US Pat. No. 10,171,562

SOCIAL MEDIA DRIVEN INFORMATION INTERFACE

Microsoft Technology Lice...

1. A computing device comprising:one or more processing units; and
one or more computer-readable media comprising computer-executable instructions, which, when executed by the one or more processing units, cause the computing device to:
generate, from social media data created by multiple independent and unrelated individuals and directed to multiple distinct and unrelated topics, a first set of time-delineated social media data, comprising only social media data that correspond to a first time range, by applying a time-based filter to the social media data;
subsequently generate, from the generated first set of time-delineated social media data, multiple topic clusters, each topic cluster comprising multiple, different social media entries, each social media entry in a topic cluster having a topic similarity above a topic clustering threshold associated with the topic cluster;
generate multiple event summaries for the first time range based upon at least some of the generated topic clusters, each event summary comprising a combination of only a subset of text or graphics from each of multiple different and distinct social media entries from a corresponding topic cluster;
generate an information interface comprising multiple annotated timeslots, including a first annotated timeslot that comprises at least some of the generated multiple event summaries, the first annotated timeslot being delineated by the first time range; and
transmit the information interface to a second computing device that is separate from the computing device and is communicationally coupled to the computing device through a computer network;
wherein the second computing device visually generates, on a hardware display device communicationally coupled thereto, the information interface, including the first annotated timeslot and the at least some of the generated event summaries.

US Pat. No. 10,171,561

CONSTRUCT DATA MANAGEMENT BETWEEN LOOSELY COUPLED RACKS

International Business Ma...

1. A computer-implemented method comprising:associating at least a portion of a second rack to a construct;
wherein the associating occurs in response to input received by a first management node of a first rack associated with the construct;
wherein the construct includes a set of distributed resources connected via a network and comprising at least a respective portion of a plurality of respective racks and a set of construct data comprising user data, group data, resource data, and authorization policy data;
wherein each respective rack is independently controlled by a respective management node of a plurality of autonomous management nodes including at least the first management node associated with the first rack and a second management node associated with the second rack;
wherein a respective mutual trust relationship exists between each respective pair of autonomous management nodes of the plurality of autonomous management nodes;
determining, by the second management node, that the second management node contains insufficient construct data to execute an operation associated with the construct; and
synchronizing, in response to the first management node receiving a request from the second management node comprising an authenticated first security token based on a public key of the second management node, at least a portion of the construct data between the first management node and the second management node.

US Pat. No. 10,171,560

MODULAR FRAMEWORK TO INTEGRATE SERVICE MANAGEMENT SYSTEMS AND CLOUD ORCHESTRATORS IN A HYBRID CLOUD ENVIRONMENT

International Business Ma...

1. A modular service management (MSM) engine on a computer system including at least one processor that integrates a plurality of cloud orchestrators and service management (SM) platforms to provide a hybrid cloud environment, comprising:an interface system that includes a first gateway for providing communications with SM platforms that adhere to an SM protocol and a second gateway for providing communications with the plurality of cloud orchestrators, wherein the SM protocol defines a set of management processes for handling service requests;
a service request processing system that processes service requests from SM platforms using selected cloud orchestrators, processes change management requests, and matches a change management request corresponding to an inputted service request, wherein the service request processing system includes a set of management modules in which each management module processes activities associated with a different one of the management processes, wherein the set of management modules includes a request management module for detecting an inputted service request, parsing the inputted service request and translating the inputted service request, and managing, tracking, and reformatting at least one activity associated with the inputted service request;
a rules and conditions engine that parses the inputted service request against a set of rules and conditions values and determines based upon the parsed inputted service request a primary cloud orchestrator to be used to service the inputted service request and a secondary cloud orchestrator to be used as a backup to the primary cloud orchestrator;
a set of data conversion modules, wherein each data conversion module includes logic that converts data associated with an SM platform to a data format required by one of the primary cloud orchestrator and secondary cloud orchestrator; and
wherein the set of management modules includes a change management module for checking the approval of the change management request, and a task management module for creating a new task in the SM platform.

US Pat. No. 10,171,559

VXLAN SECURITY IMPLEMENTED USING VXLAN MEMBERSHIP INFORMATION AT VTEPS

Cisco Technology, Inc., ...

1. A method comprising:at a network device configured as a Virtual Extensible Local Area Network (VxLAN) Tunnel Endpoint (VTEP):
storing VTEP membership information that associates VxLANs each with a corresponding set of VTEPs authorized to originate VxLAN packets on that VxLAN, the VTEP membership information including a VxLAN identifier (VNI) of each VxLAN and an Internet Protocol (IP) address representing a respective source IP address of each VTEP in the corresponding set of VTEPs corresponding to that VNI and that are authorized to originate VxLAN packets;
receiving from a communication network a VxLAN packet that includes an original Ethernet frame encapsulated in a VxLAN encapsulation, the VxLAN encapsulation including a VNI that identifies a VxLAN associated with the VxLAN packet, an outer User Datagram Protocol (UDP) header, an outer IP header including a source IP address of an originating VTEP and a destination IP address, and an optional outer IEEE 802.1Q field;
comparing the source IP address of the originating VTEP to the IP addresses of the set of VTEPs associated with the VNI of the VxLAN in the VTEP membership information that matches the VNI of the VxLAN identified by the VxLAN encapsulation of the received VxLAN packet;
if the comparing indicates that the source IP address of the originating VTEP is not included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, discarding the received VxLAN packet and blocking flooding of network frames to local endpoint systems on a local area network connected to the VTEP, wherein the discarding results in discarding the VxLAN packet when the VxLAN packet is a malicious VxLAN packet in which the IP source address and the VNI do not match the IP addresses and the corresponding VNIs of the membership information, respectively; and
if the comparing indicates that the source IP address of the originating VTEP is included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, decapsulating the VxLAN packet to recover the original Ethernet frame, and forwarding the recovered original Ethernet frame to a destination Media Access Control (MAC) address specified therein.

US Pat. No. 10,171,558

CROSS DEVICE APPLICATION DISCOVERY AND CONTROL

Microsoft Technology Lice...

1. A system comprising:a processor;
a memory;
one or more applications stored in the memory and executed, at least in part, by the processor; and
a cross device remote control module, stored in the memory, wherein the cross device remote control module is configured to discover remote applications on one or more target devices, and comprises:
a cross device application model client configured to:
connect to the one or more target devices via a network;
determine a level of trust between a device associated with the cross device remote control module and the one or more target devices is above a pre-determined trust level;
send, to the one or more target devices via the network, an application discovery query comprising a request for capability data corresponding to at least one of device information or application information on the one or more target devices; and
receive, from the one or more target devices via the network, one or more application discovery responses comprising an indication of a capability of the one or more target devices regarding the at least one of the device information or the application information; and
a remote application discovery client configured to:
process the one or more application discovery responses to determine the capability of each of the one or more target devices;
select a target device of the one or more target devices based at least in part on a determination of the capability of the target device; and
send a signal to the target device to perform a particular task.

US Pat. No. 10,171,557

METHOD AND DEVICE FOR PROCESSING MEDIA STREAMS BETWEEN A PLURALITY OF MEDIA TERMINALS AND A PROCESSING UNIT ALL CONNECTED TO ONE ANOTHER OVER A COMMUNICATION NETWORK

ALCATEL LUCENT, Boulogne...

1. A method for processing media streams between a plurality of media terminals and a processing unit over a communication network, the method comprising, by the processing unit:receiving, from each of the media terminals, corresponding media streams comprising video transmission and audio transmissions;
monitoring sound activity of each of the media terminals from the audio transmissions;
selecting the N loudest participants based on the monitored sound activity, wherein the selected participants are identified as active participants and non-selected participants are identified as non-active participants;
pausing audio transmissions while permitting video transmissions from the non-active participants by transmitting a first pause signal to the non-active participants to pause the audio transmissions from the non-active participants;
receiving a request from a moderator terminal to permit a selected non-active participant terminal to resume audio transmissions in addition to the video transmissions;
in response to the request, transmitting a resume signal to the selected non-active participant terminal and transmitting a second pause signal to one or more active participants to pause both audio and video transmissions,
wherein the resume signal, first pause signal, and second pause signal are in the form of and RTP/RTCP real-time communication protocol.

US Pat. No. 10,171,555

CONTAINERIZED SOFTWARE FOR VIRALLY COPYING FROM ONE ENDPOINT TO ANOTHER

Cinsay, Inc., Dallas, TX...

