing the data;
(d) optionally communicating the data using the RF/ultrasound communication device, an access point, and the internet to a physician;
(e) optionally receiving reprogramming instructions using the RF/ultrasound communication device, access point, and internet;
(f) optionally reconfiguring the protocol stack and logic device of one or more selected ultrasound communication devices in the system in response to the reprogramming instructions; and
(g) optionally causing one or more of said actuating devices to change their actuation state.

US Pat. No. 11,115,474

DATA TRANSMISSION AND NETWORK INTERFACE CONTROLLER

Advanced New Technologies...


1. A computer-implemented method, comprising:obtaining, by a first RDMA network interface controller of a first host, m data packets;
sending, by the first RDMA network interface controller, the m data packets to a second RDMA network interface controller of a second host;
backing up, by the first RDMA network interface controller, the m data packets;
determining, by the first RDMA network interface controller, that the second RDMA network interface controller does not receive n data packets of the m data packets; and
in response to determining that the second RDMA network interface controller does not receive n data packets of the m data packets(i) obtaining, by the first RDMA network interface controller, the n data packets from the m data packets that have been backed up by the first RDMA network interface controller, and
(ii) retransmitting, by the first RDMA network interface controller, the n data packets that have been obtained by the first RDMA network interface controller from the m data packets that have been backed up by the first RDMA network interface controller, to the second RDMA network interface controller.


US Pat. No. 11,115,473

REDUNDANT STORAGE GATEWAYS

Amazon Technologies, Inc....


1. A system, comprising:a data store on a provider network of a service provider that provides a storage service to clients on a plurality of client networks via one or more storage gateways on each of the client networks, wherein the storage gateways on the client networks act as interfaces, between one or more client processes on the client networks and the storage service, to access client data maintained on the data store by the storage service, and wherein for a particular client network comprising a group of redundant storage gateways, the data store is configured with respective volumes for each storage gateway of the group of redundant storage gateways; and
one or more processors and memory storing program instructions that implement a gateway control of the provider network configured to manage relationships between the respective volumes and the group of redundant storage gateways on the particular client network.

US Pat. No. 11,115,472

DISTRIBUTED CLOUD FILE STORAGE

Pryon Incorporated, Rale...


1. A method for storing distributed data, comprising:dividing a set of data into at least a first portion and at least a second portion;
transmitting the at least first portion to a first storage service provider; and
transmitting the at least second portion to a second storage service provider;
wherein dividing the set of data into the at least the first portion and the at least the second portion comprises:dividing the set of data at a user terminal into at least three different portions according to a confidential division technique recorded at the user terminal, wherein the confidential division technique specifies a sequence for assigning different parts of the set of data to each of the at least three different portions, and additionally specifies two or more different storage service providers to respectively send the at least three different portions;

and wherein each of the at least three different portions is smaller than the set of data, with each portion including redundant data corresponding to data included in at least another one of the at least three different portions such that complete reconstruction of the set of data is achieved with fewer than the at least three different portions retrieved from respective ones of the two or more different storage service providers.

US Pat. No. 11,115,471

IDENTIFYING AND MITIGATING CONFIGURATION ITEM FLAPPING

ServiceNow, Inc., Santa ...


1. A computational instance comprising:a persistent storage that contains:a plurality of configuration item (CI) records corresponding to a set of computing devices disposed within a managed network, a set of software applications configured to execute on the set of computing devices, and a network-based service that is provided by execution of the set of software applications, wherein the managed network is associated with the computational instance, and wherein the persistent storage contains a definition of a service model that represents the set of computing devices, the set of software applications, and relationships therebetween that facilitate providing the network-based service; and
a set of program instructions;

a processor configured to execute the program instructions; and
one or more server devices configured to:
receive, from the managed network, an indication of a change to a CI record of the plurality of CI records, wherein the indication specifies a new value for a field of the CI record,
add, to a flapper candidates table in the persistent storage, the new value for the field of the CI record, wherein the flapper candidates table stores at least one old value for the field of the CI record,
determine, using a flapper detection strategy, flapper strategy data based on the new value for the field of the CI record and at least one old value for the field of the CI record, wherein determining the flapper strategy data comprises:determining an amount of times the value of the field of the CI record has changed during a time period,
determining whether the amount of times exceeds a threshold, and
adjusting a confidence level in accordance with whether the amount of times exceeds the threshold, and

determine, based on the flapper strategy data, whether to trigger a re-computation of the service model, wherein determining whether to trigger the re-computation of the service model comprises determining whether the confidence level exceeds a threshold confidence.

US Pat. No. 11,115,469

EFFICIENT UPDATES WITHIN A DISPERSED STORAGE NETWORK

INTERNATIONAL BUSINESS MA...


1. A method for execution by a computing device in a dispersed storage network (DSN), the method comprises:determining that a first dispersed data source of a plurality of dispersed data sources of the DSN is to be updated in a first update, wherein the first update requires retrieval of a set of encoded data slices from one or more regions in the DSN;
determining whether the first update to the first dispersed data source of the plurality of dispersed data sources of the DSN can be delayed for a period of time;
when the first update to the first dispersed data source can be delayed for the period of time: determining whether a second update is pending for the first dispersed data source, wherein the second update requires retrieval of at least some of the set of encoded data slices;
when the second update is pending: determining a processing efficiency of aggregating the first update and the second update based on processing requirements to perform the first and second updates; and determining whether the determined processing efficiency of aggregating the first update and the second update equals or exceeds an update processing efficiency threshold; and
when the processing efficiency of aggregating the first update and the second update equals or exceeds the update processing efficiency threshold: performing an aggregate update to the first dispersed data source for the first update and the second update to produce an aggregate updated first dispersed data source, wherein performing the aggregate update comprises retrieving the set of encoded data slices; and
when the first update to the first dispersed data source cannot be delayed: processing the first update to produce an updated first dispersed data source, wherein the first update to produce the updated first dispersed data source includes retrieval of the set of encoded data slices.

US Pat. No. 11,115,467

SYSTEMS AND METHODS TO DISCOVER AND NOTIFY DEVICES THAT COME IN CLOSE PROXIMITY WITH EACH OTHER

Neeraj Jhanji, Singapore...


1. An electronic device of a first user comprising:one or more processors;
a display coupled to the one or more processors; and
one or more computer-readable media storing instructions executable by the one or more processors, wherein the electronic device is a first electronic device of a plurality of electronic devices, and wherein the one or more processors of the first electronic device are configured to:
connect with a second electronic device of a second user of the plurality of electronic devices over a first peer-to-peer wireless network link when the second electronic device is within a communicable range of the first electronic device;
send to the second electronic device over the first peer-to-peer wireless network link, a first unique code generated by the first electronic device, wherein the first unique code corresponds to a first user identifier of the first electronic device, both the first unique code and the first user identifier are stored on the first electronic device;
receive from the second electronic device, over the first peer-to-peer wireless network link, a second unique code generated by the second electronic device, the second unique code being unique to the second electronic device, wherein the second unique code corresponds to a second user identifier of the second electronic device, both the second unique code and the second user identifier are stored on the second electronic device;
store on the first electronic device, the second unique code;
store on the first electronic device, information indicating the proximity of the second electronic device and the time when it is within the communicable range of the first electronic device;
retrieve from a coupled backend database stored in a cloud, a third unique code wherein the third unique code is a unique code of an electronic device; and
upon determining that the third unique code matches the second unique code received by the first electronic device from the second electronic device over the first peer-to-peer wireless network link, display a notification on the first electronic device.

US Pat. No. 11,115,466

DISTRIBUTED NETWORK SERVICES

VMWARE, INC., Palo Alto,...


1. A method for managing a set of load balancers that perform a load balancing service for a plurality of target application instances, the method comprising:collecting state information relating to data messages that the set of load balancers distribute to the plurality of target application instances, the plurality of load balancers and target application instances executing on a plurality of physical devices with at least a set of load balancers executing on a set of physical devices on which a set of target application instances execute;
generating aggregated state information from the collected state information;
distributing the aggregated state information to at least a subset of the plurality of load balancers to cause the subset of load balancers to adjust how they distribute new data message flows to the plurality of target application instances; and
providing to each load balancer in the subset of load balancers a set of numerical values that the load balancer uses to spread the data messages among the target application instances as part of an initial configuration of the load balancer,
wherein each load balancer in the subset of load balancers spreads the data messages among the target application instances based on the set of numerical values, and each load balancer in the subset of load balancers that receives the aggregated state information adjusts the load balancer's set of numerical values based on the aggregated state information.

US Pat. No. 11,115,465

ACCESSING ENDPOINTS IN LOGICAL NETWORKS AND PUBLIC CLOUD SERVICE PROVIDERS NATIVE NETWORKS USING A SINGLE NETWORK INTERFACE AND A SINGLE ROUTING TABLE

NICIRA, INC., Palo Alto,...


1. For a managed forwarding element (MFE) executing within a data compute node (DCN) that operates on a host computer of a public cloud datacenter to process traffic for applications executing on the DCN, a method comprisingat a first interface of the MFE, receiving a first packet from a network manager application that executes on the DCN;
transmitting the first packet to an underlay network of the public cloud datacenter without encapsulating the first packet;
at a second interface of the MFE associated with a first network address of an overlay network to which the DCN is connected, receiving a second packet that is (i) from a tenant workload application and (ii) addressed to a second network address of the overlay network; and
encapsulating the second packet and transmitting the encapsulated second packet to the underlay network of the public cloud datacenter to be forwarded to a destination corresponding to the second network address of the overlay network.

US Pat. No. 11,115,464

SERVER APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT

Kabushiki Kaisha Toshiba,...


1. A server apparatus comprising:a memory that stores software instructions therein; and
one or more hardware processors electrically coupled to the memory and, by executing the software instructions, configured to perform:
first reception, to receive, from at least one first client apparatus, at least one piece of first reception data, each first reception data including:identification information for identifying the first client apparatus; and
first acquired data that is acquired by the first client apparatus and that is corresponding to the identification information;

second reception, to receive, from at least one second client apparatus, at least one piece of second reception data, each second reception data including:first criterion including a first threshold for determining the first acquired data, and
the identification information for identifying the first client apparatus that transmits the first acquired data determined by the first criterion;

group classification, to perform classifying of a plurality of first client apparatuses into one or more groups based on group information defined based on the identification information for identifying the first client apparatus;
second criterion selection, to select, as a second criterion for each of the one or more groups and from the first criterion that is used for determining the first acquired data received from at least one first client apparatus included in the group, a first criterion including a minimum first threshold among a plurality of first thresholds included in first criteria when the first criterion that is used for determining the first acquired data is a criterion for determining whether the first acquired data is greater than the first threshold, and a first criterion including a maximum first threshold among the plurality of first thresholds included in the first criteria when the first criterion that is used for determining the first acquired data is a criterion for determining whether the first acquired data is smaller than the first threshold;
first group determination, to determine whether at least one piece of first acquired data having being transmitted by at least one first client apparatus belonging to a group included in the one or more groups satisfies the second criterion selected in the second criterion selection for the group; and
first individual determination, to perform an individual determination process that determines whether the first acquired data satisfying the second criterion satisfies the first criterion that is received with the identification information of the first client apparatus that has transmitted the first acquired data satisfying the second criterion.

US Pat. No. 11,115,463

REMOTE AND LOCAL PREDICTIONS

Microsoft Technology Lice...


1. A computing device comprising a processor and memory, the memory storing thereon computer-readable instructions that, when executed by the processor, configure the computing device to perform operations comprising:receive text input;
send, over a communications network, data indicative of the text input to a remote prediction engine having been trained to predict items based on text;
determine a number of n-grams in the text input;
determine whether the number of n-grams exceeds a remote prediction threshold, the remote prediction threshold indicating a maximum number of n-grams for local processing by the computing device using a local prediction engine;
wherein the computing device is configured to, in response to a determination that the number of n-grams exceeds the remote prediction threshold, provide the received text input to the remote prediction engine and provide the received text input to the local prediction engine executing at the computing device;
monitor, based on the determination that the number of n-grams exceeds the remote prediction threshold, for a remote predicted item from the remote prediction engine;
wherein the computing device is configured to, in response to receiving the remote predicted item within a time interval determined from the time at which the text input is received, generate a final predicted item based on the remote predicted item and in response to not receiving the remote predicted item within the time interval, generate the final predicted item based on a local predicted item from the local prediction engine;
and
present, on a user interface of the computing device, the final predicted item, the user interface operable to receive an acknowledgment to enter the final predicted item into the computing device.

US Pat. No. 11,115,462

DISTRIBUTED SYSTEM

BRITISH TELECOMMUNICATION...


1. A method of operating a distributed system comprising a content provision system and one or more client stations, said method comprising:operating said content provision system to execute a web server program at said content provision system, to serve a content item, which content item includes programming language instructions, to one or more of said client stations each of which has a display; andoperating each of said client stations, to receive the content item and execute a web browser program to:
a) render, on the display of said client station, received content with hyperlinks to other content; and
b) execute the programming language instructions included in the received content item to cause said client station to:i) scan said content to extract a list of at least the references underlying the displayed hyperlinks; and
ii) send the extracted list to said content provision system;


said method further comprising:
further operating said content provision system to receive said references sent by said one or more client stations and to check whether the resources to which the received references refer meet one or more criteria;
operating said content provision system, responsive to said check finding that the resource does not meet said one or more criteria, to notify said client station that said content item includes deficient hyperlinks whose underlying reference refers to a resource which fails to meet said one or more criteria; and
operating said client station to receive said notification, and, in response to said notification, display the content item along with an indication of the presence of one or more hyperlink faults in said content item.

US Pat. No. 11,115,461

SYSTEMS AND METHODS OF USING ASYNCHRONOUS DISTRIBUTED HASH GENERATION FOR ACCELERATED NETWORK FILE TRANSFERS


1. A method of transmitting a computer file across a network, said method comprising:using at least one transmitting network peer computer, and a hash operation, to divide said computer file into a plurality of smaller parts, and describe each part with a part-hash-value, a part-offset, and a file-part-hash-context value, thereby creating a plurality of part-descriptors;
each said part-descriptor comprising said part-hash-value, said part-offset, and said file-part-hash-context value;
wherein said file-part-hash-context value comprises an intermediate state of an original computer file hash, produced by said hash operation, from a beginning of said computer file to a position of a given part in said computer file;
wherein, for an arbitrary part, said arbitrary part's part-hash-value is produced by said hash operation on said arbitrary part from a beginning of said arbitrary part to an end of said arbitrary part;
wherein, for a last part of said computer file, said hash operation on a file-part-hash context-value of the part prior to the last part, and said last part, equals said hash operation on said computer file;
generating part-descriptors for each said parts, packaging at least some of said part-descriptors in at least one container; and transmitting at least some parts, and said at least one container with at least some of said part-descriptors, to at least one other receiving network peer computer;
receiving, at said at least one other receiving network peer computer, at least some parts as received parts, and received containers comprising at least some said part-descriptors as a received part-descriptors, thus receiving at least some received parts, received part-hash-values, received part-offsets, and received part-hash-context values;
using said at least some said received parts, said received part-hash values, said received part offsets, and said received part-hash-context values to perform any of:
a) identify missing/corrupted received parts or missing/corrupted received part containers with missing/corrupted part descriptors, and sending network requests for said missing/corrupted received parts or missing/corrupted received part containers;
b) create a candidate received computer file, and using said hash operation to compute a candidate received computer-file-hash, and verifying accuracy of said candidate received computer file by comparing said candidate received computer-file-hash with said hash operation on at least one received part-hash-value and this part's corresponding received file-part-hash-context value, through to the last part;
c) continuing a hash operation on a received candidate computer file in an absence of certain received parts, by taking from a received container, a received file-part-hash-context value of a file part with the largest part offset, and using its received file-part-hash-context value to continue with said hash operation in an absence of at least some received parts with smaller part offsets;
d) reducing a required computation time for recalculation of hashes of any modified files by utilizing a part-hash-context-value of the part that ends closest to the offset of said modification, such that the modification start offset minus the end of the file-part is the smallest zero-or-positive number, thus reducing the number of bytes required to be re-examined by said hashing operation;
e) notifying peer nodes regarding relationship between computer-file-hashes, their related container hashes, and any specific file modification operations that connect them together.

US Pat. No. 11,115,460

SYSTEMS AND METHODS FOR DETERMINING AN EXECUTION LOCATION FOR A UTILITY COMPONENT

Parallels International G...


1. A method for determining an execution location for a utility component, wherein the method comprises:receiving, at a client device, a request to execute the utility component that performs an action on a target component;
determining with a remote session client in execution upon the client device whether the execution location of the utility component is to be locally upon the client device, remotely upon a remote application server or a combination of locally upon the client device and remotely upon the remote application server; and
responsive to determining the execution location is to be fully or partially upon the remote application server, transmitting the request to be executed within a remote session between the client device and the remote application server.

US Pat. No. 11,115,458

MONITORING IN COMPOSITE REQUEST SYSTEMS

ATLASSIAN PTY LTD., Sydn...


1. A computer implemented method for generating a composite response, the method comprising:receiving, from a client system, a composite request defining one or more operations; and
generating a composite response in respect of the composite request by, for each operation in the composite request:executing the operation using one or more server side resources;
receiving execution result data from the one or more server side resources in response to execution of the operation;
writing operation response data to the composite response, the operation response data based on the execution result data;
determining a status code for the operation based on the execution result data, the status code providing information on at least one of the one or more server side resources used to execute the operation; and
associating the status code with the operation response data in the composite response.


US Pat. No. 11,115,457

HTTP TRANSACTION RETRIES

Apple Inc., Cupertino, C...


