US Pat. No. 10,142,436

ENHANCED MODE CONTROL OF CACHED DATA

Microsoft Technology Lice...

1. A device comprising:a cache storing data that is accessible to a plurality of client devices over a network;
a processor;
a memory having instructions stored thereon that, when executed by the processor, cause the device to:
determine that a broadcast server is in a first state in which the broadcast server is capable of broadcasting;
operate the device in a broadcast mode during which a portion of the data stored in the cache is updated in response to receiving a data update or a notification of the data update from the broadcast server, the data update or the notification of the data update identifying the portion of the data;
determine that the broadcast server has changed from the first state to a second state in which the broadcast server is incapable of broadcasting; and
switch operation of the device from the broadcast mode to a timer mode during which another portion of the data stored in the cache is updated in response to a cache time period elapsing, wherein the device communicates directly with one or more storage devices to fetch new cache data useable to update the other portion of the data stored in the cache while operating in the timer mode.

US Pat. No. 10,142,435

METHOD, DEVICE AND COMPUTER STORAGE MEDIUM FOR IMPLEMENTING INTERFACE CACHE DYNAMIC ALLOCATION

Sanechips Technology Co.,...

1. A method for dynamic interface cache allocation, comprising:equally dividing a cache into multiple cache blocks, each with a size no less than a maximal data-packet size;
setting a multi-input multi-output cross matrix between interfaces and the cache;
setting, in advance or while a system is running, a docking relation of an interface requiring access in application with a cache block available, and then transferring a data packet input by the interface into the cache block; while the system is running, when it is determined that a change in an interface requiring access is required, adjusting, in real time, a docking relation of an interface involved in the change with a cache block corresponding to the interface involved in the change,
wherein the setting, in advance or while a system is running, a docking relation of an interface requiring access in application with a cache block available comprises:
connecting, through the cross matrix, an input of the interface to the cache block,
wherein the when it is determined that a change in an interface requiring access is required, adjusting, in real time, a docking relation of an interface involved in the change with a cache block corresponding to the interface involved in the change comprises:
when a new interface is to be added, detecting a cache block available in the system, and connecting, through the cross matrix, an input of the new interface with the detected cache block available;
when an interface is to be withdrawn during the run, disconnecting, from the interface to be withdrawn, a cache block corresponding to the interface to be withdrawn;
when an interface is to be replaced during the run, first disconnecting, from the to-be-replaced interface, a cache block corresponding to the to-be-replaced interface, and then connecting, through the cross matrix, an input of a replacing interface with the cache block corresponding to the to-be-replaced interface before the replacement,
wherein the method further comprises:
after an input of an interface requiring cache access or a new interface is connected with a cache block available, detecting a starting position of a present data packet being input by the interface; after such a position is detected, making the cache block start receiving the data packet,
wherein the method further comprises:
when the interface requiring cache access is to be withdrawn, detecting an ending position of a present data packet; after such a position is detected, starting disconnecting, from the interface to be withdrawn, the cache block corresponding to the interface to be withdrawn,
wherein the method further comprises:
detecting, in real time, connection between a cache block and an accessing interface, and issuing a warning when it is determined that the cache block and the accessing interface are not in one-on-one connection.

US Pat. No. 10,142,433

CLIENT DEVICE, DATA COMMUNICATION SYSTEM, DATA COMMUNICATION METHOD, AND PROGRAM

Mitsubishi Electric Corpo...

1. A client device comprising:a communication interface configured to communicate with a server; and
a client-device central processing unit (CPU) configured to execute a program stored in a client-device memory to provide:
a compression necessity determiner configured
to determine a necessity of compression of to-be-uploaded data to be uploaded to the server, and
to determine a necessity of compression of to-be-downloaded data to be downloaded from the server in response to a download request when content of the to-be-uploaded data indicates the download request to the server;
a data compressor configured to compress the to-be-uploaded data in a predetermined scheme when the compression necessity determiner determines that the compression of the to-be-uploaded data is necessary;
a data acquirer configured to acquire, from the communication interface, data transmitted from the server;
a decompression necessity determiner configured to determine a necessity of decompression of downloading data when the data transmitted from the server contains the downloading data;
a data decompressor configured to decompress the downloading data in a predetermined scheme when the decompression necessity determiner determines that the decompression of the downloading data is necessary; and
a data sender configured
to send, when the compression necessity determiner determines that the compression of the to-be-uploaded data is unnecessary, to the communication interface data in which a header is added to the to-be-uploaded data,
to send, when the compression necessity determiner determines that the compression of the to-be-uploaded data is necessary, to the communication interface data in which a header is added to the to-be-uploaded data compressed by the data compressor, the header containing information indicating that the to-be-uploaded data is compressed data, and
to store, in the header, information requesting compression of data when the compression necessity determiner determines that the compression of the to-be-downloaded data is necessary,
wherein the compression necessity determiner is configured to determine the necessity of compression of the to-be-downloaded data based on a size of the to-be-downloaded data and a decompression presence-absence time table in which a data size, a total processing time obtained by adding a processing time by the data decompressor to a processing time by the data acquirer when the downloading data is decompressed, and a processing time by the data acquirer when the downloading data is not decompressed are associated with one another.

US Pat. No. 10,142,432

REDIRECTION OF A SESSION INITIATION PROTOCOL INVITE

QUALCOMM Incorporated, S...

1. A method for wireless communication, comprising:receiving, by a multi-subscriber identification module user equipment (multi-SIM UE), a session initiation protocol (SIP) INVITE from a first user equipment (UE) requesting to establish a SIP session on a first network, the SIP INVITE including a first network address of the multi-SIM UE that is associated with a first SIM of the multi-SIM UE;
determining that a redirection criterion is satisfied; and
based at least in part on determining that the redirection criterion is satisfied, transmitting, by the multi-SIM UE in response to the SIP INVITE received from the first UE, a SIP redirection response including a second network address of the multi-SIM UE on a second network that is associated with a second SIM of the multi-SIM UE.

US Pat. No. 10,142,431

REAL-TIME INFORMATION FEED

1. A method in a server for providing a query application in response to service requests received from a client device over a wide area computer network, comprising:receiving from the client device an initial service request for the query application;
in response to the initial service request, sending to the client device one or more sets of instructions configurable in the client device to provide object models executable in a runtime engine of the client device for: (i) receiving input data from a user of the client device, (ii) sending the input data to the server in a further service request for the query application, (iii) receiving from the server a response to the further service request, and (iv) processing the response to the further service request for output to the user, wherein the object model for processing the response to the further service request executes concurrently with any of the object models for receiving input data, for sending the input data and for receiving from the server a response to the further service request; and
receiving one or more further service requests from the client device and sending to the client device responses to the further service requests.

US Pat. No. 10,142,430

PUSH NOTIFICATION DELIVERY SYSTEM WITH FEEDBACK ANALYSIS

Urban Airship, Inc., Por...

1. A system for delivering push notifications comprising:a processor; and
a memory storing instructions executable by the processor, the instructions when executed cause the processor to:
receive a message to be delivered via a specified application, and destination information, wherein the destination information represents one or more target devices associated with a user to which a current push notification including the message should be delivered via the specified application,
obtain, from a data store, a set of user engagement information, wherein the user engagement information comprises information developed from at least one previous user interaction with the specified application at a first device in the one or more target devices associated with the user,
process the obtained set of user engagement information to determine at least one of a push time and a message format for the current push notification to be delivered, and
deliver the current push notification to at least one of the one or more target devices in accordance with the determination.

US Pat. No. 10,142,429

WEB PRESENCE MANAGEMENT SYSTEM

CONDUCTOR, INC., New Yor...

1. A method for generating web presence data of an entity, the method comprising, by a web presence processor:receiving a request to generate the web presence data relating to the entity;
receiving first service data, wherein the first service data relates to a first web asset of the entity, the first web asset is among a first set of web assets indexed by a first marketing channel, and the first marketing channel is configured to produce a first search result;
receiving second service data, wherein the second service data relates to a second web asset of the entity, the second web asset is among a second set of web assets indexed by a second marketing channel, the second marketing channel is different from the first marketing channel, the second set of web assets is different from the first set of web assets, and the second marketing channel is configured to produce a second search result;
generating the web presence data from the first service data and the second service data, wherein at least some of the first service data and the second service data is transformed into at least some of the web presence data, and wherein the web presence data is configured to indicate one or more keywords and respective track status of the one or more keywords;
generating audience data that includes profile data of users of the first and second marketing channels; and
causing an output of the web presence data on a display to display the web presence of the entity across multiple channels.

US Pat. No. 10,142,428

OBSERVATION-BASED USER PROFILING AND PROFILE MATCHING

Invent.ly, LLC, Woodside...

1. A device for recording user behavior, comprising:one or more sensors configured to observe behaviors of a user; and
a communication module configured to communicate to/from an application server, wherein (i) said application server forms a user profile of said user based on said behaviors observed by said sensors, (ii) said user profile is used classify said user into a group with respect to at least one of a plurality of domains, (iii) said classification of said user is based on a plurality of scale factors applied to said observed behaviors, (iv) said scale factors are updated based on evaluating said classification of said user over time and (v) said application server is configured to match said user to one or more other users based on said group.

US Pat. No. 10,142,427

SYSTEMS AND METHODS FOR SERVICE AND SESSION CONTINUITY IN SOFTWARE DEFINED TOPOLOGY MANAGEMENT

HUAWEI TECHNOLOGIES CO., ...

1. A method for migration of a session from a first user plane function (UPF) to a second UPF, the session being associated with a first network path from a User Equipment (UE) to the first UPF via an access node communicative with the UE, the method comprising:selecting, by a session management component, the second UPF for communication with the User Equipment (UE);
sending, by the session management component, a session redirection setup request to the second UPF, the session redirection setup request including information identifying the first UPF;
receiving, by the session management component, a response from the second UPF to the session redirection setup;
sending, by the session management component, instructions for instantiation of a second network path, said path from the UE to the second UPF via the access node; and
sending, by the session management component, instructions to the access node, to migrate the session from the first UPF to the second UPF.

US Pat. No. 10,142,426

SYSTEM AND METHOD FOR IDENTIFYING COMMUNICATION SESSION PARTICIPANTS BASED ON TRAFFIC PATTERNS

VERINT SYSTEMS LTD., Her...

1. A method for identifying communication devices that serve as endpoints in the same communication session and for establishing correlations between the users of the communication devices, the method comprising:monitoring a plurality of traffic flows exchanged over a communication network;
determining respective temporal traffic features for the monitored traffic flows;
identifying communication devices that participate in a same communication session, by finding a match among respective temporal traffic features of the traffic flows exchanged by the communication devices;
wherein determining the temporal traffic features comprises generating a respective compressed-form signature for each of the traffic flows, and wherein finding the match comprises comparing among signatures of at least some of the traffic flows exchanged by the communication devices; and
wherein finding the match comprises matching the temporal traffic features between an inbound traffic flow of a first communication device and an outbound traffic flow of a second communication device.

US Pat. No. 10,142,425

SESSION RELIABILITY FOR A REDIRECTED USB DEVICE

Wyse Technology L.L.C., ...

17. A virtual desktop infrastructure environment comprising:a proxy that is configured to execute on a client; and
an agent that is configured to execute on a server, the proxy and agent interacting to establish a remote session including to redirect a device to the server for use within the remote session;
wherein, when the remote session is disconnected, the proxy and the agent are each configured to enable I/O requests pertaining to the device to be resumed after the remote session is restored by performing the following:
queuing any I/O requests pertaining to the device that are received after the remote session is disconnected;
waiting for a specified amount of time after the remote session is disconnected; and
when the remote session is restored prior to the specified amount of time elapsing, sending the queued I/O requests over the restored remote session.

US Pat. No. 10,142,424

TWO-LEVEL CLOUD SYSTEM MIGRATION

Empire Technology Develop...

1. A method performed by a system that includes a processor, the method comprising:facilitating establishing a first communication link between the system and a source device, wherein the source device comprises a plurality of data sets;
receiving, via the first communication link, at least a data set of the plurality of data sets, from the source device, by intercepting communications between a communication device and the source device;
storing at least the data set to a data store;
while receiving by the system the at least the data set, facilitating establishing a second communication link between the system and one or more communication devices for replacement of a direct communication link between the source device and the one or more communication devices,
wherein establishing the second communication link, while receiving by the system the at least the data set, facilitates continued access to the data set or another data set, by the one or more communication devices, via the second communication link;
receiving, via the second communication link, a request for the data set or the other data set of the plurality of data sets, wherein the request is received from a communication device of the one or more communication devices; and
processing the request received from the communication device of the one or more communication devices, wherein the processing the request comprises:
determining that the other data set is absent in the data store of the system;
receiving, based on the determination, the other data set from the source device via the first communication link by using an identifier of the communication device to communicate with the source device, wherein the usage of the identifier of the communication device facilitates the source device to determine that the request is received from the communication device; and
transferring, via the second communication link, at least a portion of the other data set to the communication device in response to the request, wherein the transferring is performed by the system using the identifier of the source device;
wherein the processing the request comprises initiating replication of a network service that is transparent to the communication device.

US Pat. No. 10,142,423

ACTIVE COMMUNICATION SESSION HANDOVER BETWEEN DIRECT AND RELAYED CONNECTIONS

Apple Inc., Cupertino, C...

1. A method for managing connections for an active communication session by a secondary wireless device, the method comprising:by the secondary wireless device:
engaging in a communication session with a remote device via a non-cellular wireless network, wherein the communication session directly terminates on the secondary wireless device;
determining performance of the non-cellular wireless network;
when the performance of the non-cellular wireless network does not satisfy a performance criterion and a primary wireless device is in proximity to the secondary wireless device:
providing an indication to the primary wireless device to cause the primary wireless device to transfer the communication session to terminate on the primary wireless device, wherein packets for the communication session are relayed via the primary wireless device to and from the secondary wireless device; and
blocking direct termination of communication sessions via the non-cellular wireless network at the secondary wireless device for at least a designated period of time by at least deregistering from an Internet Protocol Multimedia Subsystem (IMS) core network element;
after expiration of a timer associated with the designated period of time, re-evaluating performance of connections via the non-cellular wireless network; and
when the performance of the connections via the non-cellular wireless network satisfy the performance criterion after the expiration of the timer, allowing direct termination of communication sessions via the non-cellular wireless network at the secondary wireless device by at least re-registering with the IMS core network element.

US Pat. No. 10,142,422

CLUSTERING WEBSOCKET COMMUNICATIONS WITH CONFIGURABLE MASTER-SLAVE SERVERS

SAP SE, Walldorf (DE)

1. A computer-implemented method comprising:providing a document service storing server cluster information including a first cluster;
a first server receiving a first input specifying the first cluster;
in response to the first input, the first server referencing the document service to create a first master websocket handler and provide a first server address in the server cluster information;
a second server receiving a second input specifying the first cluster;
in response to the second input, referencing the document service to create a first slave websocket handler storing the first server address; and
causing the first slave websocket handler to establish a first websocket channel with the first master websocket handler using the first server address.

US Pat. No. 10,142,421

METHODS, SYSTEMS, AND RELATED ARCHITECTURES FOR MANAGING NETWORK CONNECTED DEVICES

Google LLC, Mountain Vie...

2. A device management system that manages a plurality of electronic devices over a network, comprising:a registration server configured to execute on one or more computers that receives metadata associated with an electronic device over a public network portion of the network and provisions an entry in a device registration pool referenced by the metadata that includes a device identifier and a public network address associated with the electronic device awaiting to be paired with a management account, wherein the device identifier identifies the electronic device and a public network address used by the electronic device to communicate over the public network portion of the network to the device management system;
an update server configured to execute on the one or more computers that attempts to update software of each of the electronic devices registered with the registration server if newer versions of the software exist than is currently running on each of the electronic devices corresponding to each entry in the device registration pool;
a pairing server configured to execute on the one or more computers that facilitates associating the electronic device with a management account and authorizes communication with the electronic device using the management account;
a front end user-interface server configured to execute on the one or more computers that facilitates generation of a user-interface for accessing one or more electronic devices from a computer device accessing the management account on the device management system; and
a backend server configured to execute on the one or more computers that manages access to data related to electronic devices registered with the device management system and organizes information received over the network related to conditions that are controlled or monitored by the registered electronic devices.

US Pat. No. 10,142,420

ON-BOARD WEB SERVER TELEMATICS SYSTEMS AND METHODS

Ford Global Technologies,...

1. A method comprising:receiving a request, including a vehicle identifier, for a network address of a web server of a vehicle;
accessing a database to retrieve a telephone number of the vehicle associated with the vehicle identifier;
sending a wake-up message, to the telephone number, requesting wake-up of the web server;
receiving a wake-up response from the vehicle including the network address of the web server; and
returning the network address responsive to the request.

US Pat. No. 10,142,419

ERASURE CORRECTING CODING USING DATA SUBSETS AND PARTIAL PARITY SYMBOLS

SANDISK TECHNOLOGIES LLC,...

1. A method comprising:receiving data that includes a set of data symbols;
determining multiple proper subsets of the set of data symbols, the multiple proper subsets including a first proper subset of the set of data symbols and a second proper subset of the set of data symbols, wherein the first proper subset includes a third proper subset of the first proper subset and a fourth proper subset of the first proper subset; and
generating a set of parity symbols based on the set of data symbols using an erasure correcting code, wherein the set of parity symbols includes a first parity symbol that is generated based on the first proper subset and further includes a second parity symbol that is generated based on the third proper subset,
wherein the first parity symbol enables recovery of a first data symbol of the first proper subset independently of the second proper subset, and
wherein the second parity symbol enables recovery of a second data symbol of the third proper subset independently of the fourth proper subset.

US Pat. No. 10,142,418

STORAGE MANAGEMENT DEVICE, STORAGE MANAGEMENT METHOD, AND COMPUTER-READABLE RECORDING MEDIUM

FUJITSU LIMITED, Kawasak...

1. A storage management device comprising:a memory; and
a controller that acquires load information on a storage area group that includes a plurality of storage areas, and stores the load information in the memory,
calculates an entire bandwidth of the storage area group based on the acquired load information on the storage area group,
holds coefficients indicating rates of proportional distribution in an equation for calculating each individual bandwidth allocated to each of the plurality of storage areas at each process of the calculating,
acquires coefficients corresponding to a notified process upon receiving a notification of an executed process using the each of the plurality of storage areas,
calculates each individual bandwidth using acquired coefficients by performing a proportional distribution method and an equal distribution method, and
allocates each of the individual bandwidths to each of the storage areas.

US Pat. No. 10,142,417

SYSTEM AND METHOD FOR MANAGING HETEROGENEOUS DATA FOR CLOUD COMPUTING APPLICATIONS

Nimbix, Inc., Anna, TX (...

1. A method, implemented in a computer system, comprising:identifying, by a processor of the computer system, data to be used by an application to be executed by one or more compute nodes of a plurality of compute nodes, wherein
the computer system is configured to be coupled to the plurality of compute nodes,
the data comprises a first subset of data,
the first subset of data is stored in a first storage element of a remote computer system,
the first subset of data is stored in a first form,
the remote computer system is remote from the computer system by virtue of the computer system being further configured to be coupled to the remote computer system by a network, and
the plurality of compute nodes does not comprise the remote computer system;
generating, by the processor, a workflow at the computer system, wherein
the workflow is configured to configure each of the one or more compute nodes to communicate with the remote computer system via the network, and
the workflow is configured to cause the one or more compute nodes to
determine whether the first form is compatible with the application,
in response to a determination that the first form is compatible with the application,
mount the first subset of data on at least one of the plurality of compute nodes, such that the first subset of data is accessible by the application via the network, without retrieval of the first subset of data from the first storage element, and
update the first subset of data by executing the application on the first subset of data, and
in response to a determination that the first form is not compatible with the application,
retrieve the first subset of data from the first storage element, via the network,
store the first subset of data in temporary storage at one or more of the compute nodes, as a stored first subset of data,
process the stored first subset of data to generate a processed first subset of data, wherein
 the processed first subset of data is generated by converting the stored first subset of data from the first form into a second form, and
 the second form is compatible with the application,
produce a result by executing the application, using the processed first subset of data, and
update the first subset of data, using the result; and
transmitting the workflow to the one or more compute nodes, wherein
the transmitting causes the one or more compute nodes to execute the application using at least a corresponding portion of the processed first subset of data.

US Pat. No. 10,142,416

METHODS FOR FACILITATING PLANNED DATA CONTAINER TRANSITIONS AND DEVICES THEREOF

NETAPP, INC., Sunnyvale,...

1. A method, comprising:mirroring, by a source computing device, dirty data to a destination computing device, the dirty data corresponding to storage operations not yet committed to one or more storage devices of an aggregate to be transitioned;
releasing, by the source computing device, ownership of the storage devices subsequent to mirroring the dirty data to the destination computing device; and
performing, by the source computing device, teardown processing for the aggregate subsequent to releasing ownership of the storage devices.

US Pat. No. 10,142,415

DATA MIGRATION

Hewlett Packard Enterpris...

1. A process for migrating data, comprising:analyzing data to be migrated from a first device, to identify data blocks containing content that is the same at an abstraction layer in the data;
constructing a content map having a plurality of entries respectively corresponding to a plurality of unique contents found at the abstraction layer, wherein each of the entries includes a list of one or more addresses at which the unique content corresponding to the entry can be found in the first device;
sending the unique contents from the first device to a second device;
writing the unique contents in the second device at addresses selected based on the content map and using the abstraction layer in the second device;
monitoring changes in the data that occur while analyzing the data, constructing the content map, sending the unique contents, and writing the unique content;
constructing a change map identifying the changes; and
correcting the contents in the second device to reflect the changes,
wherein correcting the contents comprises:
(a.) reading the change map from a monitor that constructs the change map;
(b.) resetting the monitor to begin monitoring of further changes to the data and begin constructing of a new change map;
(c.) in response to the change map most recently read from the monitor being empty, ending the migration process; and
(d.) in response to the change map most recently read from the monitor not being empty, correcting the data in the second device to reflect the changes in the change map most recently read from the monitor.

US Pat. No. 10,142,414

METHOD AND DEVICE FOR SHARING PICTURE

Xiaomi Inc., Beijing (CN...

1. A method for sharing a picture on a cloud server, comprising:identifying, by a cloud server comprising a memory and a processor in communication with the memory, a face feature in each picture in a cloud album in the cloud server;
performing, by the cloud server, a face cluster on the identified face feature in the each picture in the cloud album to obtain at least one face album, each of the at least one face album comprising pictures having a same face feature;
creating, by the cloud server, a shared album based on the at least one face album;
determining, by the cloud server, whether a picture to be synchronized to the shared album is present in a first terminal;
when it is determined that the picture to be synchronized to the shared album is present in the first terminal, determining, by the cloud server, whether a face feature in the picture corresponds to a predefined face feature in a first list, the first list being locally stored in the first terminal and including one or more predefined face features relating to people associated with the shared album; and
when it is determined that the face feature in the picture corresponds to the predefined face feature in the first list, storing, by the cloud server, the picture in the shared album.

US Pat. No. 10,142,413

INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND COMMUNICATION CONTROL METHOD

Ricoh Company, Ltd., Tok...

10. A method of controlling communication in an information processing system, the method comprising:receiving, by an information processing apparatus, first data from an apparatus in the information processing system;
displaying, by a user interface of the information processing apparatus, a screen image;
receiving, by the user interface, second data that is stroke data input upon the screen image by a user of the user interface;
determining, by processing circuitry of the information processing apparatus, a transfer priority according to a data type of the first data and the second data and a source of the first data and the second data, wherein the processing circuitry grants the second data received via the user interface a higher priority than the first data received via the data receiver;
transferring the screen image to one or more apparatuses, including the apparatus from which the first data is received;
transferring the first data, and the second data to the one or more apparatuses in accordance with the transfer priority of the first data and the second data;
determining, after expiration of a predetermined data transfer period, whether data to be transferred during the predetermined data transfer period was not transferred during the predetermined data transfer period;
modifying, the processing circuitry when the data was not transferred during the predetermined data transfer period, the transfer priority of the data to be a higher priority than that of other data to be transferred to next; and
transferring the data having the modified transfer priority preferentially to the one or more apparatuses.

US Pat. No. 10,142,412

MULTI-THREAD PROCESSING OF SEARCH RESPONSES

Splunk Inc., San Francis...

1. A method, comprising:transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system;
receiving a plurality of data packets from the plurality of search peers;
parsing, by a first processing thread of the computer system, one or more data packets of the plurality of data packets, to produce a partial response to the search request; and
processing, by a second processing thread of the computer system, the partial response to produce a memory data structure representing an aggregated response to the search request.

US Pat. No. 10,142,411

DYNAMIC SWARM SEGMENTATION

Microsoft Technology Lice...

1. A system configured to identify peers for a plurality of clients to facilitate obtaining updates for the plurality of clients, the system comprising:one or more processors;
one or more computer-readable media coupled to the one or more processors;
wherein the one or more processors and one or more computer-readable media are configured to implement a peer determination service, wherein the peer determination service is configured to:
identify a dataset associated with the plurality of clients, the dataset comprising a plurality of byte ranges;
identify, for each given client of the plurality of clients, one or more byte ranges of the plurality of byte ranges of the dataset that each given client has already obtained;
identify, for each given client of the plurality of clients, one or more byte ranges of the plurality of byte ranges of the data set that each given client needs to obtain; and
based on the identification of byte ranges, organize the plurality of clients into a plurality of groups, each group both including one or more clients and corresponding to a different node of a hierarchical graph, each given node being associated with one or more byte ranges of the plurality of byte ranges of the dataset, such that each client of a group corresponding to the given node has already obtained or needs to obtain at least one byte range of the one or more byte ranges associated with the given node, at least one client of each group being configured to act as a peer to other clients of the group, the hierarchical graph comprising a plurality of nodes that range from one or more nodes having a smallest number of byte ranges to one or more nodes having a largest number of byte ranges, such that the hierarchical graph can be traversed from the one or more nodes having the smallest number of byte ranges to the one or more nodes having the largest number of byte ranges.