1. A server-implemented method, comprising:receiving, at one or more servers, a request for media content to be displayed at a first endpoint compute device;
identifying information about a first endpoint compute device-associated environment;
identifying a set of objects to include in a first media container for the media content, the set of objects identified based on the identified information about the first endpoint compute device-associated environment, at least one of the objects including processor-readable instructions that, when executed by the first endpoint compute device, allow a user of the first endpoint compute device to complete a first transaction during a display of the media content on the first endpoint compute device, at least one of the objects including processor-readable instructions that, when executed by the first endpoint compute device, automatically authenticate an account associated with the user; and
sending the first media container including the identified set of objects from the one or more servers to the first endpoint compute device.

US Pat. No. 10,171,554

DISTRIBUTING SUBSCRIBER DATA IN A MOBILE DATA NETWORK

International Business Ma...

1. A mobile data network comprising:an antenna that communicates with user equipment;
at least one basestation coupled to the antenna that communicates with the user equipment via the antenna;
a plurality of data chunks residing in the mobile data network, each data chunk comprising:
a device address that makes the data chunk addressable as a physical device in the mobile data network;
a data portion corresponding to subscriber data for a subscriber;
a network component coupled to the basestation, the network component comprising a subscriber database that includes information relating to physical devices used by the subscriber to access the mobile data network, wherein the information relating to physical devices used by the subscriber comprises the device address of the data chunk;
a subscriber data mechanism residing in a component in the mobile data network that performs the steps of:
identifying a plurality of data chunks corresponding to a selected subscriber in the mobile data network that comprise subscriber data to be distributed;
identifying a plurality of devices in the mobile data network that each can receive at least one of the data chunks, wherein the identified plurality of devices comprises a plurality of mobile devices used by different subscribers of the mobile data network;
distributing the plurality of data chunks to the plurality of devices;
writing location of the plurality of data chunks to a tracking table in the mobile data network; and
writing the location of the plurality of data chunks to each of the plurality of devices.

US Pat. No. 10,171,553

METHOD FOR MONITORING AND CONTROLLING AN ACCESS CONTROL SYSTEM

1. A method for monitoring and controlling an access control system (12) having at least one server (16) and at least one access control device (22) which is connectable to the at least one server (16) for the purpose of data communication, the method comprising:positioning the at least one access control device in a location that facilitates monitoring and controlling the access of people to a controlled area;
providing a user with data goggles (1) for monitoring and controlling the access control system;
wirelessly connecting the data goggles to the at least one server (16) of the access control system (12) and the at least one access control device (22) for the purpose of data communication and receiving data in real time from at least one of the at least one server (16) and the at least one access control device (22), which enable the monitoring of the access control system (12);
displaying the data to the user of the data goggles (1) with a display device (10) of the data goggles (1);
controlling the access control system (12) with control commands which are input by the user into the data goggles (1) and transmitting the control commands from the data goggles to the at least one of the at least one server (16) and the at least one access control device (22);
inputting the control commands by one of voice control via a microphone (8) integrated in the data goggles (1), gesture control by a camera (7) integrated in the data goggles (1), actuation of a touchpad integrated in the data goggles (1), and eye tracking; and
actuating the at least one access control device based on the control commands input by the user into the data goggles to either allow or deny a person access to the controlled area.

US Pat. No. 10,171,552

SYSTEMS AND METHODS FOR INTEGRATING EXTERNAL RESOURCES FROM THIRD-PARTY SERVICES

UberGrape GmbH, Vienna (...

1. A network-accessible device comprising:a display configured to present a messaging interface that is generated by a communication platform to a user;
an input device configured to allow the user to interact with the messaging interface; and
a processor communicatively coupled to the display and the input device, the processor configured to execute a specific set of instructions that:
allow the user to input a message into a text field of the messaging interface using the input device;
automatically detect a trigger character within the message;
identify one or more characters that immediately follow the trigger character, wherein the one or more characters specify a desired electronic document;
cause one or more electronic documents to be identified that are possible matches to the desired electronic document, wherein the one or more electronic documents are selected based on the one or more characters;
present the one or more electronic documents within the messaging interface for review by the user;
allow the user to select an electronic document of the one or more electronic documents, wherein the selected electronic documents represents the desired electronic document;
responsive to the selection of the particular electronic document,
replace the trigger character and the one or more characters with a link to the selected electronic document; and
transmit the message, including the link to the selected electronic document, to another network-accessible device in response to the user selecting a send button on the messaging interface.

US Pat. No. 10,171,551

SYSTEMS AND METHODS FOR INTEGRATING EXTERNAL RESOURCES FROM THIRD-PARTY SERVICES

UberGrape GmbH, Vienna (...

1. A computer-implemented method comprising:identifying a service that is to be integrated into a communication platform, wherein the service hosts electronic resources within one or more databases;
integrating the electronic resources by tagging metadata associated with each electronic resource;
indexing the metadata to make the electronic resources readily searchable from a messaging interface that is generated by the communication platform;
analyzing a textual input entered by a user at the messaging interface;
detecting a reference to a desired electronic resource within the textual input;
identifying one or more suggested electronic resources based on the reference; and
allowing the user to select the desired electronic resource from the one or more suggested electronic resources.

US Pat. No. 10,171,549

NOTIFICATION ALERTS BASED ON INCREASED ACCESS TO A DIGITAL RESOURCE

International Business Ma...

1. A method for event notification, the method comprising:identifying, by one or more processors, a profile of a first user, wherein the profile of the first user includes one or more profile elements;
identifying, by one or more processors, a plurality of users having a corresponding profile that includes at least one profile element in common with the identified profile of the first user;
identifying, by one or more processors, a computer network accessible resource;
determining, by one or more processors, an increase in activity of the identified computer network accessible resource by the identified plurality of users;
identifying, by one or more processors, that the user profile of the first user includes another profile element, wherein the other profile element is associated with a location of the first user during a first period of time;
determining, by one or more processors, based on polling one or more devices of the first user via a network, a current physical location of the first user;
identifying, by one or more processors, a second period of time and a physical location related to a temporal occurrence of an event associated with the identified computer network accessible resource;
determining, by one or more processors, based on the other element of the profile of the first user and the determined current physical location of the first user, that the first user is within a physical and a temporal proximity of the temporal occurrence of the event associated with the identified computer network accessible resource; and
responsive to determining that the first user is within the physical and the temporal proximity of the event associated with the identified computer network accessible resource, communicating, by one or more processors, via the network, a notification to the first user utilizing a device of the first user that is active, wherein the communicated notification provides an indication of the determined increase in activity of the identified computer network accessible resource by the identified plurality of users.

US Pat. No. 10,171,547

NEIGHBOR DISCOVERY FOR IPV6 SWITCHING SYSTEMS

Cisco Technology, Inc., ...

1. A method comprising:receiving a first IPv6 traffic at a first switch device of a multi device switching system comprising a plurality of switch devices, the plurality of switch devices linked together through a switching fabric and configured to operate as a single routing entity, wherein each of the plurality of switch devices is associated with a local switch device processor, and wherein the multi device switching system is controlled with a central controller comprising a central controller processor;
determining, at the first switch device, that the first IPv6 traffic comprises a neighbor discovery message, wherein determining that the first IPv6 traffic comprises the neighbor discovery message comprises:
comparing a message type associated with the first IPv6 traffic with a predetermined list of reserved internet control message protocol (ICMP) message types, wherein each of the reserved ICMP message types on the predetermined list are classified as comprising neighbor discovery messages, and
determining the first IPv6 traffic comprises the neighbor discovery message when the message type associated with the first IPv6 traffic matches with one of the reserved ICMP message types on the predetermined list, wherein the predetermined list is stored at the first switch device;
punting the first IPv6 traffic to a first local switch device processor associated with the first switch device only when the first IPv6 traffic comprises the neighbor discovery message;
receive a second IPv6 traffic at the first switch device;
determining, at the first switch device, that the second IPv6 traffic does not comprise the neighbor discovery message; and
punting, when the second IPv6 traffic does not comprise the neighbor discovery message, the second IPv6 traffic to the central controller processor.

US Pat. No. 10,171,546

CONTENT REPRODUCTION APPARATUS, CONTROL INFORMATION PROVIDING SERVER, AND CONTENT REPRODUCTION SYSTEM

Saturn Licensing LLC, Ne...