1. A user equipment device (UE), comprising:at least one antenna;
at least one radio, wherein the at least one radio is configured to perform cellular communication using at least one radio access technology (RAT);
one or more processors coupled to the at least one radio, wherein the one or more processors and the at least one radio are configured to perform voice and/or data communications;
wherein the one or more processors are configured to cause the UE to:establish, at a hypertext transport protocol (HTTP) stack of the UE, a data connection over a first network interface of the UE, wherein the data connection is supported by a first transport connection, wherein the first transport connection initiates a plurality of HTTP transactions, and wherein the data connection is initiated by an application executing at an application layer of the UE;
receive, at the HTTP stack, an advisory signal, wherein contents of the advisory signal are based, at least in part, on network radio conditions for the first network interface and at least one second network interface;
determine, responsive to the contents of the advisory signal including first information, that at least a first portion of HTTP transactions of the plurality of HTTP transactions can be retried without error;
terminate, without notifying the application layer, at least the first portion of HTTP transactions;
initiate, via a second transport connection established over the at least one second network interface, retries of the at least first portion of HTTP transactions; and
send HTTP transaction results to the application layer.


US Pat. No. 11,115,456

ANALYTE DATA RETRIEVER

DexCom, Inc., San Diego,...


1. A method comprising:measuring analyte concentration levels in a host utilizing an analyte sensor;
monitoring a change in the measured analyte concentration levels;
receiving sensor data from a second sensor different from the analyte sensor, wherein the sensor data relates to a physiology of the host;
correlating the measured analyte concentration levels and the sensor data utilizing an analyte processor;
analyzing the measured analyte concentration levels and the sensor data utilizing the analyte processor to detect one or more patterns associated with the measured analyte concentration levels and the correlated sensor data;
receiving, from a user interface, a request to generate a report;
authenticating the request to generate the report wherein authenticating the request to generate the report comprises at least one of:requesting a security credential at the user interface,
receiving the requested security credential via the user interface, or
verifying that the received security credential authorizes the request to generate the report; and

based on the analyzing, dynamically generating the report utilizing the analyte processor.

US Pat. No. 11,115,455

TECHNIQUE FOR MONITORING ACTIVITY IN A CONTENT DELIVERY NETWORK UTILIZING GEOHASHING INDEXES

Telefonaktiebolaget LM Er...


1. A method for monitoring activity in a content delivery network, the method being performed by a monitoring component associated with the content delivery network and comprising:extracting, from one or more event logs of the content delivery network, a plurality of Internet Protocol (IP) addresses and a plurality of events associated with the plurality of IP addresses;
obtaining respective geolocation information for each of the plurality of IP addresses;
generating, for each of the plurality of IP addresses, a geohash based on the respective geolocation information;
grouping the plurality of IP addresses by respective geohash to determine a plurality of geohash groups representative of IP addresses having a same geohash;
creating a geohash index including, for each of the plurality of geohash groups, a respective geohash of a respective geohash group along with a number of IP addresses included in the respective geohash group and cumulative event information associated with the IP addresses of the respective geohash group;
monitoring activity in the content delivery network based on the geohash index; and
identifying, from the geohash index, one or more clusters of geohash groups based on a similarity of the plurality of geohash groups in the number of IP addresses included in the respective geohash groups and the cumulative event information associated with the IP addresses of the respective geohash groups,
wherein identifying the one or more clusters is performed using a density based clustering algorithm, wherein the density based clustering algorithm is executed iteratively,
wherein at least one non-core cluster of one or more geohash groups is removed from the geohash index in each iteration until a cardinality of the geohash index falls below a predetermined threshold, and
wherein each removed non-core cluster is added as a new cluster to the one or more clusters.

US Pat. No. 11,115,454

REAL-TIME FEEDBACK FOR ONLINE COLLABORATION COMMUNICATION QUALITY

INTERNATIONAL BUSINESS MA...


1. A computer-implemented method comprising:monitoring, by a processor, a conference between a plurality of participants, wherein each participant accesses the conference via a respective Voice over Internet Protocol (VoIP) device;
detecting an indication, by a scoring system that monitors the conference, of a degradation of sound quality of at least one VoIP device being used to access the conference;
selecting a second VoIP device that does not have an indication of a degradation of sound quality to perform a peer-to-peer test on based at least in part on a historical degradation performance of the second VoIP device;
verifying the indication of the degradation of sound quality by analyzing the peer-to-peer test between the VoIP device that has the indication of the degradation of sound quality and the selected VoIP device that does not have an indication of a degradation of sound quality; and
determining a corrective measure based on the indication of the degradation of sound quality and the peer-to-peer test.

US Pat. No. 11,115,453

METHODS AND APPARATUS FOR COMMUNICATING DELAY INFORMATION AND MINIMIZING DELAYS

Ribbon Communications Ope...


1. A method of operating a playback device, the method comprising:receiving an audio content stream at the playback device from a first content source, said audio content stream passing in series through a Session Border Controller and a plurality of audio transcoding devices on a first communications path between said first content source and said playback device, said Session Border Controller and one or more of the audio transcoding devices performing an audio transcoding operation on the audio content stream;
receiving a video content stream at the playback device from the first content source, said video content stream passing in series through said Session Border Controller and a plurality of video transcoding devices on a second communications path between the first content source and the playback device, said plurality of video transcoding devices performing a video transcoding operation on the video content stream;
determining, by the playback device, a stream delay difference between said audio content stream and said video content stream; [[and]]
synchronizing, by the playback device, playback of the audio content stream and the video content stream using the determined stream delay difference; and
wherein said video content stream passes through said Session Border Controller without said Session Border Controller performing a video transcoding operation on said video content stream.

US Pat. No. 11,115,452

METHOD AND DEVICE FOR PROCESSING ENCODED VIDEO DATA, AND METHOD AND DEVICE FOR GENERATING ENCODED VIDEO DATA

SAMSUNG ELECTRONICS CO., ...


1. A coded video data generating method comprising:coding video data;
generating metadata information, wherein the metadata information comprises information about a scene comprising one or more pictures; and
generating a bitstream of the coded video data, the bitstream comprising the metadata information or metadata identification information corresponding to the metadata information,
wherein the metadata information for the scene is generated with coded video data of a first-decoded picture of the scene from among decodable-leading pictures.

US Pat. No. 11,115,451

METHODS AND APPARATUS FOR SIGNALING VIEWPORTS AND REGIONS OF INTEREST

MEDIATEK Singapore Pte. L...


9. A method for encoding video data, the method comprising:encoding video data comprising a region of interest, comprising:encoding a region structure associated with the video data that specifies one or more aspects of the region of interest based on a sphere, wherein the one or more aspects comprise a coordinate aspect of the region of interest, a size aspect of the region of interest, a range aspect of the region of interest, or some combination thereof, the region structure comprising:data indicative of whether each of the region structure comprises data indicative of a global aspect of the region of interest that applies to each of a set of samples that provide one or more non-global aspects for at least one portion of the region of interest; and
for each global aspect of the one or more aspects, data in the region structure that associates the global aspect with the set of samples.



US Pat. No. 11,115,450

SYSTEMS, METHODS, AND MEDIA FOR PLAYING BACK PROTECTED VIDEO CONTENT BY USING TOP LEVEL INDEX FILE

DIVX, LLC, San Diego, CA...


1. A non-transitory machine readable medium containing processor instructions, where execution of the instructions by a processor causes the processor within a playback device to perform a process comprising:requesting a top level index file from a playback server using a playback device, where the request identifies a piece of content and includes request information comprising device information describing the playback device and user information describing a user associated with the request;
receiving a top level index file from the playback server using the playback device, where the top level index file (i) describes at least a bitrate of each of a plurality of alternative streams of protected video content associated with the identified piece of content selected based upon the device information describing the playback device and an ability of the playback device to securely play back the protected video content, (ii) identifies the location of the each of the plurality of alternative streams of protected video content, where each of the plurality of alternative streams of protected video content encodes the piece of content at a different bitrate, and (iii) identifies common cryptographic information for accessing the protected video content;
selecting an initial stream of protected video content from the plurality of alternative streams of protected video content using the playback device;
requesting at least a portion of the initial stream of protected video content from the location identified in the top level index file made by the playback device;
receiving the requested at least a portion of the initial stream of protected video content at the playback device;
prior to receiving the requested at least a portion of the initial stream, requesting the common cryptographic information to access the initial stream of protected video content using the playback device from a digital rights management server;
receiving the requested common cryptographic information at the playback device, where the received common cryptographic information is encrypted;
accessing the received common cryptographic information securely;
decrypting the received portion of the initial stream of protected video content using the accessed common cryptographic information; and
playing back the decrypted video content using the playback device.

US Pat. No. 11,115,449

DATA CASTING

AIRMONT DataCast SAS, Er...


1. A method comprising:automatically discovering, by a user device using a native cast discovery functionality of the user device without requiring additional application or hardware changes, a cast device for a direct communication between the user device and the cast device, wherein a casting system is coupled to the cast device through a third network;
receiving, by a rendering router of a rendering system, a cast request over a home network from the user device, wherein the cast request is for casting data from the cast device, which is communicatively coupled to a first network and the third network, onto a display device communicatively coupled to the home network;
transmitting the cast request over a second network to the casting system;
receiving, at the rendering system, the requested casting data from the casting system, wherein the requested casting data is provided to the casting system by the cast device and the requested casting data is obtained by the cast device over the first network.

US Pat. No. 11,115,448

IDENTIFYING INSERTION POINTS FOR INSERTING LIVE CONTENT INTO A CONTINUOUS CONTENT STREAM

Google LLC, Mountain Vie...


1. A method comprising:identifying, by a processing device, a first particular content item included in a content stream;
determining, by the processing device, a first live content item for presentation after playback of the first particular content item ends based on one or more interesting portions of the first live content item, wherein the first live content item comprises annotation data indicating at least the one or more interesting portions, and wherein a first interesting portion of the one or more interesting portions of the first live content item corresponds to a time duration having a start time of the first interesting portion and an end time of the first interesting portion;
computing, by the processing device, an estimated end time of the first particular content item included in the content stream based on at least one of (i) a consumption rate indicating a rate at which a user advances in the content stream, or (ii) viewer history of the first particular content item, wherein the viewer history indicates consumption tendencies of one or more users;
determining, by the processing device, that the estimated end time of the first particular content item is to occur within the time duration; and
causing, by the processing device, the first live content item to be presented by a client device after playback of the first particular content item ends.

US Pat. No. 11,115,447

VIDEO ON DEMAND LOAD EQUALIZATION

NOKIA SOLUTIONS AND NETWO...


1. A network node, comprising:at least one processor; and
at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the network node to perform:
maintaining in a database information on a plurality of Video On Demand, VOD, streams handled by the network node and information on one or more neighbouring network nodes;
receiving downlink traffic to be transmitted to one or more terminal devices served by the network node;
detecting, from the downlink traffic, a VOD stream to be transmitted to a terminal device in a cell served by the network node;
reserving, in response to the detecting of the VOD stream, a resource for the VOD stream;
determining the number of VOD streams handled by the cell including the detected VOD stream and a first traffic load caused by the VOD streams;
comparing the number of the VOD streams to a first threshold and the first traffic load caused by the VOD streams to a second threshold;
in response to the number of the VOD streams being above the first threshold or the first traffic load caused by the VOD streams being above the second threshold, performing the following:selecting a terminal device associated with one of the VOD streams, wherein said terminal device associated with said one of the VOD streams is selected to be one of
a terminal device associated with the VOD stream,
a terminal device of the one or more terminal devices consuming the largest amount of resources from resources available for VOD streaming in the cell,
a terminal device of the one or more terminal devices consuming the largest amount of total resources in the cell and
a terminal device of the one or more terminal devices located closest to a center of the cell,
selecting a target cell from one or more cells served by at least one of the one or more neighbouring network nodes and the network node, and
scheduling said terminal device associated with said one of the VOD streams to use the target cell for said one of the VOD streams; and

in response to the number of the VOD streams being equal to or smaller than the first threshold and the traffic load caused by the VOD streams being equal to or smaller than the second threshold, scheduling the VOD stream in the network node using the cell and the resource reserved for the VOD stream, wherein the first traffic load is a traffic load caused by VOD streaming with a non-guaranteed bit rate, the at least one memory and the computer code being further configured to cause the network node to perform:
determining a second traffic load of the cell caused by all downlink traffic and one or more relative traffic loads of the one or more cells, wherein the relative traffic load is defined as the number of active VOD streams divided by a bandwidth available for VOD streaming in a corresponding cell;
comparing the second traffic load to a third threshold and the relative traffic load of the cell to each of the one or more relative traffic loads;
performing the selecting of the terminal device, the selecting of the target cell and the scheduling of the terminal device also in response to the second traffic load being above the third threshold or in response to the relative traffic load of the cell being above at least one of the one or more relative traffic loads; and
performing the scheduling the VOD stream in the network node using the cell and the resource reserved for the VOD stream only in response to also the second traffic load being equal to or below the third threshold and the relative traffic load being equal to or below the one or more relative traffic loads.

US Pat. No. 11,115,446

CHAT SYSTEM AND CHAT MANAGEMENT APPARATUS

WingArc1st Inc., Tokyo (...


1. A chat system comprising:a plurality of talk servers;
a gateway apparatus that allocates and delivers content posted from a user terminal to the plurality of talk servers; and
a chat management apparatus that controls the plurality of talk servers and the gateway apparatus,
wherein each of the plurality of talk servers includes a processor; and a hardware memory storing: a room setting unit that sets one or more chat rooms of a plurality of chat rooms under control of the chat management apparatus, and a posting-related processing unit that receives content, which is posted from a user terminal of a user belonging to the chat room via the gateway apparatus, by the corresponding chat room, supplies the received content to an independent external storage apparatus different from the plurality of talk servers and stores the content in a database,
the gateway apparatus includes a hardware memory storing an allocation and delivery unit that delivers the content posted from the user terminal of the user belonging to the chat room to a talk server of the plurality of chat rooms in which the corresponding chat room is set,
the chat management apparatus includes a hardware memory storing a room allocation unit that allocates the plurality of chat rooms to the plurality of talk servers in a distributed and redundant manner, and a delivery destination control unit that sets, by controlling the gateway apparatus, a delivery destination of the content posted from the user terminal of the user belonging to the chat room to the talk server in which the corresponding chat room is set according to allocation by the room allocation unit, and the delivery destination control unit monitors an operating status of the plurality of talk servers, and controls the gateway apparatus when it is detected that a failure has occurred in one talk server of the plurality of talk servers, to switch from the one talk server to another talk server of the plurality of talk servers.

US Pat. No. 11,115,445

CONTENT TYPE AUTO DETECTION FOR ONLINE COLLABORATION SCREEN SHARING

CISCO TECHNOLOGY, INC., ...


1. A method comprising:receiving, at an online collaboration server, a data stream associated with an online collaboration session from a user device;
analyzing, at the online collaboration server, the data stream to determine a signal characteristic, wherein analyzing the data stream to determine the signal characteristic comprises analyzing the data stream at a collection interval and over a sampling duration, and wherein analyzing the data stream at the collection interval and over the sampling duration further comprises:determining a packet size of packets received over the sampling duration, and
determining a packet count per packet size received over the sampling duration;

generating, at the online collaboration server based on the packet size and the packet count per packet size, a classification of a type of content in the data stream, wherein generating the classification of the type of content in the data stream comprises generating the classification of the type of content in the data stream based on the packet size and the packet count per packet size as one of the following: a video stream, an audio stream, a text stream, and a multimedia stream; and
sending the classification to an online collaboration application of the user device that generated the data stream to adjust encoding of the data stream.

US Pat. No. 11,115,444

PRIVATE COMMUNICATIONS IN VIRTUAL MEETINGS

Dolby Laboratories Licens...


1. An apparatus comprising:an interface configured to receive a respective uplink data stream from each of three or more further apparatuses in a virtual meeting, and to transmit a respective downlink data stream to each of the further apparatuses in the virtual meeting;
wherein the three or more further apparatuses are separate from the apparatus and communicate with the apparatus over a network; and
a logic system in communication with the interface, the logic system being configured:to generate, in response to receiving, by the apparatus, a request from a first one of the further apparatuses to join the virtual meeting after the virtual meeting has already started, a list of candidate participants for private communication, wherein the list of candidate participants includes one or more of the further apparatuses in the virtual meeting, wherein the list of candidate participants excludes an actively speaking one of the further apparatuses;
to receive, by the apparatus from the first one of the further apparatuses, a selection of a second one of the further apparatuses for the private communication from the list of candidate participants;
wherein the selection of the second one of the further apparatuses is made by a user operating the first one of the further apparatuses;
to receive first data in the uplink data stream received by the apparatus from the first one of the further apparatuses; and
in a first mode, to include at least some of the first data in the respective downlink data streams transmitted to every other one of the further apparatuses, or, in a second mode, to include at least some of the first data in the downlink data stream transmitted to the second one of the further apparatuses and to omit or attenuate substantially all of the first data in the downlink data stream transmitted to at least a third one of the further apparatuses.


US Pat. No. 11,115,443

METHOD AND APPARATUS FOR OPPORTUNISTIC SYNCHRONIZING OF TELE-COMMUNICATIONS TO PERSONAL MOBILE DEVICES

Cogito Corporation, Bost...


1. A system for tele-communication between mobile devices, comprising a cloud device comprising one or more cloud device processors configured to:(i) receive, via a network, probe data from one or more probe datastores on a mobile communication device of a user, the mobile communication device having one or more passive sensors and a mobile device processor configured to execute an application to collect, timestamp, and/or store, in the one or more probe datastores, raw probe data received from the one or more passive sensors, and the probe data including audio data, signal strength data, global position (GPS) data, call logs, text message logs, survey results, search history data, contacts data, calendar data, and application usage data;
(ii) operate an inference engine to execute a receptivity model process to calculate one or more availability output values indicative of an availability of the user to interact based on the probe data, the operation comprising:determining, from the probe data, signal strength;
determining, from the probe data, whether the mobile device is in a location where the user receives and places calls successfully;
determining, from the probe data, whether the mobile device has been used by the user within a predetermined time interval, and whether the mobile device is currently in use at time of operation; and/or
determining, from the probe data, the presence of a scheduled event at time of operation;

(iii) operate the inference engine to execute a subscriber-benefit model process to calculate one or more interest output values indicative of an interest or need of the user to interact based on the probe data, the operation comprising:determining, from the probe data, changes in call and/or text patterns; and/or
determining, from the probe data, elocution or articulation patterns of the user and/or a flat affect to the voice of the user;

(iv) operate a cloud user status service to synchronize user sharing settings received from the mobile communication device, and provide the one or more availability output values and/or the one or more interest output values to the mobile communication device and an additional mobile communication device of an additional subscriber; and
(v) receive, from the additional mobile communication device of the additional subscriber, a connection request to the mobile communication device of the user upon an initiation action from the additional subscriber when the one or more availability output values are above a configured threshold value indicating that user is available for communication.