US Pat. No. 10,142,410

MULTI-MODE REMOTE COLLABORATION

Raytheon Company, Waltha...

1. A method for providing information for a collaboration between a remote communication device and a device connected to an internal network, the method comprising:determining a location of the remote communication device by at least one of a global positioning system (GPS), low frequency (LF) atomic time radio, earth magnetic signature, internet protocol (IP) address, and cell phone tower triangulation;
identifying regulations regarding communication from the internal network to the remote device based on the determined location and a location of the internal network;
identifying a bandwidth of a remote network, different from the internal network, to which the remote communication device is connected, the remote network communicatively accessible by the internal network;
estimating a battery life of the remote device and an amount of time the remote device can communicate with the device of the internal network using each of voice over internet protocol (VOIP) communication, hypertext transfer protocol (HTTP) communication, text communication, voice communication, video communication, and augmented reality communication;
selecting, based on the estimated battery life and the amount of time the remote device can communicate, a communication protocol including one of VOIP communication, HTTP communication, text communication, voice communication, video communication, and augmented reality communication;
configuring the remote device to transmit and receive communications in a manner compliant with the identified regulations and the selected communication protocol; and
transmitting VOIP communications, HTTP communications, text communications, voice communications, video communications, or augmented reality communications to the remote device based on the selected communication protocol, the estimated battery life and the identified bandwidth.

US Pat. No. 10,142,409

SYSTEM AND METHOD FOR IMPLEMENTING PNRP LOCALITY

Microsoft Technology Lice...

1. A method, comprising:determining, by one or more processors of a computing system, one or more network latencies between a host node and one or more peer nodes, wherein determining the one or more network latencies comprises probing at least one publisher of an address of a peer node and storing probe results in a cache; and
determining, by the one or more processors, a set of network coordinates of the host node in a coordinate space at least partly based on the one or more network latencies, the determining including:
determining whether the cache comprises probe results indicating one or more network latencies for at least d+1 peer nodes of the one or more peer nodes, d being an integer representing a dimensionality of the coordinate space; and
based at least partly on a first determination that the cache does not comprise the probe results indicating the one or more network latencies for the at least d+1 peer nodes, estimating the set of network coordinates of the host node; or
based at least partly on a second determination that the cache does comprise the probe results indicating the one or more network latencies for the at least d+1 peer nodes, calculating the set of network coordinates of the host node using d+1 network latencies.

US Pat. No. 10,142,408

HARDWARE LOADING ADJUSTING METHOD AND RELATED ELECTRONIC DEVICE

Winstron Corporation, Ne...

1. A hardware loading adjusting method, comprising:performing a first thread for receiving and decompressing the compressed data, to generate and to store decompressed data to a first storage module by a first speed;
performing a second thread for storing the decompressed data to a second storage module by a second speed; and
adjusting a ratio between the size of the compressed data and the decompressed data stored in the first storage module and the size of the first storage module according to the relationship between the first speed and the second speed.

US Pat. No. 10,142,406

AUTOMATED DATA CENTER SELECTION

Amazon Technologies, Inc....

1. A method for selecting a data center of a Program Execution Service (PES) platform, the method comprising:under control of a PES platform that includes a number of data centers, at least some of the number of data centers capable of providing a user with access to one or more computing resources hosted by said at least some of the number of data centers, at least some of the computing resources including compute nodes comprising virtual desktops that enable the user to access a plurality of services provided by the PES platform:
receiving a request at the PES platform to obtain access to a computing resource from a computing device of the user;
determining, from the number of data centers, a set of data centers that include the computing resource;
identifying a plurality of data centers from the set of data centers based, at least in part, on a latency factor of each of the plurality of data centers;
selecting a data center from the plurality of data centers using a tie breaking factor, the tie breaking factor based at least in part on a utilization rate for the data centers of the plurality of data centers;
accessing access rules associated with an entity, the access rules specifying rules for distributing computing resource access of different users of a group of users at the entity among different instances of the computing resource, the group of users one of multiple groups of users, and the group of users including the user, wherein the access rules specify for a first group of users from the multiple groups of users: 1) an amount of users permitted to access a first instance of the computing resource; 2) that no more than a first amount of users from the first group of users share physical computing resources; and 3) that users exceeding the first amount of users from the first group of users be assigned to a second instance of the computing resource, wherein each group of users is associated with a different role at the entity thereby reducing a number of users associated with a particular role that lose access to the computing resource when access to the first instance of the computing resource is lost, and wherein at least one user from a second group of users from the multiple groups of users is permitted to access the first instance of the computing resource;
determining whether granting the user of the computing device access to the computing resource at the data center will violate the access rules;
in response to determining that the access rules will be violated, selecting an alternative data center from the plurality of data centers, and
in response to determining that the access rules will not be violated by granting the user of the computing device access to the computing resource at the data center, granting the user of the computing device access to the computing resource at the data center.

US Pat. No. 10,142,405

MULTI-CDN DIGITAL CONTENT STREAMING

NETFLIX, INC., Los Gatos...

1. A method, comprising:determining a level of network performance associated with each parallel network connection included in a plurality of parallel network connections;
determining that a total throughput for transferring a digital content stream via the plurality of parallel network connections is less than a minimum threshold of network performance;
in response to determining that the total throughput is less than the minimum threshold, selecting a content server with which to establish a new parallel network connection based on historical network performance data associated with the content server, wherein the new parallel connection is added to the plurality of parallel network connections;
determining that the level of network performance associated with a first parallel network connection included in the plurality of parallel network connections is below a threshold level of performance;
in response to determining that the level of network performance associated with the first parallel network connection is below the threshold level of performance, dropping the first parallel network connection; and
continuing to transfer the digital content stream via one or more remaining parallel network connections included in the plurality of parallel network connections.

US Pat. No. 10,142,404

INTER-PLATFORM MANAGEMENT OF COMPUTING RESOURCES

International Business Ma...

1. A computer-implemented method comprising:identifying a requesting virtual server residing on a primary computing platform, the requesting virtual server associated with a requesting client;
identifying a donating virtual server residing on the primary computing platform, the donating virtual server associated with a donating client;
identifying an external virtual server residing on a secondary computing platform outside the primary computing platform, the external virtual server associated with the requesting client;
determining a first resource exchange between the requesting virtual server and the donating virtual server, the first resource exchange including a total donation amount from the donating virtual server to the requesting virtual server; and
determining a second resource exchange between the external virtual server and a second virtual server residing on the secondary computing platform, the second virtual server associated with the donating client, the second resource exchange including a total adjustment amount from the external virtual server to the second virtual server;
wherein:
upon execution of the first resource exchange and the second resource exchange, the total donation amount is equal to the total adjustment amount.

US Pat. No. 10,142,403

METHOD AND APPARATUS FOR FACILITATING PARALLEL DISTRIBUTED COMPUTING

1. A computer-implemented method for facilitating parallel distributed computing, comprising:receiving at a receiving node from a requesting node an operator o1 and unevaluated expressions e1, e2, . . . , ek,
wherein k>0, and
wherein the requesting node is desiring a response to the request comprising an evaluated expression which corresponds to the result of applying the operator o1 to the unevaluated expressions e1, e2, . . . , ek;
sending to a node a1 unevaluated expression e1, sending to a node a2 unevaluated expression e2, . . . , and sending to a node ak unevaluated expression ek;
receiving at the receiving node from node a1 evaluated expression p1 in response to sending node a1 unevaluated expression e1, receiving from node a2 a evaluated expression p2 in response to sending node a2 unevaluated expression e2, . . . , and receiving from node ak evaluated expression pk in response to sending nodeak unevaluated expression uk;determining an operator o2 and unevaluated expressions c1, c2, . . . , cn based on the operator o1 and evaluated expressions p1, p2, . . . , pk, wherein n>2;
sending to a node f1 unevaluated expression c1, sending to a node f2 unevaluated expression c2, . . . , and sending to a node fn unevaluated expression cn;
receiving at the receiving node from node f1 evaluated expression g1 in response to sending node f1 unevaluated expression c1, receiving from node f2 a evaluated expression g2 in response to sending node f2 unevaluated expression c2, . . . , and receiving from node fn evaluated expression gn in response to sending node fn unevaluated expression cn;
determining an evaluated expression r based on the operator o2 and evaluated expressions g1, g2, and . . . gn; and
sending to the requesting node evaluated expression r, thus producing a result that indicates a response to receiving from the requesting node an operator o1 and expressions e1, e2, . . . , ek.

US Pat. No. 10,142,402

METHODS AND APPARATUSES FOR SENDING PROMPT MESSAGE TO CLOSE A MOVABLE ARTICLE

Xiaomi Inc., Beijing (CN...

8. An apparatus for sending a prompt message, comprising:a processor;
a memory configured to store an instruction executable by the processor;
wherein the processor is configured to:
receive a status of a movable article corresponding to a sensor;
obtain a working status of an air cleaner bound with the sensor when the movable article corresponding to the sensor is in an open status;
detect whether the working status of the air cleaner is an on status; and
send the prompt message to a user in a predetermined manner when it is detected that the working status of the air cleaner is the on status, wherein the prompt message is configured to indicate the user to close the at least one of the movable article in a room containing the air cleaner or to turn off the air cleaner.

US Pat. No. 10,142,400

CONTEXT-SENSITIVE INFORMATION RETRIEVAL

1. A system comprising:a processor; and
a memory, wherein the memory contains instructions that, when executed by the processor, cause the processor to:
receive from a first entity, over a wide area network, feature information for a feature of an application;
store the feature information in a first field of a first file;
receive from a second entity different from the first entity, over the wide area network, an address to a help topic associated with the feature information;
store the address in association with the feature information, in a second field of the first file;
receive a request from an application over a data communication network, wherein the request is transmitted in response to a command by a user in a contact center to receive help related to the feature of the application;
receive context information associated with the request, wherein the context information includes information gathered by the application in response to user interaction with the application, the context information including information on the user accessing the application and an identification of the feature, the context information further including user profile information, the user profile information including a language preference of the user;
select information to be output based on the received context information, wherein the instructions that cause the processor to select information to be output include instructions that cause the processor to:
retrieve over the wide area network the first file storing the address associated with the feature identified in the received context information;
invoke the address in the first file stored in association with the feature identified in the received context information, and retrieve, over the wide area network, help content identified by the address, the help content being stored in a second file different from the first file;
identify, based on the received context information, information specific to the user accessing the application;
customize the retrieved help content based on the identified information specific to the user; and
transmit to the application, as the selected information, the customized help content.

US Pat. No. 10,142,399

MINIMAL DOWNLOAD AND SIMULATED PAGE NAVIGATION FEATURES

MICROSOFT TECHNOLOGY LICE...

1. A server computer comprising:at least one processor device; and
a memory, operatively connected to the at least one processor, storing instructions, which when executed, cause the at least one processor device to:
receive an electronic page request from a user computer, the received electronic page request comprising a request to navigate from a previously rendered electronic page to a target electronic page;
determine whether to implement a normal page navigation operation or a minimal download operation, wherein the minimal download operation operates to provide a difference package associated with the previously rendered electronic page and the target electronic page;
provide, to the user computer in response to determining to implement the minimal download operation, a layer of indirection for page scripts and page objects of the previously rendered electronic page, wherein the layer of indirection provides controlled disconnect of events associated with the page scripts and the page objects of the previously rendered electronic page;
generate the difference package with information associated with differences between the previously rendered electronic page and the target electronic page, wherein the information comprises a representation of rendered contents to be updated on the previously rendered electronic page, the representation comprising an array of input fields associated with the previously rendered electronic page and the target electronic page; and
provide the difference package to the user computer, wherein the difference package enables the user computer to initiate page load events and execute the page scripts using the layer of indirection, thereby simulating the page load for the target electronic page.

US Pat. No. 10,142,398

METHOD AND SYSTEM FOR FILE TRANSFER OVER A MESSAGING INFRASTRUCTURE

International Business Ma...

1. A system for file transfer over a messaging infrastructure, comprising:a source for sending a file, including:
means for dividing the file into multiple portions including a first portion and at least one subsequent portion;
means for creating a message including a multiplicity of headers and payloads with an individual one of the headers and an individual one of the payloads for each of the multiple portions of the file, each of the payloads including a corresponding one of the multiple portions and being associated with a corresponding one of the message headers, wherein the one of the headers of a message for the first portion includes a hash for the first portion included in the message for the first portion, and the one of the headers of a message for any subsequent portion includes two different hashes:
a first hash summarizing a first state of the file up to, but not including, a current one of the portions included in the message for the subsequent portion, the first state indicating a state of the file that is required in order to add the current one of the portions to the file when recreating the file at a target computing device;
a second hash summarizing a second state of the file up to and including a current one of the portions included in the message for the subsequent portion, the second state indicating a state of a recreated file after having added the current portion to the file at the target computing device; and
means for sending each created message to the target computing device by way of a message queue,
wherein each of the payloads is filled from an end of free space available in the message so that space allocated for each of the headers is able to grow at a head of the message, while file data grows from a tail of the message allowing a single fixed size buffer to be used without moving data within the message as file portions are added.

US Pat. No. 10,142,397

NETWORK FILE TRANSFER INCLUDING FILE OBFUSCATION

International Business Ma...

1. A method, said method comprising:selecting, by a server computer, a re-ordering scheme from one or more re-ordering schemes for re-ordering chunks of an original file, wherein N denotes the total number of chunks in the original file, and wherein N is at least 2;
dividing, by the server computer, the file into the chunks;
after said dividing the file into the chunks, re-ordering, by the server computer, the chunks according to the selected re-ordering scheme to form an obfuscated file comprising the re-ordered chunks, wherein the selected re-ordering scheme specifies for each chunk in the original file a position of said each chunk in the obfuscated file, and wherein said re-ordering comprises performing N iterations such that in iteration I the position of chunk I in the obfuscated file is determined to be the position of chunk I specified in the selected re-ordering scheme, for I=1, 2, . . . N; and
sending, by the server computer to a client computer, the obfuscated file, using Hypertext Transfer Protocol (HTTP) Chunked Transfer Encoding, along with a scheme access reference consisting of a decoding key that points to the selected re-ordering scheme and enables the client computer to access and decode the selected re-ordering scheme,
wherein the method does not use a conventional encrypted file transfer in which a file to be sent unencrypted uses an encrypted secure transport, and
wherein the method does not use a conventional encrypted file transfer in which a file to be sent encrypted is encrypted before being sent and is decrypted after being sent.

US Pat. No. 10,142,396

COMPUTERIZED SYSTEM AND METHOD FOR DETERMINING AND COMMUNICATING MEDIA CONTENT TO A USER BASED ON A PHYSICAL LOCATION OF THE USER

OATH INC., New York, NY ...

1. A method comprising:receiving, at a computing device over a network, a request for a media file from a device of a user, said request comprising global positioning (GPS) data associated with the device at the time the request is communicated from the device to the computing device;
determining, via the computing device, a geographic location associated with the device of the user, said determination comprising parsing, via the computing device, the received request, identifying, based on said parsing, the GPS data included in the received request, and determining the geographic location referenced by the GPS data;
accessing, via the computing device, a collection of media files associated with a media platform;
parsing, via the computing device, each media file included in said collection, and based on said parsing, identifying metadata associated with each media file;
analyzing, via the computing device, the identified metadata of each media file using the determined geographical location as a query, and based on said analysis, identifying a first media file from the collection that is associated with said geographic location;
analyzing, via the computing device, the first media file, and based on said analysis, identifying a first user that uploaded the first media file to the media file platform, said first user being different than said user from which the request was received;
searching, via the computing device, the collection using an identity of the first user as a query, and based on said searching, identifying a set of media files within the collection that are associated with the first user;
determining, via the computing device, a number of media files the first user has uploaded to said media platform over a predetermined period of time, each media file associated with the geographic location;
comparing, via the computing device, said determined number to an activity threshold;
determining, via the computing device, a difference between a first timestamp of an initially uploaded media file by the first user and a most recently uploaded media file;
comparing, via the computing device, said determined difference to a time threshold;
determining, via the computing device, a classification of the first user, said classification determination comprising:
classifying the first user as a local when the activity threshold and the time threshold are both satisfied; and
classifying the first user as a tourist respective to the geographic location when only one of the activity threshold and time threshold are satisfied;
further analyzing, via the computing device, each media file in said set of media files of the first user, and determining, based on said analysis, visual content information and social metric information for each media file in the set;
determining, via the computing device, a score for each media file in the set based on the determined visual content information and social metric information of the respective media file;
ranking, via the computing device, each media file in the set based on the determined score, wherein the media files in the set with higher scores are ranked higher than those with lower scores;
determining, via the computing device, a subset of media files to be communicated to the user based on said classification of the first user; and
automatically communicating, via the computing device, said subset of the ranked media files of the first user to the user device in response to said request.

US Pat. No. 10,142,395

ACCESSING HARDWARE DEVICES USING WEB SERVER ABSTRACTIONS

Microsoft Technology Lice...

1. A method for accessing remote hardware devices, the method comprising:receiving by a web browser, configured to accept application programming interface (API) calls from a requesting application for initiating hardware device access, a Hypertext Transfer Protocol (HTTP) request via the API;
transmitting by the web browser the HTTP request to a remote hardware device server configured to provide access to a remote hardware device, the HTTP request including a request for establishing an authenticated session with the remote hardware device, the remote hardware device server being local to the remote hardware device;
upon establishment of the authenticated session, in response to a first API call from the requesting application for an action to be taken with respect to the remote hardware device, the web browser transmitting an HTTP request, including commands corresponding to the action to be taken with respect to the remote hardware device, to the remote hardware device server; and
receiving by the web browser a second API call from the requesting application for enabling the requesting application to receive at least one event notification related to the remote hardware device from the remote hardware device server.

US Pat. No. 10,142,394

GENERATING RISK PROFILE USING DATA OF HOME MONITORING AND SECURITY SYSTEM

iControl Networks, Inc., ...

1. A system comprising:a premises management device located at a premises;
a touchscreen device located at the premises, wherein the touchscreen device is in communication with the premises management device, wherein the touchscreen device is configured to output a plurality of user interfaces, and wherein the plurality of user interfaces enable control of functions of the premises management device and access to data associated with the premises management device; and
a premises management server in communication with one or more of the premises management device and the touchscreen device, wherein the premises management server is located external to the premises, wherein the premises management server comprises a client interface through which remote client devices exchange data with one or more of the premises management device and the touchscreen device, wherein the premises management server is configured to:
receive behavioral data associated with one or more of the premises management device and the touchscreen device,
generate, based on the behavioral data, a risk score, and
cause output of the risk score.

US Pat. No. 10,142,393

COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND STORAGE MEDIUM

Canon Kabushiki Kaisha, ...

1. A communication apparatus comprising:an acquisition unit configured to acquire information regarding a number of Hypertext Transfer Protocol (HTTP) requests to be transmitted consecutively to another communication apparatus for communication with the another communication apparatus; and
a determination unit configured to determine a communication protocol,
wherein, in a case where the number of HTTP requests to be transmitted consecutively to the another communication apparatus is less than a threshold value, the determination unit is configured to determine a first communication protocol as a communication protocol to be used for communication with the another communication apparatus,
wherein, in a case where the number of HTTP requests to be transmitted consecutively to the another communication apparatus is not less than the threshold value, the determination unit is configured to determine a second communication protocol as a communication protocol to be used for communication with the another communication apparatus, and
wherein consecutive transmission of a plurality of HTTP requests based on a single transmission control protocol (TCP) connection is allowed in the second communication protocol.

US Pat. No. 10,142,392

METHODS AND SYSTEMS FOR IMPROVED SYSTEM PERFORMANCE

iControl Networks, Inc., ...

1. A method comprising:polling, by a client device and via an unreliable protocol, a status server to determine availability of data associated with the client device;
after polling the status server, receiving, via the unreliable protocol, a notification from the status server indicating that there is available data available to the client device;
after receiving the notification, sending, by the client device, to a system server, and via a reliable protocol, a request for the available data; and
receiving, from the system server and via the reliable protocol, the available data.

US Pat. No. 10,142,391

SYSTEMS AND METHODS OF DIAGNOSING DOWN-LAYER PERFORMANCE PROBLEMS VIA MULTI-STREAM PERFORMANCE PATTERNIZATION

Quest Software Inc., Ali...

1. A method of diagnosing transient down-layer performance problems using virtual-meeting performance data, comprising, by a computer system:generating a time-based performance pattern of a plurality of virtual meetings of a communications platform executing in a computing environment, wherein the computing environment comprises a plurality of down-layer infrastructural resources that support meeting services of the communications platform and non-meeting services of other components of the computing environment;
determining, from the time-based performance pattern, at least one virtual-meeting attribute associated with relatively poor virtual-meeting performance as indicated by measured media-stream quality for the plurality of virtual meetings;
identifying virtual meetings, of the plurality of virtual meetings of the time-based performance pattern, that have the at least one virtual-meeting attribute associated with relatively poor virtual-meeting performance;
correlating, based at least partly on stored metadata, at least a subset of the identified virtual meetings to a particular down-layer infrastructural resource, of the plurality of down-layer infrastructural resources, that is at least partially responsible for executing each virtual meeting of the at least a subset;
examining a performance metric of the correlated at least a subset of virtual meetings that is illustrative of an infrastructural problem which is broader than the communications platform;
identifying a transient down-layer performance problem related to the particular down-layer infrastructural resource responsive to the examined performance metric satisfying a threshold; and
reporting the transient down-layer performance problem.

US Pat. No. 10,142,390

METHOD AND SYSTEM FOR PROVIDING CONTENT IN CONTENT DELIVERY NETWORKS

NEC CORPORATION, Tokyo (...

1. A method for providing content in content delivery networks having an upstream content delivery network, and a downstream content delivery network comprising at least two content delivery entities, wherein the upstream content delivery network and the downstream content delivery network are connected to each other and a user equipment is connected to the downstream content delivery network, the method comprising:receiving a request from the user equipment for a content stream for a content from the downstream content delivery network;
providing, by the upstream content delivery network, the content stream;
redirecting the content stream from the upstream content delivery network to a content delivery entity of the at least two content delivery entities in the downstream content delivery network, wherein the user equipment is connectable to the at least two content delivery entities;
providing, by the content delivery entity in the downstream content delivery network, the content stream to the user equipment, wherein the user equipment obtains an address of the content delivery entity in the downstream content delivery network from a manifest file generated by the upstream content delivery network; and
performing at least twice:
determining at least one of network information of the downstream content delivery network or user equipment information,
determining probabilities of optimized content stream performance to the user equipment for each of the at least two content delivery entities based on the determined at least one of network information of the downstream content delivery network or the user equipment information,
providing, by the upstream content delivery network, a next manifest file comprising an address of a different one of the at least two content delivery entities with a highest probability among the determined probabilities in response to a request from the user equipment that is triggered by meta-data included in a most recent manifest file that links to the next manifest file,
connecting the user equipment to the content delivery entity with the highest probability, and
redirecting the content stream to the content delivery entity with the highest probability for providing the content stream to the user equipment;
wherein time intervals are calculated for performing the steps that are performed at least twice using actual or previous user equipment information, wherein a time interval indicates how long a manifest file is valid.

US Pat. No. 10,142,389

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, COMMUNICATION TERMINAL, SERVER, AND CONTROL METHODS AND CONTROL PROGRAMS THEREOF

NEC Corporation, Tokyo (...

1. An information processing system, comprising:a communication device; and
a server,
wherein the communication device comprises:
a first memory storing first instructions; and
at least one first processor configured to execute first instructions load a file;
determine whether the communication device has an application that can process the loaded file and generate, from the processed file, output data in an outputtable data format to be output at the communication device;
when it has been determined that the communication device does not have the application, connect the communication device with the server via a wireless communication network and transmit, to the server, a first request with information used to generate the output data in the outputtable data format, of supplying the output data in the outputtable data format by processing the file and generating the output data from the processed file;
receive the output data in the outputtable data format, transmitted from the server connected via the wireless communication network in response to a second request transmitted to the server; and
output the received output data in the outputtable data format without any data conversions, and
wherein the server comprises:
a second memory storing second instructions; and
at least one second processor configured to execute the second instructions to:
acquire the file and the information used to generate the output data in the outputtable data format from the communication device in response to the first request received from the communication device;
select, in accordance with the acquired file and the acquired information, an application that can process the acquired file and generate the output data in the outputtable data format from the processed file;
execute the selected application to process the acquired file and to generate the output data in the outputtable data format from the processed file;
accumulate the generated output data in the outputtable data format in an accumulator; and
when receiving the second request from the communication device, transmit the generated and accumulated output data in the outputtable data format to the communication device via the wireless communication network.

US Pat. No. 10,142,388

METHOD AND DEVICE FOR TRANSMITTING MEDIA DATA

Huawei Device (Dongguan) ...