1. A content reproduction apparatus comprising:a memory device having stored thereon a program; and
a processing device which upon executing the program obtained from the memory device operates as
a reproduction control unit configured to control reproduction of a link-type content including a plurality of scenarios that each include content data and control information regarding reproduction of the content data; and
a control information acquisition unit configured to (i) add both common user authentication information commonly used in the scenarios of the content and user authentication information of a respective provider that provides the respective scenario which is unique to each said provider, to an acquisition request message used to acquire the control information, (ii) transmit the acquisition request message, and (iii) acquire the control information,
wherein the reproduction control unit is configured to control the reproduction of the link-type content by reproducing the content data in accordance with the control information including event information used to transition from a current scenario to another scenario, and
wherein the control information acquisition unit is configured to take over the common user authentication information of a user between ones of the scenarios involving different providers without a log-in operation being performed therebetween, such that when transitioning from a first scenario involving a first provider to a second scenario involving a second provider different from the first provider the control information acquisition unit is configured to take over the common user authentication information of the user so as to enable identification of the user without performing the log-in operation,
wherein the common user authentication information comprises a common token that is included in the control information provided by one of the providers, wherein the user authentication information of the respective provider comprises a provider token that is included in the control information provided by one of the providers, and wherein the provider token is not taken over when transitioning from a first scenario involving a first provider with a first domain to a second scenario involving a second provider with a second domain different from the first domain.

US Pat. No. 10,171,545

SYSTEM FOR TRANSFERRING REAL-TIME AUDIO/VIDEO STREAM

YUAN ZE UNIVERSITY, Taoy...

1. A system for transferring real-time audio/video stream, comprising:a mobile device, comprising:
a video recorder, generating a real-time video stream;
a fragmented media data codec, encoding the real-time video stream to generate a fragmented media data, wherein the fragmented media data comprises a start fragment information, at least one media fragment and a media fragment random access point;
a segmented media data codec, dividing the fragmented media data to a plurality of segmented media data, wherein the segmented media data has a start segment and at least one play segment; and
a wireless communication interface;
a server, the segmented media data codec transmitting the segmented media data to the server through the wireless communication interface;
a client terminal, receiving the segmented media data pushed by the server and playing the segmented media data through a browser; and
wherein the mobile device receives a weight information, when the fragmented media data codec encodes the real-time video stream to generate the fragmented media data, the weight information is written in the start fragment information, the client terminal determines a playing sequence for all the segmented media data according to their weight information, and plays these segmented media data according to the playing sequence.

US Pat. No. 10,171,544

RADIO BASE STATION

NTT DOCOMO, INC., Tokyo ...

1. A radio base station comprising:a processor that controls communication with a mobile station via one or more sessions in a bearer;
wherein the processor detects a change of at least one of an IP address and an SSRC (Synchronization Source) in a compressed header of a packet,
wherein when (i) a current number of established sessions is equal to a maximum number of sessions that can be supported by the radio base station or the mobile station and (ii) the processor attempts to add a new session in which header compression is applied, upon detection of the change of the at least one of the IP address and the SSRC, the processor deletes one of the established sessions to which header compression is applied and adds the new session; and
a transmitter that transmits the packet via the new session.

US Pat. No. 10,171,543

MEDIA STREAMING METHOD AND ELECTRONIC DEVICE THEREOF

Samsung Electronics Co., ...

1. A method of a first electronic device transmitting packets constituting stream data, to a second electronic device for providing a streaming service, the method comprising:receiving, from the second electronic device, stream information comprising a system time of the second electronic device, a first timestamp of a packet received from the first electronic device at the system time, and a second timestamp of a packet being played in the second electronic device at the system time;
determining, by comparing the first timestamp with the system time, whether a first delay occurs;
determining, by comparing the first timestamp with the second timestamp, whether a second delay occurs; and
controlling, based on determining that at least one of the first delay or the second delay occurs, at least one packet of the stream data to be transmitted to the second electronic device.

US Pat. No. 10,171,542

METHOD FOR PROVIDING CLOUD STREAMING SERVICE, DEVICE AND SYSTEM FOR SAME, AND COMPUTER-READABLE RECORDING MEDIUM HAVING, RECORDED THEREON, CLOUD STREAMING SCRIPT CODE FOR SAME

SK TECHX CO., LTD., Seou...

1. A cloud service device comprising:a memory configured to store a predefined script code for cloud streaming; and
a processor configured to:
receive a request for a web page that is not defined for the cloud streaming from a terminal,
find a Java script code region in the web page,
determine whether the predefined script code for cloud streaming is inserted to the Java script code region,
identify an insertion location of the predefined script code,
insert the predefined script code into the insertion location when the predefined script code is determined not to be inserted to the Java script code region,
execute the predefined script code inserted in the web page,
redefine a designated object in the web page,
display a designated message of the web page on a main window,
create a capture image by capturing the web page having the inserted predefined script code,
encode the capture image,
transmit the encoded capture image to the terminal,
receive a message for activating the designated message from the terminal,
display the designated message on the main window based on the redefined designated object when the message is received, and
provide a processing result to the terminal,
wherein, when the predefined script code is determined to be inserted to the Java script code region, the processor is configured to encode the capture image.

US Pat. No. 10,171,541

METHODS, DEVICES, AND COMPUTER PROGRAMS FOR IMPROVING CODING OF MEDIA PRESENTATION DESCRIPTION DATA

Canon Kabushiki Kaisha, ...

1. A proxy for providing a standard manifest for requesting streamed timed media data associated with at least one media item, organized into temporal media segments, the streamed timed media data belonging to partitioned timed media data comprising timed samples, the streamed timed media data being transmitted as media segment files each comprising at least one independently processed component resulting from processing at least one of the timed samples, the proxy comprising at least one microprocessor configured for carrying out the steps of:receiving an enhanced manifest comprising metadata for describing the processed components, the metadata comprising parameters used for describing at least a part of one of the processed components,
wherein at least one of the parameters is a dynamic parameter which value can vary over time, the at least one parameter being associated with an element referring to a metadata resource which is external to the enhanced manifest and which comprises at least one value defining the at least one parameter;
determining which parameters are not resolved from the enhanced manifest as the at least one parameter; and
generating a standard manifest based on metadata of the enhanced manifest and of the at least one value defining the at least one parameter,
wherein the at least one parameter is resolved dynamically using remote information such that at least one parameter from the enhanced manifest may be dynamically re-evaluated without depending upon media presentation description.

US Pat. No. 10,171,540

METHOD AND APPARATUS FOR STREAMING VIDEO SECURITY

HIGH SEC LABS LTD, Yokne...

1. A streaming video security device comprising:an input LAN port for receiving packet-based streaming video input indicative of a video signal;
at least one streaming video decoder for receiving said streaming video input from said input LAN port and converting said streaming video input to raw video display-compatible output, said raw video display-compatible output comprising only non-packet-based image data;
at least one streaming video encoder for receiving said raw video display-compatible output and outputting safe video streaming packets;
at least one unidirectional data flow element having an input connected directly to an output of said at least one streaming video decoder and having an output connected directly to an input of said at least one streaming video encoder, said at least one unidirectional data flow element being configured to enforce transmission of said non-packet-based raw video display-compatible output only in the direction from said at least one streaming video decoder to said at least one streaming video encoder;
an output LAN port for transmitting said safe video streaming packets;
wherein said streaming video input indicative of a video signal undergoes conversion to said raw video display-compatible signal and then converted back to said streaming video output within the streaming video security device to thereby eliminate any malicious data or malicious code from the streaming video output, and
wherein said at least one unidirectional data flow element provides isolation between said at least one streaming video decoder and said at least one streaming video encoder.

US Pat. No. 10,171,539

METHOD AND APPARATUS FOR TIME STRETCHING TO HIDE DATA PACKET PRE-BUFFERING DELAYS

1. A method comprising:while rendering, via a processor, a first data packet in a stream of data packets, generating a fill packet associated with the first data packet; and
after rendering the first data packet, and before rendering a second data packet which is next to and following the first data packet in the stream of data packets, rendering the fill packet at a different speed relative to the rendering of the first data packet.

US Pat. No. 10,171,538

ADAPTIVELY SERVING COMPANION SHARED CONTENT

Google LLC, Mountain Vie...

1. A system comprising:a memory;
a processor, coupled to the memory, to:
provide, via an online service, media content for consumption by a user of a user device, wherein the media content is provided for playback within a media player of the user device;
provide in-stream content to the user device for automatic playback within the media player of the user device without the playback of the media content;
receive an indication of user interaction with the in-stream content that is automatically played back within the media player of the user device without the playback of the media content; and
select companion content to send to the user device based on the indication of user interaction, wherein the companion content is unrelated to the in-stream content and is selected responsive to the indication of user interaction suggesting that the user is uninterested in the in-stream content.

US Pat. No. 10,171,537

SEGREGATION OF ELECTRONIC PERSONAL HEALTH INFORMATION

1. A system, comprising:a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
receiving a first data stream from a device;
determining that the first data stream comprises protected information based on an indication of a type of application associated with the first data stream, and a function of a location of the device, a time that the first data stream is received, and a user profile active on the device, wherein the protected information is electronic personal healthcare information;
in response to determining that the first data stream comprises the protected information, encrypting the first data stream resulting in an encrypted data stream;
adding metadata to the encrypted data stream indicating that the encrypted data stream comprises the protected information resulting in a modified first data stream;
segregating, based on the metadata of the modified first data stream, the modified first data stream from a second data stream provided by the device, the second data stream not comprising the electronic personal healthcare information; and
transmitting the modified first data stream and the second data stream via a network device of a mobile network.