US Pat. No. 11,115,442

INITIATING MULTIUSER SESSIONS

Sony Interactive Entertai...


1. A method for initiating a multiuser session, the method comprising:storing a plurality of multiuser activities and a plurality of activity templates, each activity template associated with each of the multiuser activities, each activity template associated with a portion of an interactive content title;
receiving a user profile for a user and a peer profile for each of one or more peers, the user profile and each of the peer profiles having information about the user and each peer with respect to each multiuser activity, wherein the user and the one or more peers are members of an initial session initiated by a platform server;
filtering the plurality of multiuser activities based on the user profile during the initial session initiated by the platform server;
receiving a user selection during the initial session initiated by the platform server, the user selection from the user specifying one of the filtered multiuser activities, wherein a retrieved activity template associated with the selected activity provides activity requirements required to launch the selected activity;
establishing a multiuser session with at least one of the peers from the initial session in response to the user selection, the multiuser session established by an interactive content server in accordance with session requirements that include at least the activity requirements provided by the retrieved activity template; and
launching the selected activity in the multiuser session established by the interactive content server, the selected activity launched with the at least one peer.

US Pat. No. 11,115,441

METHOD AND SERVER FOR SELECTING AN ENTRY SERVER OF AN IMS COMMUNICATION NETWORK

ORANGE, Issy-les-Mouline...


1. A method implemented by a proxy server of an Internet Protocol (IP) Multimedia Subsystem (IMS) communication network, comprising:receiving from a terminal a first registration request sent according to a Session Initiation Protocol (SIP);
obtaining a value of at least one field of the first registration request, said field being representative of a characteristic specific to the terminal;
selecting, from at least said obtained value, an entry server of a set of entry servers of said IMS communication network, said selected entry server having a configuration suited to said characteristic; and
sending to the terminal a SIP redirect message comprising an IP address of the selected entry server to be used for at least one subsequent registration request of the terminal for registering to the IMS network.

US Pat. No. 11,115,440

DYNAMIC THREAT INTELLIGENCE DETECTION AND CONTROL SYSTEM

Bank of America Corporati...


1. A computing platform, comprising:at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:receive a plurality of threat intelligence data feeds from a plurality of sources, each threat intelligence data feed of the plurality of intelligence feeds including intelligence indicating a potential security compromise and each intelligence feed being received from a respective source associated with an entity;
perform a first evaluation process on the plurality of threat intelligence data feeds, the first evaluation process including comparing first data in a first threat intelligence data feed to data in other threat intelligence data feeds to identify similarities between the first data in the first threat intelligence data feed and other data in the other threat intelligence data feeds;
based on the first evaluation process, generate a first evaluation process output, the first evaluation process output including a score for each threat intelligence data feed based on the identified similarities;
perform a second evaluation process on the plurality of threat intelligence data feeds, the second evaluation process including mapping interdependency of the first threat intelligence data feed to another threat intelligence data feed based on timeliness of data within the first threat intelligence data feed;
based on the second evaluation process, generate a second evaluation process output, the second evaluation process output including a score for each threat intelligence data feed based on the mapped interdependencies;
perform a third evaluation process on the plurality of threat intelligence data feeds, the third evaluation process including topic modeling using at least one topic modeling technique and based on one or more processing parameters identified for evaluation;
based on the third evaluation process, generate a third evaluation process output, the third evaluation process output including a score indicating a similarity between the one or more processing parameters identified for evaluation and the topic modeling; and
based on the generated first evaluation process output, second evaluation output and third evaluation output, ranking the plurality of threat intelligence data feeds to identify entities providing valuable threat intelligence data.


US Pat. No. 11,115,439

AUTOMATED SECURITY SOLUTIONS IDENTIFICATION AND ARCHITECTURE DESIGN

ACCENTURE GLOBAL SOLUTION...


1. A security design system, comprising:an interface to access one or more remote data sources to retrieve remote data associated with security for a computing architecture; and
a processor communicatively coupled to the interface, wherein the processor is configured to:identify an input model of an input network security architecture;
identify one or more user-based constraints;
automatically generate an output model based on the input model, the remote data and the one or more user-based constraints, wherein the output model represents an output network security architecture that complies with at least one of the one or more user-based constraints;
compare the input model and the one or more user-based constraints to previous network security architecture models and previous user-based constraints associated with the previous network security architecture models to identify one or more similar network security architecture models from the previous network security architecture models that are similar to the input model; and
automatically generate the output model based on the one or more similar network security architecture models.


US Pat. No. 11,115,438

SYSTEM AND METHOD FOR GEOFENCING

OPEN TEXT SA ULC, Halifa...


1. A method, comprising:receiving, by a managed container on a user device from an application gateway server computer operating in an enterprise computing environment, a geofencing rule, an application, and content, wherein the managed container is downloaded from a source on the Internet;
storing, by the managed container in a managed cache in the managed container, the geofencing rule, the application, and the content, wherein the geofencing rule governs the application and the content in the managed container based on a geographical location of the user device;
displaying, by the managed container, an icon for the application in a user interface of the managed container;
receiving, by the managed container through the user interface, an indication that the icon for the application is selected or invoked;
providing, by the managed container, a secure runtime environment for running the application;
receiving, by the managed container, a request for content from the application running in the secure runtime environment provided by the managed container;
determining, by the managed container on the user device, whether the user device is located within the geographical location; and
responsive to a determination by the managed container that the user device is not located within the geographical location, denying or restricting, by the managed container, access by the application to the content stored in the managed container in accordance with the geofencing rule stored in the managed container on the user device and independently of a local operating system of the user device, wherein the restricting access by the application to the content comprises transforming the content requested by the application into a protected version of the content.

US Pat. No. 11,115,437

CYBER-SECURITY SYSTEM AND METHODS THEREOF FOR DETECTING AND MITIGATING ADVANCED PERSISTENT THREATS

Cybereason Inc., Boston,...


1. A method for adaptively securing a protected entity against a potential advanced persistent threat (APT), comprising:probing a plurality of resources, including hosts, in a network prone to be exploited by an APT attacker for APT-related activity;
operating at least one security service configured to output signals indicative of APT related activity of each of the plurality of probed resources, wherein the at least one security service is an application behavior anomaly (UNABA) security service, and wherein operating the UNABA security service further comprises detecting APT related activity exploiting legitimate users in the network, wherein the APT attacker pretends normal behavior of the users;
generating at least one security event based on the output signals;
determining if the at least one security event satisfies at least one workflow rule;
upon determining that the at least one security event satisfies the at least one workflow rule, generating at least one action with respect to the potential APT attack;
maintaining a profile for each host, wherein the profile includes adaptive and real-time baseline parameters for the host's activity over a period of predefined time;
computing, using a plurality of security decision engines, signals of anomaly (SoA) based on the probed APT related activity, the baseline parameters and a set of engine rules, wherein a SoA signal is output by the UNABA security service;
correlating signals provided by other services with the computed SoA; and
outputting the correlated signal.

US Pat. No. 11,115,436

FOOTPRINT DATA TO PREVENT MAN-IN-THE-MIDDLE ATTACKS

Visa International Servic...


1. A method comprising:receiving, at an access device from one or more beacon transmitters, a plurality of broadcast messages, each broadcast message, of the plurality of broadcast messages, comprising a timestamp and a unique identifier of a beacon transmitter, of the one or more beacon transmitters;
storing, by the access device, the timestamps and the unique identifiers;
receiving, at the access device from a user device, an access request comprising timestamps and unique identifiers corresponding to a subset of the broadcast messages received by the access device;
verifying, by the access device, that the stored timestamps and unique identifiers match the timestamps and unique identifiers received from the user device; and
based on the verifying, authenticating, by the access device, the access request.

US Pat. No. 11,115,435

LOCAL DDOS MITIGATION ANNOUNCEMENTS IN A TELECOMMUNICATIONS NETWORK

Level 3 Communications, L...


1. A method for mitigating network threats, the method comprising:determining a service level agreement between a customer network and a telecommunications network;
configuring a provider edge device of the telecommunications network to accept distributed denial of service mitigation rule propagation from a customer edge device of the customer network in communication with the provider edge device;
receiving a distributed denial of service mitigation rule for the customer network at the provider edge device from the customer edge device, the distributed denial of service mitigation rule including one or more routing parameters and a mitigation action;
determining whether the denial of service mitigation rule is permitted to be implemented on the provider edge device according to the service level agreement;
implementing, when the denial of service mitigation rule is permitted according to the service level agreement between the customer network and the telecommunications network, the distributed denial of service mitigation rule, locally on the provider edge device of the telecommunications network, to apply to network traffic being sent to the provider edge device and destined for the customer edge device; and
preventing a broadcasting of the distributed denial of service mitigation rule in the telecommunications network beyond the provider edge device.

US Pat. No. 11,115,434

COMPUTERIZED SYSTEM AND METHOD FOR SECURELY DISTRIBUTING AND EXCHANGING CYBER-THREAT INFORMATION IN A STANDARDIZED FORMAT

NC4 Soltra LLC, El Segun...


1. A computerized system for automatically exchanging items of threat information, comprising: a central server comprising at least one multi-core processor, wherein the central server: hosts a central repository containing a plurality of items of centralized threat information, the central repository comprising a MongoDB database; and has SSL certification; and a plurality of distributed servers, wherein each of the distributed servers hosts a local repository containing a plurality of items of localized threat information, wherein the central server is configured to synchronize the plurality of items of centralized threat information with the plurality of items of localized threat information contained in each of the plurality of distributed servers by exchanging, using SSL encryption, at least a portion of the plurality of items of centralized threat information for at least a portion of the plurality of items of localized threat information; and wherein the central repository is configured to push a portion of the plurality of items of centralized threat information to at least one local repository and pull a portion of the plurality of items of localized threat information from said at least one local repository.

US Pat. No. 11,115,433

SYSTEM AND METHOD FOR CONTENT BASED ANOMALY DETECTION IN AN IN-VEHICLE COMMUNICATION NETWORK

ARGUS CYBER SECURITY LTD....


1. A system including a non-transitory computer readable medium including instructions that, when executed by at least one computer hardware processor, cause the at least one computer hardware processor to perform content-based cyber-security operations, the operations including:maintaining a content model of an expected behavior of data communications over an in-vehicle communication network included in a vehicle;
receiving first and second messages communicated over the in-vehicle communication network, wherein the first and second messages include the same identification (ID) value;
if a difference between first and second values respectively included in the first and second messages is greater than a threshold included in the content model, then determining at least one of the messages is related to malicious activity, wherein the values are provided by one or more components connected to the in-vehicle network; and
if determining at least one message is related to malicious activity, then performing, by the processor, at least one action including selectively logging a message communicated over the in-vehicle network.

US Pat. No. 11,115,432

MULTI-APPLICATION RECOMMENDATION ENGINE FOR A REMOTE NETWORK MANAGEMENT PLATFORM

ServiceNow, Inc., Santa ...


1. A remote network management platform comprising:one or more processors;
persistent storage containing: (i) data related to a managed network, and (ii) a persona of a user, wherein the persona defines a role of the user in context of the managed network;
a platform application, executable by the one or more processors, associated with a web-based user interface, and using a portion of the data; and
a recommendation engine, executable by the one or more processors, with access to a set of rules or a machine learning (ML) model corresponding to the platform application, wherein the set of rules and the ML model are configured to provide recommendations for the user based on the portion of the data and the persona, and wherein the recommendation engine is configured to:read, from the persistent storage, the portion of the data and the persona;
apply, to the portion of the data and the persona, the set of rules or the ML model to generate one or more recommendations, wherein the one or more recommendations are related to the platform application and operation of the managed network; and
provide, by way of the web-based user interface and to the user, representations of the one or more recommendations.


US Pat. No. 11,115,431

IDENTIFYING NETWORK VULNERABILITIES

Rapid7, Inc., Boston, MA...


1. A method for identifying a network vulnerability, the method comprising:receiving, using an interface, scan configuration data from a vulnerability assessment device, wherein the scan configuration data comprisesat least one device that is known to the vulnerability assessment device,
whether the at least one known device is scanned by the vulnerability assessment device, and
at least one feature related to the at least one known device;

receiving, using the interface, network activity data including at least one device that is unknown to the vulnerability assessment device;
determining, using a processor executing instructions stored on a memory and providing a classifier, whether the at least one unknown device shares at least one feature with a known device that is scanned;
scanning, using the vulnerability assessment device, the at least one unknown device to identify any vulnerabilities of the at least one unknown device after the processor determines the at least one unknown device shares at least one feature with a known device that is scanned; and
updating the scan configuration data in a disabled state and presenting the updated scan configuration data to an operator using a user interface before the vulnerability assessment device scans the at least one unknown device.

US Pat. No. 11,115,430

TACTICAL BUS FUZZ TESTER

RAYTHEON COMPANY, Waltha...


1. A method of testing a target device, comprising:sending data from a source device to the target device over a bus using a first protocol, wherein a first converter for converting between the first protocol and a second protocol is coupled to the bus between the source device and the target device;
receiving a copy of the data at a fuzzer via the first converter, the copy of the data being received at the fuzzer via the converter using the second protocol;
creating a first fuzzed message having a data structure of the received copy of the data;
sending the first fuzzed message from the fuzzer to the target device via the first converter, wherein the first fuzzed message is sent using the second protocol and received using the first protocol, the first converter converting the first fuzzed message form the second protocol to the first protocol;
monitoring, at a monitor, the target device for a response to the first fuzzed message;
providing a signal from the monitor to the fuzzer using the second protocol when the first fuzzed message produces an anomalous response; and
determining a vulnerability of the target device from the response of the target device to the first fuzzed message.

US Pat. No. 11,115,428

SYSTEMS AND METHODS FOR DETERMINING NETWORK DATA QUALITY AND IDENTIFYING ANOMALOUS NETWORK BEHAVIOR

Verizon Patent and Licens...


1. A method, comprising:receiving, by a device, network data associated with a network,wherein the network data includes one or more artificial packets, and
wherein the network includes a plurality of network devices;

processing, by the device, the network data to generate sequential sets of the network data;
processing, by the device, the sequential sets of the network data, with a time series model, to generate time series network data;
determining, by the device, whether the time series network data satisfies a data quality threshold;
transforming, by the device and when the time series network data satisfies the data quality threshold, residual data in the time series network data to identify data outliers in the time series network data;
removing, by the device, the data outliers from the time series network data to generate modified time series network data;
processing, by the device, the modified time series network data, with a model, to generate a forecast data point;
comparing, by the device, the forecast data point and an actual data point to determine whether an anomaly exists in the network; and
performing, by the device, one or more actions based on determining whether the anomaly exists in the network.

US Pat. No. 11,115,427

MONITORING DEVICE, MONITORING METHOD, AND MONITORING PROGRAM

NIPPON TELEGRAPH AND TELE...


1. A monitoring device comprising:a memory; and
a processor coupled to the memory and programmed to execute a process comprising:
acquiring a packet indicating flow information that is output by a network device at a predetermined sampling rate; and
determining as abnormal, for each of predetermined traffic patterns when a sampling error rate is equal to or lower than a predetermined upper limit value and a number of packets acquired in a predetermined period preceding from a current time or an average value of the number of packets per unit time is equal to or larger than a predetermined detection threshold.

US Pat. No. 11,115,426

DISTRIBUTED PACKET CAPTURE FOR NETWORK ANOMALY DETECTION

CISCO TECHNOLOGY, INC., ...


1. A method comprising:detecting an anomaly at a first network device of a plurality of network devices, wherein detecting the anomaly comprises receiving a message relating to the anomaly from one of following: the first network device and a second network device of the plurality of network devices, wherein the anomaly relates to an abnormal behavior that occurred when the first network device transmitted a packet, and wherein the abnormal behavior comprises a breach of an acceptable number of transmissions of the packet;
identifying, based on a property associated with the anomaly, one or more target network devices of the plurality of network devices, wherein the property comprises a type of packet, wherein identifying the one or more target network devices of the plurality of network devices comprises performing path tracing of a packet associated with the anomaly based on one or more rules applicable to the type of packet to identify the one or more target network devices of the plurality of network devices, and wherein the one or more rules indicate which network devices to probe to determine the source of anomaly;
receiving a set of packets from the one or more target network devices; and
determining a source of the anomaly based on the received set of packets;
storing the received set of packets in a buffer; and
on a condition that a subsequent anomaly is detected, receiving another set of packets based on the set of packets stored in the buffer.

US Pat. No. 11,115,424

COMPUTERIZED SYSTEM FOR COMPLYING WITH CERTAIN CRITICAL INFRASTRUCTURE PROTECTION REQUIREMENTS

HOOSIER ENERGY RURAL ELEC...


9. One or more non-transitory, computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:collect system information by communicating with a plurality of devices over an electronic communications network to execute a plurality of command line operations on the plurality of devices to gather one or more of local audit policy settings, local user groups, hardware manufacturer, model, hard drive space, operating system, service pack level, patches to a device, network adapter information, TCP ports and services, UDP ports and services, antivirus definition version information, installed applications and/or local password policy, wherein the command line operations are selected to target extraction of profile elements based on one or more critical infrastructure protection (“CIP”) standards in one or more of the following: CIP-003 R6, CIP-007 R1, CIP-007 R2, CIP-007 R3, CIP-007 R4, and/or CIP-007 R5;
compare the collected system information for the plurality of devices with baseline system configurations to determine whether any changes have been made that could indicate a potential threat;
remediate one or more items based on a determination that one or more changes have been made that could indicate a potential threat; and
set the collected system information as the baseline system configurations for the plurality of devices based on a determination that no changes have been made that could indicate a potential threat; and
wherein the devices for which system information is collected includes: servers, workstations, network devices, installed applications, network ports, and/or services.

US Pat. No. 11,115,423

MULTI-FACTOR AUTHENTICATION USING POSITIONING DATA

Microsoft Technology Lice...