1. A method for transmitting media data, wherein a sending device sending the media data and a receiving device receiving the media data are currently located in a same wireless network, the method comprising:using, by the sending device, one of wireless networks of multiple available frequency bands to perform media data transmission;
acquiring, by the sending device, information about transmission mode switching, and determining, according to the information about transmission mode switching, whether to switch the wireless network;
in response to determining, by the sending device, to switch the wireless network for transmission, switching the wireless network for performing data transmission to a wireless network of another frequency band in the multiple available frequency bands, and acquiring, by the sending device, the frequency band of the wireless network that is obtained after the switching; and
determining, by the sending device, whether a center frequency of the frequency band of the wireless network after the switching is greater than a threshold, and when yes, setting a media data encoding mode of the sending device to non-compression, and sending, by the sending device, media data that is not compressed to the receiving device; or
when the center frequency of the frequency band of the wireless network after the switching is not greater than the threshold, setting a media data encoding mode of the sending device to compression, and sending, by the sending device, media data that is compressed to the receiving device.

US Pat. No. 10,142,387

DISTRIBUTED COORDINATION OF NETWORK ELEMENTS FOR PACKET ENCAPSULATION

Cisco Technology, Inc., ...

1. A method comprising:at each of a plurality of encapsulator devices comprising a master encapsulator device and one or more slave encapsulator devices, receiving a source stream of encoded packets in a first transport format;
at the master encapsulator device, generating a preliminary plan for converting the encoded packets of the source stream to packets of a master output stream in a second transport format for communication over a data network, wherein the preliminary plan identifies a plurality of the encoded packets of the source stream corresponding to each packet of the master output stream;
at the master encapsulator device, generating a preliminary mapping stream that comprises information identifying the plurality of the encoded packets of the source stream that are used to generate each of the packets of the master output stream according to the preliminary plan;
sending the preliminary mapping stream from the master encapsulator device to the one or more slave encapsulator devices;
receiving feedback from the one or more slave encapsulator devices, the feedback comprising an evaluation of the preliminary plan at the one or more slave encapsulator devices;
updating the preliminary plan with the feedback received from the one or more slave encapsulator devices to generate a finalized plan;
generating a finalized mapping stream that comprises updated information identifying an updated plurality of encoded packets of the source stream that are used to generate each of the packets of the master output stream according to the finalized plan;
sending the finalized mapping stream from the master encapsulator device to the one or more slave encapsulator devices; and
at each of the one or more slave encapsulator devices, using the updated information in the finalized mapping stream to generate a slave output stream according to the finalized plan, wherein each slave output stream is identical to the master output stream.

US Pat. No. 10,142,386

DETERMINING MANIFEST FILE DATA USED IN ADAPTIVE STREAMING VIDEO DELIVERY

DLVR, INC., Phoenix, AZ ...

1. A system for analyzing adaptive streaming video delivery performance, the system comprising:a first content delivery network (CDN), comprising one or more segment file servers, and further comprising:
a processing unit including one or more processors; and
memory coupled with and readable by the processing unit and storing therein one or more sets of instructions;
wherein the execution of the one or more sets of instructions by the one or more processors, causes the first CDN to:
receive, from a recipient device, a plurality of requests for a plurality of video segment files, each said request requesting a particular video segment file, wherein the plurality of video segment files correspond to a portion of a delivery of a first adaptive streaming video controlled by a first manifest file stored at the recipient device, wherein one or more other portions of the first adaptive streaming video are not delivered by the first CDN, but are delivered by one or more other CDNs operated separately from the first CDN;
determine one or more video streaming characteristics stored within the first manifest file stored on the recipient device, based on the requests for the video segment files received by the first CDN;
in response to each of the plurality of requests for a particular video segment file, transmit the particular requested video segment file to the recipient device, via the one or more segment file servers; and
collect data metrics corresponding to the transmission of the particular requested video segment files from the first CDN to the recipient device; and
a manifest file serving system including one more or servers, each server in the manifest file serving system comprising:
a processing unit including one or more processors; and
memory coupled with and readable by the processing unit and storing therein a set of instructions;
wherein the execution of the one or more sets of instructions by the one or more processing units, causes the one or more servers of the manifest file serving system to:
receive the data metrics corresponding to the transmission of the requested video segment files from the first CDN to the recipient device;
determine, based at least in part on the data metrics from the first CDN, one or more performance metrics associated with the one or more other CDNs operated separately from the first CDN;
receive a manifest file request for an adaptive streaming video from a client device;
select one or more CDNs to be referenced in a manifest file responsive to the manifest file request, based at least in part on the determined performance metrics associated with the other CDNs operated separately from the first CDN;
configure a manifest file including one or more Uniform Resource Locators (URLs) referencing video segment files corresponding to portions of the adaptive streaming video, wherein the video segment files referenced by the URLs are provided by the one or more selected CDNs; and
transmit the configured manifest file to the client device in response to the manifest file request.

US Pat. No. 10,142,385

MULTI-SERVICE INITIALIZATION FOR ADAPTIVE MEDIA STREAMING

QUALCOMM Incorporated, S...

1. A method for receiving media content in a communication device, comprising:receiving, by a processor of the communication device, an initialization segment associated with a first media broadcast in a first channel;
requesting, by the processor, a second media broadcast in a second channel that is different from the first channel;
receiving, by the processor, an indication that the initialization segment is also associated with the second media broadcast, wherein the received indication includes a notification that a frequency of the initialization segment is being changed or identifies a changed initialization segment frequency;
receiving, by the processor, initialization segments at the changed initialization segment frequency; and
processing, by the processor, the second media broadcast using the initialization segment at the changed initialization segment frequency.

US Pat. No. 10,142,384

DISTRIBUTING COMMUNICATION OF A DATA STREAM AMONG MULTIPLE DEVICES

1. A method comprising:associating, by executing an instruction with a processor of a distribution system, a sharing code including alphanumeric data with a shared connection, the shared connection to be established to distribute communication of a complete data stream among multiple devices, the associating of the sharing code with the shared connection being performed in response to a first request received from a first device;
transmitting, by executing an instruction with the processor, the sharing code from the distribution system to the first device in response to the first request;
receiving a second request including the sharing code from a second device different from the first device, the second request having been sent by the second device to a first network address of the distribution system;
splitting, by executing an instruction with the processor, the complete data stream into a plurality of partial data streams corresponding to respective portions of the complete data stream, the partial data streams to be transmitted from the distribution system to respective ones of the multiple devices, including the second device, to combine available bandwidths of the multiple devices to realize the shared connection; and
in response to receiving the second request including the sharing code from the second device, establishing, by executing an instruction with the processor, a data connection via which a first partial data stream corresponding to a first portion of the complete data stream is to be transmitted from the distribution system to the second device.

US Pat. No. 10,142,383

METHOD FOR DELIVERING MUSIC CONTENT TO A SMART PHONE

1974 PRODUCTIONS, INC., ...

1. A method of distributing media content using mobile communication devices, comprising:providing digital media access cards, the digital media access cards promoting selected media content and containing enciphered information;
allowing a user of a mobile communication device to be granted access to a digital media access card;
generating an identification number, the identification number associated with the selected media content;
deciphering the enciphered information to create deciphered information, the deciphered information allowing the user to access a web server associated with the digital media access cards with the user's mobile communication device and download application software enabling the user to access the selected media content with the user's mobile communication device, the deciphered information further including machine-readable code corresponding to the identification number, whereby the application software facilitates reading the machine readable code with the mobile communication device and transmitting the code to the web server with the mobile communication device;
receiving the identification number with the web server and using the identification number to locate a table value in a database wherein identification numbers from a plurality of media access cards are each associated with a table value corresponding to media content associated with the access cards; and
using the table value to identify a media code associated with the selected media content in a content server whereupon the media code is transmitted to the mobile communications device whereby the mobile communication device may transmit the media code to the content server, the content server transmitting the selected media content to the mobile communication device upon receiving the media code from the mobile communication device.

US Pat. No. 10,142,382

DETECTING VIDEO STREAMING AND IDENTIFYING STREAMED VIDEOS

GOOGLE LLC, Mountain Vie...

1. A processor-implemented method for identifying streamed video, comprising:receiving, at a router, a request for content from a client device;
transmitting, by the router, the request to a content server;
receiving, at the router, a first set of streamed video data packets sent by the content server in response to the request, each of the first set of streamed video data packets comprising encrypted video data for a first streamed video and an unencrypted header;
transmitting, by the router, the first set of streamed video data packets to the client device;
examining, by the router, the unencrypted header for information identifying the first streamed video;
determining, by the router, that the first streamed video is not identifiable from the unencrypted header;
responsive to determining that the first streamed video is not identifiable from the unencrypted header:
decrypting, by the router, the encrypted video data to create decrypted video data,
processing, by the router, the decrypted video data to identify the first streamed video, and
transmitting, by the router, a first identification of the first streamed video to an analytics server;
receiving, by the router, a second set of streamed video data packets, each of the second set of streamed video data packets comprising encrypted video data for a second streamed video and an unencrypted header;
examining, by the router, the unencrypted header of each of the second set of streamed video data packets for information identifying the second streamed video;
determining, by the processor, that the second streamed video is identifiable from the unencrypted headers of the second set of streamed video data packets; and
transmitting, by the router, a second identification of the second streamed video to the analytics server.

US Pat. No. 10,142,381

SYSTEM AND METHOD FOR SCALABLE CLOUD SERVICES

IntelliVision Technologie...

1. An event recognition system, said system comprising:an event recognition module:
a processor-controlled video camera;
a client computerized device;
a processor;
a non-transitory storage medium coupled to the processor;encoded instructions stored in the non-transitory storage medium, which when executed by the processor, causes the processor to:analyze a computed pixel value from at least one zone of at least one event-detected image frame captured from at least one processor-controlled video camera;reference said zone-specific value against at least one of a pre-defined or learned reference table of event-recognized computed pixel values;retrieve at least one of a recognized event from the reference table based on a threshold-grade match of least one of pixel values, zone-dependent pixel values, analysis of pixel values, metadata and, or a hash map, wherein said recognized event is at least one of a recognition of a face, person, group, object, movement, action, intrusion, specific location, vehicle, vehicle/license plate, impact, or aberrant sound; andtransmit at least any one of a single stream of the recognized event or a single stream of an audio-video sequence succeeding and, or preceding the recognized event, and including the recognized event, to a client device,wherein a contextual data comprising information of the recognized event is overlaid on the single stream; and in response to a determination that the processor-controlled video camera is improperly operating, transmit a status message indicating that the processor-controlled video camera is improperly operating to the client computerized device.

US Pat. No. 10,142,380

JOINING EXECUTABLE COMPONENT TO ONLINE CONFERENCE

Microsoft Technology Lice...

1. A system comprising: a user interface presentation component that causes, at least under one circumstance, a user interface to be presented on a display of the system, the user interface comprising at least:an online conference portion that shows a separate visualization for each of a plurality of participants in an online conversation that involves at least audio and video; and
a contacts portion that is visually separated from the online conference portion and that concurrently includes separate visualizations within the contacts portion for each of one or more individuals and each of one or more executable components that can be joined to the online conversation as participants, wherein each of the one or more executable components comprises computer executable code configured to cause an action associated with the executable component to occur within the online conversation when the executable component is joined to the online conversation as a participant of the online conversation; and
a joining component that joins participants into the online conversation when an instruction to join the participants into the online conversation is detected, wherein when an instruction to join a particular executable component of the one or more executable components from the contacts portion into the online conversation is detected, the joining component causes the particular executable component to be joined to the online conversation such that the action associated with the particular executable component occurs within the online conversation.

US Pat. No. 10,142,379

MEASURING PAGE VIEWERSHIP IN A SOCIAL NETWORK

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:maintaining, by a social networking system, a page including a plurality of posts and having at least one administrator;
receiving, by the social networking system, at least a first request from a first user of the social networking system, a second request from a second user, and a third request from a third user to view a particular post of the plurality of posts;
classifying by the social networking system, the first request as one of a tracked count of organic requests responsive to detecting that the first user encountered the particular post from a page on the social networking system associated with the first user;
classifying, by the social networking system, the second request as one of a tracked count of paid channel requests responsive to detecting that the second user was directed to the particular post from sponsored content on the social networking system;
classifying, by the social networking system, the third request as one of a tracked count of viral requests responsive to detecting that the third user was directed to the particular post from a story published by a friend of the third user connected to the third user on the social networking system;
receiving, by the social networking system, requests from one or more users of the social networking system to interact with one or more of the plurality of posts;
receiving, by the social networking system, a request from the at least one administrator of the page for analytical information about the page; and
sending, by the social networking system, information associated with the page maintained by the social networking system to display to the at least one administrator in a user interface, the user interface not accessible by a user of the social networking system unless the user is designated as an administrator of the page maintained by the social networking system, the sent information including for each of the plurality of posts:
a number of times users of the social networking system requested to view the post, and
a number of times users of the social networking system requested to interact with the post;
receiving, by the social networking system, a request for more data relating to the number of times users of the social networking system requested to view the post;
responsive to the request, providing for presentation, the tracked count of the organic views, the tracked count of the paid channel views, and the tracked count of the viral views.

US Pat. No. 10,142,378

VIRTUAL IDENTITY OF A USER BASED ON DISPARATE IDENTITY SERVICES

SYMANTEC CORPORATION, Mo...

1. A computer-implemented method comprising:identifying, by an identity service broker implemented by at least one computer processor, an authentication of a user provided by a first identity service;
generating, by the identity service broker, a virtual identity of the user comprising a plurality of virtual attribute fields;
populating, by the identity service broker, a first virtual attribute field of the plurality of virtual attribute fields based on a value of a first attribute associated with the user and recorded by the first identity service;
determining, by the identity service broker after the populating of the first virtual attribute field, that a second virtual attribute field of the plurality of virtual attribute fields is not assigned a value;
identifying, by the identity service broker, a second identity service associated with the user when it is determined that the second virtual attribute field is not assigned a value, the second identity service configured to provide attributes of the user but not configured to provide authentication of the user, wherein the second identity service is identified based on identifying a link between an attribute of the second identity service and the first attribute of the first identity service;
populating, by the identity service broker, the second virtual attribute field of the plurality of the virtual attribute fields with a value of a second attribute recorded by the second identity service, wherein the second attribute is not the linked attribute of the second identity service and is not recorded by the first identity service; and
allowing, by the identity service broker, access for the user to a software application or a network application that is managed by the identity service broker based on the value of the populated second virtual attribute field of the virtual identity of the user satisfying a condition of a policy associated with the populated second virtual attribute field, the allowing of access being enabled by the link, which comprises a federated identity of the user, between the previously-unlinked second identity service and first identity service.

US Pat. No. 10,142,377

RELEVANCY IMPROVEMENT THROUGH TARGETING OF INFORMATION BASED ON DATA GATHERED FROM A NETWORKED DEVICE ASSOCIATED WITH A SECURITY SANDBOX OF A CLIENT DEVICE

FREE STREAM MEDIA CORP., ...

1. A system comprising:a client device capable of being associated with a plurality of networked devices through a computer network to:
process an embedded object,
constrain an executable environment in a security sandbox, and
execute a sandboxed application in the executable environment, the embedded object being processed through the sandboxed application; and
a relevancy-matching server to:
receive primary data generated from fingerprint data of each of the plurality of networked devices,
match the primary data with targeted data based on a relevancy factor,
search a storage for the targeted data, and
cause rendering of the targeted data through the embedded object processed through the sandboxed application of the client device,
wherein the primary data is any one of a content identification data and a content identification history.

US Pat. No. 10,142,376

METHOD, AND RELATED APPARATUS FOR RECOVERING CALLED SERVICE OF TERMINAL

Huawei Technologies Co., ...

1. A method for recovering a called service of a user terminal performed by a serving call session control function (S-CSCF), the method comprising:receiving a called request of the user terminal;
determining an initial proxy-call session control function (P-CSCF) entity with which the user terminal currently registers is faulty;
selecting an available P-CSCF for the user terminal;
notifying the available P-CSCF to trigger the user terminal to re-initiate IP Multimedia Subsystem (IMS) registration; and
delivering the called request to a re-registered P-CSCF to bear the called service of the user terminal after the user terminal completes the IMS registration.

US Pat. No. 10,142,375

CONTENT ENABLING SYSTEM

1. A system for remote acquisition of digital information, comprising:a content enabling device having a wireless interface for providing wireless connectivity to a content enabled region surrounding the content enabling device;
a sensory content apparatus or item for presenting sensory stimulus corresponding to digital content to a user of a mobile device, the mobile device being within the content enabled region configured to generate and transmit a token including at least one content ID parameter of a location of the mobile device in response to an actuation of the mobile device by the user at a specific time;
a content management server configured to store the digital content corresponding to the content enabling device and configured with a location of the content enabling device and an area of the content enabled region, the content management server being further configured to
receive the token from the mobile device,
determine if the location of the mobile device in the token is within the content enabled region, and
transmitting the digital content to the mobile device or a cloud based user account when the location of the mobile device is determined to be within the content enabled region.

US Pat. No. 10,142,374

DEVICE PAIRING TECHNIQUES USING DIGITAL WATERMARKING

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:establishing and participating, by a first user computing device and one or more second user computing devices via a remote server computing device, in an audio/video conference session; and
during the established audio/video conference session:
detecting, using a camera of the first user computing device, a digital watermark displayed by a display of a computing system that is distinct from the first user computing device and is not participating in the established audio/video conference session, the digital watermark being a visual indicator that is detectable by the camera of the first user computing device;
determining, by the first user computing device, a unique identifier for the computing system based on the digital watermark; and
automatically coordinating, by the first user computing device and using the unique identifier, the addition of the computing system to the established audio/video conference session.

US Pat. No. 10,142,373

SECURITY-CONNECTED FRAMEWORK

McAfee, LLC, Santa Clara...

1. A security controller apparatus for providing messaging services on a data exchange layer (DXL), comprising:a memory communicatively coupled to one or more processors;
a network interface;
a DXL services engine operable for providing an application programming interface (API) for connecting to a DXL enterprise service bus (ESB) via the network interface, wherein the DXL is configured to provide a context-aware producer-consumer framework on a service-oriented architecture; and
a domain security engine operable for consuming security events via the DXL, and configured for:
subscribing to a DXL security topic as a DXL consumer;
consuming a security event related to the DXL security topic via the DXL ESB;
as a DXL producer, publishing a DXL security message via the DXL ESB, wherein the DXL security message is configured to enable a DXL consumer to act on the security message;
consolidating a plurality of DXL messages;
building a context-sensitive security policy, comprising assigning a location-independent security policy to a DXL endpoint, and publishing the assignment via a DXL message;
publishing the context-sensitive security policy via a DXL message; and
providing security information and event management (SIEM) services according to the DXL security message, comprising pooling data from a plurality of dissimilar resources and normalizing the data for consumption via the DXL.

US Pat. No. 10,142,372

METHODS AND SYSTEMS FOR PROTECTING A SECURED NETWORK

Centripetal Networks, Inc...

1. A method comprising:receiving, by a server and from a first computing device, a first security update comprising a first set of network addresses;
updating, by the server, one or more rules stored in a memory of the server to include the first set of network addresses;
receiving, by the server and from a second computing device, a second security update comprising a second set of network addresses;
determining, by the server, that the second set of network addresses includes at least a portion of network addresses included in the first set of network addresses;
responsive to determining that the second set of network addresses includes the at least a portion of network addresses included in the first set of network addresses:
identifying, by the server, the at least a portion of network addresses included in the first set of network addresses;
identifying, by the server, at least one of the one or more rules stored in the memory of the server that specifies a range of network addresses comprising the at least a portion of network addresses included in the first set of network addresses; and
updating, by the server, the at least one of the one or more rules to include one or more other network addresses included in the second set of network addresses;
transmitting, by the server and to at least one packet security gateway, at least one of the one or more updated rules:
causing executing, by the packet security gateway and on a packet by packet basis, one or more rules in time-shifted phases, wherein the executing comprises:
executing, by the at least one packet security gateway, a first rule during a first period of time based on a first subset of network addresses:
executing, by the at least one packet security gateway, a second rule during a second period of time based on a second subset of network addresses: and
executing, by the at least one packet security gateway, a third rule during a third period of time based on a third subset of network addresses,
wherein the first period of time is followed by the second period of time, and the second period of time is followed by the third period of time, and
wherein the first subset of network addresses is smaller than the second subset of network addresses, and the second subset of network addresses is smaller than the third subset of network addresses.

US Pat. No. 10,142,371

AUTHORIZATION POLICY CUSTOMIZATION AND AUTHORIZATION POLICY LOCKDOWN

ORACLE INTERNATIONAL CORP...

1. A computer-implemented method comprising:receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein:
upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts,
the cloud service application is provided as a service to a plurality of companies,
the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, and
the plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies;
in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts;
upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts;
requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and
upgrading the second subset of the plurality of authorization policy artifacts based on the input.

US Pat. No. 10,142,370

METHODS AND APPARATUS FOR GENERATING AND USING SECURITY ASSERTIONS ASSOCIATED WITH CONTAINERS IN A COMPUTING ENVIRONMENT

VMWARE, INC, Palo Alto, ...

34. A method, comprising:obtaining a container image from a repository by a processor of a relying party during an execution phase;
obtaining, by executing an instruction with the processor during the execution phase, a security assertion document associated with the container image, the security assertion document having been generated at a first time, the security assertion document being separate from the container image, the container image unaltered by the generation of the security assertion document at the first time, and the security assertion document including:
a container image reference indicative of the container image from which the security assertion document was generated;
a container assessable description indicative of a plurality of unassembled parts, the unassembled parts to be assembled based on the container image to form a container for execution in a host environment, and the unassembled parts including a property;
an assessment policy reference indicative of an assessment policy, wherein the assessment policy includes a rule specifying an expected value of the property; and
a security assertion generated based on the property and based on the rule;
determining, by executing an instruction with the processor during the execution phase, whether an assessed value of the property of one of the plurality of unassembled parts matches the expected value of the property; and
in response to determining that the assessed value matches the expected value, executing the container in the host environment at a second time, wherein the second time is subsequent to the first time.

US Pat. No. 10,142,369

METHOD AND SYSTEM FOR PROCESSING A STREAM OF INFORMATION FROM A COMPUTER NETWORK USING NODE BASED REPUTATION CHARACTERISTICS

ThreatMETRIX PTY LTD, Ch...

1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node in a context using information received electronically from a plurality of submitters, the method comprising:receiving, using the at least one processor, first information about one or more nodes from a first submitter of the plurality of submitters and second information about one or more nodes from a second submitter of the plurality of submitters, the one or more nodes being associated with a network;
identifying, using the at least one processor, a first reputation of the first submitter in the context and a second reputation of the second submitter in the context from a knowledge base,
wherein a reputation of a submitter in a given context is based at least on assertions associated with past behavior of the submitter in the given context and attributes from each of the other submitters of the plurality of submitters, each assertion from each submitter of the other submitters of the plurality of submitters weighted by a reputation of the submitter in the given context;
calculating, using the at least one processor, a node reputation of the node in the context based upon at least the first reputation of the first submitter in the context and the first information received from the first submitter and the second reputation of the second submitter in the context and the second information received from the second submitter,
wherein the node reputation of the node in a context is determined by calculating a sum of assertions from the submitter with respect to the context weighted by each submitter's reputation in the context, wherein the node reputation is expressed as a rational number based on normalized assertions, wherein a normalized assertion is expressed as:

where A denotes an assertion, Asxc is an assertion submitted by a submitter S in a context C about node X, and Asic is an assertion submitted by submitter S about node i, i=1 to n, and n is an integer;
transferring, using the at least one processor, the node reputation to a user of the computer system, and
developing and/or updating a knowledgebase intrusion detection system by applying the calculated node reputation.

US Pat. No. 10,142,368

FACILITATING REMOTE ACCESS OF DEVICES IN A SECURE ENVIRONMENT

UNITED PARCEL SERVICE OF ...

1. A computer implemented method, operated via a computer memory, comprising:receiving via a first encrypted connection using a first protocol, at a computing device running an application belonging to a first domain, cross-domain communication comprising a request for instructions for a peripheral device belonging to a second domain distinct from the first domain, the instructions comprising instructions for printing that include a native command language of the peripheral device, wherein the peripheral device is connected to a user computing entity and comprises a printer, scanner or a scale;
providing, from the application to a server outside of the second domain, the request for instructions over a second connection using a second protocol, wherein the server is located in a third domain distinct from the first and second domain, the first protocol is Hyper Text Transfer Protocol Secure and the second protocol is a remote method invocation (RMI);
responsive to receiving the request at the server, providing, from the server to the application, shipping or labeling information comprising the instructions over the second connection using the second protocol; and
providing, to the user computing entity, the shipping or labeling information comprising the instructions over the first encrypted connection using the first protocol for facilitating package shipping and remote control of the peripheral device.

US Pat. No. 10,142,367

SYSTEM AND METHOD FOR CREATION, DEPLOYMENT AND MANAGEMENT OF AUGMENTED ATTACKER MAP

ILLUSIVE NETWORKS LTD., ...

1. A system for network surveillance to detect attackers, comprising:a deception management server within a network of resources, comprising a deployment module managing and planting one or more decoy lateral attack vectors in one or more of the resources in the network, wherein a lateral attack vector is an object in memory or storage of a first resource in the network that may be used to access a second resource in the network; and
one or more decoy servers accessible from resources in the network, each decoy server comprising:
an alert module that issues an alert when a specific resource in the network accesses the decoy server via one or more of the decoy lateral attack vectors planted in the specific resource by said deployment module; and
a delay module, purposely delaying incoming connections to the decoy server while a resource accesses the decoy server, in order to allow additional time to monitor activity on the decoy server.