US Pat. No. 10,171,536

RAPID OPTIMIZATION OF MEDIA STREAM BITRATE

ATLASSIAN PTY LTD, Sydne...

1. A method comprising:using a media server during a first media session between a client device and the media server, determining a stable bitrate value based on an actual rate at which the media server receives packets from the client device, the stable bitrate for use by the client device as an initial rate of transmitting multimedia data from the client device to the media server;
storing, in a database, the stable bitrate value for the client device in association with an identifier;
receiving, from the client device, a request to establish a second media session;
determining the identifier within the request;
in response to the request, based on the identifier in the request, searching the database for the stable bitrate value that is associated with the identifier;
in response to locating the stable bitrate value in the database and before receiving multimedia data from the client device, sending, by the media server, the stable bitrate value to the client device, wherein the client device estimates an initial bitrate for transmitting multimedia data from the client device to the media server in the second media session;
establishing, by the media server, the second media session;
receiving, initially and by the media server, multimedia data from the client device at the initial bitrate based on the stable bitrate.

US Pat. No. 10,171,535

CONTROLLING MP3 PLAYER

International Business Ma...

1. A computer system, comprising a computing device, an audio player device, and one or more computer readable hardware storage devices containing program instructions which upon being executed on both the computing device and the audio player device, implement a method for communicating an audio message file from the computing device to the audio player device, said method comprising:said computing device generating or selecting the audio message file;
said computing device creating a control file comprising a first entry, wherein the first entry comprises the identity of the audio player device, a name of the audio message file to be sent to the audio player device, a time stamp denoting a time at which to send the audio message file to the audio player device, and a queue flag having a value of TRUE if an attempt is to be made to send the audio message file to the audio player device later in response to a determination that the audio player device is not currently active;
said computing device parsing the first entry in the control file;
said computing device identifying from said parsing the first entry: the audio player device, the name of the audio message file, the time stamp, and the queue flag;
said computing device ascertaining whether the audio player device is currently active;
if said ascertaining ascertains that the audio player device is currently active, then said computing device sending an intent-to-send preliminary message to the audio player device, wherein the intent-to-send preliminary message contains the name of the audio message file, a size of the audio message file, and an Internet Protocol (IP) address of the computing device;
if said ascertaining ascertains that the audio player device is not currently active, then said computing device determining whether the queue flag has the value of TRUE, and in response to determining that the queue flag has the value of TRUE, said computing device adding the first entry to the control file as a next entry in the control file to process, parsing the first entry, and determining that the audio player device is currently active, and in response, said computing device sending the intent-to-send preliminary message to the audio player device;
after said sending the intent-to-send preliminary message to the audio player device, said computing device receiving, from the audio player device, an OK-to-send message, and in response, said computing device sending the audio message file from the computing device to the audio player device at the time denoted by the time stamp and said computing device deleting the first entry in the control file;
said audio player device receiving the audio message file sent from the computing device to the audio player device; and
in response to said receiving the audio message file, said audio player device halting play of a song or other audio content that was being played by the audio player device at a time of receipt of the audio message file and playing the audio message file approximately upon said halting play of the song or other audio content.

US Pat. No. 10,171,533

SYSTEM AND METHOD FOR IDENTIFYING DEVICES IN A ROOM ON A NETWORK

Image Stream Medical, Inc...

1. A system for identifying sources used in a medical procedure performed at a medical treatment location, the system comprising:a control computer configured to
couple to a digital switch;
receive information identifying a first source to be used in the medical procedure performed at the medical treatment location; and
present, via a graphical user interface configured to couple to the control computer, source identifying information based on the information identifying the first source; and
a first adapter unit configured to
couple to the digital switch;
couple to a single source corresponding to the first adapter unit, the single source being the first source;
identify the first source;
provide the information identifying the first source to the control computer via the digital switch;
receive video data in a first source-specific format from the first source;
normalize the video data into standard format video data; and
provide the standard format video data in the standard format to the digital switch.

US Pat. No. 10,171,532

METHODS AND SYSTEMS FOR DETECTION AND CLASSIFICATION OF MULTIMEDIA CONTENT IN SECURED TRANSACTIONS

Citrix Systems, Inc., Fo...

31. A method for classifying multimedia content in one or more transactions, the method being performed by one or more processors, comprising:acquiring one or more transactions between a client device and a server device, wherein the one or more transactions include one or more requests from the client device and one or more corresponding responses from the server device;
detecting boundaries of the one or more transactions;
generating a multimedia session object based on the detected boundaries, the multimedia session object providing an indication of a number of transactions for communicating the multimedia content associated with a multimedia session between the client device and the server device; and
classifying the multimedia content based on the number of transactions indicated by the multimedia session object.

US Pat. No. 10,171,531

CONTINUING ELECTRONIC MEDIA ENTERTAINMENT AFTER COMPLETION OF TRAVEL SEGMENT

Viasat, Inc., Carlsbad, ...

1. A method, comprising:identifying, for a personal electronic device in a vehicle, that streaming of a first remaining portion of an electronic media item from an access point in the vehicle to the personal electronic device via a first communication connection will exceed a first remaining time period of a travel segment of the vehicle by a first excess portion;
transmitting, based at least in part on the identifying, at least a portion of the first excess portion of the electronic media item to the personal electronic device to be stored in an access-controlled media file;
identifying, after transmitting the at least the portion of the first excess portion to the personal electronic device, that streaming of a second remaining portion of the electronic media item will exceed a second remaining time period of the travel segment by a second excess portion;
transmitting the second excess portion of the electronic media item to be stored in the access-controlled media file;
receiving a request for resuming playback of the electronic media item; and
transmitting a playback control code to the personal electronic device via a second communication connection, the playback control code specific to the stored access-controlled media file and permitting playback of the access-controlled media file at the personal electronic device.

US Pat. No. 10,171,530

DEVICES AND METHODS FOR TRANSMITTING ADAPTIVELY ADJUSTED DOCUMENTS

Hisense USA Corp., Suwan...

1. An electronic device, comprising:a memory comprising a set of instructions for transmitting adaptively adjusted visual content in a home network system; and
a processor in communication with the memory, wherein when executing the set of instructions, the processor is directed to, through a home network:
establish a communication connection with a first target terminal device via the home network;
receive from the first target terminal device a first request to display a visual content;
obtain an original version of the visual content in response to the first request;
obtain an original vertical pixel resolution and an original horizontal pixel resolution of the original version of the visual content;
determine a first predetermined display requirement associated with the first target terminal device from a first pre-established device profile for the first target terminal device persistently maintained in the electronic device, wherein the first predetermined display requirement comprises a vertical pixel resolution and horizontal pixel resolution of the first target terminal device;
obtain a first ratio between the vertical pixel resolution and the original vertical pixel resolution;
obtain a second ratio between the horizontal pixel resolution and the original horizontal pixel resolution;
transform the original version of the visual content into a first version of the visual content to conform with the first predetermined display requirement based on at least smaller of the first ratio and the second ratio; and
send the first version of the visual content to the first target terminal device via the home network.

US Pat. No. 10,171,529

VEHICLE AND OCCUPANT APPLICATION INTEGRATION

AUTOCONNECT HOLDINGS LLC,...

1. A method of streaming a device application within a vehicle, comprising:providing a communication system that includes at least one communication transceiver;
receiving a signal by the communication transceivers;
identifying the origin of the signals by the communication system;
starting the device application within the vehicle;
receiving a user request to stream the device application to the vehicle;
determining if the vehicle is configurable to receive the stream;
when the vehicle is not configurable to receive the stream, notifying the user that the device application cannot be streamed;
when the vehicle is configurable to receive the stream, configuring the vehicle to receive the stream, streaming the device application to the vehicle, and displaying the device application on a vehicle display;
providing, in the vehicle, a first operating system and a second operating system executing on a common microprocessor, wherein the first operating system comprises one or more applications performing a critical vehicle task, function, or operation, and the second operating system comprises the device application;
collecting, by a computer control module, one or more metrics regarding an operation of the first operating system or the second operating system in communication with the computer control module, the computer control module including a profile identification module that collects a first metric regarding a persona of a vehicle occupant and seating position of the vehicle occupant, wherein the first metric is an age of the vehicle occupant;
determining, by the computer control module, whether the first metric of the collected one or more metrics is outside of a predetermined range;
when the first metric is outside the predetermined range, restricting, modifying, or shutting down the device application, but not the first operating system;
wherein the critical vehicle task, function or operation is one or more of monitoring, controlling, or operating the ECU, TCU, door settings, window settings, or blind spot monitor, monitoring, controlling, or operating the safety equipment, monitoring or controlling certain critical sensors, controlling the operation of the engine, head light control unit, power steering, display panel, switch state control unit, power control unit, or brake control unit, or issuing alerts to a user or remote monitoring entity of potential problems with a vehicle operation; and
wherein the critical sensors include at least one of a power source controller and energy output sensor, engine temperature sensor, oil pressure sensor, hydraulic pressure sensors, sensors for headlight and other lights, vehicle control system sensors, or steering/torque sensor.