1. A system, comprising:at least one processor; and
memory having computer-readable instructions stored thereupon that, when executed by the at least one processor, cause the at least one processor to:receive first input data indicating an authentication request of a user with respect to a secured resource;
receive positioning data indicating a current location of a computing device that is associated with the user;
determine, based on the positioning data, whether the current location of the computing device is within a predetermined geographic area, wherein a determination that the current location of the computing device is within the predetermined geographic area serves as a first authentication factor with respect to the authentication request;
receive second input data, that is different than the first input data and the positioning data, that serves as a second authentication factor, that is independent from the first authentication factor, with respect to the authentication request by providing confirmation that the user is physically located within the predetermined geographic area independently from the positioning data indicating that the current location of the computing device is within the predetermined geographic area, wherein the second input data is generated based on a requested operation being performed with respect to one or more computing devices that are known to be physically present within the predetermined geographic area; and
authenticate the user for providing access to the secured resource based at least on a combination of:the positioning data serving as the first authentication factor based on the determination that the current location of the computing device is within the predetermined geographic area, and
the second input data, that is different than the first input data, serving as the second authentication factor that is independent from the first authentication factor.



US Pat. No. 11,115,422

SYSTEMS FOR PROVIDING ELECTRONIC ITEMS HAVING CUSTOMIZABLE LOCKING MECHANISM

CAPITAL ONE SERVICES, LLC...


1. A method for providing a locked electronic item, comprising:receiving, from a first computing device associated with a sender via a software application, a selection of an electronic lock and the electronic item, wherein the electronic lock comprises a lock clue and a lock solution;
determining, based on the lock solution, an answer input field configuration, wherein the answer input field configuration comprises a number of input boxes and spaces that are arranged to correspond to the lock solution;
transmitting, to a second computing device associated with a recipient, the lock clue, the electronic item, and the input field configuration;
receiving, from the second computing device, an attempted lock solution comprising a set of alphanumeric characters equal to the number of input boxes, wherein the set of alphanumeric characters are configured in a spatial arrangement that corresponds to the input field configuration; and
responsive to determining that the attempted lock solution failed to match the lock solution, transmitting a remote unlock instruction to the second computing device to provide the second computing device with access to the electronic item when the attempted lock solution equals a predetermined number of attempted lock solutions.

US Pat. No. 11,115,421

SECURITY MONITORING PLATFORM FOR MANAGING ACCESS RIGHTS ASSOCIATED WITH CLOUD APPLICATIONS

Accenture Global Solution...


1. A method, comprising:receiving, by a device, historical data that relates to user access rights associated with multiple cloud applications,wherein the historical data includes features that relate to permissions and attributes associated with multiple users within the multiple cloud applications;

using, by the device, an unsupervised machine learning technique to cluster the historical data based on the features that relate to the permissions and the attributes associated with the multiple users within the multiple cloud applications;
using, by the device, a supervised machine learning technique to train an access rights data model based on the clustered historical data;
performing, by the device, one or more actions that relate to current access rights assigned to at least one user within one or more of the multiple cloud applications based on a score representing a probability that an access level assigned to the at least one user within the one or more of the multiple cloud applications is correct,wherein the score is determined based on the access rights data model and a set of features that relate to the at least one user; and

applying, by the device, a reinforcement learning technique to update the access rights data model based on data providing feedback on the one or more actions.

US Pat. No. 11,115,420

DISTRIBUTED LEDGER DATA VERIFICATION NETWORK

Visa International Servic...


1. A method comprising:receiving, by a server computer from a plurality of authorizing entity computers, a plurality of indications of hashes of information about a user, wherein a plurality of hashes associated with the plurality of indications of hashes are stored in a plurality of databases;
determining, by the server computer, a trust score for each of the plurality of authorizing entity computers;
determining, by the server computer, a first authorizing entity computer with a highest trust score in the plurality of authorizing entity computers;
receiving, by the server computer, from the first authorizing entity computer, a first hash of information about the user and/or an indication of the first hash of information about the user, wherein the user or information about the user has been verified by the first authorizing entity computer, and the first hash is stored in a first database including a distributed ledger comprising a blockchain;
storing, by the server computer, a location of the first hash in the first database in a location database, the first database being separate and distinct from the location database;
receiving, by the server computer, from a second authorizing entity computer, a verification request message about the user, the verification request message comprising a second hash of information about the user;
retrieving, by the server computer, the first hash from the first database using the location of the first hash;
comparing, by the server computer, the first hash to the second hash to determine if the first hash and the second hash match;
determining, by the server computer, that the first hash and the second hash match; and
responsive to determining that the first hash and the second hash match, sending, by the server computer, a verification response message to the second authorizing entity computer, the verification response message comprising verification data that the user was previously verified.

US Pat. No. 11,115,419

IDENTITY ATTRIBUTE CONFIDENCE SCORING WHILE CERTIFYING AUTHORIZATION CLAIMS

International Business Ma...


1. A method to authorize a request to access a protected resource, the request being received from a service provider and being associated with a requesting entity having one or more associated identity issuers, comprising:receiving from at least one identity issuer an identity attribute for the requesting entity;
computing a time-varying confidence score based in part on the attribute's change frequency as reflected in historical data; and
upon validating the requesting entity, generating and returning to the service provider a security assertion that includes the identity attribute and the time-varying confidence score.

US Pat. No. 11,115,418

REGISTRATION AND AUTHORIZATION METHOD DEVICE AND SYSTEM

CLOUDMINDS (SHANGHAI) ROB...


4. An authorization method applied to an access server which is a node in a blockchain network, the method comprising:receiving an access request message sent by a user device, wherein the access request message includes user identity information;
inquiring identification information and authorization information of the user in the blockchain according to the user identity information through the access server;
performing identity verification on the user according to the identification information; and
allowing the user to access the designated service according to the authorization information after the verification is passed,
wherein the identification information is a user public key, and performing identity verification on the user according to the identification information comprises:sending instruction information instructing the user to provide identification to the user device;
receiving signature information of the user private key signature sent by the user device according to the instruction information; and
performing signature verification on the signature information according to the user public key, and determining that the identity verification is passed if the signature verification succeeds.


US Pat. No. 11,115,417

SECURED ACCESS CONTROL TO CLOUD-BASED APPLICATIONS

Microsoft Technology Lice...


1. A method for securing an access to a cloud-based application, comprising:receiving, by an authentication proxy device, an authentication token, wherein the authentication token includes an identity of a user of a client device requesting an access to the cloud-based application, wherein the client device is at least an un-managed device, and wherein the authentication proxy device is connected between the un-managed client device and a cloud computing platform hosting the cloud-based application to be secured, wherein the un-managed client device is not secured by an organization;
receiving, from an agent executed in the un-managed client device, a client certificate;
retrieving, from a compliance server, a device posture of the un-managed client device, wherein the device posture is retrieved respective of the received client certificate;
identifying an access policy, from among a plurality of access polices configured with the authentication proxy device, for the un-managed client device to access the cloud-based application, wherein the access policy is identified based at least on the retrieved device posture; and
determining whether to grant an access to the cloud-based application based in part on the compliance of the un-managed client device with the identified access policy.

US Pat. No. 11,115,416

TECHNOLOGY FOR GENERATING A MULTI-USER RESPONSE IN A NETWORK

International Business Ma...


1. A computer system implemented method for generating an authorized response to a message in a network, the method comprising:detecting, by the computer system, a social network message sent from an originating person via a network, where the message includes message content that relates to a group of persons;
determining, by the computer system analyzing the message content, that the message relates to the group of persons;
selecting persons who are members of the group of persons as designated senders to contribute to an authorized response to the message for the group of persons, including the computer system selecting the designated senders based on the computer system analyzing the message;
notifying each person who is a designated sender selected by the computer system that the respective designated sender is selected by the computer system to send a respective response to the social networking message from the originating person, wherein the respective response will contribute to the authorized response;
intercepting, by the computer system, respective responses sent to the originating person from the persons designated as senders in response to the notification;
generating a response as an authorized response for the group of persons, by the computer system processing the respective intercepted responses, wherein the processing combines the respective intercepted responses into a single response; and
sending, to the originating person, the single response generated by the computer system combining the respective intercepted responses from the persons designated as senders, wherein the sending includes sending the single response via the network by the computer system as the authorized response for the group of persons.

US Pat. No. 11,115,415

METHOD AND SYSTEM TO CAPTURE AND FIND INFORMATION AND RELATIONSHIPS


1. A method for making content globally searchable across the internet, comprising:(a) capturing a content in a computer that is part of the internet; and then
(b) capturing an authenticated user who captured the content; and then
(c) generating in the computer a globally unique persistent identifier corresponding to the content; and then
(d) capturing an indicator whether the authenticated user intends to permit that the existence of the content is presented to an authenticated searcher in another computer that is part of the internet as part of the list of objects that match a search across the internet performed by the authenticated searcher further enabling the authenticated searcher if the indicator is positive to request permission to access the content by presenting an identity of the authenticated searcher further enabling the authenticated user to grant permission to the identity of the authenticated searcher to access the content; and then
(e) communicating to a server that is part of the internet metadata of the content comprisingthe globally unique persistent identifier, and
the authenticated user who captured the content, and
the indicator of existence of the content, and
storage location information in the computer for the content.


US Pat. No. 11,115,414

ELECTRONIC DEVICE AND CONTROL METHOD THEREOF

Samsung Electronics Co., ...


1. A control method of an electronic device, the control method comprising:receiving first access control information generated from an external electronic device and storing the first access control information;
in response to an occurrence of an event for transmitting a first control command to the external electronic device, generating the first control command for controlling the external electronic device, and determining whether the first control command has authority to control the external electronic device using the first access control information;
in response to a determination that the first control command has the authority to control the external electronic device, transmitting the first control command to the external electronic device;
in response to a determination that the first control command has not the authority to control the external electronic device, ignoring the first control command;
transmitting second access control information to the external electronic device;
in response to a second control command being received from the external electronic device, determining whether the second control command has authority to control the electronic device using the second access control information; and
in response a determination that the second control command has the authority to control the electronic device, performing a function corresponding to a control flag of the second control command;
wherein the first access control information includes information on an access control list of at least one device which is allowed to access and to control the external electronic device.

US Pat. No. 11,115,413

SECURE DOCUMENT STORAGE SYSTEM

RegDOX Solutions Inc., N...


1. A system for the storage of data, the system comprising:an encrypted host platform disposed in a specific territory and upon which regulatory controlled data is stored;
a controller configured to allow a primary user to set permission settings and identify authorized end users and degrees of access granted to each said authorized end user, said authorized end user being pre-cleared for compliance with regulatory controls pertaining to said regulatory controlled data; said controller configured to permit access to said encrypted host platform only if said host platform is located within said specific territory and said hosting platform is in compliance with predefined data security protocols, said controller being further configured to allow said authorized end user access to said regulatory controlled data in accordance with said permission settings and degrees of access granted thereto, and said controller configured to exclude access to both a provider of the system for storage and a system host platform provider; and
at least one individual computing device accessible by at least one said authorized end user, disposed within an authorized territory, said individual computing device configured to provide authorized end user identification data to said controller and receive permissions from said controller for access to said host platform;
wherein said host platform only communicates with individual user devices if said devices have received permission from said controller;
wherein said controller is configured to provide real-time reports to an enterprise administrator of access points granted to controlled technical data disposed on said host platform;
wherein said real-time reports provide automated alerts to said enterprise administrator.

US Pat. No. 11,115,412

ANONYMOUS ASSOCIATION SYSTEM UTILIZING BIOMETRICS

DIGNITY HEALTH, Phoenix,...


1. A central biometric node requiring multiple levels of authentication, wherein the central biometric node is configured to:receive a request to perform an action from a first user operating a first biometric node;
receive biometric data from the first user;
determine, using the biometric data, whether additional authorization is required to allow the requested action to proceed;
query a database with the biometric data to obtain a biometric random key;
send the biometric random key to the database to retrieve security clearance information for the requested action;
retrieve the security clearance information for the requested action based on the biometric random key;
determine, based upon the retrieved security clearance information, whether to request additional authorization;
after determining that additional authorization is required, send a request for additional authorization to a second biometric node;
receive authorization data at the second biometric node; and
allow the requested action to proceed.

US Pat. No. 11,115,411

COMPUTE NODE AND METHOD OF SETTING UP A CLOUD CLUSTER

Lenovo Enterprise Solutio...


1. A method of setting up a cloud cluster, including:receiving secured information by a baseboard management controller (BMC) of a compute node, wherein the secured information is generated by a cloud controller, and wherein the BMC uses the secured information to establish communication with the cloud controller;
upon the establishment of the communication between the BMC and the cloud controller, receiving, by the compute node, a cloud operating system (OS) image via the BMC from the cloud controller; and
writing the cloud OS image to a host system in the compute node.

US Pat. No. 11,115,410

SECURE AUTHENTICATION FOR ASSISTANT SYSTEMS

Facebook, Inc., Menlo Pa...


1. A method comprising, by one or more computing systems:receiving a first audio input from a user requesting access to information or a service;
determining that the user is to be authenticated prior to accessing the information or service;
sending a request for the information or service to an authentication server, wherein the request includes first authentication information based on the first audio input and further includes a user identifier associated with the user;
receiving a second audio input from a client system of the user, wherein the second audio input includes a first authentication code to be compared to a second authentication code generated by the authentication server;
sending second authentication information based on the second audio input and the user identifier to the authentication server for verification;
receiving, from the authentication server, an indication of whether the user is successfully authenticated based on the second authentication information; and
providing, to the user, access to the information or service when the user is successfully authenticated.

US Pat. No. 11,115,409

USER AUTHENTICATION BY EMOTIONAL RESPONSE

International Business Ma...


1. A method comprising:detecting, by one or more processors, a real-time initial emotional state of a user, wherein the real-time initial emotional state of the user is a current version of an emotional state of the user that dynamically changes over time, and wherein detecting the real-time initial emotional state of the user in real-time is performed by:identifying, by the one or more processors, a time of day for the real-time; and
determining, by the one or more processors, the real-time initial emotional state of the user based on the time of day for the real-time;

presenting, by the one or more processors, content to the user as a stimulus to the user, wherein the content is presented after the user is in the real-time initial emotional state;
predicting, by the one or more processors, a predicted post-stimulus emotional state of the user, wherein the predicted post-stimulus emotional state of the user is predicted to be caused by the content being presented to the user, and wherein the predicted post-stimulus emotional state is dependent upon the real-time initial emotional state of the user;
detecting, by the one or more processors, a real-time post-stimulus emotional state of the user, wherein the real-time post-stimulus emotional state of the user is caused by the content being presented to the user, and wherein the real-time post-stimulus emotional state is dependent upon the real-time initial emotional state of the user;
matching, by the one or more processors, the predicted post-stimulus emotional state of the user to the real-time post-stimulus emotional state of the user; and
in response to the real-time post-stimulus emotional state of the user matching the predicted post-stimulus emotional state of the user, authenticating the user, by the one or more processors, and activating, by the one or more processors, an access mechanism for a device.

US Pat. No. 11,115,408

METHODS AND SYSTEMS FOR DETERMINING USER LIVENESS AND VERIFYING USER IDENTITIES

DAON HOLDINGS LIMITED, G...


1. A method for verifying an identity of a user comprising:generating, by a computing device, parameters for each processed frame in a video of a biometric modality of the user, each of the parameters being different and resulting from movement of the computing device during capture of the video;
creating a signal for each of the parameters and storing each of the created signals with previously stored signals for the respective parameter;
creating a classification model for the user from the stored created signals and the previously stored signals;
normalizing each of the created signals;
calculating a correlation coefficient for the normalized signals, the correlation coefficient indicating a similarity between the created signals;
determining the user is live when the correlation coefficient is at least equal to a threshold score;
calculating, using the classification model, a confidence score for at least one of the created signals; and
verifying the identity of the user as true when the confidence score is at least equal to a threshold score.

US Pat. No. 11,115,407

CLIENT SIDE OTP GENERATION METHOD

Bank of America Corporati...


1. A system for authenticating a plurality of client machines with a server machine using one-time codes (OTC), the system comprising:a server machine comprising a processor and a memory storing an authentication module;
a first client machine comprising a processor, a memory, and a network communication interface, wherein the first client machine is communicatively coupled to the server machine via the network communication interface, wherein the memory of the first client machine further stores an interface to the authentication module;
a second client machine coupled to the first client machine and which is not in direct communication with the server machine;
a third client machine coupled to the second client machine;
wherein the second machine is configured to authenticate and validate a secure connection with the server machine through the first client machine by using a cypher text that the authentication module of the server machine used to validate the first client machine, and wherein the second client machine stores computer-executable instructions that, when executed by a processor, cause the system to:
store, by the second client machine, a second cypher text in memory at the second client machine, wherein the second cypher text comprises a second masked grid with a second seed;
construct, by the second client machine, a second solution for the second cypher text using the second seed and data values in the second masked grid;
transmit, by the second client machine, the constructed second solution to the first client machine to unlock the second masked grid;
unmask the second seed, by the first client machine, using the constructed second solution from the second client machine and a second data grid stored in memory at the first client machine;
transmit, by the first client machine, an unmasked second seed to the second client machine;
transmit, by the first client machine, second authorization codes to the second client machine;
dynamically generate, by the second client machine, a second OTC using the second unmasked seed, the second authorization codes, and the second masked grid;
send, by the second client machine, the second OTC to the first client machine, wherein the second OTC corresponds to the second authorization codes;
validate, by the first client machine, the second OTC from the second client machine using the second data grid stored in memory at the first client machine;
and after validation of the second OTC by the first client machine, grant, by the first client machine, the second client machine access to the server machine.

US Pat. No. 11,115,406

SYSTEM FOR SECURITY ANALYSIS AND AUTHENTICATION

BANK OF AMERICA CORPORATI...