US Pat. No. 10,142,366

METHODS, SYSTEMS AND DEVICES TO MITIGATE THE EFFECTS OF SIDE EFFECT URLS IN LEGITIMATE AND PHISHING ELECTRONIC MESSAGES

VADE SECURE, INC., San F...

1. A computer-implemented method, comprising:receiving and storing an electronic message, in a memory of a computing device coupled to a computer network, the electronic message containing a uniform resource locator (URL);
parsing the URL in the electronic message stored in the memory of the computing device and identifying at least one original parameter in the URL, the at least one original parameter comprising a sequence of characters;
determining a length of the at least one original parameter;
determining a statistical distribution of lowercase letters, uppercase letters and/or numbers of the at least one original parameter;
determining a type of the identified at least one original parameter, the determined type being one of a plurality of predetermined types of parameters only when the length of the at least one original parameter is determined to be at least a predetermined minimum length and when the statistical distribution is determined to be consistent with normal distributions of such lowercase letters, uppercase letters and/or numbers;
transforming the identified at least one original parameter according to one of a plurality of parameter transformation rules selected according to the determined type to generate at least one transformed parameter;
reassembling the URL by substituting the at least one transformed parameter for the at least one original parameter;
accessing, over the computer network, the website pointed to by the reassembled URL using the at least one transformed parameter if the reassembled URL meets a predetermined minimum criterion,
foregoing accessing the reassembled URL if the reassembled URL does not meet the predetermined minimum criterion; and
analyzing a response of the accessed website to the at least one transformed parameters to determine whether the URL is a side effect URL.

US Pat. No. 10,142,365

SYSTEM AND METHODS FOR RESPONDING TO CYBERSECURITY THREATS

The Boeing Company, Chic...

1. A cyber-security monitoring (CSM) computer device for responding to cybersecurity threats, said CSM computer device comprising a processor in communication with a memory, said processor configured to: monitor a virtual network including plurality of virtual machines; detect a cybersecurity threat to a first virtual machine of the plurality of virtual machines; generate a second virtual machine based on an uncompromised version of the first virtual machine; adjust the second virtual machine to resist the cybersecurity threat; disconnect the first virtual machine from the virtual network to prevent communication between the first virtual machine and the plurality of virtual machines included in the virtual network; connect the second virtual machine to the virtual network in place of the first virtual machine, and subsequent to the disconnect of the first virtual machine, spoof one or more commands from the first virtual machine in response to the cybersecurity threat.

US Pat. No. 10,142,364

NETWORK ISOLATION BY POLICY COMPLIANCE EVALUATION

Upguard, Inc., Mountain ...

1. A method comprising:maintaining, in an internal network, a plurality of internal nodes, each node of the plurality of internal nodes comprising a corresponding node configuration;
receiving, at the internal network, network traffic from an outside network;
analyzing, by a node of the internal network, the node configuration of a first node of the internal network and the received network traffic;
calculating, in real-time and based on the analysis of the node configuration, a network vulnerability score, the network vulnerability score measuring the vulnerability of the network to malicious action;
determining if the network vulnerability score is below a vulnerability threshold;
responsive to determining that the network vulnerability score is below the vulnerability threshold, isolating the internal network from the outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and
after isolating the internal network:
reconfiguring the first node of the internal network;
simulating the received network traffic on the isolated network including the reconfigured first node;
calculating a simulated network vulnerability score based on the simulated received network traffic and measuring the expected vulnerability of the network to malicious action if the network were not isolated from the outside network; and
in response to the simulated network vulnerability score exceeding the vulnerability threshold, reversing the isolation of the internal network from the outside network.

US Pat. No. 10,142,363

SYSTEM FOR MONITORING AND ADDRESSING EVENTS BASED ON TRIPLET METRIC ANALYSIS

Bank of America Corporati...

1. A system for monitoring and addressing events based on triplet metric analysis, the system comprising:one or more memory devices; and
one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute computer-readable program code to:
transmit control signals to cause a vendor database system to continuously monitor a vendor database for a new data input and, in response to identifying the new data input, automatically transmit the new data input to the system, wherein the new data input comprises at least a threat actor, a threat means, and a targeted asset;
receive the new data input from the vendor database system, wherein the new data input comprises unformatted text of prose-form messages;
apply an optical character recognition process to the unformatted text of prose-form messages to extract and identify the threat actor, the threat means, and the targeted asset;
identify a threat actor value based on a comparison of the threat actor to an actor value database, wherein the threat actor value comprises a scalar representation of capabilities of the threat actor;
identify a threat means value based on a comparison of the threat means to a means value database, wherein the threat means value comprises a scalar representation of effectiveness of the threat means;
identify a targeted asset value based on a comparison of the targeted asset to an asset value database, wherein the targeted asset value comprises a scalar representation of exposure potential of the targeted asset;
calculate a threat-based exposure value with a threat-based exposure model that is based at least on the identified threat actor value, the identified threat means value, and the identified targeted asset value, wherein the threat-based exposure model comprises:
R=|avb|sin(?)sin(?)
wherein:
R is the threat-based exposure value calculated with the threat-based exposure model;
a is the identified threat actor value;
v is the identified threat means value;
b is the identified targeted asset value;
? is a degree of relation between the threat actor and the threat means; and
? is a degree of relation between the targeted asset and a combination of the identified threat actor and the identified threat means;
calculate a total threat-based exposure value as a sum of R and a plurality of different threat-based exposure values associated with different combinations of threat actors, threat means, and targeted assets;
in response to calculating the threat-based exposure value, transmit control signals configured to cause a computing device system associated with a user to display a three-dimensional representation of the threat-based exposure model;
receive, from the user interface of the computing device system associated with the user, instructions to print the threat-based exposure model; and
in response to receiving instructions to print the threat-based exposure model, transmit control signals configured to cause a three-dimensional printer system to print the threat-based exposure model.

US Pat. No. 10,142,362

CLOUD BASED SYSTEMS AND METHODS FOR DETERMINING SECURITY RISKS OF USERS AND GROUPS

Zscaler, Inc., San Jose,...

1. A method comprising:monitoring and managing, by one or more servers in a cloud-based security system, entities comprising users or groups of users via an in-line manner where the entities connect to the Internet through the cloud-based security system and where the cloud-based security system is external from the entities and associated enterprise networks, wherein the in-line manner comprises traffic between an entity and the Internet being processed through the cloud-based security system;
maintaining logs of transactions monitored through the cloud-based security system via the in-line manner;
obtaining a plurality of attributes from the transactions while excluding impossible comparison items from the transactions;
performing empirical scoring on normalizing the plurality of attributes for ranking risky entities, wherein the empirical scoring comprises categorizing violations detected via the in-line manner and based on security policy into categories and applying modifiable weightings thereto and determining a risk score as a weighted combination of normalized scores for each of the categories, wherein the categories are related to infections, malware, and suspicious behavior, wherein the weighted combination includes weights for severity of the categories and for length of time of infection of each category;
identifying the risky entities based on one of the empirical scoring and analytics; and
updating policies and/or monitoring for the risky entities in the cloud-based security system based on the identifying, wherein the updated policies adjust what functionality the risky entities are allowed to perform on the Internet enforced via the in-line manner by the cloud-based security system, and wherein the updated monitoring intensifies the monitoring via the cloud-based security system.

US Pat. No. 10,142,361

LOGIN CREDENTIAL ALERT SYSTEM

VISA INTERNATIONAL SERVIC...

1. A method comprising:receiving, by a first computer from an internet traffic monitoring computer, a decrypted username associated with a data breach at a first organization, wherein the internet traffic monitoring computer performed steps including:
receiving an encrypted username from a transaction computer, issuer computer, organization or other internet accessible resource provider, or third party computer,
decrypting the encrypted username to generate the decrypted username, and
transmitting the decrypted username to the first computer;
comparing, by the first computer, the decrypted username with previously received usernames from a plurality of organizations;
identifying, by the first computer, a second organization from the plurality of organizations at which the decrypted username is used;
encrypting, by the first computer, an alert using an encryption key; and
transmitting, by the first computer, the encrypted alert to a second computer associated with the second organization, the encrypted alert comprising the decrypted username, and the encrypted alert indicating that the decrypted username used at the second organization has been compromised for enhancing data security at the second organization.

US Pat. No. 10,142,360

SYSTEM AND METHOD FOR ITERATIVELY UPDATING NETWORK ATTACK MITIGATION COUNTERMEASURES

Arbor Networks, Inc., Bu...

1. A computer-implemented method to mitigate a malicious network attack, the method comprising:receiving an attack alert that a network attack has been detected;
saving a sample of captured network traffic in response to the attack alert;
playing back the sample while applying a playback countermeasure to the captured network traffic to block sample segments from the sample;
analyzing at least one of the blocked sample segments and throughput sample segments that are not blocked; and
adjusting the playback countermeasure in response to a result of the analyzing.

US Pat. No. 10,142,359

SYSTEM AND METHOD FOR IDENTIFYING SECURITY ENTITIES IN A COMPUTING ENVIRONMENT

AWAKE SECURITY, INC., Mo...

1. A method for identifying a security entity in a computing environment, comprising:monitoring a communication between a user computer and at least one destination computer by a security appliance executed on a computing device;
extracting a plurality of selective information from the communication by the security appliance;
identifying at least one security entity based on a subset of the selective information, wherein the subset of the selective information belonging to a first time interval;
confirming an identity of the identified at least one security entity as valid for the first time interval, based on an association between a decisive identifier and the identified at least one security entity during the first time interval;
evaluating another subset of selective information belonging to a second time interval and detecting the identified at least one security entity during the second interval, based on an association between the decisive identifier and the identity of the identified at least one security entity during the second time interval;
extending the association between the identified at least one security entity and the associated decisive identifier from the first time interval to the second time interval, based on the detection;
generating a knowledge graph for the identified at least one security entity based on the associated decisive identifier for a period extending from the first time interval to the second time interval; and
analyzing a network communication between the user computer and the at least one destination computer to detect a potential threat based on information included in the knowledge graph, wherein a result of analyzing the communication is utilized to generate information to update priority of analysis of incoming packets in further network communications between the user computer and the at least one destination computer.

US Pat. No. 10,142,358

SYSTEM AND METHOD FOR IDENTIFYING AN INVALID PACKET ON A CONTROLLER AREA NETWORK (CAN) BUS

SYMANTEC CORPORATION, Mo...

1. A method of detecting an invalid packet on a Controller Area Network (CAN) bus having a plurality of CAN nodes coupled thereto comprising:monitoring a CAN identifier (CAN ID) of each packet sent by each CAN node;
identifying whether an ACK Slot bit of a monitored packet is set to “1” or “0;”
monitoring, for a predetermined time, in response to the ACK Slot bit set to “1,” for a subsequent packet possessing the same CAN ID;
storing, in response to the subsequent packet possessing a same CAN ID, the CAN ID in a first database having a listing for valid packets;
storing, in response to the subsequent packet possession a different CAN ID, the different CAN ID in second database having a listing for invalid packets;
monitoring, in response to the ACK Slot bit set to “0,” for a same CAN ID having an ACK Slot bit equal to “0” from a previously monitored packet;
storing, in response to an absence of the previously monitored packet having the same CAN ID having the ACK Slot bit equal to “1,” the CAN ID of the CAN ID having the Slot bit equal to “0” in the second database; and
disabling the invalid packet.

US Pat. No. 10,142,357

SYSTEMS AND METHODS FOR PREVENTING MALICIOUS NETWORK CONNECTIONS USING CORRELATION-BASED ANOMALY DETECTION

Symantec Corporation, Mo...

1. A computer-implemented method for preventing malicious network connections using correlation-based anomaly detection, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:monitoring computing activity within a network that includes a plurality of computing devices over a plurality of time periods;
while monitoring the computing activity within the network:
detecting, during a first time period, at least one network connection that involves at least one of the computing devices within the network;
determining that the network connection detected during the first time period is malicious based at least in part on telemetry data collected from a plurality of security products related to the computing device;
determining that no malicious network connections involving the computing device were detected during a second time period;
identifying a feature of the computing activity that:
occurred during the first time period; and
did not occur during the second time period;
determining that the feature is likely indicative of malicious network activity due at least in part to the feature having occurred during the first time period and not having occurred during the second time period;
detecting, after the first time period and the second time period, a presence of the feature in connection with a subsequent network connection at a subsequent point in time; and
in response to detecting the presence of the feature in connection with the subsequent network connection at the subsequent point in time:
classifying the subsequent network connection as malicious; and
performing at least one security action on the subsequent network connection attempted around the subsequent point in time.

US Pat. No. 10,142,356

CHANNEL DATA ENCAPSULATION SYSTEM AND METHOD FOR USE WITH CLIENT-SERVER DATA CHANNELS

ShieldX Networks, Inc., ...

1. A method comprising:receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data;
performing a security service on the first encapsulated data using the first encapsulation context, wherein the security service is one of a plurality of microservices used to secure traffic passing between applications and servers through a routing network;
receiving, by the first security microservice, a response from the second security microservice comprising a second security microservice context, a second timestamp, and a second load;
generating, by the first security microservice, a first timestamp and a first load, wherein the timestamps represent the duration of processing performed by the first and second microservices and the first and second loads represent the loading of the first and second microservices processing the encapsulated channel data, the loading being represented in either relative or absolute terms; and
transmitting, by the first security microservice, a response to the first channel data encapsulation packet, wherein the response includes the first timestamp and first load generated by the first security microservice, wherein the timestamp and load values are recorded to be used in load balancing decisions for future security service requests among microservices; and
wherein the first and second security microservices are implemented with computer-readable instructions stored in memory on a network security server, the memory coupled to one or more hardware processors executing the first and second security microservices.

US Pat. No. 10,142,355

PROTECTION OF TELECOMMUNICATIONS NETWORKS

TELUS Communications Inc....

1. A protection system for an internet service provider (ISP) network, wherein the ISP network is configured to relay packets between user devices connected to the ISP network and between the user devices and other internet devices, some of the user devices having threats that cause the respective user devices to send or receive threat-related packets, the protection system comprising:an evaluation engine, the evaluation engine being configured to receive input signals including:
network-based statistics obtained from ISP network devices of the ISP network;
information obtained from analysis of traffic on the ISP network by ISP security devices of the ISP network; and
details of threats on the user devices from a security application on the user devices;
the evaluation engine being configured to perform analytics on information contained within the input signals by reference to technical specifications and configuration information of the ISP network devices and the ISP security devices to assess an overall threat level posed to the ISP network or a portion of the ISP network by the threats and determine whether an active threat that affects the reliability or security of the ISP network either on its own or in combination with other active threats on the user devices exists on any user device of the user devices and to produce a trigger output when such an active threat to the ISP network has been determined; and
protection devices of the ISP network, each protection device being configured to be responsive to the trigger output to take an action towards protection of the ISP network by mitigating the effect of the active threat that affects the reliability or security of the ISP network.

US Pat. No. 10,142,354

CLOUD-BASED COMMUNICATION ACCOUNT SECURITY

1. A method comprising:receiving, by a computer system comprising a processor, over a network, a request to resolve a problem relating to a user device, wherein the request is received from one of a preinstalled application associated with the user device or from a user of the user device, and wherein the request comprises initial symptoms provided by the one of the preinstalled application associated with the user device or the user of the user device;
selecting, by the processor, based at least in part on the initial symptoms of the request provided by the one of the preinstalled application associated with the user device or the user of the user device, a diagnostic algorithm of a plurality of diagnostic algorithms to analyze data associated with the user device to identify symptoms of the problem and diagnose a cause of the symptoms identified, wherein the diagnostic algorithm, when executed by the processor, causes the processor to perform operations comprising
identifying applications that are generating traffic on the user device,
mapping network connections for the applications that are generating traffic on the user device, and
comparing the network connections for the applications that are mapped with preapproved network connections for the user device to diagnose at least one unapproved mapped network connection as the cause of the symptoms identified; and
searching, by the processor, to identify a solution to resolve the cause of the symptoms identified, wherein the solution to resolve the cause of the symptoms identified is based at least in part on diagnosis of the at least one unapproved mapped network connection as the cause of the symptoms identified.

US Pat. No. 10,142,353

SYSTEM FOR MONITORING AND MANAGING DATACENTERS

CISCO TECHNOLOGY, INC., ...

1. A system within a datacenter, comprising:two or more sensors configured to:
capture a packet;
describe the packet in a packet log;
send the packet log to a collector;
the collector being configured to:
receive the packet logs from the two or more sensors;
determine that the packet logs describe a connection between two endpoints in a datacenter;
describe the connection in a flow log; and
an analytics module configured to:
determine a status of the datacenter, using any connections in the flow log;
detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and
modify, in response to the detected attack, a security policy of the datacenter.

US Pat. No. 10,142,352

CONFIGURATION MANAGEMENT FOR VIRTUAL MACHINE ENVIRONMENT

International Business Ma...

1. A computer-implemented method for controlling a connection between a virtual machine and a physical device, the method comprising:receiving, by a virtual machine managing server, a connection request for connecting the physical device to the virtual machine;
in response to receiving the connection request, determining, by the virtual machine managing server, whether the virtual machine satisfies a first connection permission condition and whether the physical device satisfies a second connection permission condition, wherein the second connection permission condition comprises a setting of a configuration of the physical device and a setting of a context of the physical device comprising a physical location of the physical device and a current time, wherein the physical location of the physical device is based on an internet protocol (IP) address of the physical device;
in response to a determination that the virtual machine does not satisfy the first connection permission condition, changing, based on a first instruction sent from an endpoint managing server, a configuration of the virtual machine to satisfy the first connection permission condition;
in response to a determination that the physical device does not satisfy the second connection permission condition, changing, based on a second instruction sent from the endpoint managing server, the configuration of the physical device to satisfy the second connection permission condition;
in response to a determination that the virtual machine satisfies the first connection permission condition and that the physical device satisfies the second connection permission condition, accepting, by the virtual machine managing server, the received connection request to connect the physical device to the virtual machine;
in response to accepting the received connection request, establishing a connection between the virtual machine and the physical device;
in response to establishing the connection between the physical device and the virtual machine, dynamically detecting a change in at least one selected from the group consisting of: the configuration of the virtual machine, a context of the virtual machine, the configuration of the physical device, and the context of the physical device;
determining that the dynamically detected change does not satisfy at least one of the first connection permission condition or the second connection permission condition; and
in response to the determination of the dynamically detected change, disconnecting the connection between the virtual machine and the physical device.

US Pat. No. 10,142,351

RETRIEVING CONTACT INFORMATION BASED ON IMAGE RECOGNITION SEARCHES

Google LLC, Mountain Vie...

1. A method for transmitting contact information to a requestor, the method comprising:receiving, by one or more processors, from a requestor an image of a user, wherein the requestor and the user are different users;
identifying, by the one or more processors, the user in the image;
determining, by the one or more processors, a time associated with the image of the user;
retrieving, by the one or more processors, a permission rule associated with the identified user, the permission rule indicating a predetermined threshold of proximity between a location of the user and a location of the requester around the time associated with the image;
determining, by the one or more processors, whether the permission rule is satisfied; and
responsive to satisfying the permission rule, transmitting, by the one or more processors, the contact information of the user to the requestor.

US Pat. No. 10,142,350

INFORMATION PROCESSING APPARATUS PERMITTING EXECUTION OF AN APPLICATION PROGRAM BY A TERMINAL APPARATUS BASED ON A LOCATION OF THE TERMINAL APPARATUS, AND INFORMATION PROCESSING METHOD OF PERMITTING THE APPLICATION PROGRAM TO BE EXECUTED BY THE TERMINAL A

FUJITSU LIMITED, Kawasak...

1. An information processing apparatus configured to communicate with a terminal device, the information processing apparatus comprising:a memory; and
a processor coupled to the memory and configured to
receive, from the terminal device, location information indicating a location at which the terminal apparatus is located,
transmit an application program, which includes a first function and a second function, to the terminal apparatus in accordance with the location information,
permit the terminal apparatus to execute the first function and the second function of the application program, when the location indicated by the location information is included in a first location range,
permit the terminal apparatus to execute the first function and prohibit the terminal apparatus to execute the second function, when the location indicated by the location information is not included in the first location range and is included in a second location range,
detect a quitting of the application program,
in a case in which the quitting of the application program is detected when the location indicated by the location information is included in the second location range, narrow the second location range, and
in a case in which the quitting of the application program is detected when the location indicated by the location information is outside of the second location range, extend the second location range.

US Pat. No. 10,142,349

VERIFYING NETWORK-BASED PERMISSIONING RIGHTS

Palantir Technologies Inc...

1. A method of verifying permissioning rights to one or more data resources associated with a data processing platform, the method being performed using one or more processors and comprising:receiving, from a client device, an assertion statement identifying a user, a data resource and an operation performable with respect to the data resource;
the operation performable with respect to the data resource comprising a read operation or a view operation;
applying the received assertion statement to a network database storing an access control list defining, for each of a plurality of data resources associated with the data processing platform, one or more users having permission to perform one or more operations on the respective data resource, wherein applying the assertion statement is effective to determine if the received assertion statement is true or false in relation to said data resource identified in the assertion statement, by determining a first data structure comprising an assertion tree for said data resource, the assertion tree comprising an expected hierarchical resource graph that represents permissions of the identified data resource and of one or more dependencies of the identified data resource, that would make the assertion statement true, determining a second data structure comprising a corresponding hierarchical resource graph that represents part of the access control list, and comparing the first data structure with the second data structure to determine if the assertion statement is true or false; and
in the event that the assertion is false, generating an error message for output.

US Pat. No. 10,142,348

ENHANCED DATA INTERFACE FOR CONTACTLESS COMMUNICATIONS

Visa International Servic...

1. A method comprising:receiving, by a hardware communication device, a request for available applets from a hardware device;
providing, by the hardware communication device, a list of available applets including trusted applet identifiers and untrusted applet identifiers to the hardware device;
receiving, by the hardware communication device, a selection of an untrusted applet identifier from the list and an entity identifier associated with the hardware device, wherein the selection of the untrusted applet identifier from the list is determined based on a highest priority applet of the available applets supported by the hardware device;
validating, by the hardware communication device, that the hardware device is authorized to access credentials associated with the selected untrusted applet identifier by comparing the entity identifier to a list of trusted entity identifiers; and
providing, by the hardware communication device, the credentials associated with the selected untrusted applet identifier to the hardware device.

US Pat. No. 10,142,347

SYSTEM FOR CENTRALIZED CONTROL OF SECURE ACCESS TO PROCESS DATA NETWORK

BANK OF AMERICA CORPORATI...

12. A method for supporting and controlling access to a private block chain within a private block chain distributed network, the method comprising:receiving, by one or more processing devices, a request from a user utilizing a node to access the private block chain, wherein the request includes received authentication credentials, wherein the private block chain network comprises a distributed network of nodes managed by one or more entities, wherein nodes from the distributed network of nodes are operatively coupled to each other, have at least a portion of a private ledger, and share information on the ledger through electronic communication, and wherein the received authentication credentials comprises user authentication credentials and node authentication credentials;
comparing, by the one or more processing devices, the received authentication credentials with stored authentication credentials for the user and the node;
allowing, by the one or more processing devices, the user to access the private block chain distributed network when the received authentication credentials meet the stored authentication credentials for the user and the node;
determining, by the one or more processing devices, one or more types of actions that the user is allowed to, or prevented from, taking based on the comparison of the received authentication credentials with the stored authentication credentials;
receiving, by the one or more processing devices, an indication that the user took an action for an event within the private block chain, wherein the action occurred on the node from the distributed network of nodes, and wherein the action is validating the event using event information on the private ledger of the node from the distributed network of nodes of the private block chain, storing the event information for the event on the private ledger of the node from the distributed network of nodes of the private block chain, or disseminating the event information for the event on the private ledger of the node to one or more other nodes of the distributed network of nodes of the private block chain; and
determining, by the one or more processing devices, limits, wherein the limits comprise one or more user limits, one or more node limits, one or more entity limits, one or more event limits, and one or more action limits;
comparing, by the one or more processing devices, the action taken and the user, the node, an entity associated with the user, and the event associated with the action to the limits, including the one or more user limits, the one or more node limits, the one or more entity limits, the one or more event limits, and the one or more action limits; and
allowing or denying, by the one or more processing devices, the action based on the determination of the one or more types of actions that the user is allowed to, or prevented from, taking based on the comparison of the received authentication credentials with the stored authentication credentials and based on the comparison of the action and the user, the node, the entity, and the event associated with the action to the limits.

US Pat. No. 10,142,346

EXTENSION OF A PRIVATE CLOUD END-POINT GROUP TO A PUBLIC CLOUD

CISCO TECHNOLOGY, INC., ...

1. A method of extending a private cloud to a public cloud, the method comprising:establishing, by an orchestrator, a virtual private network between a private cloud and a public cloud, wherein the private cloud is behind a firewall;
receiving, by the orchestrator, one or more access control lists provisioned by the private cloud;
determining, by the orchestrator, contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists;
extending, by the orchestrator, the end point group of the private cloud to the end point group of the public cloud across the virtual private network; and
monitoring and troubleshooting, by the orchestrator, the end point group of the public clouds and associated public endpoints of the public cloud.