US Pat. No. 10,171,527

GOAL-BASED CONNECTION MANAGEMENT BETWEEN PARTIES

International Business Ma...

1. A computer-implemented method for managing electronic communication connections, the computer-implemented method comprising:receiving, by a monitoring computer system, a message from a first party, wherein the message identifies a goal of the first party;
receiving, by the monitoring computer system, an identity of a second party that has been selected by the first party to assist the first party in achieving the identified goal of the first party;
creating, by the monitoring computer system, an electronic communication connection for electronic communications between the first party and the second party, wherein the electronic communications are related to accomplishing the identified goal of the first party;
monitoring, by the monitoring computer system, the electronic communications between the first party and the second party, wherein said monitoring executes message analytics to determine a status of the identified goal of the first party, wherein the message analytics identifies key words in the electronic communications that are related to the identified goal of the first party;
receiving, by the monitoring computer system, a goal abandonment message from the first party, wherein the goal abandonment message identifies an abandonment of the identified goal by the first party;
in response to receiving the goal abandonment message from the first party, disconnecting, by the monitoring computer system, the electronic communication connection between the first party and the second party;
determining, by the monitoring computer system, that a quantity of key words in the electronic communications between the first party and the second party falls below a predetermined frequency over a predefined period of time; and
in response to determining, by the monitoring computer system, that the quantity of key words in the electronic communications between the first party and the second party falls below the predetermined frequency over the predefined period of time, establishing, by the monitoring computer system, a new electronic communication connection between the first party and a third party that has been predetermined to be able to assist the first party in reaching the identified goal of the first party.

US Pat. No. 10,171,526

ON DEMAND IN-BAND SIGNALING FOR CONFERENCES

ATLASSIAN PTY LTD, Sydne...

1. A computer implemented method comprising:transmitting initial signaling data for a video conference using Web Real Time Communication (WebRTC) from a signaling server over a WebRTC signaling channel to a plurality of client computing devices, wherein the initial signaling data comprises data needed for a client computing device to connect to the video conference and wherein the initial signaling data omits identifiers for media data;
establishing, by a media server, the video conference with the plurality of client computing devices, the plurality of client computing devices having used the initial signaling data to connect to the media server;
sending, by the media server, media data for a subset of the plurality of client computing devices to the plurality of client computing devices;
sending, by the media server, identifiers of the media data to the plurality of client computing devices.

US Pat. No. 10,171,525

AUTONOMIC MEETING EFFECTIVENESS AND CADENCE FORECASTING

INTERNATIONAL BUSINESS MA...

1. A method comprising:configuring an autonomous system to receive meeting participation data from a meeting participation tool that is configured in a meeting environment;
collecting, using the autonomous system via the meeting participation tool of the meeting environment, the meeting participation data of a meeting in-progress, the meeting comprising a group of participants;
analyzing, using the autonomous system, the meeting participation data to identify a topic being discussed in the meeting;
forecasting, using the autonomous system, using a processor and a memory, using a trend of affective states of a participant, a future affective state of the participant relative to the topic;
evaluating, using the autonomous system, the future affective state to conclude that data contributed by the participant at a future time in the meeting is not likely to progress the topic to completion by at least a specified degree;
selecting, using the autonomous system, a cognitive system (cog) trained in the subject-matter; and
adding, using the autonomous system, the cog to the meeting before the future time and while the meeting is in-progress, the adding the cog causing the cog to receive the meeting participation data from the meeting participation tool in the meeting environment, and further causing the cog to insert a cog output in the meeting participation data.

US Pat. No. 10,171,524

METHODS AND SYSTEMS FOR ESTABLISHING, HOSTING AND MANAGING A SCREEN SHARING SESSION INVOLVING A VIRTUAL ENVIRONMENT

Adobe Systems Incorporate...

1. A web conferencing system comprising:one or more processors of a web conferencing server; and
one or more computer storage media storing computer-executable instructions that, when executed by the one or more processors, implement a method comprising:
receiving, from a web conferencing application executing at a host computing device, a request to establish a web conferencing session, the web conferencing session including the host computing device and a participant computing device,
based on the request to establish the web conferencing session, establishing the web conferencing session,
receiving, from the web conferencing application executing at the host computing device, a request to establish a remote desktop connection with a remote computing device, wherein the remote desktop connection enables the host computing device to control the remote computing device and provides for sharing a graphical user interface that is generated by the remote computing device for presentation at a display of the remote computing device, and wherein the request to establish the web conferencing session and the request to establish the remote desktop connection are received in a single communication session between the host computing device and the web conferencing server,
receiving, from the web conferencing application executing at the host computing device, an indication of an identity of the remote computing device, wherein the indication of the identity of the remote computing device is received based on a prompt for information identifying the remote computing device,
based on the request to establish the remote desktop connection with the remote computing device and on the indication of the identity of the remote computing device, establishing the remote desktop connection with the remote computing device, and
based on the remote desktop connection, sharing the graphical user interface that is generated by the remote computing device with the host computing device and the participant computing device.

US Pat. No. 10,171,523

MULTI-TIER PUSH SERVICE CONTROL ARCHITECTURE FOR LARGE SCALE CONFERENCE OVER ICN

Futurewei Technologies, I...

1. A multi-tier conference service controller comprising:a network interface connecting the conference service controller to a plurality of conference service proxies and further connecting the conference service controller to a plurality of conference service clients via the conference service proxies to form a multi-tier conference service network;
a memory configured to store a conference digest log, the conference digest log comprising a plurality of conference events performed by the conference service clients, each of the conference events comprising a fingerprint (FP) update, the conference digest log comprising a plurality of entries associated with previous FP updates for the conference events performed by the conference service clients; and
a processor coupled to the network interface and the memory, wherein the processor is configured to:
receive, via the network interface, a first message from a first conference service proxy, the first message comprising a first FP update associated with a recent conference event performed by a first conference service client associated with the first conference service proxy, the first FP update comprising a type of the recent conference event, a signature profile of a conference participant associated with the first conference service client, and a non-location based address of a data object associated with the recent conference event and being related to content that is accessed during the recent conference event;
update the conference digest log according to the first FP update;
push, via the network interface, a second message to a second conference service proxy, the second message comprising a current entry for the first conference service proxy in the conference digest log, a last entry for the first conference service proxy obtained from the entries associated with the previous FP updates, and the first FP update of the first message;
perform a third update to the conference digest log by removing the first conference service client from the conference digest log; and
push, via the network interface, a third message indicating the removal of the first conference service client to the second conference service proxy.

US Pat. No. 10,171,522

VIDEO COMMENTARY

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving, at a computing device associated with a viewing user, video media content, wherein the viewing user is a member of a social network;
displaying, at the computing device, a graphical user interface (GUI) that includes a media display portion for the video media content and a comment display portion for comments received from one or more other users, wherein the GUI further includes at least one user selectable option to selectively display comments from the one or more other users;
playing, at the computing device, the video media content; and
receiving, at the computing device via the at least one user selectable option of the GUI, a first selection of a first set of the one or more other users who are members of the social network,
wherein the first selection indicates a request of the viewing user to view comments associated with the first set of the one or more other users,
wherein one or more of the comments associated with the first set of the one or more other users are displayed in the comment display portion of the GUI in response to receiving the first selection.

US Pat. No. 10,171,521

SEAMLESSLY CONFERENCING A PREVIOUSLY-CONNECTED TELEPHONE CALL

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of seamlessly conferencing a telephone call, comprising:establishing a telephone call connecting a first party and a second party, comprising creating a first session for the first party and a second session for the second party, the telephone call being a 2-party telephone call that is distinct from a conference call;
storing, for the telephone call, first session information describing the first session and second session information describing the second session, the first session information comprising a first phone number in use by the first party for the telephone call and a session identifier of the first session and the second session information comprising a second phone number in use by the second party for the telephone call and a session identifier of the second session;
receiving, while the telephone call continues to connect the first party and the second party, a request from the first party to create a conference call for adding a third party in communication with the first party and the second party;
determining, responsive to the receiving, that an active call record exists in which the first phone number and the second phone number are both specified, and thus concluding that the first party is already connected to the second party in the existing connected telephone call; and
non-disruptively establishing the requested conference call by moving the existing first session and the existing second session from the connected telephone call to a media server that provides the requested conference call, responsive to the concluding, without terminating the existing connected telephone call and without requiring acceptance of the conference call by the first party or the second party, further comprising:
retrieving the stored first and second session information;
generating a conference session identifier to represent the conference call;
generating a conference record and storing therein the conference session identifier, a link to the stored first session information, and a link to the stored second session information; and
updating the stored first session information and the stored second session information to include therein the conference session identifier.