1. A system for security analysis and authentication, the system comprising:a controller comprising one or more memory devices with computer-readable program code stored thereon, one or more communication devices connected to a network, and one or more processing devices, wherein the one or more processing devices execute the computer-readable program code to:analyze, using a first neural network machine learning system, historical one time password information, historical malfeasance information, and historical information for each of a plurality of users;
determine, using the first neural network machine learning system, a set of available one time passwords, wherein the set of available one time passwords comprises one time passwords of multiple password modalities, multiple password request types, and multiple password acquisition modalities;
select a one time password for a user of the plurality of users from the set of available one time passwords, wherein selecting the one time password for the user comprises identifying a random, varied, or customized available one time password from the set of available one time passwords, and designating it as the one time password for the user;
receive one time password data associated with the user;
cause a one time password signature generation engine, comprising a second neural network machine learning system, to identify characteristics within the received one time password data and generate a password signature for the user based on the received one time password data associated with the user, wherein the password signature comprises a collection of digital or character code associated with the identified characteristics within the received one time password data;
identify authentication verification matching requirements for a received authentication request;
determine a user authentication value based on a comparison of the generated password signature for the user and the identified authentication verification matching requirements for the received authentication request;
determine whether the user authentication value meets a predetermined threshold value; and
in response to determining that the user authentication value meets the predetermined threshold value, authenticate the user; or
in response to determining that the user authentication value does not meet the predetermined threshold value, do not authenticate the user or prompt the user for additional authentication credentials.


US Pat. No. 11,115,405

SHARING ACCESS TO A MEDIA SERVICE

Sonos, Inc., Santa Barba...


1. A system comprising:at least one communication interface;
at least one processor;
at least one non-transitory computer-readable medium comprising program instructions that are executable by the at least one processor such that the system is configured to:generate an authorization code that has an expiration time after which the authorization code expires;
transmit, via the at least one communication interface, at least one first message comprising the authorization code over a Wide Area Network (WAN);
receive, via the at least one communication interface, at least one second message comprising the authorization code from a computing device over the WAN;
determine that the received authorization code is valid based at least in part on the expiration time;
after determining that the authorization code is valid, generate a first authorization token;
transmit, via the at least one communication interface, at least one third message comprising the first authorization token to a playback device over the WAN;
receive, via the at least one communication interface, at least one fourth message comprising a second authorization token and a request for media content from the playback device over the WAN;
determine that the second authorization token is valid; and
after determining that the second authorization token is valid, provide the playback device with temporary access to the media content.


US Pat. No. 11,115,404

FACILITATING SERVICE CONNECTIONS IN SERVERLESS CODE EXECUTIONS

Amazon Technologies, Inc....


1. A system comprising:a hosting system associated with an on-demand code execution system, the hosting system comprising one or more computing devices configured to:receive a request to execute user-defined code implementing a task on the on-demand code execution system, wherein the task is associated with metadata including an authentication role under which the task should be executed;
in response to the request, execute, within an execution environment of the on-demand code execution system, the user-defined code implementing the task and additional code implementing an interface to a network-accessible service; and
pass to the interface an authentication token corresponding to the authentication role for the task;

wherein the user-defined code causes the computing device to request access to the network-accessible service from the interface; and
wherein the additional code providing the interface causes the computing device to:receive the request to access the network-accessible service;
encapsulate the request with a header including the authentication token for the task to result in an encapsulated request; and
transmit the encapsulated request to a router, wherein the router is configured to authenticate the request based on the authentication token.


US Pat. No. 11,115,403

MULTI-LEVEL USER DEVICE AUTHENTICATION SYSTEM FOR INTERNET OF THINGS (IOT)


1. A user-device authentication system comprising:memory configured to store computer-executable instructions, and
at least one computer processor configured to access the memory and execute the computer-executable instructions to:receive, at a third device, a request for access to information from a first device, the first device being a first Internet of Things (IoT) device;
request a phone number from the first device;
receive the phone number from the first device;
determine a user profile associated with the phone number;
determine a second device associated with the user profile, the second device being a second Internet of Things (IoT) device;
send a first message to the second device associated with the user profile, the first message requesting user authentication on the second device using biometric information configured to be obtained on the second device;
receive a second message from the second device, the second message validating authentication based on the biometric information obtained on the second device;
send a third message to the first device granting access to information to the first device based on the second message validating authentication; and

share, by the third device, the information with the first device.

US Pat. No. 11,115,402

SYSTEM AND METHOD FOR FACILITATING MULTI-CONNECTION-BASED AUTHENTICATION

UBS Business Solutions AG...


1. A method of facilitating multi-connection-based authentication, the method being implemented by a computer system that comprises one or more processors executing computer program instructions that, when executed, perform the method, the method comprising:causing, by the computer system, first and second connections to be established between the computer system and a remote client device;
obtaining, by the computer system, a first challenge response from the remote client device via the first connection and a second challenge response from the remote client device via the second connection, the first and second challenge responses each being generated based on a same private key stored in a secure local storage at the remote client device;
obtaining, by the computer system, a public key corresponding to the private key from the remote client device via the first connection;
obtaining, by the computer system, a confirmation of identification information associated with an entity, to which the private key corresponds, based on information obtained from the remote client device via the first connection;
performing, by the computer system, verification of the first challenge response by using the public key to verify at least a portion of the first challenge response;
storing, by the computer system, the public key in a database based on the verification of the first challenge response;
determining, by the computer system, a match between (i) an identifier related to the entity stored in the database and (ii) a data item obtained via the second connection;
performing, by the computer system, based on the matching, the verification of the second challenge response by using the public key to verify at least a portion of the second challenge response, wherein the public key is selected based on the matching for the verification of the second challenge response; and
authenticating, by the computer system, information obtained from the remote client device via the second connection based on (i) the obtained confirmation via the first connection and (ii) the verification of the first and second challenge responses obtained respectively via the first and second connections.

US Pat. No. 11,115,401

ADMINISTRATION PORTAL FOR SIMULATED SINGLE SIGN-ON

Bank of America Corporati...


1. A system for securely managing security policy data used to provide users access to third-party applications without revealing credentials to the users, the system comprising:a permission server, comprising a hardware processor, configured to store permission data comprising a list of third-party applications to which the users are currently permitted access; and
an access management server communicatively coupled to the permission server and a network, the access management server configured to:store security policy data, the security policy data comprising, for each user, a list of third-party applications to which the user may request access and the corresponding sign-on credentials for accessing each of the third-party applications;
host an administration portal on the network, the administration portal comprising a user interface configured to be displayed on a device of an administrator;
receive, in response to input provided by the administrator in the user interface, a selection of a first deployment to configure, the first deployment corresponding to a first third-party application and a first network address for a first sign-on page of the first third-party application;
receive, in response to input provided by the administrator at the user interface, first sign-on credentials for the first deployment, wherein the first sign-on credentials provide access to the first third-party application via the first sign-on page;
receive, in response to input provided by the administrator in the user interface, a selection of a second deployment to configure, the second deployment corresponding to a second third-party application and a second network address for a second sign-on page of the second third-party application;
receive, in response to input provided at the user interface of the administration portal, second sign-on credentials for the second deployment, wherein the second sign-on credentials provide access to the second third-party application via the second sign-on page;
in response to input provided at the user interface of the administration portal corresponding to an attempt to associate the first sign-on credentials with a first user, send a first request to the permission server to confirm that the first user is permitted access to the first third-party application;
receive a first response to the first request from the permission server, wherein the first response comprises a confirmation or denial of permission to access the first third-party application by the first user, and wherein the permission server is configured to generate the first response using the permission data stored therein;
in response to the first response comprising a confirmation of permission to access the first third-party application by the first user, associate the first user with the first sign-on credentials;
in response to input provided at the user interface of the administration portal corresponding to an attempt to associate the second sign-on credentials with a second user, send a second request to the permission server to confirm that the second user is permitted access to the second third-party application;
receive a second response to the second request from the permission server, wherein the second response comprises a confirmation or denial of permission to access the second third-party application by the second user, and wherein the permission server is configured to generate the second response using the permission data stored therein;
in response to the second response comprising a confirmation of permission to access the second third-party application by the second user, associate the second user with the second sign-on credentials; and
automatically update the security policy data, based on the association of the first sign-on credentials with the first user and the association of the second sign-on credentials with the second user, such that the security policy data stored in the access management server comprises:a first entry for the first deployment, the first entry comprising an identifier of the first user, the first sign-on credentials, and the first network address; and
a second entry for the second deployment, the second entry comprising an identifier of the second user, the second sign-on credentials, and the second network address.



US Pat. No. 11,115,400

DEVICE CONTROL METHOD, CONTROL TERMINAL DEVICE AND DEVICE CONTROL SYSTEM

Yamaha Corporation, Hama...


1. A device control method for controlling a plurality of devices, comprising:registering an account information in a first device which is one of the plurality of devices, wherein the account information is stored in a buffer of a control section of a control terminal device;
after registration of the account information in the first device, searching by the control terminal device at least one second device, the second device being at least one device of the plurality of devices and being a device in which the account information is not registered;
transmitting, by the control terminal device, the account information stored in the buffer to the at least one searched second device;
registering the account information in the at least one searched second device by using the account information transmitted from the control terminal device;
displaying information for accepting an input of the account information on a displaying section of the control terminal device and accepting, by the control section of the control terminal device, the input of the account information by a user when the control section confirms that the account information has not yet been registered in the first device; and
registering the account information in the buffer of the control section of the control terminal device.

US Pat. No. 11,115,399

METHOD AND APPARATUS FOR GENERATING AN INTELLIGENT PRIMARY KEY FACILITATING FASTER OBJECT RETRIEVAL

HERE GLOBAL B.V., Eindho...


1. A method comprising:receiving, at a processor, at least:(1) identification information;
(2) an account type; and
(3) realm information;
applying a deterministic hash function to the received identification information, the account type, and the realm information to establish a first composite key, wherein the first composite key is a hash of the identification information, the account type, and the realm information;

performing a single database search in response to establishing the first composite key for a matching composite key for correlation with the first composite key;
in direct response to correlating the first composite key with a matching composite key in the single database, providing an indication of a conflict with an existing account to a user; and
in response to failing to correlate the first composite key with a matching key, providing for creation of a user linked account, wherein the user linked account provides a realm-dependent user experience, and wherein the user linked account is partitioned according to the realm information.

US Pat. No. 11,115,398

METHODS AND DEVICES FOR PRESERVING RELATIVE TIMING AND ORDERING OF DATA PACKETS IN A NETWORK

ABB POWER GRIDS SWITZERLA...


1. A method, comprising:pre-shaping data traffic to produce a pre-shaped data traffic, wherein the pre-shaping the data traffic includes inserting dummy packets into a data flow;
performing encryption or authentication operations on the pre-shaped data traffic, wherein the pre-shaping the data traffic contributes to preserving of relative timing and ordering of data packets transmitted in a packet network; and
using at least part of the dummy packets for management channel transmissions or for Encryption Key Exchange (EKE).

US Pat. No. 11,115,397

SYSTEM AND METHODS FOR POINT TO POINT ENCRYPTION AND TOKENIZATION IN A HOSTED ENVIRONMENT

Walmart Apollo, LLC, Ben...


1. A point to point encryption and tokenization system for a hosted machine payment card industry (PCI) environment implementing a data security standard, the system comprising:an internal computing system equipped with one or more hardware processors and operatively coupled to a database in the hosted machine PCI environment, the internal computing system configured to receive encrypted card holder data (CHD) from an external computing system outside the hosted machine PCI environment, the internal computing system including a plurality of processing zones, each processing zone holding at least one of a plurality of processing modules, the plurality of processing modules including:
a decryption module executable using the one or more hardware processors to decrypt the CHD, a tokenization module executable using the one or more hardware processors to generate a token representing the CHD and store the token and the decrypted CHD in the database in the hosted machine PCI environment, the token used to retrieve the stored decrypted CHD in a subsequent request, and
an authorization module executable using the one or more hardware processors to process the decrypted CHD in response to a request from the external computing system and transmit a confirmation of the processing of the CHD and the token representing the CHD to the external computing system in place of the decrypted CHD, at least two of the decryption module, tokenization module and authorization module being located in separate processing zones of the plurality of processing zones; and
a communication interface configured to enable communication with the external computing system wherein the internal computing system in the hosted machine PCI environment is further configured to:
receive a second request from the external computing system to process the CHD, the second request accompanied by the token representing the CHD;
retrieve, with the tokenization module, the decrypted CHD from the database using the token;
process the decrypted CHD using an authentication module based on the second request; and
transmit a confirmation of the processing of the CHD based on the second request and the token representing the CHD to the external computing system.

US Pat. No. 11,115,396

SCALING OF ADAPTIVE CRYPTO SERVICES WITHIN THE CLOUD

Thales eSecurity, INC., ...


1. A computer program product comprising a non-transitory computer readable medium storing program code to be executed by at least one computer processing unit (CPU) in a computational environment, whereby execution of the program code causes the at least one CPU to execute a crypto cloudlet by performing operations comprising:providing execution of crypto services in the computational environment via a security wrapper shell of the crypto cloudlet, the security wrapper shell including a set of components configured to enable crypto features to securely execute cryptographic operations within a virtual machine;
dynamically adjusting, via at least the security wrapper shell, hardware resources including CPU cores, co-processors and cryptographic accelerators and sensors available to the virtual machine to fulfill execution of said cryptographic operations; and
executing an adaptive service of the crypto cloudlet, the adaptive service comprising a set of modules configured to fulfill cryptographic demands of a client by identifying and metering processing speed, performance, scalability and loading of said hardware resources allocated to the crypto cloudlet as said crypto features to support said cryptographic operations to fulfill cryptographic demands of the client.

US Pat. No. 11,115,395

CROSS-DOMAIN INFORMATION TRANSFER SYSTEM AND ASSOCIATED METHODS

HARRIS GLOBAL COMMUNICATI...


1. A cross-domain information transfer system comprising:a key distribution center configured to generate a plurality of private encryption keys, and a respective signature key pair for an attribute from among a plurality of different attributes, wherein each attribute comprises a binary attribute,
each signature key pair and attribute associated with a given domain among a plurality of different domains, and each signature key pair comprising a secret signing key and a secret verifying key;
a sender device, among a plurality of sender devices, comprising a processor and transceiver coupled thereto, and configured to receive a respective private encryption key and generate ciphertext from plaintext based upon the private encryption key, append a respective attribute for a given domain to the ciphertext,
receive a respective secret signing key and generate ciphertext with a concealed attribute from the ciphertext with the appended attribute based upon the secret signing key, and broadcast the ciphertext with the concealed attribute through an untrusted network; and
a plurality of domain gateway devices in communication with the untrusted network,
wherein the plurality of different domains have different security levels associated therewith,
each domain gateway device is not capable of determining the plaintext and comprising a processor and transceiver coupled thereto, and having a respective attribute associated therewith and configured to receive a respective secret verifying key,
receive the ciphertext with the concealed attribute from the untrusted network, and use the secret verifying key to determine if the concealed attribute matches the attribute associated with the domain gateway device, and, when so, pass the ciphertext to at least one receiver device coupled with the domain gateway device,
wherein the at least one receiver device comprises a processor and transceiver coupled thereto, and configured to decrypt the ciphertext into plaintext based upon the private encryption key.

US Pat. No. 11,115,394

METHODS AND SYSTEMS FOR ENCRYPTING DATA FOR A WEB APPLICATION

Mastercard International ...


1. A computer-implemented method, comprising:generating, by a server system, a cryptographic certificate, the cryptographic certificate comprising an asymmetric key pair;
generating, by the server system, a random value key, the random value key forming at least a part of a Content Encryption Key (CEK) to be generated by a web application;
sending, by the server system, the random value key to a client device running the web application over a secure network communication channel for generating the CEK, wherein the CEK is to be utilized for encrypting a content entered by a user of the web application on the client device and wherein the CEK is encrypted using a public key being part of the asymmetric key pair for transmission over the secure network communication channel; and
translating, by the server system, the CEK encrypted under the public key to CEK encrypted under a Local Master Key (LMK) using a private key, the private key being part of the asymmetric key pair.

US Pat. No. 11,115,393

MESSAGE SERVER, METHOD FOR OPERATING MESSAGE SERVER AND COMPUTER-READABLE RECORDING MEDIUM

LINE Corporation, Tokyo ...


1. A message server comprising:a memory configured to store computer-readable instructions; and
one or more processors configured to execute the computer-readable instructions,
wherein the one or more processors are further configured to,receive, from a first user terminal by the message server, a first message including a first attached file encrypted with a first encryption key;
generate, by the message server, a first index to identify the first attached file;
transmit, to a second user terminal by the message server, a second message including the first index associated with the first attached file encrypted with the first encryption key;
in association with the first message, receive, from the first user terminal, first data in which the first encryption key is encrypted with a first asymmetric key associated with the first user terminal and the second user terminal, and transmit the first data to the second user terminal;
receive, from the first user terminal by the message server, a third message including the first attached file encrypted with the first encryption key;

transmit, to a third user terminal by the message server, a fourth message including the first index associated with the first attached file encrypted with the first encryption key; andin association with the third message, receive, from the first user terminal, second data in which the first encryption key is encrypted with a second asymmetric key associated with the first user terminal and the third user terminal, and transmit the second data to the third user terminal;

wherein the first data is different from the second data, and the first data and the second data are generated by the first user terminal without using the message server;
wherein the first asymmetric key is different from the second asymmetric key; and
wherein the first encryption key is generated based on a type of the first attached file.

US Pat. No. 11,115,392

CONSUMER-AUTHORIZED CONTROLLED DISTRIBUTION OF TRUSTED SOURCE DATA

Turbo Business Suite LLC,...


1. A computer-implemented method for controlled distribution of trusted source data, the method comprising:receiving, over a network, an initial electronic request to access electronically-stored resource capacity data of a user stored on a controlled-access data storage device;
in response to receiving the initial electronic request to access, transmitting, over the network to an electronic device of the user, an electronic request for authorization to access the user's resource capacity data;
receiving, via the network, an electronic authorization transmitted from the electronic device of the user, that authorizes access to the user's resource capacity data;
in response to receiving the electronic authorization, generating a unique access code that provides access to the electronically-stored resource capacity data of the user;
transmitting, over the network, the unique access code to an electronic device of a first entity for transmission to a second entity;
receiving, from an electronic device of the second entity, a second electronic request to access the electronically-stored resource capacity data of the user, the second electronic request including a request code transmitted to the second entity by the first entity;
determining whether the request code matches the unique access code;
if the request code matches the unique access code, then granting access to the electronic device of the second entity to electronically read the electronically-stored resource capacity data of the user from the controlled-access data storage device; and,
if the request code does not match the unique access code, then denying access to the second entity to electronically read the electronically-stored resource capacity data of the user from the controlled-access data storage device.