US Pat. No. 10,142,345

METHOD AND APPARATUS FOR MULTI-USERS REGISTERING HOME NETWORK SUPPORTING APPLICATION BASED DEVICE

Samsung Electronics Co., ...

1. A method for registering a device supporting home networking, by a server, the method comprising:receiving, from a first device, a registration request message for a second device, wherein the registration request message includes device information of the second device;
identifying that the second device is not registered based on the device information of the second device;
registering the second device based on confirming a first authentication code of the second device;
obtaining a first re-registration authentication code of the second device when the first authentication code of the second device is confirmed;
mapping the first re-registration authentication code to the device information of the second device; and
transmitting, to the first device, a completion message for the registration procedure for the second device.

US Pat. No. 10,142,344

CREDENTIAL MANAGEMENT SYSTEM

HRB Innovations, Inc., L...

1. A method of securely caching a user's credentials for subsequent reuse, comprising the steps of:automatically, based on a sign on by the user, determining whether a user-locked file containing credentials for the user exists in a location hidden from the user;
if the user-locked file containing credentials for the user does not exist:
automatically creating, in the location hidden from the user, using a first system-locked stored procedure, the user-locked file containing credentials, wherein the credentials will be utilized to access a shared, secure resource;
if the user-locked file containing credentials for the user does exist:
reading, using a second system-locked stored procedure, the user's credentials from the user-locked file;
populating the user's credentials into one or more variables accessible from a stored procedure run by the user; and
accessing, from the stored procedure run by the user, the shared, secure resource using the user credentials stored in the one or more variables.

US Pat. No. 10,142,343

UNAUTHORIZED ACCESS DETECTING SYSTEM AND UNAUTHORIZED ACCESS DETECTING METHOD

NIPPON TELEGRAPH AND TELE...

1. An unauthorized access detecting system, comprising:processing circuitry configured to
generate authentication information that is used to log in to a predetermined server,
set the generated authentication information generated on a predetermined analyzing host and cause a program to be analyzed to operate on the predetermined analyzing host, wherein the program is allowed access to the set authentication information,
detect unauthorized access to a content at a predetermined server using the authentication information,
obtain a program corresponding to the authentication information by referring to a table stored in a memory, the table prescribing correspondence between the authentication information and the program, and
identify, as a program that leaks out information, the program that operates on the predetermined analyzing host set with the authentication information if unauthorized access using the authentication information has been detected.

US Pat. No. 10,142,342

AUTHENTICATION OF CLIENT DEVICES IN NETWORKS

Extreme Networks, Inc., ...

1. A method comprising:receiving identity information at an edge configuration device from a physical end device via a connection, wherein the identity information identifies the physical end device or one or more users associated with the physical end device, and wherein the identity information includes a request for permission for the physical end device to access a Shortest Path Bridging (SPB) network;
sending a request from the edge configuration device over the SPB network to an access control server connected to the SPB network in response to receiving the identity information, wherein the request requests authentication for the physical end device;
receiving authentication at the edge configuration device from the access control server for the physical end device to connect to the SPB network;
receiving network configuration information at the edge configuration device from the access control server in response to sending the request for authentication; and
using the network configuration information to configure the edge configuration device for use with one or more virtual local area networks (VLANs) of the SPB network for use with the physical end device.

US Pat. No. 10,142,341

APPARATUS, SYSTEM AND METHOD FOR WEBRTC

NEC Corporation, Tokyo (...

1. An authentication method in a communication system, the method comprising:sending a token from a WWSF (WebRTC (Web Real Time Communication) Web Server Function) to a UE (User Equipment) in an IMS (IP (Internet Protocol) Multimedia Subsystem) registration, wherein the token is generated by binding an IMPU (IMS public user identity) to a webRTC ID (Identity) received by the WWSF from the UE, and the token is transmitted from the WWSF to the UE;
sending a REGISTER message with the token from the UE to an eP-CSCF (enhanced Proxy-CSCF (Call Session Control Function));
verifying the token by the eP-CSCF, the token having an effective time;
forwarding the REGISTER message from the eP-CSCF to an S-CSCF (Serving-CSCF);
receiving a subscription profile from an HSS (Home Subscriber Server) to the S-CSCF; and
sending a 200 OK message from the S-CSCF to the UE via the eP-CSCF.

US Pat. No. 10,142,340

SYSTEM FOR DETECTION AND IDENTIFICATION OF ELECTRONIC DEVICES AND ALLOCATION OF PROXY IDENTIFIERS FOR SAME

Bank of America Corporati...

1. A system for detection and identification of electronic devices and allocation of proxy identifiers for the same, the system comprising:a memory;
a processor; and
a module stored in the memory, executable by the processor, and when executed by the processor, causes the process to:
detect one or more electronic devices within a wireless network range;
identify the one or more electronic devices within the wireless network range, comprising:
matching the one or more electronic devices with one or more entries in a database of users;
determine that the one or more electronic devices has stored thereon one or more credentials;
access the one or more credentials;
copy the one or more credentials from the one or more electronic devices to a secure digital lock box;
detect that the one or more credentials have been copied to the secure digital lock box;
based on detecting that the one or more credentials have been copied to the secure digital lock box, permanently delete the one or more credentials from the one or more electronic devices;
allocate proxy identifiers corresponding to the one or more credentials;
initiate storage of the allocated proxy identifiers on the one or more electronic devices;
detect that the one or more electronic devices have attempted to perform a transaction that requires the use of the one or more credentials; and
based on detecting that the one or more electronic devices have attempted to perform a transaction that requires the use of the one or more credentials, initiate use of the proxy identifiers by the one or more electronic devices instead of use of the one or more credentials.

US Pat. No. 10,142,339

IDENTITY AUTHENTICATION SYSTEM, APPARATUS, AND METHOD, AND IDENTITY AUTHENTICATION REQUEST APPARATUS

KUANG-CHI INTELLIGENT PHO...

1. An identity authentication system, comprising an identity authentication request apparatus and an identity authentication apparatus, wherein the identity authentication request apparatus comprises a first hardware processor coupled with a first memory and configured to execute program modules stored on the first memory, the identity authentication apparatus comprises a second hardware processor coupled with a second memory and configured to execute program modules stored on the second memory;the first hardware processor is configured to send a verification code issuing request to the identity authentication apparatus;
the second hardware processor is configured to respond to the verification code issuing request sent by the identity authentication request apparatus, generate an identity (ID) and a corresponding verification code according to the verification code issuing request, bind the generated ID and the verification code, store the generated ID, the verification code, and a binding record, and feed back feedback information that carries the verification code to the identity authentication request apparatus;
the first hardware processor is further configured to receive the feedback information from the identity authentication apparatus, and send an ID issuing request to the identity authentication apparatus, wherein the ID issuing request comprises the verification code carried in the feedback information; and
the second hardware processor is further configured to parse the received ID issuing request and determine whether the verification code comprised in the ID issuing request matches the stored verification code, and if the verification code comprised in the ID issuing request matches the stored verification code, send allocation information that carries the ID to the identity authentication request apparatus;
wherein the first hardware processor apparatus is further configured to encrypt and store the ID, a unique identifier of the identity authentication request apparatus, and a counter value after receiving the allocation information that carries the ID;
wherein the second hardware processor is further configured to encrypt the generated ID, the verification code and the binding record by using a sync encryption algorithm that is based on a scrambling code and a pseudo-code; and the first hardware processor is further configured to encrypt the ID, the unique identifier of the identity authentication request apparatus, and the counter value by using the sync encryption algorithm that is based on a scrambling code and a pseudo-code;
wherein the scrambling code is a scrambling code that is randomly selected from a randomly generated hexadecimal scrambling code group, and a quantity of bits of the scrambling code is consistent with a quantity of bits of information that needs to be encrypted; wherein the second hardware processor is further configured to encrypt the generated ID, the verification code and the binding record by using a sync encryption algorithm that is based on a scrambling code, or the first hardware processor is further configured to encrypt the ID, the unique identifier of the identity authentication request apparatus, and the counter value by using the sync encryption algorithm that is based on a scrambling code by following steps: converting the information, which needs to be encrypted, into hexadecimal information; and using the scrambling code to perform an operation bit by bit on the information that is converted into the hexadecimal information and needs to be encrypted, wherein the operation comprises one of the following: an XOR operation, a negation operation, seeking a two's complement, and seeking a one's complement;
wherein the pseudo-code is a group of randomly generated digits, letters, symbols, or a combination of at least one thereof; wherein the second hardware processor is further configured to encrypt the generated ID, and the verification code and the binding record by using a sync encryption algorithm that is based on a pseudo-code, or the first hardware processor is further configured to encrypt the ID, the unique identifier of the identity authentication request apparatus, and the counter value by using the sync encryption algorithm that is based on a pseudo-code by the following step: adding the pseudo-code into a trailer of the information that is encrypted by using the scrambling code, so that the quantity of bits of the information increases to a preset quantity of bits.

US Pat. No. 10,142,338

SYSTEMS AND METHODS FOR ONLINE THIRD-PARTY AUTHENTICATION OF CREDENTIALS

ID.me, Inc., McLean, VA ...

1. A computer-implemented method for online authentication of online attributes, the method including:receiving, at a server over an electronic network, an authentication request from a relying party, the authentication request including identity information to be authenticated and credential information to be authenticated;
determining, by the server, whether a user account is associated with the received identity information by accessing an internal database;
accessing, by the server from the internal database, user data of the user account determined to be associated with received identity information;
determining, by the server, authentication data to be obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated;
transmitting, by the server over the electronic network to the user, a request for authentication data;
determining, by the server, an assurance level associated with the authentication request based on the authentication request and the relying party, wherein a single-factor authentication is required for lower assurance levels and a multi-factor authentication is required for higher assurance levels;
receiving, at the server over the electronic network, authentication data associated with the user, wherein the authentication data is associated with a lifetime value, wherein the lifetime value identifies a length of time the authentication data is valid, wherein the authentication data further includes a status identifier, wherein the status identifier includes one of a pending, active, suspended, and revoked status, wherein the status identifier is placed in the revoked status after receiving and authenticating a revocation request;
transmitting, by the server over the electronic network to a verification data source server, authentication data associated with the user; and
receiving, at the server over the electronic network, an authentication result from the verification data source server for the user associated with authentication data.

US Pat. No. 10,142,337

HARDWARE IDENTIFICATION THROUGH COOKIES

Uniloc 2017 LLC, Wilming...

6. A non-transitory computer readable medium which includes one or more processors, and a memory, the computer readable medium including computer instructions which are configured to cause a server computer, by execution of the computer instructions in the one or more processors from the memory, to recognize a given remotely-located device as either a known device or an unknown device by:receiving, from the given device, a device identifier generated by hashing multiple cookies supplied from at least two different hosts which cookies are stored on the given device;
determining an amount of correlation between the device identifier of the given device and corresponding previously stored identifiers of each of one or more other devices; and
determining that the given device is a known device upon a condition in which the amount of correlation is at least a predetermined threshold.

US Pat. No. 10,142,336

COMMUNICATION SYSTEM AND METHOD

SCHNEIDER ELECTRIC INDUST...

1. A communication analysis method implemented in a first device configured to receive communication frames originating from a second device, said first device and said second device being configured to establish a communication between themselves in a secure communication session, said method comprising:storing parameters corresponding to the communication established with the second device during the secure communication session;
analyzing, in response to receiving a communication frame originating from the second device, the parameters of the communication during the reception of the communication frame in relation to the parameters stored for said communication; and
determining a renewal or a maintenance of the secure communication session according to the analysis carried out,
wherein the first device is a server including a microprocessor and the second device is a sensor with a microcontroller and a transmitter, and
wherein the communication is a cryptographic communication in a wireless environment,
wherein the analyzing further comprises checking a level of confidence assigned to the second device and when the level of confidence is downgraded in the event of inconsistency between the parameters of the communication during the reception of the communication frame and the parameters stored for said communication, renegotiating a new session key for the secure communication session.

US Pat. No. 10,142,335

DYNAMIC INTRINSIC CHIP IDENTIFICATION

International Business Ma...

1. A method for intrinsic chip identification, comprising:receiving first counter information from a device;
determining whether the first counter information matches second counter information;
enabling authentication in response to the first counter information matching the second counter information;
receiving a first set of frequencies from the device, wherein the first set of frequencies are selected based on the first counter information;
determining whether each frequency of the first set of frequencies is within a predetermined range of a corresponding frequency of a second set of frequencies, wherein the second set of frequencies are selected based on the second counter information;
selecting a challenge response pair comprising a challenge and a response as a result of each frequency of the first set of frequencies being within the predetermined range of a corresponding frequency of the second set of frequencies;
transmitting the challenge to the device in response to selecting the challenge response pair;
receiving the response as a result of the challenge being sent to the device;
determining whether the response matches an expected response; and
granting authentication as a result of the response matching the expected response.

US Pat. No. 10,142,334

COMMUNICATING APPARATUS, METHOD, AND COMMUNICATING SYSTEM

RICOH COMPANY, LTD., Tok...

1. A communicating apparatus that communicates with at least one terminal device, the communicating apparatus comprising:circuitry configured to
capture an image,
authenticate a person in the image that has been captured,
determine a direction of the person based on a result of authenticating the person, and control transmission of a radio wave in the determined direction to connect the terminal device to a network, and
communicate with the terminal device connected to the network by using access information included in the transmitted radio wave, wherein
the circuitry is further configured to
calculate a size of a room in which the person is located in each direction based on the image, and calculate a size of an area based on the calculated size of the room,
adjust a transmission area of the radio wave according to the size of the area, and
control the radio wave to reach an entirety of the area and adjust radio wave intensity so as to not transmit the radio wave outside of the area.

US Pat. No. 10,142,333

BIOMETRIC REFERENCE TEMPLATE RECORD

WELLS FARGO BANK, N.A., ...

1. A method, comprising:receiving, by an authentication computing system, a biometric reference sample and a user identifier, the user identifier uniquely identifying a user from whom the biometric reference sample was captured;
processing, by the computing system, the biometric reference sample to generate biometric data;
tokenizing, by the computing system, the biometric data using a first tokenization schema;
tokenizing, by the computing system, the biometric reference sample using a second tokenization schema;
generating, by the computing system, a reference template, the reference template including the tokenized biometric data;
generating, by the computing system, a biometric reference template record, the biometric reference template record including:
a template record identifier uniquely identifying the biometric reference template record, the template record identifier being associated with the user identifier,
the reference template,
a first identifier identifying that the reference template includes tokenized biometric data, and
a second identifier identifying that the reference template includes tokenized reference sample;
digitally signing, by the computing system, the reference template using SignedData cryptographic message syntax to generate a SignedData message;
binding, by the computing system, a third identifier to the SignedData message via an attribute of the SignedData message, the third identifier identifying the first tokenization schema, wherein the attribute includes a first uniform resource identifier query string, the first uniform resource identifier query string including a first uniform resource locator identifying a first tokenization service provider capable of recovering the biometric data from the tokenized biometric data; and
binding, by the computing system, a fourth identifier to the SignedData message via an attribute of the SignedData message, the fourth identifier identifying the second tokenization schema, wherein the attribute includes a second uniform resource identifier query string, the second uniform resource identifier query string including a second uniform resource locator identifying a second tokenization service provider capable of recovering the biometric reference sample from the tokenized biometric reference sample.

US Pat. No. 10,142,332

METHOD AND APPARATUS FOR A WEARABLE BASED AUTHENTICATION FOR IMPROVED USER EXPERIENCE

Samsung Electronics Co., ...

1. A wearable device, comprising:at least one transceiver, in the wearable device, the transceiver configured to communicate with a client device or a cloud based server; and
processing circuitry, in the wearable device, coupled to the transceiver, the processing circuitry configured to:
identify a pairing between the wearable device and the client device;
identify attributes of a first user of the wearable device, wherein at least one of the attributes is a biometric, wherein the first user is one of a plurality of users of the wearable device, and wherein at least one of the plurality of users of the wearable device is an authorized user of the client device;
compare the identified attributes of the first user to attributes corresponding to each one of a plurality of user profiles for the plurality of users of the wearable device stored in a memory element of the wearable device;
determine if the identified attributes of the first user match a first or a second profile of the plurality of user profiles stored in the memory element of the wearable device;
responsive to the identified attributes of the first user matching the first profile, determine if the first profile provides authorization for the first user to access the client device and authorization to access first specific functions of the client device;
responsive to the first profile providing authorization to access the client device and authorization to access first specific functions, send a message to unlock the client device and allow access to the first specific functions;
responsive to the identified attributes of the first user matching a second profile, determine if the second profile provides authorization to access the client device and authorization to access second specific functions of the client device;
responsive to the second profile providing authorization to access the client device and authorization to access the second specific functions, send a message to unlock the client device and allow access the second specific functions;
identify that the pairing no longer exists between the wearable device and the client device; and
responsive to the pairing no longer existing, de-authorize access to the respective first or second specific functions.

US Pat. No. 10,142,331

AUTHENTICATION FOR APPLICATION

Alibaba Group Holding Lim...

1. A method comprising:detecting a near-field device of a user by a terminal when a particular operation is triggered;
obtaining an identification of the near-field device;
sending the identification of the near-field device to a server to request the server to conduct an authentication of the near-field device that matches the near-field device with a particular near-field device corresponding to the particular operation according to the identification of the near-field device;
receiving a result of authentication performed by the server according to the identification of the near-field device; and
sending a notification by the near-field device to another device used by the user in response to receiving the result of failed authentication.

US Pat. No. 10,142,330

LOCKING SYSTEMS WITH MULTIFACTOR AUTHENTICATION AND CHANGING PASSCODES

1. A computer-based locking system using changing passcodes, comprising:an application server;
an application running on a computing device and in electronic communication with the application server,
wherein the application is configured to request an input passcode from the application server based on a lock ID,
wherein the application server is configured to store a plurality of lock IDs each in association with a unique lock algorithm,
wherein the application server is configured to retrieve an associated lock algorithm by accessing the lock ID, and
wherein the application server is configured to generate the input passcode using the associated lock algorithm; and
a lock comprising a passcode interface, a locking mechanism, and an electromechanical actuator,
wherein the lock ID corresponds to the lock,
wherein the passcode interface is configured to capture the input passcode,
wherein the lock is configured to execute the associated lock algorithm locally to generate a plurality of local passcodes based on an input time including at least one of a current time and a time near the current time, and
wherein the lock is configured to release the locking mechanism by actuating the electromechanical actuator to translate the locking mechanism into an open position, in response to the input passcode matching at least one local passcode from the plurality of local passcodes.

US Pat. No. 10,142,329

MULTIPLE-FACTOR AUTHENTICATION

1. A method comprising:verifying a first authentication factor for a user;
identifying at least one target endpoint device for the user;
accessing an application program interface (API) to generate a communication request that includes:
a first portion specifying the target endpoint device, and
a second portion that includes a set of one or more documents written in a programming language that includes call flow commands for call routing logic of a call control server, the call flow commands including commands specifying how to communicate a security code;
transmitting the communication request to the call control server;
receiving input from the user; and
verifying a second authentication factor for the user by comparing the input to the security code.

US Pat. No. 10,142,327

RULE BASED DEVICE ENROLLMENT

Oracle International Corp...

1. A system comprising:memory configured to store computer-executable instructions; and
at least one processor configured to access the memory and execute the computer-executable instructions to collectively at least:
detect a gateway device connected to one or more electronic devices in a communication network;
receive, from the gateway device, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with the system, the enrollment request including fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device;
identify an enrollment policy associated with the electronic device;
enroll the electronic device in accordance with the enrollment policy based on verifying the fingerprint information associated with the electronic device; and
transmit, to the gateway device, information that enables the electronic device to access resources of the system.

US Pat. No. 10,142,326

ATTRIBUTE-BASED ACCESS CONTROL

INTERNATIONAL BUSINESS MA...

1. A method for performing attribute-based access control across a first and a second security domain in a federated processing environment, the method comprising:adding, into a received security token that comprises first access control attributes and a signature of a first identity provider of the first security domain, additional access control attributes provided by a second identity provider of the second security domain;
re-signing, with a private key associated with a certificate of a second service provider in the second security domain, the received security token with the added additional access control attributes, where the re-signing comprises an assertion in the second security domain that the added additional access control attributes have been provided by the second identity provider of the second security domain; and
issuing the re-signed received security token for consuming, using the added additional access control attributes, by any service provider in the second security domain.

US Pat. No. 10,142,325

SYSTEMS AND METHODS FOR CREDENTIALS DISTRIBUTION

Ivanti, Inc., South Jord...

1. A method by a management server, comprising:receiving a credentials request from a requesting management node, wherein the credentials request includes a public key of the requesting management node;
determining whether the management server has credentials encrypted for the requesting management node in a local cache, wherein the credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server;
sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials, wherein the requesting management node can decrypt the encrypted credentials using a private key; and
when the management server determines that the management server does not have the encrypted credentials:
sending a multicast request to one or more peer management nodes, the multicast request including the public key of the requesting management node;
receiving a unicast response from a responding management node that includes the encrypted credentials for the requesting management node; and
sending the encrypted credentials received from the responding management node to the requesting management node.

US Pat. No. 10,142,324

METHOD FOR READING ATTRIBUTES FROM AN ID TOKEN

BUNDESDRUCKEREI GmbH, Be...

1. A method for a first computer system to read at least one attribute stored in an identification (ID) token associated with a user, and transmit the at least one attribute to a second computer system, the method comprising:sending a request from a third computer system, associated with the user, to the second computer system;
providing, by the second computer system, an attribute specification identifying the at least one attribute from the ID token in response to the request from the third computer system;
sending, by the second computer system, the attribute specification to the first computer system without interposition of the third computer system;
selecting, by the first computer system, at least one certificate of a plurality of certificates of the first computer system based on the attribute specification, each of the plurality of certificates including a different indication of attributes for which the first computer is authorized for read access, the at least one certificate including an indication of the at least one attribute identified in the attribute specification;
authenticating, by the ID token, the user;
authenticating, by the ID token, the first computer system using the at least one certificate of the first computer system, the at least one certificate being received by the ID token via a protected connection with end-to-end encryption between the ID token and the first computer system;
checking, by the ID token, an authorization of the first computer system for a read access to the at least one attribute identified in the attribute specification using the at least one certificate, the checking following successful authentication of the user and the first computer system;
effecting read access, by the first computer system, to the at least one attribute stored in the ID token if the first computer system is authorized for the read access;
signing, by the first computer system, the at least one attribute read from the ID token; and
sending, by the first computer system, the at least one signed attribute to the second computer system without interposition of the third computer system.

US Pat. No. 10,142,323

ACTIVATION OF MOBILE DEVICES IN ENTERPRISE MOBILE MANAGEMENT

HUAWEI TECHNOLOGIES CO., ...

1. A method, comprising:generating, at a mobile device, a first device security certificate, the first device security certificate including a representation of an identifier of the mobile device and a representation of a device key in a signature of the first device security certificate;
transmitting, by the mobile device, the first device security certificate to an authentication server;
receiving, at the mobile device, a server security certificate from the authentication server in response to a successful authentication by the authentication server, the server security certificate including a representation of a server key in a signature of the server security certificate, the server key corresponding to the device key and to a representation of a shared secret stored on the mobile device and known by the authentication server;
validating, at the mobile device, the server security certificate based on the signature of the server security certificate that includes the representation of the server key;
establishing, by the mobile device, a secure connection with the authentication server based on the first device security certificate and the server security certificate; and
enrolling, at the mobile device, at least one second device security certificate for formal communication over the secure connection.

US Pat. No. 10,142,322

METHODS AND APPARATUS FOR AUTHENTICATING IDENTITY OF WEB ACCESS FROM A NETWORK ELEMENT

TELLABS, INC., Napervill...

1. A communication network configured to generate a report identifying a user equipment (“UE”), comprising:a mobile device coupled to a communication network and configured to access and display online advertisements;
an advertising exchange server (“AES”) coupled to the communication network and configured to provide additional web pages relating to the online advertisements to the mobile device upon receipt of access requests associated with the online advertisement initiated by the mobile device;
a router configured to perform a gateway GPRS support node (“GGSN”), coupled to the mobile device and the AES for routing information between the mobile device and the AES, the router configured to obtain an International Mobile Subscriber Identification (“IMSI”) of the mobile device from web access request generated by the mobile device and a geo-location associated with the mobile device from a cell site coupled to the communication network, the router configured to create an authentication record containing the IMSI and the geo-location associated with the mobile device when an advertising access request for the online advertisements initiated by the mobile device is detected; and
a subscription partner coupled to the router and able to identify whether an ad-click is fraudulent based on IMSI information and geo-location of the mobile device in the authentication record.

US Pat. No. 10,142,321

SINGLE SIGN-ON PROCESSING FOR ASSOCIATED MOBILE APPLICATIONS

FISERV, INC., Brookfield...

1. A method for leveraging an initial server interaction session on behalf of a first mobile app for a continued server interaction session on behalf of a second mobile app, the method comprising:receiving, by a first mobile app executing on a mobile device and on behalf of a user of the mobile device, a first indication to launch the first mobile app;
receiving, by the first mobile app on behalf of the user, first authentication credentials for authenticating the user with a back-end server associated with the first mobile app;
generating, by the first mobile app, a sign-in request comprising i) information identifying the back-end server and ii) the first authentication credentials;
transmitting, by the first mobile app, the sign-in request to an application linking server;
receiving, by the first mobile app, a sign-in response comprising a session identifier indicative of an initial interaction session established with the back-end server on behalf of the user;
storing, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the session identifier;
subsequent to storing the session identifier, receiving a second indication to launch a second mobile app;
determining, by the second mobile app executing on the mobile device based at least in part on the session identifier, that the initial interaction session with the back-end server exists and is active; and
initiating, by the second mobile app on behalf of the user, a continued interaction session with the back-end server leveraging the initial interaction session without obtaining, by the second mobile app from the user, second authentication credentials for authenticating the user with the back-end server.