US Pat. No. 10,171,520

SEAMLESSLY CONFERENCING A PREVIOUSLY-CONNECTED TELEPHONE CALL

INTERNATIONAL BUSINESS MA...

1. A system for seamlessly conferencing a telephone call, comprising:a computer comprising a processor; and
instructions which are executable, using the processor, to implement functions comprising:
establishing a telephone call connecting a first party and a second party, comprising creating a first session for the first party and a second session for the second party, the telephone call being a 2-party telephone call that is distinct from a conference call;
storing, for the telephone call, first session information describing the first session and second session information describing the second session, the first session information comprising a first phone number in use by the first party for the telephone call and a session identifier of the first session and the second session information comprising a second phone number in use by the second party for the telephone call and a session identifier of the second session;
receiving, while the telephone call continues to connect the first party and the second party, a request from the first party to create a conference call for adding a third party in communication with the first party and the second party;
determining, responsive to the receiving, that an active call record exists in which the first phone number and the second phone number are both specified, and thus concluding that the first party is already connected to the second party in the existing connected telephone call; and
non-disruptively establishing the requested conference call by moving the existing first session and the existing second session from the connected telephone call to a media server that provides the requested conference call, responsive to the concluding, without terminating the existing connected telephone call and without requiring acceptance of the conference call by the first party or the second party, further comprising:
retrieving the stored first and second session information;
generating a conference session identifier to represent the conference call;
generating a conference record and storing therein the conference session identifier, a link to the stored first session information, and a link to the stored second session information; and
updating the stored first session information and the stored second session information to include therein the conference session identifier.

US Pat. No. 10,171,519

SESSION TRANSFER PROTOCOL BETWEEN DIFFERENT BROWSERS ON DIFFERENT DEVICES

Verizon Patent and Licens...

1. A router device, comprising:a memory; and
one or more processors to:
establish a session for communicating data between a first user device and a server device;
monitor the data communicated via the session while routing the data between the first user device and the server device;
store session information based on monitoring the session;
the session information including information for transferring the session with the server device to a second user device;
register the second user device by creating an entry for the session in a session data structure;
receive, from the second user device, a request to transfer the session;
send, based on the request, the session information to the second user device causing the session to be transferred from the first user device to the second user device;
establish the session for communicating the data between the second user device and the server device;
detect the second user device is in a private mode; and
prevent the session, while the session is active and the router device is routing the data between the second user device and the server device, from being transferred from the second user device based on the second user device being in the private mode,
where the one or more processors, when preventing the session from being transferred, are to:
stop storing new session information for the session, and
deregister the second user device by deleting the entry for the session in the session data structure based on the second user device being detected to be in the private mode.

US Pat. No. 10,171,518

PERFORMING AN ACTION ON CERTAIN MEDIA STREAMS IN A MULTIMEDIA COMMUNICATIONS NETWORK

Telefonaktiebolaget LM Er...

1. A method for controlling a media session involving a plurality of media streams within a communications network, wherein the communications network comprises a media resource node and a media control node controlling the media resource node, the method comprising the media control node:determining that selected media streams out of the plurality of media streams are associated to each other in the media session;
generating a first instruction to group the determined selected media streams, the first instruction comprising a description packet for each of the determined selected media streams associated to a termination of the media resource node;
transmitting, to the media resource node, the first instruction to group the determined selected media streams; and
transmitting, to the media resource node, a second instruction to prepare for performing an action with respect to the determined selected media streams, wherein the second instruction comprises an indication of a media stream identifier representing the group of the determined selected media streams and an indication of the action to be performed.

US Pat. No. 10,171,517

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer system for handling notification about a malformed SIP response, the computer program product, the computer system comprising:a processor(s) set;
a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication,
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,516

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer program product for handling notification about a malformed SIP response comprising:a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication;
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,514

METHOD AND SYSTEM FOR ROUTING MEDIA CALLS OVER REAL TIME PACKET SWITCHED CONNECTION

GENBAND US LLC, Plano, T...

1. A method for routing of media calls over a real time packet switched connection, comprising the steps of:providing a session controller for connecting to a network,
providing a signaling switch for connecting to said session controller;
and
controlling call routing of a call in the network with said session controller, wherein the call originates from a user endpoint, said call routing control including identifiers for elements in at least two layers of a seven layer model, wherein the identifiers include a virtual local area network (VLAN) identifier, said call routing control including a preference for a codec for the call, and said call routing being carried out taking into consideration a mean opinion score qualifier from previous calls having a same source and destination as the call, wherein said session controller uses the VLAN identifier to identify the source of the call and after determining the source, the session controller determines said call routing control based on a policy associated with the source that takes into consideration an operator's cost of routing, the codec for the call, and the mean opinion score qualifier from previous calls having the same source and destination as the call.

US Pat. No. 10,171,513

METHODS AND APPARATUS FOR CONTROLLING CALL ADMISSION TO A NETWORK BASED ON NETWORK RESOURCES

GENBAND US LLC, Plano, T...

1. An apparatus comprising:a session controller coupled to a database and configured to receive an indication associated with an ingress call, wherein the ingress call is one of a group of calls associated with an ingress call peer, wherein the group of calls is associated with the same session initiation protocol (SIP) address-of-record information, wherein the ingress call peer represents the group of calls and indicates a signaling entity associated with the same SIP address-of-record information, wherein the signaling entity is associated with processing the ingress call;
the session controller being further configured to compare a number of active call-legs associated with the ingress call against a call-leg threshold associated with the ingress call peer, wherein the call-leg threshold indicates the limit for active call-legs associated with the ingress call peer; and
the session controller being further configured to reject the ingress call when the call-leg threshold is exceeded, wherein the session controller is further configured to reject the ingress call based on an indication of a best-effort service level, an indication of a call-load balance, or when the ingress call exceeds a provisioned service-level assurance threshold.

US Pat. No. 10,171,512

NETWORK NODE

METASWITCH NETWORKS LTD, ...

1. A method of operating a network node in a network, the method comprising:receiving signaling information, at the network node, for an in-progress communication session dialog;
processing, at the network node, the signaling information of said in-progress communication session dialog according to a stateless operating mode, wherein the processing according to the stateless operating mode comprises storing communication session dialog state data associated with said in-progress communication session dialog and wherein each time the network node processes signaling information for a given in-progress communication session dialog according to the stateless operating mode, the network node inserts a different unique identifier into a Record-Route header field of a first forwarded request for the given in-progress communication session dialog;
detecting, at the network node, an operating mode change trigger;
in response to the detection, retrieving, at the network node, said stored communication session dialog state data during said in-progress communication session dialog;
processing, at the network node, the signaling information for the in-progress communication session dialog according to a state-full operating mode, wherein the processing according to the state-full operating mode is carried out based at least in part on said retrieved communication session dialog state data, and wherein each time the network node begins to process signaling information for a given in-progress communication session dialog according to the state-full operating mode, the network node inserts the different unique identifier into a Contact header field of a second forwarded request for the given in-progress communication session dialog,
determining whether a received message comprises a unique identifier previously inserted by the network node in a top Record-Route header field and a URI field;
in response to a negative determination, first deducing that the network node has not previously stored communication session dialog state data associated with the given communication session dialog;
on the basis of the first deducing, forwarding the request having the different unique identifier for processing by a different network node;
in response to a positive determination, second deducing that the network node has previously stored communication session dialog state data associated with the given in-progress communication session dialog; and
on the basis of the second deducing, processing the forwarded request at the network node according to the state-full operating mode.

US Pat. No. 10,171,511

MEDIA SESSION BETWEEN NETWORK ENDPOINTS

Microsoft Technology Lice...