US Pat. No. 11,115,391

SECURING END-TO-END VIRTUAL MACHINE TRAFFIC

Juniper Networks, Inc., ...


1. A method comprising:receiving, by a device, a packet from a remote endpoint that is destined for a local endpoint,the local endpoint being local to the device,
the local endpoint being a local virtual machine,
the remote endpoint being remote from the device,
the remote endpoint being a remote virtual machine, and
the packet being received via an underlying tunneling network between the device and another device hosting the remote endpoint;

decrypting, from the device, the packet using security information associated with a secure session between the remote virtual machine and the local virtual machine; and
providing, by the device, the packet toward the local endpoint after decrypting the packet.

US Pat. No. 11,115,390

STORAGE SYSTEM UTILIZING DISCRETE ON-DEMAND MEMORY RESOURCES

Goldilock Secure s.r.o.


1. A storage system comprising:a memory resource component structured to persistently store a sensitive dataset;
a controller including a telephonic receiver and being coupled to the memory resource component, the controller being structured to physically switch the memory resource component between an unconnected state and a connected state, wherein in the unconnected state, the memory resource component is not physically connected to a data network by way of an air gap to prevent unauthorized access to the memory resource component, and wherein in the connected state, the memory resource component is physically connected to the data network by closing the air gap;
wherein in response to receiving a telephone call via the telephonic receiver on a phone number that is associated with the memory resource component, the controller implements an authentication process to (i) physically switch the memory resource component from the unconnected state to the connected state by mechanically closing the air gap, and (ii) maintain the memory resource component in the connected state for a given duration; and
wherein the controller enables at least one of a read or write operation while the memory resource component is in the connected state for the given duration.

US Pat. No. 11,115,389

MEDIA ACCESS CONTROL SECURITY (MACSEC) ENABLED LINKS OF A LINK AGGREGATION GROUP (LAG)

Juniper Networks, Inc., ...


1. A method, comprising:causing, by a device, a Media Access Control Security (MACsec) session to be established on a first link of a link aggregation group (LAG) that includes a plurality of links with a different device;
causing, by the device, a data structure to be updated to identify the first link as a MACsec enabled LAG link;
sending, by the device and after causing the data structure to be updated to identify the first link as a MACsec enabled LAG link, traffic via the first link;
causing, by the device and while the device is sending traffic via the first link, a MACsec session to be established on at least one additional link of the LAG;
causing, by the device, the data structure to be updated to identify the at least one additional link as a MACsec enabled LAG link; and
sending, by the device and after causing the data structure to be updated to identify the at least one additional link as a MACsec enabled LAG link, additional traffic via the first link and the at least one additional link.

US Pat. No. 11,115,388

SMART BUILDING AGENT FOR BUILDING CONTROL

BCE INC., Verdun (CA)


1. A system, comprising:a Building Automation System (BAS) located within a building, the BAS communicatively coupled to an internal communication network and configured to control building systems and/or equipment;
one or more environmental sensors associated with the building, wherein the one or more environmental sensors are separate from the BAS and do not communicate with the BAS; and
a processing device located remote from the BAS and communicatively coupled to the BAS and the one or more environmental sensors, the processing device configured to communicate with the BAS over a first communications channel, and configured to communicate with the one or more environmental sensors over at least one second communications channel different from the first communications channel for receiving sensor data,
wherein the processing device is configured to generate a control command based on the sensor data received over the at least one second communications channel, the control command providing instructions for the BAS to adjust an operation parameter for one or more of the building systems and/or equipment, and wherein the control command is sent to the BAS over the first communications channel.

US Pat. No. 11,115,387

METHOD FOR POLICY-DRIVEN, CLASSIFYING, AND ROUTING TRAFFIC USING THE DOMAIN NAME SYSTEM

Cisco Technology, Inc., ...


1. A method for routing traffic, the method comprising:instructing a virtual private network (VPN) client to clear any previously resolved domain-name based requests stored in memory;
receiving, at the VPN client, a domain name-based request to access a network-based service at a client device, wherein the VPN client is forced to operate as a DNS proxy in response to clearing of the any of the previously resolved domain-name based requests stored in the memory;
forwarding the domain name-based request from the VPN client acting as the DNS proxy to a policy service;
identifying, by the policy service, a policy for the VPN client of the client device based on receipt of the domain name-based request at the policy service, wherein the policy provides instructions to the VPN client for routing a flow path between the client device and the network-based service;
generating, by the policy service, routing instructions for the VPN client of the client device based on the instructions provided by the identified policy, wherein the routing instructions include identifying whether to route the flow path from the VPN client over a private network or a public network;
routing, from the VPN client, the domain name-based request to a domain name system (DNS) to obtain IP addresses associated with the network-based service, wherein the DNS used to resolve the domain name-based request is based on the routing instructions provided by the identified policy, and wherein the IP addresses are stored in a routing table associated with the VPN client; and
establishing the flow path between the client device and the network-based service, wherein the VPN client routes the flow path to the network-based service using IP addresses stored in the routing table of the VPN client and in accordance with the generated routing instructions.

US Pat. No. 11,115,385

SELECTIVE OFFLOADING OF PACKET FLOWS WITH FLOW STATE MANAGEMENT

CISCO TECHNOLOGY, INC., ...


1. A method comprising:receiving a first packet of a packet flow at a classifying network device;
forwarding the first packet from the classifying network device to a firewall network device;
receiving at the classifying network device an indication from the firewall network device that non-control packets of the packet flow are to be offloaded to a processing entity, wherein control packets of the packet flow are to be directed to the firewall network device;
storing, at the classifying network device, data that indicates that the packet flow is to be offloaded;
receiving one or more non-control packets of the packet flow at the classifying network device;
determining that the one or more non-control packets belong to the packet flow by comparing data contained in the one or more non-control packets to the data stored at the classifying network device;
directing the one or more non-control packets of the packet flow to the processing entity in response to the determining the one or more non-control packets belong to the packet flow;
receiving a packet of the packet flow at the classifying network device indicating a possible change in a flow state of the packet flow;
determining that the packet belongs to the packet flow by comparing data contained in the packet to the data stored at the classifying network device;
determining that the packet of the packet flow is a type that is to be forwarded to the firewall network device;
directing the packet of the packet flow to the firewall network device, in response to the determining the packet of the packet flow is of the type that is to be forwarded to the firewall network device, to maintain the flow state of the packet flow at the firewall network device;
receiving, at the classifying network device in response to predetermined criteria evaluated by the firewall network device, an indication from the firewall network device that the packet flow should no longer be directed to the processing entity, wherein the predetermined criteria comprise a pattern of bytes from one or more control packets of the packet flow, a reputation change of a source device of the packet flow, a posture change of the source device of the packet flow, and timing of receipt of the packet flow;
receiving a non-control packet of the packet flow at the classifying network device; and
directing the non-control packet of the packet flow to the firewall network device.

US Pat. No. 11,115,384

WALLED GARDEN SYSTEM WITH CLEARED IPS LIST AUTOMATICALLY GENERATED FROM DNS QUERIES

Guest Tek Interactive Ent...


1. A walled garden system comprising:a storage device storing a cleared internet protocol (IP) addresses list and a cleared domain names list;
a firewall controlling access between a first network and a second network; and
a controller coupled to the storage device and the firewall;
wherein the firewall is operable to control access between the first network and the second network at least by receiving one or more connection requests originating from a non-logged in user device on the first network that have a destination IP address on the second network, and directly allowing the connection requests to a pass to the destination IP address on the second network in response to the firewall determining that the destination IP address matches a cleared IP address on the cleared IP addresses list, and by blocking other connection requests originating from the non-logged in user device to an other destination IP address on the second network in response to the firewall determining that the other destination IP address does not match any cleared IP address on the cleared IP address list;
the controller is operable to receive a domain name service (DNS) reply from a DNS server on the second network;
the controller is operable to determine whether a domain name specified within the DNS reply matches a cleared domain name on the cleared domain names list; and
in response to determining that the domain name specified within the DNS reply matches the cleared domain name on the cleared domain names list, the controller is operable to add a resolved IP address specified in the DNS reply to the cleared IP addresses list as a new cleared IP address;
whereby, after the controller adds the resolved IP address to the cleared IP addresses list, the firewall is operable to allow connection requests originating from the non-logged in user device to the resolved IP address.

US Pat. No. 11,115,383

SYSTEM ON CHIP FIREWALL MEMORY ARCHITECTURE

Texas Instruments Incorpo...


1. A system on a chip (SoC), comprising:multiple functional blocks coupled to a system bus configured to communicate among ones of the functional blocks coupled to the system bus;
the functional blocks configured to perform at least one of sending messages to or receiving messages from other ones of the functional blocks through the system bus;
multiple initiator-side firewall blocks, different ones of the initiator-side firewall blocks corresponding to different ones of the functional blocks, the initiator-side firewall blocks having respective initiator-side memories configured to store configuration settings of the respective initiator-side firewall blocks, the initiator-side firewall blocks configured so that, when a sending one of the functional blocks sends a sent message to a receiving functional block on the system bus, the initiator side firewall block corresponding to the sending functional block adds an identifier to the sent message in at least partial dependence on the configuration settings of the corresponding initiator-side firewall block;
multiple receiver-side firewall blocks, different ones of the receiver-side firewall blocks corresponding to different ones of the functional blocks, the receiver-side firewall blocks having respective receiver-side firewall block memories configured to store configuration settings of the respective receiver-side firewall blocks, the receiver-side firewall blocks configured so that, when the receiving functional block receives the sent message on the system bus, the receiver-side firewall block corresponding to the receiving functional block allows or refuses permission for the sent message to be accessed by the receiving functional block in at least partial dependence on the configuration settings of the corresponding receiver-side firewall block and on the identifier;
a security bus which is electrically isolated from the system bus, the security bus coupled to the initiator-side firewall blocks and to the receiver-side firewall blocks; and
a single security configuration controller coupled to the security bus and configured to use the security bus to exclusively control the configuration settings to be stored in all of the initiator-side firewall block memories and all of the receiver-side firewall block memories.

US Pat. No. 11,115,382

GLOBAL OBJECTS FOR FEDERATED FIREWALL RULE MANAGEMENT

NICIRA, INC., Palo Alto,...


1. A method of defining and distributing firewall rules for a plurality of data compute nodes (DCNs) executing in a set of two or more datacenters, the method comprising:at a first datacenter:associating a unique identifier, for a DCN in a second datacenter, with a security tag, wherein the unique identifier for the DCN is a globally unique identifier across the first and second datacenters;
defining a firewall rule with a reference to the security tag; and
distributing the firewall rule with the reference to the security tag from the first datacenter to a network controller at the second datacenter,
wherein the network controller at the second datacenter uses the security tag referenced by the distributed firewall rule to identify the unique identifier for the DCN, maps the unique DCN identifier to a local network address associated with the DCN at the second datacenter, uses the local network address to define a matching attribute of a local firewall rule, and defines an action of the distributed firewall rule as an action of the local firewall rule,
wherein a firewall enforcing machine at the second datacenter uses the local firewall rule to process packets associated with the DCN in accordance with a firewall action specified by the local firewall rule.


US Pat. No. 11,115,381

HYBRID AND EFFICIENT METHOD TO SYNC NAT SESSIONS

VMWARE, INC., Palo Alto,...


1. A method of synchronizing network address translation (NAT) records between an active gateway and a standby gateway, the method comprising, at the active gateway:encoding a NAT record that comprises at least an external source IP address, wherein the encoded NAT record does not include the external source IP address but does include an identifier that uniquely specifies the external source IP address; and
sending the encoded NAT record to the standby gateway.

US Pat. No. 11,115,380

DETERMINING AND UTILIZING ONE OR MORE ATTRIBUTES OF IP ADDRESSES

EL TORO.COM, LLC, Louisv...


1. A method implemented by one or more processors, the method comprising:identifying an IP address;
identifying a group of electronic requests that originate from the IP address;
generating, based on the group of the electronic requests that originate from the IP address, a fraud value for the IP address that indicates a likelihood that electronic requests that originate from the IP address are fraudulent;
applying a netmask to the IP address to determine that the IP address has a particular masked address;
assigning a masked fraud value to the particular masked address in one or more databases, wherein the masked fraud value is based on the fraud value, and is based on the fraud value responsive to the fraud value being for the IP address and based on the IP address having the particular masked address;
subsequent to the assigning:identifying an additional electronic request that originates from an additional IP address;
applying the netmask to the additional IP address to determine that the additional IP address has the particular masked address; and
responsive to the additional IP address having the particular masked address, using the masked fraud value, assigned to the particular masked address, in determining whether to transmit content responsive to the additional electronic request.


US Pat. No. 11,115,379

MANAGEMENT OF ENDPOINT ADDRESS DISCOVERY IN A SOFTWARE DEFINED NETWORKING ENVIRONMENT

VMware, Inc., Palo Alto,...


1. A method of managing Internet Protocol (IP) address discovery in a software defined network (SDN) environment, the method comprising:in a management plane of the SDN environment, generating an IP address discovery configuration;
in the management plane, passing the IP address discovery configuration to the control plane;
in the control plane, obtaining a discovered list from a hypervisor of one or more IP addresses associated with one or more logical ports, wherein the discovered list comprises an aggregated address list from two or more sources, and wherein the one or more IP addresses correspond to one or more overlay network addresses associated with one or more virtual nodes coupled to the one or more logical ports; and
in the control plane, updating one or more realized lists for the one or more logical ports based on the discovered list and the IP address discovery configuration.

US Pat. No. 11,115,378

TRAFFIC FLOW CONTROL USING DOMAIN NAME

Aeris Communications, Inc...


1. A computer-implemented method for automated traffic flow control using domain name for one or more devices enabled for connectivity comprises:receiving device information for the one or more devices;
receiving domain name information for at least one domain name that the one or more devices are allowed to access;
associating the at least one domain name with one or more internet protocol (IP) addresses;
monitoring the at least one domain for change in the one or more IP addresses for that domain, wherein monitoring the at least one domain for change in the one or more IP addresses for that domain further includes determining if there has been a change in the one or more IP addresses associated with a domain name using domain name system (DNS) look up and automatically updating the one or more IP addresses in the service profile for the one or more devices in the policy and charging rules function (PCRF); and
updating the one or more IP address of the domain name if any change in the IP addresses for that domain is found.

US Pat. No. 11,115,377

METHOD OF RESOLVING AN IP ADDRESS, CORRESPONDING SERVER AND COMPUTER PROGRAM

KERLINK, Paris (FR)


1. A method for resolving an IP address, characterized in that it comprises:a step (21) of receiving, by a DNS server, an address resolution request, said request comprising a datum representative of a MAC address, in which said MAC address identifies a communicating object connected to a wireless local area network, said wireless local area network being based on an addressed communication protocol using said MAC address and different from IP, wherein said wireless local area network does not use the IP, said datum representative of a MAC address having the form of a domain name, said domain name being composed of at least two successive domains:
a first lower-level domain, formed from said MAC address;
at least one predetermined top-level domain;
a step (22) of looking up, within a database of addresses of the DNS server, an IP address, depending on said datum representative of a MAC address, in which said IP address identifies a device with which said communicating object has to exchange data;
a step (23) of transmitting said IP address, by the DNS server, to a gateway interconnecting the wireless local area network through a network interface employing said addressed communication protocol different from IP with an IP wide area network.

US Pat. No. 11,115,376

METHOD AND DEVICE FOR HANDLING MULTI-TENANT REQUEST

Advanced New Technologies...


11. A computer-implemented system, comprising:one or more computers; andone or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform operations comprising:
receiving a request to access an application from a user device, wherein the request comprises a user identifier and request data, wherein the application is hosted by a server, and wherein the user identifier is associated with a user of the user device;
determining tenant information corresponding to the user identifier based on a mapping relationship between the user and a tenant;
determining type information of the application based on the request data;
extracting a first identifier of the application from the request data based on the type information of the application;
appending the tenant information to the first identifier of the application to obtain a second identifier;
determining a new request based on the second identifier;
sending the new request to the application;
receiving a response message for the new request, wherein the response message comprises the second identifier;
removing the tenant information from the second identifier to obtain the first identifier of the application;
determining a new response message based on the first identifier; and
returning the new response message to the user device.


US Pat. No. 11,115,375

INTEROPERABILITY BETWEEN DATA PLANE LEARNING ENDPOINTS AND CONTROL PLANE LEARNING ENDPOINTS IN OVERLAY NETWORKS

Cisco Technology, Inc., ...


1. A method comprising:designating a first endpoint in an overlay network as a data plane learning endpoint and a second endpoint in the overlay network as a control plane learning endpoint;
operating in a data plane learning mode when a network packet in the overlay network is received from the data plane learning endpoint, wherein the data plane learning mode allows Layer 2 learning, and wherein the data plane learning mode is used when communicating with hosts behind the data plane learning endpoint; and
operating in a control plane learning mode when the network packet is received from the control plane learning endpoint, wherein the control plane learning mode disables the Layer 2 learning, and wherein the control plane learning mode is used when communicating with other hosts behind the control plane learning endpoint.

US Pat. No. 11,115,374

SOURCE-AWARE TECHNIQUE FOR FACILITATING LISP HOST MOBILITY

Cisco Technology, Inc., ...


1. A method comprising:detecting, by a first network element of a first network, a local connection of an endpoint identifier (“EID”) corresponding to a virtual machine (“VM”), where the EID relocated from a second network to the first network, wherein the first network element detects the EID at least by comparing a source in a packet header from the EID with a range of prefixes enabled to roam;
receiving, by the first network element of the first network, identifying information for a second network element of the second network previously connected to the EID;
receiving, by the first network element of the first network, from the second network element of the second network, service information for a service to be applied to traffic associated with the VM using the identifying information;
in response to the relocation of the EID and the service, initiating a state transfer related to the EID from a firewall at the second network to a firewall at the first network, wherein the state transfer utilizes a filter to prevent transfer of state information unrelated to the EID.