US Pat. No. 10,142,319

PROTECTING NETWORK COMMUNICATION SECURITY

International Business Ma...

1. A method for protecting network communication security at a server by updating tokens in a valid token queue comprising a plurality of valid tokens that are maintained at the server, the method comprising:in response to a request from a client, determining, by the server, whether a token from the client is included in the valid token, the valid token queue being a first-in-first-out queue;
in response to the token being included in the valid token queue, the server managing the valid token queue based on a position of the token in the valid token queue, wherein managing the valid token queue based on a position of the token in the valid token queue comprises:
keeping the valid token queue unchanged in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being greater than or equal to a threshold distance;
generating a new token in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being less than a threshold distance; and
in response to generating the new token, updating the valid token queue with the new token when the token from the client is at the end of the valid token queue; and
the server sending a response that includes the new token to the client based on the managing of the valid token queue.

US Pat. No. 10,142,318

SELF-ADAPTIVE COMMUNICATION METHOD FOR ENCRYPTION DONGLE

Feitian Technologies Co.,...

1. A self-adaptive method for communication of a dongle, which applies for a system including a dongle and a host which has an upper software flat, whereinthe upper software flat executes the following steps:
Step s1, setting, by the upper software flat, information of a communication mode of the upper software flat according to a type of a main board of the host;
Step s2, obtaining, by the upper software flat, information of a communication mode of the dongle according to enumeration information returned from the dongle to the host when a connection between the dongle and the host is detected by the upper software flat;
Step s3, determining, by the upper software flat, whether the information of the communication mode of itself matches the information of the communication mode of the dongle, if yes, executing Step s5; otherwise, executing Step s4;
Step s4, sending, by the upper software flat, a communication instruction which includes the information of the communication mode of the upper software flat to the dongle via a control-transmission-channel, returning to Step s2; and
Step s5, communicating, by the upper software flat, with the dongle effectively via an interrupt-communication-channel according to the information of the communication mode of the upper software flat; and
the dongle executes the following steps:
Step r1, setting, by the dongle, the information of the communication mode of the dongle according to a communication mode identification of the dongle, performing an enumeration, returning enumeration information to the host after the enumeration is finished, and waiting for communicating with the upper software flat;
Step r2, communicating, by the dongle, with the upper software flat in the case that the dongle receives information sent from the upper software flat via the interrupt-transmission-channel; executing Step r3 in the case that the dongle receives a communication instruction sent from the upper software flat via the control-transmission-channel;
Step r3, setting, by the dongle, the communication mode identification of the dongle according to the information of the communication mode of the upper software flat in the communication instruction sent from the upper software flat;
Step r4, resetting the dongle; or, returning, by the dongle, set-state information to the upper software flat;
when the dongle is reset in Step r4, after the upper software flat sends the communication instruction including the information of the communication mode of the upper software flat to the dongle via the control-transmission-channel, the step further comprising:
waiting, by the upper software flat, for receiving the set-state information returned from the dongle, and outputting prompt information to pull out or insert the dongle again when the set-state information returned from the dongle is received.

US Pat. No. 10,142,317

SYSTEM AND METHOD FOR PROCESSING USER RIGHTS

Comcast Cable Communicati...

1. A method, comprising:storing, in a storage device, content, wherein a user account of a user device has a right to consume the content at a first time when the content is stored;
determining a time duration after which the content is removed from the storage device;
receiving, by an entitlement server from the user device, a first request for playback of the content at a second time;
determining, by the entitlement server, that a user associated with the user account does not have the right to consume the content at the second time;
determining, by the entitlement server, that the second time falls within the time duration; and
providing, based on the right to consume the content at the first time and the second time falling within the time duration, the content to the user device at the second time.

US Pat. No. 10,142,316

COMPUTERIZED METHOD AND SYSTEM FOR MANAGING AN EMAIL INPUT FACILITY IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT

Intralinks, Inc., New Yo...

1. A method for secure management of emailed content, the method comprising:providing a secure email input facility for accepting non-secure email addressed to a designated email address, wherein the non-secure email is received and at least one of the non-secure email and content delivered thereby is stored in a storage facility as secure content related to at least one of the sender of the email, the subject line of the non-secure email, the destination address of the email within the exchange, and the content of the email, wherein access to the secure content stored in the storage facility is limited to an access list with permissions assigned to each member of the access list;
assigning a first user and second user to the access list, wherein the step of assigning at least provides permission for the first user to send email content to the secure email input facility for storage of the email content in the storage facility and at least provides permission for the second user to access the email content stored in the storage facility;
receiving the email content from the first user, wherein the email content was addressed to the designated email address;
verifying permission for the first user to store email content in the storage facility in association with the designated email address;
storing the email content in the storage facility; receiving an access request for the second user to access the stored email content; and
granting access to the second user for access to the email content stored in the storage facility.

US Pat. No. 10,142,315

METHOD AND APPARATUS OF PROVIDING MESSAGING SERVICE AND CALLBACK FEATURE TO MOBILE STATIONS

KASEYA LIMITED, Dublin (...

1. A method comprising:generating a script responsive to an application being identified as needing to be executed on a mobile device;
executing the script in a mobile agent router device, wherein the script is configured to create at least one data message comprising at least one update to be performed on the mobile device and header information identifying the mobile device;
responsive to executing the script, initiating update commands to be performed on the mobile device periodically at specified times included in the script; and
transmitting the at least one data message comprising the update commands to the mobile device based on information included in the executed script, wherein the update commands are executed on the mobile device without user interaction.

US Pat. No. 10,142,314

METHOD AND APPARATUS FOR PROCESSING AUTHENTICATION REQUEST MESSAGE IN A SOCIAL NETWORK

Alibaba Group Holding Lim...

1. A method comprising:receiving, directly by a social network server, an authentication request message to establish a social relationship between a first client and a second client, the request message being sent by the first client;
determining, by the social network server and after receiving the authentication request message sent by the first client, a relationship chain information indicative of an indirect social network relationship between the first client and the second client;
determining, by the social network server, the relationship chain information between the first client and the second client based on identification information of the first client and identification information of the second client and a correlation between the identification information of the first and second clients and respective relationship chain information of the first and second clients;
searching, by the social network server, for a keyword in an inverted index;
locating, by the social network server, index records in the inverted index file of which identification information of the first client and the identification information of the second client are keywords;
obtaining, by the social network server, the relationship chain information of the first client and the second client from the located index records, the inverted index using the identification information of the first and second clients as an index keyword and the respective relationship chain information of the first and second clients as an index value; and
forwarding, by the social network server and in response to determining the relationship chain information between the first client and the second client, the authentication request message and the determined relationship chain information to the second client, the determined relationship chain information being for use by the second client to authenticate the authentication request message.

US Pat. No. 10,142,313

SYSTEM AND METHOD FOR AUTHENTICATING USER USING CONTACT LIST

Line Corporation, Tokyo ...

1. A system of a server comprising:one or more processors configured to execute computer-readable instructions to,
control the server to receive first contact list information from a first electronic device over a network, the first contact list information stored in the first electronic device;
control the server to store, in a database, and manage the first contact list information in association with an identifier of a user of the first electronic device;
control the server to determine if a number of contacts in the first contact list information is greater than or equal to a threshold value;
control the server to store and manage a first portion of contacts in the first contact list information in the database if the number of contacts in the first contact list information is greater than or equal to the threshold value;
control the server to compare second contact list information to the first contact list information in association with the identifier of the user, the second contact list information from the first electronic device or a second electronic device, the one or more processors configured to control the server to compare in response to a service request from the first electronic device or the second electronic device based on the identifier of the user; and
control the server to determine whether to authenticate the user in response to the service request from the first electronic device or the second electronic device based on a result of the comparing,
wherein the one or more processors is configured to perform the comparing the second contact list information to the first contact list information by comparing at least a second portion of contacts in the second contact list information to the first portion of the contacts in the first contact list information if the number of contacts in the first contact list information is greater than or equal to the threshold value.

US Pat. No. 10,142,312

SYSTEM FOR ESTABLISHING SECURE ACCESS FOR USERS IN A PROCESS DATA NETWORK

BANK OF AMERICA CORPORATI...

1. A system operatively connected with a block chain distributed network and for using the block chain distributed network for establishing secure access for users in a process data network, the system comprising:a memory device storing logic and rules for the block chain; and
a processing device operatively coupled to the memory device, wherein the processing device is configured to execute computer-readable program code to:
receive an indication that an entity has executed a transaction with a third source institution via a first transaction channel;
record information associated with the transaction executed by the entity with the third source institution in a distributed ledger of the block chain distributed network, wherein the distributed ledger further comprises past transactions executed by the entity with one or more financial institutions, wherein the past transactions comprise at least information associated with transactions executed by the entity with a first source institution and a second source institution via one or more predetermined transaction channels including at least a specific banking center, a specific ATM (Automatic Transaction Machine), or a specific online/mobile banking channel;
analyze the distributed ledger to determine a pattern associated with the past transactions executed by the entity stored in the distributed ledger;
compare the information associated with the transaction executed by the entity with the third source institution with the pattern associated with the past transactions stored in the distributed ledger to determine a match, wherein comparing further comprises at least determining that the first transaction channel matches at least one of the one or more predetermined transaction channels;
authorize the execution of the transaction executed by the entity with the third source institution to be completed based on at least determining a match between the information associated with the transaction executed by the entity with the third source institution and the pattern associated with the past transactions stored in the distributed ledger, wherein authorizing further comprises:
identifying a smart contract between the third source institution, the first source institution, and the second source institution, wherein the smart contract comprises logic and rules associated with the smart contract, wherein the smart contract is configured to be self-executing;
comparing the information associated with the transaction executed by the entity with the third source institution to the logic and rules of the smart contract;
determining that the information associated with the transaction executed by the entity with the third source institution meets the logic and rules of the smart contract; and
validating the information associated with the transaction executed by the entity with the third source institution in response to determining that the information associated with the transaction executed by the entity with the third source institution meets the logic and rules of the smart contract;
determine, based on at least the one or more past transactions executed by the entity via the one or more predetermined transaction channels, that the entity is associated with misappropriate activity;
aggregate information associated with past transactions executed by the entity via the one or more predetermined transaction channels with the one or more financial institutions; and
record the aggregated information associated with the past transactions in the distributed ledger.

US Pat. No. 10,142,311

COMMUNICATION SYSTEM AND COMMUNICATION DEVICE

RENESAS ELECTRONICS CORPO...

1. A communication system, comprising:a first device and a second device which are mutually coupled via a network so as to transmit and receive packets over the network,
wherein the first device and the second device respectively include a first packet counter and a second packet counter,
wherein a same random number value is given to the first and second packet counters as initial values of the first and second packet counters, and the first and second packet counters are respectively updated by the first device and the second device in association with each transmission and each reception of the packets by using values generated from performing a same lossy compression function on counted values of the first and the second packet counters as increment values,
wherein, when a message is to be transmitted to the second device, the first device generates a message authentication code on a basis of the message, draws out a part of the message authentication code on a frame position of some bits which are designated on a basis of a counted value of the first packet counter, sets the drawn-out part of the message authentication code as a divided message authentication code, generates a packet which includes the message and the divided message authentication code, and transmits the packet which includes the message and the divided message authentication code to the second device over the network, and
wherein, when the packet has been received from the first device, the second device generates another message authentication code on a basis of the message included in the received packet, draws out a part of the another message authentication code on the frame position of some bits which are designated on a basis of a counted value of the second packet counter, compares the drawn-out part of the another message authentication code with the divided message authentication code included in the received packet and performs a message authentication on the basis of a result of the comparison.

US Pat. No. 10,142,310

METHOD AND CLOUD SERVER FOR MANAGING DEVICE

Samsung Electronics Co., ...

10. A cloud server comprising:a memory; and
at least one processor coupled to the memory and configured to:
record information identifying a first device connected to the cloud server through a network,
record information indicating at least one function provided by the first device,
record execution authorization information indicating an object capable of performing the at least one function, and
authenticate, based at least in part on the execution authorization information, whether a second device has authorization to perform the at least one function provided by the first device; and
a communicator configured to:
receive, from the first device, a request for authenticating whether the second device that requests execution of the at least one function provided by the first device has the authorization to perform the at least one function provided by the first device, and
transmit a result of the authenticating to the first device,
wherein the cloud server is implemented as a hardware device, and
wherein the cloud server updates the execution authorization information through a device which is an administrator of the first device.

US Pat. No. 10,142,309

NO PASSWORD USER ACCOUNT ACCESS

DROPBOX, INC., San Franc...

1. A computer-implemented method, comprising:receiving, by a synchronized content management system, a request to access a user account at the synchronized content management system;
determining that the user account is a passwordless user account created at the synchronized content management system without a corresponding user account password, the passwordless user account providing user access to the synchronized content management system without user input of a password;
generating, by the synchronized content management system, tokens for passwordless authentication of the passwordless user account, the tokens comprising a device identifier and an email identifier, wherein the email identifier is associated with an email address registered with the passwordless user account;
sending, by the synchronized content management system, the device identifier to a client device;
sending, by the synchronized content management system, to the email address registered with the passwordless user account at the synchronized content management system, an email containing a link that:
when activated from the client device, triggers a browser application on the client device to obtain the email identifier and provide the email identifier to a client application that is also on the client device, the client application being configured to communicate with the synchronized content management system to synchronize changes to content items between local copies of the content items stored on the client device and remote copies of the content items stored on the synchronized content management system; and
when activated from a different client device triggers a notification to the synchronized content management system indicating that the email was accessed from the different client device;
receiving, by the synchronized content management system, both the device identifier and the email identifier from the client application on the client device;
determining, by the synchronized content management system, that the client application on the client device has possession of both the device identifier sent to the client device and the email identifier associated with the email address registered with the passwordless user account;
determining that the link was activated via the client device, based on the determining that the client device has possession of both the device identifier and the email identifier;
authorizing, by the synchronized content management system, the client device to access the passwordless user account without user input of the password, in response to determining that the client application on the client device has both the device identifier and the email identifier and determining that the link was activated via the client device; and
synchronizing one or more content items on the synchronized content management system to the client device for local storage at the client device, the one or more content items being associated with the passwordless user account.

US Pat. No. 10,142,308

USER AUTHENTICATION

EMC IP Holding Company LL...

1. A method, comprising:receiving an electronic authentication request seeking access for a user device to a computerized resource, wherein the electronic authentication request comprises a file that includes (i) a user device attribute associated with a previous communication with the computerized resource, (ii) a behavioural biometric attribute associated with a previous communication with the computerized resource, and (iii) a time stamp describing a prior time the file was used to access the computerized resource;
in response to receiving the electronic authentication request, performing a first authentication operation to compare the respective user device and the behavioural biometric attributes in the file and corresponding user device and behavioural biometric attributes associated with the electronic authentication request, wherein the first authentication operation utilizes one of Jaccard similarity or Mahalabonis distance to perform the comparison of the first authentication operation;
upon the comparison of the first authentication operation indicating a relationship between the respective user device and the behavioural biometric attributes in the file and the corresponding attributes associated with the electronic authentication request, performing a second authentication operation by comparing (i) the respective user device and the behavioural biometric attributes in the file and expected user device and behavioural biometric attributes derived from one or more previous communications with the computerized resource and (ii) the time stamp in the file and an expected time stamp that describes when the file was last used to access the computerized resource; and
based on the comparison of the second authentication operation, determining whether to grant the user device access to the computerized resource.

US Pat. No. 10,142,307

SYSTEM AND METHOD FOR RECEIVING INFORMATION AMONG COMPUTER SYSTEMS WITHOUT ENABLING LOG INS IF THE USER IDENTIFIERS ARE COMPROMISED

1. A method of transferring data from a first account at a first computer system to a second account at a second computer system, the method comprising:receiving at a third computer system, separate from at least one of the first computer system and the second computer system, as part of a first request to arrange at least one transfer of the data from the first account to the second account, a first identifier that uniquely identifies a user of the second account but is not required by a user of the second computer system to log in as that user on the second computer system;
receiving at the first computer system a second request to arrange at least one transfer of the data from the first computer system, to the third computer system, said request comprising a second identifier, identifying a user of the first account at the first computer system;
responsive to the second request, authenticating the user of the first account at the first computer system by the first computer system, responsive to the second identifier received as part of the second request;
responsive to the authenticating step and to the second request received, providing from the first computer system to the third computer system a third identifier that uniquely identifies the user of the first account but is not required by a user of the first computer system to log in as that user;
storing on the third computer system the first identifier, associated with the third identifier;
receiving at the third computer system from the second computer system a request to transfer the data from the first account to the second account, said request comprising the first identifier;
at the third computer system, locating the third identifier responsive to the first identifier received;
providing from the third computer system to the first computer system the third identifier;
responsive to the third identifier, providing from the first computer system to the third computer system, the data from the first account corresponding to the request; and
sending from the third computer system to the second computer system the data received from the first computer system.

US Pat. No. 10,142,306

METHODS FOR PROVIDING A SECURE NETWORK CHANNEL AND DEVICES THEREOF

F5 Networks, Inc., Seatt...

1. A method for providing a secure channel implemented by a network traffic management system comprising one or more network traffic management devices, client devices, or server devices, the method comprising:selecting a client-server key from a plurality of client-server keys based on an IP address of a client and a time of receiving a request from the client, the selecting further comprising identifying an index value associated with the selected client-server key;
generating a context signature based on the IP address of the client, the time of receiving the request from the client and the index value associated with the selected client-server key;
encrypting the generated context signature using a stored private key;
providing a secure channel by preparing and sending a response comprising the selected client-server key and the encrypted context signature back to the client;
receiving a subsequent request, the sent encrypted context signature and the sent client-server key from the client;
determining when the received subsequent request is valid based on the received encrypted context signature and the received client-server key; and
preparing and sending a subsequent response to the subsequent request when the subsequent request is determined to be valid.

US Pat. No. 10,142,305

LOCAL SECURITY KEY GENERATION

Verizon Patent and Licens...

15. A device comprising:one or more processors configured to:
obtain calling security parameters;
send, to a called device, a first message that includes the calling security parameters, wherein the first message includes a session initiation protocol (SIP) message that has been modified using session description protocol (SDP) to include the calling security parameters;
receive, from the called device, a second message that includes called security parameters, wherein the second message includes a SIP message that has been modified using SDP to include the called security parameters;
derive a security key using the calling security parameters and the called security parameters;
receive, from the called device, an acknowledgement message in response to the first message; and
use the derived security key to encrypt and decrypt communications between the calling device and the called device.

US Pat. No. 10,142,304

ENCRYPTION KEY SHREDDING TO PROTECT NON-PERSISTENT DATA

SEAGATE TECHNOLOGY LLC, ...

1. A storage system comprising:a storage drive; and
a controller to:
power on the storage drive;
identify an encryption key on the storage drive created upon powering on the storage drive;
encrypt data in a cache of the storage drive using the encryption key;
power off the storage drive; and
delete the encryption key upon powering off the storage drive.

US Pat. No. 10,142,303

SEPARATION OF SOFTWARE MODULES BY CONTROLLED ENCRYPTION KEY MANAGEMENT

QUALCOMM Incorporated, S...

1. A method for protecting software in a memory device, comprising: receiving a memory transaction associated with the memory device, the memory transaction including at least a realm identifier and a realm indicator bit, wherein the realm identifier enables identification of a realm that includes one or more selected regions in the memory device; obtaining an ephemeral encryption key associated with the realm identifier when the realm identifier indicates the realm and when the realm indicator bit is enabled, wherein the ephemeral encryption key is stored in a second memory device that is not accessible to a core device, and wherein the ephemeral encryption key is unknown to the core device; decrypting at least one of an instruction or data received from the realm based on the ephemeral encryption key when the memory transaction is a read transaction, wherein the at least one of the instruction or the data is to be processed by the core device; and encrypting second data to be stored in the realm based on the ephemeral encryption key when the memory transaction is a write transaction.

US Pat. No. 10,142,302

SYSTEMS AND METHODS FOR MANAGING RESETTING OF USER ONLINE IDENTITIES OR ACCOUNTS

Oath Inc., Dulles, VA (U...

8. A system for managing resetting of online identities or accounts of users, the system including:a data storage device storing instructions for managing resetting of online identities or accounts of users; and
a processor configured to execute the instructions to perform a method including:
receiving, over a network, a request to reset login information to access an online account of a user;
comparing, at an online account server, a time of the request to reset login information to a preset time or amount of time;
receiving, over the network, intrinsic user data associated with the request to reset login information, wherein the intrinsic user data includes a device finger print and a type of browser used to make the request, and wherein the intrinsic user data includes values with different weights indicative of a level of trust of the identity of the user;
identifying, at the online account server, two or more values of the intrinsic user data; and
transmitting, over the network, a subset of options to reset the login information, wherein the subset of options to reset the login information is selected by the online account server based on the identified two or more values of the intrinsic user data, and wherein a full set of reset options are transmitted when the online account server determines that the identified two or more values result in a trusted pair.

US Pat. No. 10,142,301

ENCRYPTED DATA DELIVERY WITHOUT INTERVENING DECRYPTION

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:establishing a secure communications channel with a second computer system, resulting in session information that includes a cryptographic key usable to decrypt encrypted records received over the secure communications channel;
receiving, over the secure communications channel, a sequence of encrypted records, wherein individual records of the sequence of encrypted records are decryptable using the cryptographic key;
decrypting, using the cryptographic key, a first subsequence of the sequence of encrypted records to form a decrypted first subsequence; and
as a result of determining that the decrypted first subsequence indicates a request to store a second subsequence, distinct from the first subsequence, of the sequence of encrypted records, providing the second subsequence and the cryptographic key to a data storage system, thereby causing the second subsequence and the cryptographic key to be stored, the cryptographic key usable to decrypt the sequence.

US Pat. No. 10,142,300

DECENTRALIZED AUTHORITATIVE MESSAGING

Wickr Inc., San Francisc...

1. A method for accessing an encrypted communication, the method comprising:receiving, at a first device, a first encrypted communication from a second device, wherein a first ephemeral component and a signature of the first ephemeral component are included in a header of the first encrypted communication;
deriving, by the first device, a first key using the first ephemeral component and a second ephemeral component;
decrypting, by the first device, the first encrypted communication received from the second device using, in part, the first key;
providing, by the first device, the first decrypted communication to a user of the first device.

US Pat. No. 10,142,299

SECURITY KEY GENERATION AND MANAGEMENT METHOD OF PDCP DISTRIBUTED STRUCTURE FOR SUPPORTING DUAL CONNECTIVITY

Samsung Electronics Co., ...

1. A method for communicating by a user equipment (UE) in a communication system, the method comprising:receiving a radio resource control (RRC) connection reconfiguration message including a counter for a second base station from a first base station;
generating a second security key for a second communication link with the second base station based on a first security key and the counter, the first security key being applied to a first communication link with the first base station; and
applying the second security key to the second communication link with the second base station.

US Pat. No. 10,142,298

METHOD AND SYSTEM FOR PROTECTING DATA FLOW BETWEEN PAIRS OF BRANCH NODES IN A SOFTWARE-DEFINED WIDE-AREA NETWORK

VERSA NETWORKS, INC., Sa...

1. A method for protecting data flows between pairs of branch nodes in a software-defined wide-area network (SD-WAN), the method comprising:establishing secure connections between a SD-WAN controller and branch nodes in a plurality of branch nodes, wherein each branch node advertises a half-key to the SD-WAN controller via its secure connection;
distributing advertised half-keys to branch nodes in the plurality of branch nodes via the established secure connections, wherein the advertised half-keys distributed to each branch node are the half-keys advertised by peer branch nodes of the branch node; and
encrypting payloads for transmission from a first branch node in the plurality of branch nodes to a peer branch node in the plurality of branch nodes using a shared secret key, the shared secret key generated using the half-key of the first branch node and the distributed half-key of the peer branch node.

US Pat. No. 10,142,297

SECURE COMMUNICATION METHOD AND APPARATUS

RIVER SECURITY INC., Sha...

1. A secure communication method, wherein the method is executed by a security proxy device between a client and a server, the method comprising:using a key exchange mechanism to perform connection key agreement with the client; and assigning a token for the client after identity authentication for the client succeeds;
upon receiving a request sent by the client to the server, validating whether the token sent together with the request is a token assigned for the client; if the validation succeeds, forwarding to the server a decrypted request obtained by using the connection key or a token connection key, wherein the token connection key is assigned for the client and then sent to the client by using the connection key;
after receiving a response returned by the server, using the connection key or token connection key to encrypt the response, and forwarding the encrypted response to the client.

US Pat. No. 10,142,296

SYSTEMS AND METHODS FOR IMPROVING PRECISION OF A LOCATION SENSOR

Google LLC, Mountain Vie...