1. A computer-implemented method of establishing a media session between a first endpoint and a second endpoint via a communication network based on connectivity checks performed by the endpoints, the method comprising performing operations by the first endpoint, comprising:generating at the first endpoint a set of candidate pairs for connectivity checks by exchanging network addresses between the first and second endpoints;
assigning, by the first endpoint, a respective priority to each candidate pair of the candidate pair set to produce a first priority ordering of the candidate pairs;
determining by the first endpoint whether one or more connectivity check modification criteria is met for each candidate pair of the candidate pair set, wherein the connectivity check modification criteria is evaluated for each candidate pair based on characteristics of a potential network path operable between the first endpoint and the second endpoint that uses the candidate pair;
modifying, by the first endpoint and based on the determination of whether the connectivity check modification criteria is met, the respective priority of each candidate pair of the candidate set to produce a second priority ordering of the candidate pairs, such that candidate pairs that meet the connectivity check modification criteria are assigned a higher priority than any candidate pair that does not meet the connectivity check modification criteria;
determining the validity of at least two of the candidate pairs by performing connectivity checks in turn according to the second priority ordering of the candidate pairs; and
establishing the media session using a candidate pair determined to be valid.

US Pat. No. 10,171,510

SYSTEM AND METHOD FOR MONITORING AND GRADING A CYBERSECURITY FRAMEWORK

CyberSaint, Inc., Concor...

1. A cybersecurity system, comprising:processing logic configured to:
receive, over a network and from a client system, control information associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls;
transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information;
receive, over the network and from the client system, one or more responses to the one or more query scripts; and
transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system, and wherein the one or more suggestions include one or more updates to be made to the client system to improve the cybersecurity of the client system.

US Pat. No. 10,171,509

FILTERING AND REDACTING BLOCKCHAIN TRANSACTIONS

International Business Ma...

1. A method, comprising:identifying a blockchain transaction;
processing content of the blockchain transaction to identify prohibited content;
determining whether to approve or disapprove the blockchain transaction based on the content of the blockchain transaction;
determining that the content is disapproved after the blockchain transaction is logged in a blockchain;
determining to redact the blockchain transaction; and
redacting the blockchain transaction logged in the blockchain by creating and storing a transaction redaction contract in a genesis block of the blockchain.

US Pat. No. 10,171,508

PROVISIONING NEW VIRTUAL MACHINE WITH CREDENTIALS

SSH Communications Securi...

1. A method of provisioning a virtual data processing instance in a virtualized environment, comprising:provisioning, by a data processing apparatus configured for hosting virtual data processing instances, a new virtual data processing instance for retrieval of credential information from a credential management system;
connecting, by the new virtual data processing instance hosted in the data processing apparatus, to the credential management system;
authenticating the new virtual data processing instance to the credential management system; and
receiving, by the new virtual data processing instance, the credential information from the credential management system.

US Pat. No. 10,171,506

NETWORK SECURITY MANAGEMENT VIA SOCIAL MEDIA NETWORK

Fortinet, Inc., Sunnyval...

1. A method comprising:receiving, by a network security appliance of a private network of an enterprise, an authentication request from a client machine coupled in communication with the private network;
responsive to the authentication request, causing a user of the client machine to be authenticated by a social media network through a personal social media network account of the user by directing, by the network security appliance, the client machine to a social login interface of the social media network;
responsive to a successful authentication by the user with the social media network via the social login interface, receiving, by the network security appliance, an access token from the social media network;
retrieving, by the network security appliance, a user profile of the user from the social media network by requesting the user profile via an application programming interface (API) of the social media network and supplying the access token;
determining, by the network security appliance, social relationship information from the user profile;
assigning, by the network security appliance, a local network security policy to the user based on the social relationship information, wherein the local network security policy defines access rights by the user for a subset of network resources of a plurality of network resources associated with the private network; and
applying, by the network security appliance, the local network security policy to access requests made by the client device in relation to one or more of the plurality of network resources.

US Pat. No. 10,171,505

PREVENTATIVE ENTERPRISE CHANGE MANAGEMENT

INTERNATIONAL BUSINESS MA...

1. A method for implementing change control management in computing center environments by a processor, comprising:monitoring, by a hardware component configured to be worn by the user, a physical activity of a user performing an action associated with computing component repair or replacement in the computing center environment;
using the hardware component to biometrically identify the user as authorized to perform the action in the computing center environment; and
when the monitored activity is one of determined to be contrary and predicted to be contrary to a preferred, predetermined action for the computing center environment, performing each of:
alerting the user that the action is contrary using the hardware component configured to be worn by the user, and
performing an operation that secures data in the computing center environment from damage potentially caused by the contrary action; wherein the operation comprises putting at least a portion of the computing center environment into a recoverable downstate including initiating a data dump operation.

US Pat. No. 10,171,504

NETWORK ACCESS WITH DYNAMIC AUTHORIZATION

Cisco Technology, Inc., ...

1. A method comprising:receiving at an enforcement node, a request to access a network from an endpoint;
transmitting at the enforcement node, the access request to a policy server;
receiving at the enforcement node from the policy server, a dynamic authorization for a communication session between the endpoint and the network, the dynamic authorization comprising a plurality of ranks and a policy for access to the network by the endpoint during the communication session for each of said ranks;
assigning the endpoint to one of said ranks and applying said policy associated with said rank to traffic received from the endpoint at the enforcement node during the communication session between the endpoint and the network; and
assigning the endpoint to a different one of said ranks and applying said policy associated with said rank to the traffic received from the endpoint during the communication session between the endpoint and the network without reauthentication of the endpoint;
wherein assigning comprises dynamically promoting or demoting the endpoint to a different one of said ranks.

US Pat. No. 10,171,503

METHODS FOR SCALING INFRASTRUCTURE IN A MOBILE APPLICATION ENVIRONMENT AND DEVICES THEREOF

F5 Networks, Inc., Seatt...

1. A method for scaling infrastructure in a mobile application environment, the method implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, and the method comprising:executing a compliance policy with respect to a plurality of mobile devices;
selecting a mobile application to be updated based on the compliance policy;
updating state information based on the selection of the mobile application to be updated;
obtaining a number of updates of the mobile application selected to be updated on the plurality of mobile devices using the updated state information;
determining a number of mobile application updates reaches an update threshold; and
modifying a number of backend enterprise web applications executing on one or more web application servers that service the updated mobile application based on the number of mobile application updates reaching the update threshold.

US Pat. No. 10,171,502

MANAGED APPLICATIONS

AIRWATCH LLC, Atlanta, G...

1. A method, comprising:receiving, by a computing device, a managed application package generated by an enterprise computing environment, the managed application package comprising a managed application, a target application, and target application resources for the target application;
executing, by the computing device, the managed application according to the managed application package, the managed application comprising a target application loader;
initiating, by the target application loader of the managed application, an execution of the target application in the computing device according to the managed application package;
intercepting, by the target application loader, a request from the target application for access to the target application resources and returning a path to a storage location on the computing device for the target application resources in response to the request; and
determining, by the managed application, whether the execution of the target application complies with a compliance rule specified remotely by the enterprise computing environment.

US Pat. No. 10,171,501

SYSTEM AND METHOD FOR REMOTE WIPE

Open Text SA ULC, Halifa...

1. A method comprising:running, by a client device of an application gateway server computer, a managed container that the client device has downloaded from a network source, the managed container written in a programming language native to the client device and comprising a managed cache and an application framework, the application framework having an execution engine;
receiving, from the application gateway server computer by the managed container running on the client device, a client application for a backend system operating in an enterprise computing environment, wherein the application gateway server computer communicates with the backend system through a firewall of the enterprise computing environment;
storing, by the managed container running on the client device, the client application for the backend system in the managed cache of the managed container, wherein the storing further comprises:
storing, in the managed cache of the managed container, a plurality of client applications for a plurality of backend systems operating in the enterprise computing environment, the plurality of client applications received by the managed container from the application gateway server computer;
providing, by the execution engine of the managed container, a runtime environment for running the client application on the client device;
receiving, by the managed container running on the client device, a remote wipe message from the application gateway server computer over a network connection, the remote wipe message initiated at the application gateway server computer and specific to a user associated with the client device;
causing, by the managed container running on the client device and independently of a local operating system of the client device in response to the remote wipe message from the application gateway server computer, a low level destruction to content or a portion thereof within the managed cache of the managed container, the low level destruction to the managed cache caused by the managed container resulting in deletion of the client application for the backend system; and
sending, from the managed container to the application gateway server computer using an application programming interface of the application gateway server computer, an acknowledgement or message that the managed container had completed the remote wipe.

US Pat. No. 10,171,500

SYSTEMS, APPARATUSES, AND METHODS FOR ENFORCING SECURITY ON A PLATFORM

INTEL CORPORATION, Santa...