US Pat. No. 11,115,373

MULTI-CHANNEL ENGAGEMENT PLATFORM CONVERTER

Movius Interactive Corpor...


1. A system to enable cross-platform integration comprising:a first server including a processing unit and memory and providing a multi-channel communications platform;
a second server including a processing unit and memory and providing a gateway that interfaces a first communication element using a first communication channel to the multi-channel communications platform on the first server;
a plurality of application program interfaces (APIs), each of the APIs configured to communicatively interface the multi-channel communications platform to a particular communication channel;
the gateway, comprising software instructions stored on the server that when executed by the second server are configured to perform operations of:receiving a communication from the first communication element over the first communication channel, the communication including a destination address of a second communication element;
using the destination address of the second communication element and an identity of the first communication element and the first communication channel as search elements, access a data source to identify the second communication channel utilized by the second communication element; and
forward the communication from the first communication element to the multi-channel communications platform along with the identification of the second communication channel and the destination address of the second communications element;

the multi-channel communication platform, comprising software instructions stored on the server that when executed by the server are configured to operate by:receiving the forwarded communication from the gateway;
selecting an API from the plurality of APIs that is compatible with the second communication channel; and
sending the forwarded communication through the selected API to the second communication channel of the second communication element.


US Pat. No. 11,115,372

UNIVERSAL ACTIONABLE NOTIFICATIONS

Microsoft Technology Lice...


1. A method, performed by a notification service implemented with machine-readable instructions executed by one or more computer processors, for managing action items derived from messages exchanged between user groups of a network-based collaboration platform, the method comprising:detecting, based on unstructured text of messages posted to a first conversation thread associated with a first user group, a first action item assigned to a user;
detecting, based on unstructured text of messages posted to a second conversation thread associated with a second user group, a second action item assigned to the user;
determining, for each of the detected first and second action items, a plurality of response options;
generating, from the first and second action items, respective first and second structured notification messages addressed to the user, the notification messages each comprising the plurality of response options determined for the respective action item;
posting the first and second structured notification messages addressed to the user in a notification inbox provided to the user;
receiving a response to at least the first structured notification message from the user within the notification inbox, the response specifying a response option selected among the respective plurality of response options; and
generating, based on the selected response option, a response message, and placing the response message into the first conversation thread.

US Pat. No. 11,115,371

SYSTEM FOR MANAGING ELECTRONIC MAIL INCLUDING DISABLING REPLYING TO A GIVEN EMAIL AND RELATED METHODS

Citrix Systems, Inc., Ft...


1. A system for managing electronic mail (email) from among a plurality of email recipients, each of the plurality of email recipients having a priority associated therewith, the system comprising:an email management server configured to store an email reply-impermissible flag for each of a plurality of email conversation threads, the email reply-impermissible flag being indicative of an in-progress reply for a given email having a corresponding email conversation thread associated therewith; and
a plurality of user devices each associated with a given email recipient from among the plurality thereof, each user device configured todisplay the given email, and
communicate an email reply status query message to the email management server for the given email;

the email management server configured to determine if the email reply-impermissible flag is set for the corresponding email conversation thread based upon the email reply status query message for the given email,when the email reply-impermissible flag is set for the corresponding email conversation thread,cooperate with a corresponding user device to disable replying to the given email, and determine when the in-progress reply for the given email has been sent, and when the in-progress reply for the given email has been sent, reset the email reply-impermissible flag to permit replying to the given email,
reset the email reply-impermissible flag so that replying to the given email is permissible for other user devices after a threshold time of inactivity from the corresponding user device when permitted to reply to the given email, and
based upon receiving a further email reply status query message for the given email from another user device, determine whether the priority of the email recipient associated with the another user device is higher than that associated with the corresponding user device, and when so, cooperate with the corresponding user device to disable replying to the given email from the corresponding user device and permit replying to the given email from the another user device, otherwise maintain replying to the given email from the corresponding user device until the email reply-impermissible flag has been reset based upon one of the in-progress reply for the given email being sent and expiration of the threshold time of inactivity, and

when the email reply-impermissible flag is not set for the corresponding email conversation thread, cooperate with the corresponding user device to permit replying to the given email.


US Pat. No. 11,115,370

FOCUSED KERNELS FOR ONLINE BASED MESSAGING

International Business Ma...


1. A computer-implemented method comprising:analyzing, by a processor, one or more social media messages from one or more social media platforms, wherein each of the one or more social media messages includes a generalized metadata tag, and wherein the one or more social media messages are categorized as a generalized group;
determining, from the generalized group, that the one or more social media messages exceeds a generalized threshold;
generating a first specialized metadata tag for a first set of social media messages included in the one or more social media messages;
partitioning, based on the first specialized metadata tag, the first set of the one or more social media messages into a specialized group within the generalized group;
directing one or more users associated with the first set of social media messages to the specialized group;
identifying, from the first set of social media messages, a first user who supplied a first message in the first set of social media messages, wherein the first message is identified from a temporal metadata tag; and
designating the first user as a mediator for the specialized group.

US Pat. No. 11,115,369

TRANSMITTING NEAR REAL-TIME GEOGRAPHIC MASS MESSAGING REQUESTS

MOTOROLA SOLUTIONS, INC.,...


1. A system for transmitting geographic mass messaging requests, the system comprising:a memory;
a transceiver; and
an electronic processor communicatively coupled to the memory and the transceiver, and configured toreceive a geographic mass messaging request via the transceiver, the geographic mass messaging request including a message, a geographic reference, and a requesting agency identifier, and having at least one request characteristic;
assign a priority to the geographic mass messaging request based on an electronically stored alerting authority policy and at least one selected from the group consisting of the requesting agency identifier, the geographic reference, and the at least one request characteristic;
responsive to determining that the priority meets a priority threshold,transmit the message via the transceiver to a mass notification system for broadcast to end user devices in a specified geographic region based on the geographic reference; and
transmit a request granted message via the transceiver to the requesting agency; and

responsive to determining that the priority does not meet the priority threshold, transmit one of a request denied message and a request modification proposal via the transceiver to the requesting agency.


US Pat. No. 11,115,368

SYSTEMS AND METHODS FOR INTELLIGENT APPLICATION NOTIFICATION MANAGEMENT

Life360, Inc., San Franc...


1. A method for notification management, the method comprising:filtering, on a communication device, notifications to be displayed on a user interface of the communication device so as to modulate display of the notifications on the user interface, wherein filtering the notifications to be displayed on the user interface of the communication device comprises:determining, on the communication device, whether a new notification has been received by the communication device from an external server, wherein the new notification is generated by the external server for remote display on the user interface of the communication device,
in response to determining that the new notification has been received, determining, on the communication device, whether the new notification can be added to a notification queue based on a maximum number of notifications allowed within a period of time, wherein the notification queue stores one or more existing notifications,
in response to determining that the new notification can be added, adding, on the communication device, the new notification to the notification queue, and
modifying, on the communication device, the notification queue, wherein modifying the notification queue comprises:determining whether the new notification can be combined with an existing notification in the notification queue based on a user preference, a system state, and whether an application to which the notification is related is currently active, and
in response to determining that the new notification can be combined, combining the new notification with the existing notification; and


displaying, on the user interface, one of the notifications stored in the notification queue based on the modification of the notification queue.

US Pat. No. 11,115,367

SYSTEM AND METHOD FOR AUTOMATING WORKFLOW MANAGEMENT AND TRACKING OF VOICEMAIL, TEXT AND MULTIMEDIA MESSAGES, LIVE CHATS, FORMS AND UPLOADED FILES

Entrespace, LLC, West Ha...


1. A method for three-way integration of external communication mechanisms with an organization's Instant Messaging (IM) system and Workflow Management (WfM) system, wherein the IM system comprises one or more chat rooms, the method comprising:receiving and storing a communication sent by an external party through an instance of a communication mechanism;
automatically generating a collaboration space within a chat room associated with the instance of the communication mechanism used to receive the communication;
automatically generating a message within the collaboration space and populating it with content of the received communication or information about the content of the received communication;
automatically generating and populating a record in the WfM system to track a status and progress of handling the received communication;
limiting access to the chat room to authorized users that are members of the chat room; and
allowing an authorized user to add private comments to chat windows within that chat room that are visible only to members.

US Pat. No. 11,115,366

COMMUNICATION AND CONVERSATION BETWEEN INDIVIDUALS AND SERVICE PROVIDERS


1. A system comprising: being accessed by a computing device through a web browser, having a database in where the database is managed using a peer-to-peer network where the database uses a distributed timestamping server, having data and processing code reside in non-transitory memory where the data is owned by a sender; using blockchain to secure ongoing communication and conversation between an individual user and a service provider, providing a translation function where the communication is done electronically where the blockchain is a decentralized, distributed and public digital ledger where the blockchain is secure, cryptographic and permission based where the blockchain is used to record transactions across many computers so that any involved record cannot be altered retroactively without the alteration of all subsequent blocks; and having artificial intelligence to analyze and prepare the data for proper communication where the AI translates a communication if needed where the translation is one of the three of language, braille or sound.

US Pat. No. 11,115,365

MESSAGING OVERFLOW SERVICE

Amazon Technologies, Inc....


1. A non-transitory machine readable storage medium having instructions embodied thereon, the instructions when executed cause a processor to perform processing, comprising:consuming unprocessed messages pending in a message queue using a messaging overflow service launched in response to an alarm triggered by a monitoring service that indicates the message queue has filled to a predetermined threshold, wherein a message handler associated with the message queue processes a first set of messages from the message queue, in parallel to the messaging overflow service, and stores a first set of processed data store values associated with the first set of messages processed by the message handler to a data store;
processing, by the messaging overflow service, a second set of messages from the unprocessed messages, in parallel to the first set of messages being processed by the message handler, to generate a second set of processed data store values;
storing the second set of processed data store values in a cache associated with the messaging overflow service;
enabling the first set of processed data store values and the second set of processed data store values to be available for delivery to a client;
causing a query process making a query request to the data store to check both the data store and the cache associated with the messaging overflow service for the processed data store values; and
the message queue receiving subsequent messages after the messaging overflow service is launched;
wherein the subsequent messages are processed by the message handler associated with the message queue in parallel to the processing of the unprocessed messages using the messaging overflow service.

US Pat. No. 11,115,364

SYSTEM AND METHOD FOR REGULATING ELECTRONIC MESSAGE TRANSMISSIONS

Intercontinental Exchange...


1. A system comprising:one or more processors operatively coupled to a non-transitory memory storing computer-readable instructions that, when executed by the one or more processors, cause the system to:receive, via a system input interface, an incoming message having a destination other than the system;
identify one or more internet protocol (IP) attributes of the incoming message;
determine, based on the one or more IP attributes of the incoming message, that said incoming message originated from a particular participant device; and
apply a transmission delay offset to the incoming message prior to transmission of the incoming message from the system to the destination, the transmission delay being specific to the particular participant device.


US Pat. No. 11,115,363

UTILIZING ENCRYPTED EPHEMERAL MESSAGES TO MODIFY EPHEMERAL MESSAGE DURATION SETTINGS

WHATSAPP LLC, Menlo Park...


1. A method comprising:identifying, at a receiving client device, an ephemeral message, an ephemeral message duration setting, and an ephemeral setting timestamp generated by a transmitting client device;
adding the ephemeral message to a message thread between the receiving client device and the transmitting client device, wherein the message thread corresponds to an existing ephemeral message duration setting on the receiving client device;
comparing the ephemeral setting timestamp to an existing setting timestamp on the receiving client device;
based on determining that the existing setting timestamp predates the ephemeral setting timestamp, modifying the existing ephemeral message duration setting for the message thread to the ephemeral message duration setting; and
applying the ephemeral message duration setting to delete the ephemeral message from the message thread on the receiving client device.

US Pat. No. 11,115,362

METHOD AND SYSTEM FOR PRESENTING CONVERSATION THREAD

LINE PLUS CORPORATION, G...


1. A conversation thread displaying method of a computer apparatus comprising at least one processor, the method comprising:classifying, by the at least one processor, messages transmitted and received through at least one conversation session to generate a conversation thread for each of the at least one conversation session;
providing, by the at least one processor, a conversation session list, the conversation session list including one or more conversation threads associated with the at least one conversation session;
displaying, by the at least one processor, messages of a selected conversation thread selected from the conversation session list;
receiving, by the at least one processor, a first conversation summary request for the messages of the selected conversation thread;
providing, by the at least one processor, a first conversation summary for the messages of the selected conversation thread in response to the first conversation summary request for the messages of the selected conversation thread; and
receiving, by the at least one processor, a period change request for displaying the first conversation summary,
wherein the providing a first conversation summary comprises providing at least one first conversation summary generated for each period by classifying the messages of the selected conversation thread for each period based on a time at which a corresponding message is transmitted or a time at which a corresponding message is received, and
wherein the providing a first conversation summary comprises changing a period for displaying the first conversation summary from a first period to a second period in response to the period change request, and providing the first conversation summary generated for the second period.

US Pat. No. 11,115,361

APPARATUS AND METHOD FOR MAINTAINING A MESSAGE THREAD WITH OPT-IN PERMANENCE FOR ENTRIES

Snap Inc., Santa Monica,...


1. A method implemented by a server with a processor and a memory storing instructions executed by the processor to maintain a first message thread and a second message thread between a first client device of a first user and a second client device of a second user, respectively, the method comprising:directing, by the server, the second client device to display a text entry of the second message thread for a duration of a transitory display period, wherein the text entry is from the first user and is presented on a display screen of the second client device of the second user;
automatically deleting at the server the text entry in the first message thread and the text entry of the second message thread after the duration of the transitory display period unless an indication of a gesture applied to the display screen of the second client device presenting the text entry of the second message thread on the second client device is received at the server during the transitory display period, the gesture for preserving the text entry; and
in a case where the server receives the indication during the transitory display period,maintaining, by the server, the text entry for the second message thread,
providing, by the server, a notification to the first client device that the text entry of the second message thread has been preserved by the second user,
providing for display of a first indicia associated with the text entry based on only one of the first and second users having selected to preserve the text entry, and
providing for display of a second indicia associated with the text entry based on both of the first and second users having selected to preserve the text entry, the first indicia being different than the second indicia.


US Pat. No. 11,115,360

METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR CATEGORIZING MULTIPLE GROUP-BASED COMMUNICATION MESSAGES

Slack Technologies, Inc.,...


1. An apparatus for group-based communication message categorization, the apparatus comprising at least one processor and at least one non-transitory memory including program code, the at least one non-transitory memory and the program code configured to, with the at least one processor, cause the apparatus to:receive a channel message corpus representing multiple communication messages of a group-based communication channel, the multiple communication messages of the channel message corpus sharing a group-based communication channel identifier corresponding to the group-based communication channel;
determine, using a conversation primitive identification engine coupled with the at least one processor, one or more conversation primitive identifiers for each of the multiple communication messages;
identify one or more communication message segments of the multiple communication messages that share at least one common conversation primitive identifier of the one or more conversation primitive identifiers; and
in response to identifying the one or more communication message segments that share at least one common conversation primitive identifier, group the one or more communication message segments that share the at least one common conversation primitive identifier into a conversation segment, wherein the conversation segment includes a topic associated with the conversation segment.

US Pat. No. 11,115,359

METHOD AND APPARATUS FOR IMPORTANCE FILTERING A PLURALITY OF MESSAGES

Samsung Electronics Co., ...


1. A method of filtering a plurality of messages of an electronic apparatus, the method comprising:displaying the plurality of messages and a user interface, the user interface comprising a filtering bar and an indicator positioned on the filtering bar, wherein a position of the indicator on the filtering bar is indicative of a filtering level;
based on an input for moving the indicator on the filtering bar being received, identifying a filtering level corresponding to a position of the moved indicator on the filtering bar;
identifying an importance level for the plurality of messages, wherein the importance level for a respective message is identified based on at least a number of the plurality of messages, an occurrence frequency number of a specific word included in the plurality of messages, an occurrence frequency number of the specific word included in the respective message, a number of messages including a specific word from among the plurality of messages, and a time when the respective message is generated;
obtaining at least one message from among the plurality of messages based on a number of messages selected according to the identified filtering level and a ranking information of the plurality of messages according to the importance level of the plurality of messages; and
displaying the at least one obtained message.

US Pat. No. 11,115,358

DYNAMICALLY INTEGRATING CONTACT PROFILE PICTURES FROM WEBSITES INTO MESSAGES

International Business Ma...


1. A device comprising:a processor;
a memory coupled to the processor;
a network interface coupled to the processor;
wherein the memory contains instructions, which when executed by the processor, perform the steps of:detecting a name in a message;
retrieving a first site association category of a first website type;
retrieving a second site association category of a second website type, wherein the second website type is different from the first website type;
determining a classification of the message;
selecting a profile from the first website type or the second website type based on a match of the classification with the first site association category or the second site association category, respectively;
obtaining a plurality of contact profile pictures,
wherein the plurality of contact profile pictures comprises at least one contact profile picture from the selected profile for a plurality of contacts which are associated with the detected name;
displaying the obtained plurality of contact profile pictures in an order based on a number of times each of the obtained contact profile pictures, of the plurality of contact profile pictures, had been previously selected, by the user, as a recipient;
accepting a selection of one profile picture of the displayed plurality of contact profile pictures;
inserting the selected one profile picture into the message in replacement of the name; and
distributing the message.


US Pat. No. 11,115,356

EMOJI RECOMMENDATION SYSTEM AND METHOD

Woofy, Inc., New York, N...


1. A system comprising:a memory; and
at least one processor to:
receive text from a client computing device, the text received one character at a time as part of a payload having a particular format by a web application programming interface (API) provided by a predictive linguistics engine, the payload having the text, a fanout level, and a depth value;
as each character of the text is received, determine, by the predictive linguistics engine, a recommendation in real-time to be added to the text having a similarity score above a particular threshold based on at least one of a list of rules, word embedding, an n-gram model, and a co-occurrence model, the recommendation comprising at least one of a word, a list of hashtags, a quotation, and a list of emojis;
determine that the text includes a uniform resource location (URL), parse content available at the URL, and determine the recommendation based on the content available at the URL, the recommendation comprising at least one of the quotation and the list of hashtags; and
send, by the predictive linguistics engine, the recommendation to the client computing device.