1. A system that cryptographically protects location data transferred between a plurality of servers via a computer network to tune a location engine, comprising:a data processing system comprising one or more processors and memory;
a bridging module executed by the one or more processors of the data processing system to retrieve, from a location database stored in the memory, a plurality of location determinations made by the location engine of the data processing system, each location determination associated with a respective first identifier;
the bridging module configured to map each respective first identifier to a respective second identifier using a mapping function;
a first encryption module executed by the one or more processors to determine a first hash value for each location determination using a first hash function applied to a tuple formed of the second identifier and a timestamp of each location determination;
the first encryption module configured to encrypt the first hash value for each location determination using a first encryption protocol to generate a first encrypted data set;
a communication interface of the data processing system to transmit, via the computer network, the first encrypted data set to one or more servers configured to process electronic transactions;
the communication interface configured to receive, from the one or more servers, a second encrypted data set comprising second hash values generated by a second encryption module for the electronic transactions, each of the second hash values generated by the second encryption module via application of a second hash function to a tuple formed of an identifier and a timestamp of each of the electronic transactions, the second encrypted data set encrypted by the second encryption module with a second encryption protocol, wherein the first encryption protocol and the second encryption protocol are commutative encryption protocols;
the first encryption module configured to use the first encryption protocol to encrypt the second encrypted data set received from the one or more servers to generate a first double encrypted data set;
the communication interface configured to receive, from the one or more servers, a second double encrypted data set generated by the second encryption module via application of the second encryption protocol to the first encrypted data set transmitted by the data processing system to the one or more servers;
a tuner executed by the one or more processors to compare the first double encrypted data set with the second double encrypted data set to determine a precision metric and a recall metric based on a total number of correct location determinations, a total number of location determinations, and a total number of actual location events; and
the tuner configured to adjust a tuning parameter of the location engine based on at least one of the precision metric or the recall metric.

US Pat. No. 10,142,294

REMOTE ACCESS TO LOCAL NETWORK

QUALCOMM Incorporated, S...

1. A method of communication, comprising:identifying, at an access terminal, an access point on a local network to be accessed by the access terminal;
sending a first message from the access terminal to a first security gateway to determine whether the first security gateway has established a first protocol tunnel to the access point;
receiving, at the access terminal, a response to the first message from the first security gateway, wherein the response indicates whether the first security gateway has established the first protocol tunnel to the access point; and
establishing, by the access terminal, a second protocol tunnel between the access terminal and the first security gateway to enable the access terminal to remotely access the local network if the response indicates that the first security gateway has established the first protocol tunnel to the access point.

US Pat. No. 10,142,293

DYNAMICALLY DEFINED VIRTUAL PRIVATE NETWORK TUNNELS IN HYBRID CLOUD ENVIRONMENTS

International Business Ma...

1. A method comprising:in a first virtual private network (VPN) agent, managing a first VPN tunnel in a plurality of VPN tunnels, wherein the first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment;
receiving a request from a VPN manager, the request including a first set of requirements for a first cloud application for the first VPN tunnel in the plurality of VPN tunnels;
creating the first VPN tunnel according to the first set of requirements;
receiving a modification request from the VPN manager containing a second set of requirements for a second cloud application wherein a second VPN tunnel provides communication for the second cloud application; and
tuning the first VPN tunnel according to the second set of requirements, wherein the tuning includes merging the second VPN tunnel with the first VPN tunnel, wherein the modification request is based on a determination that the first and second sets of requirements are compatible, wherein the first VPN tunnel after merging continues to provide communication between the first node and the second node.

US Pat. No. 10,142,292

DUAL-MODE MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE

Pulse Secure LLC, San Jo...

1. A cellular mobile device comprising:a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;
a microprocessor;
an operating system executing on the microprocessor to provide an operating environment of application software;
a multi-service virtual private network (VPN) client registered with the operating system as a single application, wherein the multi-service VPN client comprises:
a security manager integrated within the multi-service VPN client to apply at least one security service to network packets;
a VPN handler having an interface to exchange the network packets with the security manager for application of the security service, wherein the VPN handler is configurable to operate in one of an enterprise mode or a non-enterprise mode, wherein in the enterprise mode the VPN handler establishes a VPN connection with a remote VPN security device and provides encryption services to securely tunnel the network packets between the cellular mobile device and the remote VPN security device, and wherein in the non-enterprise mode the VPN handler directs the network packets to the security manager without application of the encryption services and communicates the network packets to a packet-based network without tunneling the packets; and
a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager of the multi-service VPN client, to submit credentials, and to instruct the VPN handler to dynamically instantiate the VPN connection or deconstruct an existing VPN connection,
wherein upon establishing the VPN connection the VPN control application receives a web-based home page from the remote VPN security device via a Hypertext Transfer Protocol Secure (HTTPS) response,
wherein the VPN control application dynamically parses HyperText Markup Language (HTML) bookmark links from the HTTPS response and renders a bookmark window using input controls native to the cellular mobile device, where each of the input controls corresponds to a different one of the bookmarks parsed from the HTTPS response received from the remote VPN security device, and
wherein, upon selection of one of the input controls, the VPN control application formulates and outputs an appropriate HTTP string to the remote VPN security device as if a corresponding HTML link were selected by the user.

US Pat. No. 10,142,291

SYSTEM FOR PROVIDING DNS-BASED POLICIES FOR DEVICES

Nominum, Inc., Redwood C...

1. A system for providing DNS-based policies for devices, the system comprising:a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the DNS query including at least one of: (i) a unique gateway identifier associated with the gateway and (ii) a unique device identifier associated with the individual device;
a memory device operable to store at least one policy, the at least one policy corresponding to at least one of the unique gateway identifier and the unique device identifier; and
a dynamic policy enforcement engine extracting from the DNS query the at least one of the unique gateway identifier and the unique device identifier, the dynamic policy enforcement engine operable to enforce the at least one policy when processing the DNS query by using the unique gateway identifier and the unique device identifier to select the at least one policy which applies to the individual device which originated the DNS query;
the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting location information for the individual device from the DNS query; and,
a tracking module operable to store the location information of the individual device.

US Pat. No. 10,142,290

HOST-BASED FIREWALL FOR DISTRIBUTED COMPUTER SYSTEMS

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:executing a host-based firewall loaded into memory of a virtual machine instance operated by a customer of a plurality of customers of a computing resource service provider, where the virtual machine instance is a computing resource that is a member of a set of computing resources provided to the plurality of customers by the computing resource service provider;
obtaining network traffic information from the host-based firewall, the network traffic information indicating a set of connection attempts between the virtual machine instance and at least one other computer system and a particular application of one or more applications executed by the virtual machine instance associated with a particular connection attempt of the set of connection attempts;
prompting the customer for decisions to allow or deny the set of connection attempts by at least providing the customer with a notification of the set of connection attempts;
obtaining, from the customer, a first set of decisions to allow or deny the set of connection attempts;
obtaining, from a different customer, a second set of decisions to allow or deny another set of connection attempts between a virtual machine instance of the different customer and at least one other computer system;
generating a rule set by the host-based firewall based at least in part on the first set of decisions and the second set of decisions; and
enforcing, by the host-based firewall, the generated rule set.

US Pat. No. 10,142,289

SECURE INTERFACE FOR A MOBILE COMMUNICATIONS DEVICE

Owl Cyber Defense Solutio...

1. A secure interface for a mobile communications device, comprising:output communications circuitry operable to communicate output communications with an external network, the output communications including externally-received information packets and to be externally-transmitted information packets, the output communications circuitry receiving the to be externally-transmitted information packets via an internal connection and transmitting the to be externally-transmitted information packets to the external network via an external connection and receiving the externally-received information packets from the external network via the external connection and passing the externally-received information packets via the internal connection;
private network communications circuitry operable to communicate private network communications with a mobile communications device, the private network communications including internally-received information packets and to be internally-transmitted information packets, the private network communications circuitry receiving the to be internally-transmitted information packets via an internal connection and transmitting the to be internally-transmitted information packets to the mobile communications device via an external connection and receiving the internally-received information packets from the mobile communications device via the external connection and passing the internally-received information packets via the internal connection; and
an input/output filter connected between the output communications circuitry and the private network communications circuitry and configured to separately filter the externally-received information packets and the internally-received information packets to block any undesirable packets based on programmed stored criteria, to pass filtered externally-received information packets to the internal connection of the private network communications circuitry as the to be internally-transmitted information packets, and to pass filtered internally-received information packets to the internal connection of the output communications circuitry as the to be externally transmitted information packets.

US Pat. No. 10,142,288

MACHINE APPLICATION INTERFACE TO INFLUENCE VIRTUAL ENVIRONMENT

MADRONA VENTURE FUND VI, ...

1. A method comprising:instantiating connection management routines to establish and manage a connection with an outside application via an application interaction layer;
operating an integrity monitor to parse an access request into integrity data and graphics data;
applying user security preferences to a security model;
applying graphics parameters of the security preferences to the graphics data to operate a security controller to transmit resource parameters to a resource allocator;
applying integrity parameters of the security preferences to the integrity data to operate the security controller to create a gateway control signal to control a security gateway;
configuring the resource allocator with the resource parameters to allocate memory and graphics processing resources;
applying the gateway control signal to a gateway actuator to configure the security gateway to filter 3D content protocol into secure data;
transmitting the secure data to a virtual environment to configure a rendering module to render a virtual object; and
transmitting the secure data from the virtual environment to the security gateway and transmitting the 3D content protocol to the outside application.

US Pat. No. 10,142,286

SERVER DEVICE, CONTROL METHOD FOR THE SAME AND COMPUTER-READABLE RECORDING MEDIUM

GREE, Inc., Tokyo (JP)

1. A method for controlling a server device that provides a game, in which a user can participate, and that is communicatively connected, via a communication network, to a terminal device operated by the user, the method comprising:the server device receiving an access request that specifies a URL, via the communication network, from the terminal device operated by the user;
the server device carrying out a process for prompting the user to register a shortcut to a second URL when the URL specified by the access request is a first URL, the process for prompting the user including displaying an indication of a reward to be offered to the user for registering the shortcut to the second URL; and
the server device offering a reward to the user without carrying out a process for prompting the user to register the shortcut when the URL specified by the access request is the second URL,
wherein the shortcut is an icon linking to a shortcut to the URL;
wherein the second URL provides access to the game; and
wherein the reward is a reward usable in the game.

US Pat. No. 10,142,285

IP ALLOCATION POOLS

Google LLC, Mountain Vie...

1. A method for providing services to user devices, the method comprising:maintain a plurality of IP blocks that each define a group of IP addresses;
providing, to a plurality of client devices, a network-related service, wherein each client device is assigned to an IP block based on an IP address of the client device, wherein each IP block is associated with settings that adjust the network-related service for client devices assigned to the IP block;
determining an expected number of IP reassignments of client devices between the IP blocks;
after a time period during which actual IP reassignments of the client devices occur, comparing the actual IP reassignments that occurred during the time period to the expected number of IP reassignments;
based on the comparison of the actual IP reassignments that occurred during the time period to the expected number of IP reassignments, altering some of the IP blocks such that at least some of the client devices are reassigned to different IP blocks; and
for each client reassigned to a different IP block, adjusting the network-related service for the at least some client devices according to the settings of the different IP blocks to which the at least some client devices are assigned.

US Pat. No. 10,142,284

FASTER IP ADDRESS ALLOCATION IN A HYBRID CLOUD ENVIRONMENT USING SUBNET SELECTIVE RANDOMIZATION

VMware, Inc., Palo Alto,...

1. A method for allocating Internet Protocol (IP) addresses, the method comprising:identifying, by a first gateway operating within a first cloud computing environment, a current subnet that includes at least one available IP address for allocation from a global pool of IP addresses that is in communication with the first gateway and a second gateway operating within a second cloud computing environment that is securely separate from the first cloud computing environment;
randomly selecting, by the first gateway operating within the first cloud computing environment, an available IP address from the current subnet for allocation;
requesting allocation of the available IP address, by the first gateway operating within the first cloud computing environment, from the global pool of IP addresses; and
responsive to determining that no available IP address exists in the current subnet, selecting, by the first gateway operating within the first cloud computing environment, a new subnet from which to allocate IP addresses.

US Pat. No. 10,142,283

METHOD, APPARATUS AND SYSTEM FOR ESTABLISHING A REAL-TIME TELECOMMUNICATION SESSION

Vonage Business Inc., At...

1. A method for establishing a telecommunication session, comprising:receiving, using a server, a plurality of communication identifiers of a first type, wherein each of the plurality of communication identifiers of the first type is associated with an invitation to join the telecommunication session;
determining one or more communication identifiers of a second type based on, for each, its association with at least one of the communication identifiers of the first type;
associating the one or more communication identifiers of the second type with an identifier of the telecommunication session;
receiving a request to join the telecommunication session; and
bypassing an authentication action and granting the request to join the telecommunication session based on at least a determination that the request to join the telecommunication session is associated with at least one of the communication identifiers of the second type that is associated with the identifier of the telecommunication session.

US Pat. No. 10,142,282

METHODS AND GATEWAYS FOR PROCESSING DNS REQUEST

PISMO LABS TECHNOLOGY LIM...

11. A gateway for processing DNS requests comprising:a plurality of WAN interfaces;
at least one LAN interface;
at least one processing unit;
wherein each of the WAN interfaces is able to connect to a plurality of DNS servers via one access network; and
at least one computer readable storage medium comprising program instructions executable by the at least one processing unit for:
receiving a first DNS request from a host via the at least one LAN interface of the gateway;
when the gateway does not have information to respond to the first DNS request:
(a) selecting, according to at least one predefined selection policy, a plurality of DNS servers;
(b) selecting a plurality of access networks that are authorized to send a plurality of new DNS requests, wherein the content of the plurality of new DNS requests is the same as the content of the first DNS request;
(c) transmitting the plurality of new DNS requests to the selected plurality of DNS servers through the selected plurality of access networks via the plurality of WAN interfaces that are connected to the selected plurality of access networks, wherein the gateway does not transmit more than one of the new DNS requests to a selected DNS server through the same access network;
(d) receiving a plurality of DNS responses within a predefined period of time, wherein the plurality of DNS responses correspond to the plurality of new DNS requests;
(e) identifying valid DNS responses from the plurality of DNS responses, wherein the identified valid DNS responses have a return code (RCODE) of zero;
(f) when the pre-defined period of time has expired and no DNS response corresponding to the first DNS request has already sent to the host, if at least one valid DNS response was identified, selecting a valid DNS response from the at least one identified valid DNS response, and generating a first new DNS response, wherein the content of the first new DNS response is the same as the content of the selected valid DNS response, else if no valid DNS responses were identified, generating a first new DNS response, wherein the first new DNS response has a non-zero RCODE;
(g) sending the first new DNS response to the host.

US Pat. No. 10,142,281

MOBILE AD HOC NETWORKING

Facebook, Inc., Menlo Pa...

1. A method comprising:receiving, by a social networking system, a first message from a mobile device application on a first-user mobile device associated with a first user, the message comprising a first-user identifier corresponding to a first-user account maintained for the first user by the social networking system;
determining, by the social networking system, a location of the first-user mobile device;
determining, by the social networking system, that a plurality of mobile devices are within a local RF range for direct connectivity with the first-user mobile device, each of the plurality of mobile devices being associated with a user identifier corresponding to a user account maintained by the social networking system;
transmitting, by the social networking system, a second message to the first-user mobile device, the second message enabling the first user to create a group within the social-networking system;
receiving, by the social-networking system, a request to create the group including the first user and each of a plurality of users being associated with the plurality of mobile devices within the local RF range for direct connectivity with the first-user mobile device; and
creating and storing a record of the group in social graph information.

US Pat. No. 10,142,280

SOCIAL CONVERSATION MANAGEMENT

International Business Ma...

1. A method for managing conversations in social media and networks, comprising:selecting, by a processor, a message posted to a social medium for management;
associating, by the processor, a goal with the selected message for management;
monitoring, by the processor, other messages posted to the social medium for messages that are related to the selected message for management;
storing, by the processor, an identification of the selected message under management, the associated goal and a current state of the associated goal, wherein the identification of the selected message for management, the associated goal and the current state of the associated goal are stored in a lookup table;
determining, by the processor, whether the goal has been met based on monitoring the other messages posted to the social medium; and
performing, by the processor, one of: a first predetermined function in response to the goal being met and a second predetermined function in response to the goal not being met.

US Pat. No. 10,142,279

METHOD AND SYSTEM FOR PRESENTING A LISTING OF MESSAGE LOGS

TENCENT TECHNOLOGY (SHENZ...

1. A method of presenting a listing of message logs, the method comprising:at a computing device with one or more processors and memory:
obtaining a plurality of user-specific models corresponding to a respective user of the computing device, wherein: (i) each of the plurality of user-specific models is used to determine respective listing priorities for message logs based on a respective set of parameters generated based at least in part on previous behavioral data corresponding to the respective user, the behavioral data including identities and relationships of other users involved in each of the message logs relative to the respective user, and a number of messages exchanged between the respective user and the other users involved in each of the message logs, and (ii) the plurality of user-specific models includes a first model corresponding to a first message type, and a second model corresponding to a second message type distinct from the first message type;
obtaining a request from the respective user to display a listing of message logs corresponding to the respective user, wherein the listing of message logs includes a first message log of the first message type and a second message log of the second message type distinct from the first message type; and
in response to obtaining the request:
determining a first listing priority for the first message log based on the first model corresponding to the first message type, the first model being based on a first set of parameters generated based at least in part on the previous behavioral data corresponding to the respective user;
determining a second listing priority for the second message log based on the second model corresponding to the second message type, the second model being based on a second set of parameters, different from the first set of parameters, generated based at least in part on the previous behavioral data corresponding to the respective user;
determining a presentation order for the listing of message logs corresponding to the respective user based at least in part on the first listing priority, the second listing priority, and a prioritization preference of the respective user for two or more message types including at least the first message type and the second message type; and
presenting the listing of message logs corresponding to the respective user in the determined presentation order.

US Pat. No. 10,142,278

AUTOMATIC ANOMALY ALERTS FOR SCHEDULED POSTS

Adobe Systems Incorporate...

1. A computer-implemented method comprising:receiving, by a processor and via a user interface, electronic content generated by a user and a scheduled posting time associated with the content;
storing, by the processor, the electronic content into a scheduled post queue as a scheduled post to publish at the scheduled posting time;
identifying, by the processor, at least one of a keyword and topic associated with the scheduled post;
receiving, by the processor, data from an external data source excluding the electronic content generated by the user;
detecting, by the processor, an anomaly in the scheduled post based on the data from the external source and the keyword or topic, the anomaly representing at least one of a deviation, inconsistency, and incongruity between the at least one keyword and topic associated with the scheduled post and the data from the external data source, wherein the anomaly is detected when a number of instances that the at least one keyword and topic deviates from the scheduled post exceeds a predetermined threshold;
classifying, by the processor, the anomaly into one of a supporting anomaly, an opposing anomaly, and a neutral anomaly based on additional information about the keyword or topic derived from the external data source;
generating, by the processor, an alert based on the classified anomaly, the alert including a hyperlink to the external data source, the hyperlink when selected causes the user interface to display the additional information about the keyword or topic associated with the scheduled post; and
causing, by the processor, the user interface to display the scheduled post and the alert including the hyperlink prior to publication of the scheduled post at the scheduled posting time.

US Pat. No. 10,142,277

POSTING AND CONSULTATION OF MESSAGES BY USERS OF SOCIAL NETWORKS

ORANGE, Paris (FR)

1. A method of processing a message posting request originating from a social network user, called posting user, comprising the following acts performed by at least one network entity:receiving, by the at least one network entity, a request for posting of a message intended for at least one social network user, called addressee user, information associated to said message posting request comprising the message and a social network user identifier for each addressee user,
identifying, in said at least one network entity, at least one telephone line associated in a social network with a social network user identifier of an addressee user, in response to receiving the request for posting of the message,
posting, from said at least one network entity, said message in a phone network mailbox associated with the telephone line identified, the phone network mailbox being managed by a phone network messaging server of a phone network in which at least one terminal associated with the identified telephone line establishes telephone communications using the identified telephone line, and
dispatching, from said at least one network entity, through the phone network, a notification to the at least one terminal associated with the identified telephone line, the notification indicating that the message is available in the phone network mailbox associated with the telephone line identified and comprising a social network user identifier assigned to the posting user.

US Pat. No. 10,142,276

CONTEXTUALLY-BASED AUTOMATIC SERVICE OFFERINGS TO USERS OF MACHINE SYSTEM

1. A machine-implemented and contextually-sensitive, user-servicing method comprising:(a) causing an automatically repeated collecting by an automated machine system of automatically updated first user state indicating signals, the machine system having one or more processors, where the automatically updated, collected first user state indicating signals are indicative of at least one of a recent or current state of a first user among a plurality of users of the automated machine system, the recent state being one that corresponds to at least one of: (a.1) a state that was present no more than one month before the current state; (a.2) a state that was present within a context-dependent temporal range defined by at least one of a currently active profile of the first user and a communal consensus node currently being touched by the first user; and (a.3) a state that was present within a temporal range defined by a current user setting, the communal consensus node being a system maintained linking node that links to system defined further resources in accordance with consensus of a community of users of the system and is touchable by way of direct or indirect access thereto by the first user;
(b1) causing an automatically repeated first determining by the automated machine system of one or more likely current or recent contextual states of the first user and of which subset of plural profiles of the first user are currently active profiles of the first user based on the collected, automatically updated first user state indicating signals, the one or more likely current or recent contextual states being a subset of a larger set of selectable contextual states defined and maintained by the automated machine system within a memory of the machine system, the subset of the determined to be currently active profiles being a subset having two or more of a larger set of selectable profiles of the first user that are maintained by the automated machine system;
(b2) causing the determined likely current or recent contextual states and the determined currently active profiles to be automatically repeatedly used as a feedback loop that can operate to assist in selecting of next active profiles and/or of next likely current or recent contextual states such that one or more current cognitive states of the first user can be determined with improved resolution;
(c) causing an automatically repeated second determining by the automated machine system of one or more currently likely to be welcomed or desired-by-the-first user servicings or tools or offerings or suggestions to be provided to the first user and/or a currently likely to be welcomed or desired-by-the-first user presentation format for presenting at least one of such servicings, tools, offerings or suggestions, said automatically repeated second determining being based on the automatically repeated first determinations of what are the one or more likely current or recent contextual states of the first user and being based on the automatically repeated first determinations of which subset of the plural profiles of the first user are the currently active profiles of the first user for respective ones of the likely current or recent contextual states of the first user; and
(d) causing an automatic providing to the first user and with contribution from the automated machine system of at least one of the servicings, tools, offerings and suggestions that have been determined by said second determining to be currently likely to be welcomed or desired by the first user;
wherein said automatically repeated first determining of which subset of the plural profiles of the first user are currently active profiles of the first user is based on a previous determining by the method of one or more likely current or recent contextual states of the first user;
wherein said automatically repeated first determining of the one or more likely current or recent contextual states of the first user is based on a current determination of which subset of the plural profiles of the first user are currently active profiles of the first user, such that said feedback loop is formed; and further wherein:
said larger set of selectable contextual states defined and maintained by the automated machine system are represented within the automated machine system as at least one of first points, nodes and sub-regions (first PNOS's) within a communally-controlled context space defined within the memory of the machine system, wherein members of at least one kind among the first PNOS's are hierarchically and/or spatial-wise organized within the context space in accordance with automatically repeatedly updated communal sentiments of plural users of the automated machine system and wherein the organized members of the at least one kind among the first PNOS's are logically linked so as to thereby be cross-associated, one relative to a next;
the automated machine system further maintains and automatically repeatedly updates as at least one of second points, nodes and sub-regions (second PNOS's) within a communally-controlled topic space defined within the memory of the machine system, a set of selectable topic definitions, wherein members of at least one kind among the second PNOS's are hierarchically and/or spatial-wise organized within the topic space in accordance with automatically repeatedly updated communal sentiments of plural users of the automated machine system and wherein the organized members of the at least one kind among the second PNOS's are logically linked so as to thereby be cross-associated, one relative to a next; wherein at least some of the organized members of the at least one kind among the second PNOS's are logically linked with at least some members of the first PNOS's so as to thereby define context-associated members among the second PNOS's;
the automated machine system further maintains and automatically repeatedly updates as at least one of third points, nodes and sub-regions (third PNOS's) within a communally-controlled additional space defined within the memory of the machine system, a set of selectable additional definitions, wherein members of at least one kind among the third PNOS's are hierarchically and/or spatial-wise organized within the additional space in accordance with automatically repeatedly updated communal sentiments of plural users of the automated machine system and wherein the organized members of the at least one kind among the third PNOS's are logically linked so as to thereby be cross-associated, one relative to a next; wherein at least some of the organized members of the at least one kind among the third PNOS's are logically linked with at least some members of the first PNOS's and/or of the second PNOS's so as to thereby define topic-associated members and/or context-associated members among the third PNOS's; and
the automatically repeatedly determined as likely to be currently welcomed or desired-by-the-first user servicings or tools or offerings or suggestions to be made to the first user and the corresponding automatic providing thereof to the first user include at least one of:
(d.1) suggestions of topics and/or forums to be investigated by the first user, which said suggestions can be immediately pursued by user activation of the provided said suggestions, the suggested topics and/or forums being derived from at least one of the communally-controlled topic space and the communally-controlled additional space of the automated machine system; and
(d.2) suggestions of individual users or groups of users for the first user to make contact with, which said suggestions can be immediately pursued by user activation of the provided said suggestions, wherein identities of the suggested individual users or groups of users are derived from links provided within at least one of the communally-controlled topic space and the communally-controlled additional space of the automated machine system.