US Pat. No. 11,115,355

INFORMATION DISPLAY METHOD, APPARATUS, AND DEVICES

Alibaba Group Holding Lim...


1. A method comprising:receiving, by a first client, language information of a second client sent by the second client in an instant message process between the first client and the second client;
providing an information editing interface for the first client;
receiving a first type of information input by a user in the information editing interface;
determining whether a second type of information corresponding to the first type of information is directly obtainable, the second type of information being translation information of the first type of information corresponding to the language information of the second client;
upon determining that the second type of information is not directly obtainable, preprocessing the first type of information;
obtaining the second type of information corresponding to the preprocessed first type of information;
displaying the second type of information in the information editing interface;
receiving an operation command for the second type of information input by the user via the information editing interface;
modifying the second type of information according to the operation command to obtain a modified second type of information;
receiving a sending command by the first client; and
sending, to the second client via the information editing interface, all the first type of information input and all the second type information including the modified second type of information.

US Pat. No. 11,115,354

TECHNIQUE OF CO-OPERATION BETWEEN A PLURALITY OF CLIENT ENTITIES

Orange, Paris (FR)


1. A method of cooperation between a plurality of client entities communicating with one another by way of at least one instant-communication channel established between the client entities of said plurality, said method comprising the following steps implemented by a first client entity of said plurality:dispatching of an executable application to at least one second client entity of said plurality by way of said at least one instant-communication channel established between the client entities of said plurality for execution of an instant-communication application, said dispatching being performed while said instant-communication application is running and via file sharing within the framework of the instant-communication application;
executing of said application in cooperation with an execution of said application on the second client entity;

in which the cooperation between the application in the course of execution on the first client entity and that in the course of execution on the second client entity is performed by means of messages relating to the application and transmitted while said instant-communication application is running by way of said at least one instant-communication channel established for execution of said instant-communication application,
wherein messages relating to the application in the course of execution and messages relating to the instant-communication application are transmitted on said at-least one instant-communication channel and messages relating to the application are solely destined for the application concerned.

US Pat. No. 11,115,353

CONVERSATIONAL BOT INTERACTION WITH UTTERANCE RANKING

Drift.com, Inc., Boston,...


1. A method for imitating a human conversational response using a set of conversations that have been annotated to identify speech acts, and physical acts, wherein a speech act is a labeled grouping of utterances, comprising:in association with an automated conversational bot executing in a computing system:receiving a data model associated with a multi-turn conversation, the data model comprising an observation history;
upon receipt of a query that includes a sequence of two or more utterances, applying an utterance ranking algorithm that outputs a ranked order of importance of the utterances in the sequence, wherein the utterance ranking algorithm (i) separates the utterances in the sequence into sub-groups of utterances according to utterance type and content score, (ii) within each sub-group, internally ranks the utterances therein according to their content scores to create a list, and (iii) joins the lists according to an ordering that places non-statement and statement-based utterances with higher content scores before non-statement and statement-based utterances with lower content scores;
in response to applying the utterance ranking algorithm, updating the data model to reflect the ranked order; and
using the updated data model to attempt to generate a coherent response to the query for the automated conversational bot;

the automated conversational bot returning the coherent response to the query.

US Pat. No. 11,115,352

METHOD FOR INTERACTION BETWEEN A MOBILE TERMINAL AND A COMMUNICATING AUTOMATON

ORANGE, Issy-les-Mouline...


1. A method for interaction between a mobile terminal and a communicating automatic machine, the communicating automatic machine comprising a conversational agent configured for automatically responding to messages sent by a mobile terminal through an instant messaging interface, the method being performed by the mobile terminal and comprising:obtaining an item of information according to which the communicating automatic machine is in proximity to the mobile terminal,
upon obtaining this item of information, automatically inserting a new entry relating to said communicating automatic machine into an address book of an instant messaging application of the mobile terminal, conditioned by at least one filtering rule configured previously, this new entry allowing the mobile terminal to communicate with the conversational agent of the automatic machine via the instant messaging application, and
sending at least one message suitable for initializing an interaction between the mobile terminal and the communicating automatic machine in response to the entry in the address book inserted being selected.

US Pat. No. 11,115,351

MANAGING EMAIL CONTENT IN AN ACTIVITY STREAM

INTERNATIONAL BUSINESS MA...


1. A method of managing content with an electronic device, comprising:receiving a user selection of a number of criteria to distinguish content from a first channel to be presented in a second channel from content from the first channel to be presented in the first channel, wherein:the first channel is a separate channel from the second channel; and
the first channel is a different type of communication network than the second channel;

retrieving, based on satisfaction of the number of criteria, the content from the first channel to be presented in the second channel;
displaying the content to be presented in the second channel in the second channel by referencing metadata relating to the content, which metadata is passed to the second channel; and
preventing the content to be presented in the second channel from being presented in the first channel, wherein the content remains in the first channel and is not passed to the second channel.

US Pat. No. 11,115,350

METHOD FOR PROCESSING INFORMATION, FORWARDING PLANE DEVICE AND CONTROL PLANE DEVICE

Huawei Technologies Co., ...


17. A method, comprising:receiving, by a gateway forwarding plane device, a data packet;
searching, by the gateway forwarding plane device, for context information corresponding to the data packet;
when there is no context information corresponding to the data packet already stored in the gateway forwarding plane device, buffering, by the gateway forwarding plane device, the data packet in the gateway forwarding plane device;
sending, by the gateway forwarding plane device, the data packet's characteristic information to a gateway control plane device;
receiving, by the gateway forwarding plane device, the context information corresponding to the data packet's characteristic information from the gateway control plane device; and
forwarding, by the gateway forwarding plane device, the buffered data packet according to the context information;
wherein the gateway control plane device and the gateway forwarding plane device are separate and different devices, the gateway control plane device is connected to a first mobility management network element, and the gateway forwarding plane device is connected to a packet data network, and wherein the first mobility management network element operates according to a first radio access technology, and the first mobility management network element is connected to a second mobility management network that operates according to a second radio access technology different than the first radio access technology.

US Pat. No. 11,115,349

METHOD AND APPARATUS FOR ROUTING BETWEEN FIBRE CHANNEL FABRICS

Avago Technologies Intern...


1. A Fibre Channel interfabric device, comprising:a first Fibre Channel port connected to a first Fibre Channel fabric;
a second Fibre Channel port connected to a second Fibre Channel fabric, and
processing circuitry configured to
receive, at the first Fibre Channel port, a packet from a first device via the first Fibre Channel fabric;
transfer the packet from the first Fibre Channel port to the second Fibre Channel port;
transmit, from the second Fibre Channel port, the packet to a second device via the second Fibre Channel fabric; and
perform switching using a first Fibre Channel address local to the first Fibre Channel fabric to represent the second device, and a second Fibre Channel address local to the second Fibre Channel fabric to represent the first device.

US Pat. No. 11,115,348

VIRTUAL RESOURCE ALLOCATION FOR PROCESSING AN EVENT QUEUE

AMAZON TECHNOLOGIES, INC....


1. A computer-implemented method, comprising:detecting a notification event associated with a customer of a multi-tenant resource allocation service;
determining a registered function corresponding to the notification event, the registered function including code to be executed on behalf of the customer;
placing event information for the notification event in an event queue;
allocating a resource instance for executing the registered function to process the notification event, the resource instance obtaining the event information from the event queue;
receiving, from the resource instance, a first processing result for the notification event;
determining that state data for the resource instance is stored in a process data store based on the first processing result;
contacting a resource manager to obtain the state data from the process data store;
placing additional event information in the event queue, wherein the additional event information indicates additional processing of the notification event is required;
performing the additional processing based at least in part on the state data;
receiving a second processing result in response to performing the additional processing; and
providing the second processing result to the customer.

US Pat. No. 11,115,347

DYNAMIC MONITORING AND MIGRATION OF APPLICATIONS

Hewlett Packard Enterpris...


1. A branch gateway, comprising:processing circuitry; and
a memory including instructions that, when executed on the processing circuitry, cause the branch gateway to:determine, based on quality of service (QoS) thresholds of one or more critical applications transceiving data across a first uplink, a first uplink health threshold;
determine, based on first health information of the first uplink, a second uplink health threshold;
calculate migration thresholds for a set of non-critical applications, each migration threshold based on the first uplink health threshold, the second uplink health threshold, and a migration factor for the respective non-critical application;
determine, based on second health information of the first uplink, that a QoS threshold of a critical application is likely to be imminently breached;
select, from the set of non-critical applications, a least critical application, based on the migration threshold of the least critical application; and
migrate the least critical application from the first uplink to a second uplink.


US Pat. No. 11,115,346

SYSTEMS AND METHODS FOR GENERATING NETWORK FLOW INFORMATION

Big Switch Networks LLC, ...


1. A method of using a controller that controls client switches in a monitoring network having network interfaces that are coupled to a packet forwarding network and that receive tapped network packets from the packet forwarding network, the method comprising:at a service node coupled to the monitoring network, receiving a flow record template;
at the service node, after receiving the flow record template, generating a list of instructions based on the received flow record template;
with the controller, identifying a set of the tapped network packets based on which flow records are generated;
with the controller, forwarding packet information in the set of the tapped network packets to the service node; and
at the service node, executing the list of instructions for each tapped network packet in the set of the tapped network packets to generate a corresponding flow record.

US Pat. No. 11,115,345

SYSTEMS AND METHODS FOR PROVIDING SELF-REFERENCING UTILIZATION CALCULATION AND DYNAMIC RESOURCE ALLOCATION BASED THEREON FOR DIGITAL TRANSMISSIONS

Bank of America Corporati...


1. A method for allocating resources for processing and storing digital transmissions, the method comprising:capturing metadata that is associated with a transmission, said metadata comprising:a sender of the transmission;
a size of the transmission; and
a location of a source of the transmission;

mining, using an artificial intelligence (“AI”) machine-learning neural network, a predetermined set of Internet news sources to obtain information that relates to the sender of the transmission;
computing a relevancy score based on the information, wherein the relevancy score relates to an increased or decreased level of digital transmissions from the sender;
calculating, based on the metadata, a cost of the transmission;
embedding the cost as part of the metadata; and
allocating, based on the metadata and the relevancy score, a portion of digital resources for the transmission;

wherein:
the allocating the portion of the digital resources for the transmission reserves an amount of the digital resources for the transmission and prevents overloading of the digital resources.

US Pat. No. 11,115,344

COMPUTERIZED METHODS AND SYSTEMS FOR MIGRATING CLOUD COMPUTER SERVICES

Oracle International Corp...


1. A non-transitory computer-readable medium storing computer-executable instructions that when executed by a processor of a computing device causes the processor to:maintain a first zone of computing resources used to host an instance of a service, wherein the instance executes executable code of an application stack of the service using the computing resources of the first zone;
wherein one or more remote computers are assigned to access the instance of the service and wherein the one or more remote computers submit access requests for the service;
route the access requests for the service to the instance within the first zone;
maintain a second zone of computing resources used to host instances of services;
construct a pre-provisioned instance of the service within the second zone, wherein the pre-provisioned instance comprises a computing environment of computing resources of the second zone and the application stack of the service; and
in response to receiving a request to migrate the instance, reconstruct the instance by:provisioning the pre-provisioned instance as a migrated instance of the service within the second zone, wherein the migrated instance executes the executable code of the application stack using the computing resources of the second zone;
rerouting subsequent access requests for the service within the first zone to the migrated instance within the second zone; and
drain pending access requests being processed by the instance in the first zone by:(i) allowing the instance to complete the pending access requests; and
(ii) after the pending access requests are completed, turn off access to a database comprising client data used by the instance in the first zone.



US Pat. No. 11,115,343

TRANSPORT LAYER PROVIDING DETERMINISTIC TRANSPORT ACROSS MULTIPLE DETERMINISTIC DATA LINKS

CISCO TECHNOLOGY, INC., ...


1. A method comprising:receiving, by a transport layer executed by a processor circuit in an apparatus, an identified flow of application data having been originated by an executable application;
storing, by the transport layer, the identified flow of application data as transport layer packets in a buffer circuit in the apparatus, each transport layer packet having a corresponding transport sequence identifier identifying a corresponding position of the transport layer packet relative to a transmit order of the transport layer packets; and
causing, by the transport layer, a plurality of deterministic network interface circuits to deterministically retrieve the transport layer packets, in the transmit order, from the buffer circuit for deterministic transmission across respective deterministic links according to deterministic constraints required for the identified flow of application data, the transport sequence identifiers enabling a destination transport layer to recover the transmit order of the transport layer following the deterministic transmission across the deterministic links according to the deterministic constraints, regardless of order of reception thereof by the destination transport layer, the deterministic transmission distinct from non-deterministic communications by the apparatus, the deterministic constraints requiring timing synchronization and scheduled transmissions along each hop of the deterministic links from the deterministic network interface circuits to one or more destination deterministic network interface circuits of a destination device executing the destination transport layer.

US Pat. No. 11,115,342

USING BFD PACKETS IN A VIRTUALIZED DEVICE

Hewlett Packard Enterpris...


1. A method comprising:receiving, at a first linked network device, a bidirectional forwarding detection (BFD) packet originating from a first network device, wherein the first linked network device and a second linked network device are part of a link aggregation group running a BFD session;
transmitting, from the first linked network device, a BFD synchronization packet to the second linked network device, wherein the link aggregation group uses an active forwarding mode where data traffic flowing through first linked network device is routed through the second linked network device;
receiving, at the second linked network device, the BFD synchronization packet, wherein a time-to-live (TTL) value of the BFD synchronization packet is lower than a BFD TTL supported by the BFD session;
determining, by the second linked network device, that the BFD synchronization packet is a BFD single-hop packet coming from a VLANs using the active forwarding mode; and
determining, by the second linked network device, not to discard the BFD synchronization packet.

US Pat. No. 11,115,341

LOW LATENCY FLOW CONTROL IN DATA CENTERS

XSIGHT LABS LTD., Kiryat...


1. A system for managing traffic between servers, the system comprises:first tier switches that are coupled to the servers;
second tier switches that are coupled to the first tier switches and to third tier switches; and
controllers;
wherein each first tier switch comprises first queues;
wherein each second tier switch comprises second queues;
wherein the controllers are configured to control a traffic between the first tier switches and the second tier switches attributed to the traffic between the servers, (a) on, at least, a queue granularity; (b) while controlling some first queues to provide buffer extension to some second queues, and (c) while controlling some second queues to provide buffer extension to some first queues;
wherein the first tier switches and the second tier switches are positioned in multiple pods; and
wherein at least one of the controllers is configured to (a) prevent traffic between servers coupled to a same first tier switch from reaching any second tier switch, (b) prevent traffic between servers coupled to different first tier switches of a same pod from reaching any third tier switches, and (c) pass traffic between servers coupled to different pods through one or more third tier switches.

US Pat. No. 11,115,340

GUARANTEED DELIVERY IN RECEIVER SIDE OVERCOMMITTED COMMUNICATION ADAPTERS

INTERNATIONAL BUSINESS MA...


1. A computer-implemented method comprising:receiving an input/output (I/O) request comprising a data stream from a host processor, the I/O request further comprising look ahead information and a look ahead type field for specifying a type of the look ahead information, the type one of quality of service and anticipated buffer count, the receiving at a network adapter of a storage controller that manages storage for the host processor, the storage controller comprising a storage buffer to store data received from the host processor before migrating it to the storage and the storage controller further comprising a data cache and a control unit;
assigning, by the control unit, a sequence tag to the data stream, the sequence tag indicating an order of receiving the data stream at the network adapter;
determining whether the storage buffer has enough free space to store the received data stream;
storing, by the control unit, the received data stream in the storage buffer based at least in part on determining that the storage buffer has enough free space to store the received data stream;
storing, by the control unit, the received data stream in the data cache based at least in part on determining that the storage buffer does not have enough free space to store the received data stream; and
based at least in part on storing the received data stream in the data cache:determining an amount of free space in the storage buffer; and
moving the received data stream from the data cache to the storage buffer based on the amount of free space in the storage buffer being greater than an estimated amount of space required to store the received data stream and the sequence tag indicating that the data stream was received prior to any other data stream currently stored in the data cache.


US Pat. No. 11,115,339

NETWORK CONGESTION CONTROL METHOD, DEVICE, AND SYSTEM

Huawei Technologies Co., ...


1. A network congestion control method, comprising:establishing mapping relationships between 5-tuples of packets and corresponding flow identifiers of the packets;
in response to detecting a network congestion, obtaining a 5-tuple of a packet that causes the network congestion;
obtaining, based on the established mapping relationships and using the 5-tuple of the packet that causes the network congestion, a flow identifier of the packet that causes the network congestion;
generating a congestion control message, wherein the congestion control message carries the 5-tuple of the packet that causes the network congestion and the flow identifier of the packet that causes the network congestion, wherein the 5-tuple of the packet is encapsulated in a payload field of the congestion control message; and
sending the congestion control message to a source node of the packet.

US Pat. No. 11,115,338

INTELLIGENT CONVERSION OF INTERNET DOMAIN NAMES TO VECTOR EMBEDDINGS

Hughes Network Systems, L...


1. A data processing system comprising:a processor; and
a memory in communication with the processor, the memory storing executable instructions that, when executed by the processor, cause the data processing system to perform functions of:receiving data relating to internet traffic over a network;
organizing the data into one or more documents that make up a training dataset, each of the one or more documents including one or more Domain Name Server (DNS) queries;
using the training dataset to generate at least one vector space embedding for one or more domain names; and
providing the at least one vector space embedding as an output,
wherein organizing the data into the one or more documents includes:sorting the one or more DNS queries in at least one of the one or more documents based on a frequency of occurrence of each of the one or more DNS queries, and
removing a predetermined number of the one or more DNS queries having one or more highest frequencies of occurrence from the at least one of the one or more documents, the predetermined number of the one or more DNS queries representing one or more most frequently queried domain names within the one or more documents.