US Pat. No. 10,142,275

SYSTEM AND METHOD FOR MANAGING MESSAGES BASED ON USER RANK

1. A method for managing electronic communications in a hierarchically ordered organization, which comprises:providing an application for managing electronic communications, the application comprising one or more program modules, each module having a processor-executable instruction set
installing at least one of the program modules in each of a plurality of computing devices having each a processor and a non-transitory memory for storing and executing the instruction set, and distributing the plurality of devices to a plurality of users;
by the plurality of computing devices, associating each user and each device with a user identification and an organizational rank or position in a hierarchical reporting structure, the structure defining multiple levels including at least one manager and multiple subordinates;
by a first device, sending a message related to a task at hand to a list of addressees in the hierarchical reporting structure, the message having a message identifier;
by the first device, receiving responses from one or more responding users and displaying a summary sortable according to one or more response attributes associated with each responding user, the response attributes comprising a field that acknowledges the message, a user identifier field, a message identifier field referencing the task at hand, a status field as available or unavailable, a position or rank field, and an action field, wherein the one or more response attribute fields are populated with a value from the received responses; and,
further characterized in that the summary includes a location attribute for each responding user, the location information is acquired from each responding user, and is displayed on a map on the first device.

US Pat. No. 10,142,274

MESSAGE COMMUNICATION SYSTEMS AND APPLICATIONS WITH MESSAGE LIFETIME SETTINGS FOR AUTOMATIC MESSAGE DELETION

1. A computer implemented method for managing communication of messages between senders and recipients of messages, comprising,receiving, at the one or more server computers, identification of a recipient for a message to be sent by a sender, the recipient being pre-identified for use of a lifetime setting, the lifetime setting defining a period of time after which the message will be automatically deleted;
providing, by the one or more server computers, a suggestion to apply the lifetime setting for sending the message based on said identification of the recipient for the message;
requesting, by the one or more server computers, acceptance of an agreement from the recipient that the message to be sent by the sender to the recipient will have the lifetime setting imposed;
determining, by the one or more server computers, whether the recipient has agreed to the lifetime setting;
sending, by the one or more server computers, the message to the recipient after confirming that the recipient agreed to the lifetime setting;
receiving, by the one or more server computers, an indication that the message has been opened by the recipient;
starting, by the one or more server computers, a timer to count down the period of time associated with the lifetime setting for the message; and
subsequently deleting, by the one or more server computers, the message after expiration of the timer, the deleting acting to remove the message on the one or more server computers and message interfaces provided by the one or more server computers to enable access to send and receive the message by the sender and the recipient.

US Pat. No. 10,142,273

HANDLING VARIOUS SCENARIOS WHERE AN EMAIL RECIPIENT IS NOT AVAILABLE

International Business Ma...

1. A computer system for generating reports, the computer system comprising:one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising:
receiving, by a simple message transfer protocol (SMTP) server, an electronic message associated with the online communication system, wherein the electronic message is addressed to a recipient from a sender;
identifying a recipient inbox within a recipient mail server using a plurality of directory information associated with the received electronic message, wherein the plurality of directory information is stored on the SMTP server associated with the online communication system, and also includes a plurality of alternate contact information for the recipient;
prior to attempting a transmission of the electronic message to the recipient mail server from the SMTP server, determining the identified recipient inbox satisfies at least one of a plurality of alternate contact criteria;
generating an SMTP response, after transmission and receipt of the electronic message in the SMTP server, that includes the plurality of alternate contact information for the recipient stored within the plurality of directory information on the server rather than transmitting the received electronic message to the identified recipient inbox or an alternate recipient; and
transmitting the SMTP response to the sender through a sender mail server based on the plurality of determined alternate contact criteria being satisfied.

US Pat. No. 10,142,272

PRESENTING BROWSER CONTENT BASED ON AN ONLINE COMMUNITY KNOWLEDGE

International Business Ma...

1. A computer-implemented method for customizing content having an informational topic provided in a web browsing experience, comprising:extracting browsing behaviors of a plurality of members of an online community that share a common interest and associating the extracted browsing behaviors with the online community;
assigning a knowledge level value to each of the plurality of members based on respective extracted browsing behaviors;
assigning an average knowledge level value to the online community based on the knowledge level values of the plurality of members;
customizing the web browsing experience for each member of the online community based on the extracted browsing behaviors of the online community, wherein customizing the web browsing experience includes:
hiding, from a user, the content when the content is determined to have been frequently skipped by the members of the online community at a rate exceeding a predefined skip threshold, wherein the user is a member of the online community;
assigning a detail and technological depth level value to each section of the content and each of one or more recommended sources;
displaying, to the user, one or more sections of the content with a detail and technological depth level value that is commensurate with the average knowledge level value of the online community while hiding one or more sections of the content with a detail and technological depth level value that is not commensurate with the average knowledge level value of the online community; and
displaying, to the user, the one or more recommended sources with a detail and technological depth level value that is commensurate with a knowledge level value of the user, wherein the one or more recommended sources is related to the informational topic.

US Pat. No. 10,142,271

METHOD, DEVICE, AND SYSTEM FOR PROVIDING PRIVACY FOR COMMUNICATIONS

1. A method of outputting content of a message or communication session comprising:setting a privacy indicator that is applicable to a first communication to be received by a communication terminal of an addressee of the first communication based on input received from a sender of the first communication such that a privacy indicator is included in a header of a message of the first communication to indicate that content of the first communication includes private information and should be output in accordance with a privacy setting identified by the privacy indicator in the header of the message prior to the first communication being sent to the communication terminal;
receiving, by the communication terminal, the first communication;
determining, by the communication terminal, that the privacy indicator applies to the received first communication based on the privacy indicator of the message;
outputting content of the first communication in accordance with the privacy setting identified by the privacy indicator via the communication terminal in response to determining that the privacy indicator applies to the received first communication;
wherein:
the addressee of the first communication is a user associated with the communication terminal, and
the outputting of content of the first communication in accordance with the privacy setting identified by the privacy indicator via the communication terminal in response to determining that the privacy indicator applies to the received first communication comprises:
determining, by the communication terminal, whether there is at least one person who is not the user associated with the communication terminal within a pre-specified distance of the communication terminal prior to the outputting of the content of the first communication such that an identification of the at least one person who is not the user associated with the communication terminal that is within the pre-specified distance is determinable by the communication terminal; and
(i) permitting output of content of the first communication audibly via at least one ear bud or a headphone device when the communication terminal is connected to the headphone device or at least one ear bud such that content is output via the at least one ear bud or the headphone device instead of a speaker of the communication terminal regardless of whether any person who is not the user associated with the communication terminal is determined to be within the pre-specified distance, and
upon determining that the headphone device is not connected to the communication terminal and the ear bud is not connected to the communication terminal and that a person who is not the user associated with the communication terminal is within the pre-specified distance:
identifying the at least one person who is not the user that is within the pre-specified distance;
(ii) permitting output of content of the first communication audibly in response to determining that no person who is identified within a first list is determined to be within the pre-specified distance of the communication terminal,
(iii) permitting output of content of the first communication audibly in response to determining that only one or more persons who are identified within a second list and who are not the user are determined to be within the pre-specified distance of the communication terminal,
(iv) permitting output of content of the first communication audibly at or below a pre-specified audible level via a speaker of the communication terminal in response to determining that there is at least one person who is not the user associated with the communication terminal within the pre-specified distance of the communication terminal and is not within the second list, and determining that the communication terminal is in a first position in which the speaker of the communication terminal is adjacent an ear of the user associated with the communication terminal, and
(v) permitting output of content of the first communication audibly in response to determining that no other person who is not the user associated with the communication terminal is determined to be within the pre-specified distance of the communication terminal, and
(vi) in response to determining that there is at least one person who is not the user associated with the communication terminal within the pre-specified distance of the communication terminal, that the headphone device is not connected to the communication terminal, the ear bud is not connected to the communication terminal, the communication terminal is not in the first position, and that the at least one person who is not the user associated with the communication terminal is not within the second list, deactivating audible outputting of content of the first communication.

US Pat. No. 10,142,270

TELECOMMUNICATION AND MULTIMEDIA MANAGEMENT METHOD AND APPARATUS

VOXER IP LLC, San Franci...

52. A video communication method, comprising:arranging to provide an application to a sending communication device, the application enabling the sending communication device to:
(a) identify a recipient of a video communication;
(b) communicate the identifier identifying the recipient to a video communication system maintained on a network; and
(c) stream the video communication over the network to the video communication system;
receiving at the video communication system the identifier identifying the recipient of the video communication;
using, within the video communication system, the identifier to ascertain a delivery location on the network for a second communication device associated with the recipient;
receiving, at the video communication system, the video communication over the network from the sending communication device;
storing the video communication in a location accessible by the video communication system;
using the delivery location to deliver portions of the video communication over the network from the video communication system to the second communication device, the delivery enabling the video communication to be at least partially rendered at the second communication device while the video communication is streamed by the sending communication device,
wherein the video communication is received by the video communication system from the sending communication device without first establishing an end-to-end connection over the network between the sending and second communication devices.

US Pat. No. 10,142,269

METHODS AND SYSTEMS FOR COMMUNICATIONS PROCESSING

CALLWAVE COMMUNICATIONS, ...

1. A communications system, comprising:a processing device;
a network interface;
non-transitory computer readable memory that stores program code that when executed by the processing device is configured to cause the system to at least:
provide a software program for download to a first computing device associated with a user;
enable delivery of a voice message, directed to the user, to the first computing device associated with the user, wherein the delivered voice message is playable to the user via a user interface of the software program;
enable the voice message to be played via a web browser of a second computing device associated with the user;
enable the user to send a textual reply message, via the web browser of the second computing device associated with the user, to an originator of the voice message without the user entering an address of the originator of the voice message; and
receive, via the network interface, a user voice message deletion instruction from the web browser of the second computing device associated with the user;
in response to the user voice message deletion instruction received from the web browser of the second computing device associated with the user, enable the voice message to be deleted from a user interface presented by the browser, and in cooperation with the software program on the first computing device associated with of the user, enable deletion of the voice message on the first computing device associated with the user.

US Pat. No. 10,142,268

MESSAGES AUGMENTED WITH STRUCTURED ENTITIES

Microsoft Technology Lice...

1. A computer-implemented method comprising:receiving, via a computer system, a first message that is sent using a text communication protocol;
sending, via the computer system, indicia of the first message to a server;
sending, via the computer system, a request for the server to make a determination, based on the indicia, whether the server has a second message that corresponds to the first message, with the requested determination to be made based on a finding that a time at which the first message was received is within a range of a timestamp that the server associated with the second message;
receiving, via the computer system, the second message from the server, the second message comprising text and an entity, the first message comprising the text and a text representation of the entity; and
displaying, via the computer system, the text and the entity to a user without displaying the first message.

US Pat. No. 10,142,267

METHOD FOR TRACKING AND ROUTING FINANCIAL MESSAGES FOR MOBILE DEVICES

BOTTOMLINE TECHNOLOGIES (...

1. A financial messaging apparatus configured to encapsulate a financial message, the apparatus comprising:a network interface configured to receive a financial message generated by a bank;
a non-transitory computer readable medium configured to store a rule database, wherein the rule database includes rules specifying actions to be added to financial messages based upon characteristics of the financial messages;
a processor configured to:
analyze the received financial message to identify at least one characteristic of the received financial message;
identify at least one rule in the rule database matching at least one of the at least one identified characteristics of the received financial message;
combine at least one action specified by the identified at least one rule with the financial message to form an encapsulated financial message; and
identify a user associated with the received financial message; and
the network interface further configured to transmit the encapsulated financial message to the identified user, wherein:
the action stored in the encapsulated financial message includes a routing rule specifying criteria for routing of the encapsulated financial message;
the routing rule specifies at least one prohibited location for routing the encapsulated financial message through;
the encapsulated financial message is prevented from being routed through the at least one prohibited location; and
the network interface does not transmit the encapsulated financial message through the at least one prohibited location.

US Pat. No. 10,142,266

METHOD AND SYSTEM FOR PROVIDING RECOMMENDATIONS DURING A CHAT SESSION

TENCENT TECHNOLOGY (SHENZ...

1. A method for providing recommendations of service providers, comprising:at a server system having one or more processors and a memory:
processing instant messages transmitted during a chat session between a first user and at least a second user to obtain one or more keywords of a current conversation between the first user and at least the second user;
selecting at least one of the one or more keywords in accordance with a determination that the at least one keyword has remained relevant to the current conversation for at least a threshold time period;
in accordance with the selection of the at least one keyword:
determining respective geographic locations corresponding to the first user and the second user; and
identifying one or more service providers that are relevant to the at least one keyword, including a first subset of service providers that are located in proximity to a first geographic location corresponding to the first user and a second subset of service providers that are located in proximity to a second geographic location corresponding to the second user, the first subset of service providers being different from the second subset of service providers; and
providing the one or more service providers to the first and second users for display within a conversation interface displayed at respective end devices associated with the first and second users, the conversation interface displaying the current conversation between the first and second users during the chat session, wherein providing the one or more service provides to the first and second users includes:
providing the first subset of service providers that are located in proximity to the first geographic location corresponding to the first user for display within the conversation interface displayed at a first end device associated with the first user;
providing the second subset of service providers that are located in proximity to the second geographic location corresponding to the second user for display within the conversation interface displayed at a second end device associated with the second user;
providing a notification to the first end device regarding the provision of the second subset of the service providers to the second end device associated with the second user, wherein the notification causes the first device to display an indicator adjacent to an instant message received from the second user in the conversation interface displayed at the first end device; and
in response to a user selection of the indicator in the conversation interface displayed at the first end device, providing the respective second subset of the service providers for display in the conversation interface displayed at the first end device.

US Pat. No. 10,142,265

SERVER, METHOD, AND COMPUTER-READABLE STORAGE MEDIUM STORING A PROGRAM FOR PROVIDING VIDEO CHAT

1. A server for providing, to a user, a video chat with a specific user, comprising:one or more computer processors, wherein the one or more computer processors execute readable instructions to perform:
causing, in response to a request from the user, a standby screen to be displayed on a terminal of the user, the standby screen being a screen for standing by for the video chat with the specific user and including user information of a plurality of users standing by for the video chat with the specific user; and
specifying, in accordance with a predetermined rule, one user from the plurality of users standing by, and causing communication for the video chat to be performed between a terminal of the specified user and a terminal of the one user from the plurality of users,
wherein causing the communication for the video chat to be performed includes causing the communication for the video chat to be performed within a video chat duration set based on a number of used items of reservation information necessary for a reservation for the video chat and specified by the user in making the reservation.

US Pat. No. 10,142,264

TECHNIQUES FOR INTEGRATION OF BLADE SWITCHES WITH PROGRAMMABLE FABRIC

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving at a top-of-rack (“TOR”) switch a notification concerning a virtual machine (“VM”), wherein the received notification identifies a host associated with the VM;
determining whether the identified host is directly connected to the TOR switch; and
if the identified host is not directly connected to the TOR switch:
identifying an intermediate switch to which the identified host is directly connected; and
determining whether the identified intermediate switch to which the identified host is directly attached is attached to the TOR switch.

US Pat. No. 10,142,263

PACKET DEDUPLICATION FOR NETWORK PACKET MONITORING IN VIRTUAL PROCESSING ENVIRONMENTS

Keysight Technologies Sin...

1. A method to capture network traffic, comprising:communicating network traffic between applications operating within virtual processing environments within one or more host servers;
monitoring the network traffic between the applications using tap agents operating within the virtual processing environments within the one or more host servers;
for network packet flows communicated between any two applications being monitored by two tap agents:
determining which of the two tap agents is a designated agent to capture the network packets within the packet flows to avoid duplicate packet capture;
capturing the network packets using the designated agent; and
forwarding the captured network packets to one or more network destinations.

US Pat. No. 10,142,262

SYSTEM AND METHOD FOR IMPROVING AN AGGREGATED THROUGHPUT OF SIMULTANEOUS CONNECTIONS

ANCHORFREE INC., Redwood...

1. A method for increasing an aggregated throughput of multiple simultaneous transport connections between computers over a computer network, the method comprising:maintaining, by a first computer, a first plurality of simultaneous connections to a second computer and a second plurality of simultaneous transport connections to a third computer;
receiving, by the first computer, a first group of one or more requests for a data delivery to the second computer over the first plurality of simultaneous transport connections with the second computer;
delivering, by the first computer, requested data corresponding to the first group of one or more requests such the delivery of data corresponding to each requests of the first group of one or more requests must be finished before delivering data corresponding to a subsequent request to the second computer;
receiving, by the first computer, a second group of one or more requests for data delivery to a third computer over a second plurality of simultaneous transport connections with the third computer;
delivering, by the first computer, requested data corresponding to the second group of one or more requests such that delivery of data corresponding to each request of the second group of one or more requests must be finished before delivering data corresponding to a subsequent request to the third computer;
setting, by the first computer, a first number of the first plurality of simultaneous transport connections that are used to deliver the requested data corresponding to the first group of one or more requests;
setting, by the first computer, a second number of the second plurality of simultaneous transport connections that are used to deliver the requested data corresponding to the second group of one or more requests;
detecting, by the first computer, a difference between one or more first parameters of the first plurality of simultaneous transport connections and one or more second parameters of the second plurality of simultaneous transport connections;
setting, by the first computer, the first number of the first plurality of simultaneous transport connections and the second number of the second plurality of simultaneous transport connections to be different according to the difference between the one or more first parameters and the one or more second parameters.

US Pat. No. 10,142,261

RESOURCE ALLOCATION FOR A STORAGE AREA NETWORK

INTERNATIONAL BUSINESS MA...

1. A method comprising:measuring in a first length measurement, a length of a first communication link of a storage area network wherein the first length measurement is a function of a first minimum command response time of a command issued over the first communication link;
obtaining a current data units per second link speed of the first communication link;
calculating a first target resource allocation for a first port at a first end of the first communication link, and for a second port at a second end of the first communication link as a function of the current data units per second link speed of the first communication link and the first length measurement for the first communication link;
configuring a resource allocation for the first and second ports for the first communication link in accordance with the calculated first target resource allocation; and
measuring a length of a second communication link of a data path of the storage area network wherein the data path includes both the second communication link and the first communication link, wherein the measuring the length of the second communication link is a function of a second minimum command response time of a command issued over both the second communication link and the first communication link, less the first minimum command response time of a command issued over the first communication link.

US Pat. No. 10,142,260

INQUIRY-BASED ADAPTIVE PREDICTION

International Business Ma...

1. A computer-implemented method comprising:predicting, by one or more processors, future utilization of a resource at a future point in time, the predicting comprising:
receiving, by the one or more processors, inquiries on potential future utilization of the resource for different future points in time, wherein each inquiry comprising a portion of the inquiries is received over an Internet;
recording, by the one or more processors, time-based patterns of the inquiries that are received to provide recorded time-based patterns of received inquiries;
recording, by the one or more processors, an historic actual utilization value of the resource to provide a recorded historic actual utilization value; and
determining, by the one or more processors, future utilization of the resource at a given future time using the recorded time-based patterns of received inquiries, the recorded historic actual utilization value of the resources, and a current inquiry pattern for the resource; and
performing, by the one or more processors, an action on the resource in advance of the given time, based on the determined future utilization, wherein the action is selected from the group consisting of a maintenance action, a preventative customer service action, digesting workload throttling of a database system comprising the resource, and optimizing the resource for future usage.

US Pat. No. 10,142,259

CONFLICT DETECTION AND RESOLUTION IN AN ABR NETWORK

ERICSSON AB, Stockholm (...

1. A method for managing conflict resolution in a customer premises disposed in an adaptive bitrate (ABR) streaming environment with respect to a subscriber bandwidth pipe serving a plurality of client devices of the customer premises of a subscriber, the method comprising:receiving, at a network element, a request from a new ABR client for an ABR streaming session to be served via the subscriber bandwidth pipe of the customer premises that includes one or more existing ABR clients executing on at least a subset of the client devices, wherein each existing ABR client is engaged in a corresponding ongoing ABR streaming session via the subscriber bandwidth pipe;
determining, at the network element, a forecast of bandwidth requirements for the one or more existing ABR clients of the customer premises with respect to the corresponding ongoing ABR streaming sessions after accounting for a bandwidth requirement for the new ABR client's streaming session request, the determining based on modeling of bandwidth allocation of the subscriber bandwidth pipe serving the customer premises of the subscriber, using at least priority weights respectively associated with the one or more existing ABR streaming sessions via the subscriber bandwidth pipe and the requested ABR streaming session;
responsive to the determining, detecting a conflict if a forecasted bandwidth requirement of at least one of the existing ABR clients of the customer premises violates a bitrate threshold policy relative to the corresponding ongoing ABR streaming session of the at least one of the existing ABR clients of the subscriber's customer premises; and
if there is a conflict, providing a redirect message to the new ABR client for receiving a conflict notification that comprises a video-encoded still image of a message that the streaming session request from the new ABR client is being rejected on account of a bandwidth conflict in the customer premises, the message further indicating a total number of ongoing ABR streaming sessions in the customer premises.

US Pat. No. 10,142,258

METHODS AND APPARATUS FOR PROCESSING IN A NETWORK ON CHIP (NOC)

Advanced Micro Devices, I...

1. An integrated circuit comprising:a network on chip (NOC) comprising:
a plurality of compute units (CUs) each comprising a processor having an instruction set and operable to delegate executable instructions intended for a respective CU processor; and
a plurality of NOC nodes, interconnected to the plurality of CUs, operative to route data among the plurality of CUs, and each comprising a processor having the same instruction set as the processor in each of the plurality of CUs and operative to execute instructions that are delegated from at least one of the plurality of CUs, using the NOC node processor.

US Pat. No. 10,142,257

DYNAMIC SCALING OF REDUNDANCY ELIMINATION MIDDLEBOXES

Alcatel Lucent, Boulogne...

1. A method for dynamic scaling of redundancy elimination middleboxes comprising an encoding middlebox and a decoding middlebox in a communication network, the method comprising:determining a load of incoming data at the encoding middlebox in the communication network; and
modifying a number of encoder instances in the encoding middlebox and a number of decoder instances in a decoding middlebox based on the load of incoming data, the modifying including configuring a classifier to define a new class corresponding to each of one or more new encoder instances and modifying an ordered list of each of the encoder instances present in the encoding middlebox before addition of the one or more new encoder instances, the ordered list relating the new class to each of the encoder instances; and
handling failure recovery of at least one of the classifier, the encoder instances, the decoder instances, and a merger, the handling including recovering packet loss based on at least one of a decoder feedback, a transmission control packet sequence number, and a reliable transport.

US Pat. No. 10,142,256

TIME AND FREQUENCY ALLOCATION FOR CONCURRENT COMMUNICATIONS ON A SHARED COAXIAL CABLE

MaxLinear, Inc., Carlsba...

1. A system comprising:circuitry comprising a processor and memory for use in a controller of a network comprising a plurality of devices connected via a shared coaxial cable, wherein:
the circuitry is operable to maintain one or more data structures that hold, for each sender-receiver pair of the plurality of devices that are directly connected to each other via the shared coaxial cable, at least:
one or more per-sender-receiver-pair link parameters other than device identity parameters, wherein the one or more per-sender-receiver-pair link parameters comprise:
a respective list of spectral characteristics for a plurality of frequencies; and
link parameters used for previous communications on the shared coaxial cable; and
per-sender-receiver-pair bandwidth grant status;
the circuitry is operable to, in response to receipt of a reservation request on the shared coaxial cable, decide which one or more of a plurality of subbands and which one or more of a plurality timeslots to reserve for a transmission based, at least in part, on the per-sender-receiver-pair link parameters and the per-sender-receiver-pair bandwidth grant status in the one or more data structures; and
generate a reservation grant message that indicates the decided one or more subbands and the decided one or more timeslots.

US Pat. No. 10,142,255

ALLOCATING DYNAMIC RESOURCES TO SERVICE CLUSTERS

Amazon Technologies, Inc....

1. A system, comprising:one or more processors;
one or more computer-readable storage media comprising instructions that, upon execution by the one or more processors, configure the system to at least:
access a forecast for demand associated with utilizing a service during a time period, the service available from service sources grouped in clusters;
identify, from a database, resources scheduled to facilitate the service across the clusters during the time period, the resources associated with client devices that are communicatively coupled with the system over a data network;
allocate, at a first time, a resource from the resources to a first cluster from the clusters based at least in part on a scheduled start time for utilizing the resource during the time period, on the forecast for the demand, and on an allocation of remaining resources to the clusters, the resource associated with a client device and a client identifier;
update the database with an indication that the client identifier is allocated to the first cluster, the database associating the allocation and client identifiers;
provide, over the data network and prior to the start time for utilizing the resource, a first notification to the client device that the client identifier is allocated to the first cluster based at least in part on the database, the first notification causing a deployment of the resource to the first cluster;
re-allocate, at a subsequent time during the time period, the resource from the first cluster to a second cluster based at least in part on a current utilization of the resource in the first cluster, on an update to the forecast for the demand expected during a remainder of the time period, on the allocation of the remaining resources to the clusters, and on down time associating with re-allocating the resource;
update the database to indicate that the client identifier is re-allocated to the second cluster; and
provide, over the data network, a second notification to the client device that the client identifier is re-allocated to the second cluster based at least in part on the database, the second notification causing a re-deployment of the resource to the second cluster.