1. A system comprising:a manageability engine of a computer platform comprising a processor, the manageability engine to detect if a software agent of the computer platform is removed by using a watchdog service that detects if there is a presence of the software agent by detecting the software agent sending a presence message within a certain time period or frequency of sending the presence message, wherein the manageability engine is isolated from the processor of the computer platform; and
a software agent enclave, wherein the software agent enclave and manageability engine each include a specific session key to be used for communications between the software agent enclave and the manageability engine, and wherein the software agent is run in the software agent enclave; wherein the manageability engine includes a service layer to maintain a table of manageability engine services, software agent enclaves, and their corresponding keys and restarts the software agent or shuts down the system if the watchdog service does not detect the presence of the software agent.

US Pat. No. 10,171,499

ZONE-BASED SECURITY ARCHITECTURE FOR INTRA-VEHICULAR WIRELESS COMMUNICATION

1. A method for vehicular communication, comprising:establishing two or more secure zones on a vehicle system, each secure zone belonging to a secured network segment which is not a public network segment and to which predefined authorized users have access and unauthorized users do not have access and having a respective one or more node devices;
performing an authentication procedure to authenticate and authorize the one or more node devices;
establishing at least one secure wireless communication tunnel between the two or more secure zones; and
establishing a dynamic address learning mechanism for data routing between the two or more secure zones.

US Pat. No. 10,171,498

SECURE CRYPTO MODULE INCLUDING ELECTRICAL SHORTING SECURITY LAYERS

International Business Ma...

1. A cryptographic adapter card comprising:a printed circuit board (PCB) comprising a connector that interconnects with a motherboard;
a secure crypto module comprising a shield surrounding a daughter card electrically connected to the PCB;
the daughter card comprising: a first conductive layer; a security matrix layer comprising first microcapsules comprising a first reactant, second microcapsules comprising a second reactant, third microcapsules comprising a third reactant, and fourth microcapsules comprising a fourth reactant, wherein an electrically conductive material is formed by the first reactant reacting with the second reactant; a second conductive layer; a crypto component; and a monitor device electrically connected to the first conductive layer and to the second conductive layer;
wherein the first microcapsules and second microcapsules are ruptured when a void is formed within the security matrix layer;
wherein a destruct feature of the crypto component is programmed in response to the monitor device detecting an electrical short between the first conductive layer and the second conductive layer; and
wherein a self-healing material is formed by the third reactant reacting with the fourth reactant, the self-healing material filling the void within the security matrix layer.

US Pat. No. 10,171,497

SYSTEMS AND METHODS FOR DETECTING ONLINE FRAUD

Bitdefender IPR Managemen...

1. A computer system comprising at least one hardware processor configured to operate a reverse address mapper, a registration data filter connected to the reverse address mapper, and a content analyzer connected to the registration data filter, wherein:the reverse address mapper is configured to identify a set of co-hosted Internet domains according to a known fraudulent Internet domain, wherein the known fraudulent Internet domain is located at a target Internet Protocol (IP) address, and wherein identifying the set of co-hosted Internet domains comprises selecting the set of co-hosted Internet domains so that all members of the set of co-hosted Internet domains are located at the target IP address;
the registration data filter is configured to filter the set of co-hosted Internet domains to produce a subset of fraud candidate domains, wherein filtering the set of cohosted Internet domains comprises:
determining whether a selection condition is satisfied according to domain name registration data characterizing a domain of the set of co-hosted Internet domains, wherein the domain name registration data characterizing the domain comprises an email address, and wherein the registration data filter is configured to determine whether the selection condition is satisfied according to at least one of a length of the email address and/or a randomness of the email address, and
in response, selecting the domain into the subset of fraud candidate domains when the selection condition is satisfied; and
the content analyzer is configured to:
analyze an electronic document distributed by a candidate domain selected from the subset of fraud candidate domains to determine whether the electronic document is fraudulent, and
in response, when the electronic document is fraudulent, determine that the candidate domain is fraudulent;
wherein the computer system is configured to transmit a fraud assessment indicator generated according to the determination that the candidate domain is fraudulent to block access to a resource hosted by the candidate domain.

US Pat. No. 10,171,496

BEACON SPOOFING PREVENTION

Cisco Technology, Inc., ...

1. A method comprising:at a server configured to communicate with a mobile device over a network:
receiving, from the mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including: a unique identifier representing a serial number of the beacon device; non-unique identifiers including a major code indicative of a first location area and a minor code indicative of a second location area that is a subset of the first location area; and a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;
incrementing a local verification value from the initial seed value based on a clock according to the security algorithm;
performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server;
if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and
if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device.

US Pat. No. 10,171,495

DETECTION OF MODIFIED REQUESTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, to a resource provider environment, a request for a connection to a resource;
determining a set of connection parameters for the request, the connection parameters selected from at least two layers of a networking framework;
analyzing the set of connection parameters, prior to establishing the connection to the resource, to determine connection parameter data corresponding to at least one combination of at least a subset of the set of connection parameters;
comparing the connection parameter data to a set of connection parameter signatures, each connection parameter signature corresponding to a previously determined combination and ordering of connection parameters having a determined probability of corresponding to a man-in-the-middle attack on a respective connection;
determining one or more matching signatures, of the set of connection parameter signatures, corresponding to the connection parameter data;
calculating, for the request, a request probability value based at least in part upon the respective probabilities of the one or more matching signatures;
comparing the request probability value to a probability threshold; and
performing at least one determined action in response to the request probability value exceeding the probability threshold.

US Pat. No. 10,171,494

SCARECROW FOR DATA SECURITY

International Business Ma...

1. A computer-implemented method comprising:receiving information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user;
determining, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and
in response to determining that the plurality of computers are acting in concert to perform the hacking transaction:
generating, by machine logic performed by a machine, a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format,
sending the plurality of scarecrow messages, through a network communication channel, to respectively corresponding computers of the plurality of computers, and
sending, by machine logic performed by a machine, a security alert to a security product;
wherein:
the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and
each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of: an internet protocol (IP) address associated with the respectively corresponding computer; a phantom background process; and a log-in chain associated with the respectively corresponding computer.

US Pat. No. 10,171,493

METHOD AND SYSTEM TO DYNAMICALLY OBFUSCATE A WEB SERVICES INTERFACE

Sears Brands, L.L.C., Ho...

1. A method for operating a system that uses a dynamically generated web services interface to protect a processor of service requests from attacks received via a data communication network, the method comprising:receiving, by web server circuitry, a first service request from a client system via the data communication network, wherein the first service request comprises an identifier of the client system, a service identifier, and a service key;
producing, by web service protection circuitry coupled to the web server circuitry, a client date and time by deciphering a portion of the service identifier using the identifier of the client system;
determining, by the web service protection circuitry, whether the first service request is an initial service request received by the web server circuitry from the client system;
if it is determined that the first service request is the initial service request received from the client system, identifying, by the web service protection circuitry, the client system as an authorized client system if the produced client date and time matches a default date and time;
if it is determined that the first service request is not the initial service request received from the client system, identifying, by the web service protection circuitry, the client system as an authorized client system if the produced client date and time matches a stored date and time corresponding to receipt of a previous service request received from the client system; and
if the client is identified as an authorized client system:
sending a second service request, by the web server circuitry to application server circuitry, wherein the second service request comprises a service name portion and the service key; and
forwarding, by the web server circuitry to the client system, a response of the application server circuitry to the second service request.

US Pat. No. 10,171,492

DENIAL-OF-SERVICE (DOS) MITIGATION BASED ON HEALTH OF PROTECTED NETWORK DEVICE

Fortinet, Inc., Sunnyval...

1. A method comprising:receiving from an administrator of a private network, by a Denial of Service (DoS) mitigation device associated with the private network and logically interposed between a plurality of computing devices residing external to the private network and a network device protected by the DoS mitigation device, information indicative of a traffic metric threshold and one or more health parameter thresholds;
receiving, by the DoS mitigation device, traffic directed to the protected network device from the plurality of computing devices; and
tracking, by the DoS mitigation device, a traffic metric representing a measure of the traffic being processed by the protected network device; and
selectively forwarding or dropping, by the DoS mitigation device, the traffic based on a combination of the traffic metric, the traffic metric threshold, one or more health parameters associated with the protected network device and the one or more health parameter thresholds by:
when the traffic metric is at or below the traffic metric threshold, forwarding, by the DoS mitigation device, the traffic to the protected network device; and when the traffic metric is greater than the traffic metric threshold:
monitoring, by the DoS mitigation device, the one or more health parameters associated with the protected network device, the one or more health parameters individually or collectively indicative of an ability or an inability of the protected network device to handle additional traffic;
when a health status of the protected network device resulting from a comparison of the one or more health parameters to corresponding thresholds of the one or more health parameter thresholds is indicative of the ability of the protected network device to handle additional traffic, forwarding, by the DoS mitigation device, the traffic to the protected network device; and
when the health status is indicative of the inability of the protected network device to handle additional traffic, preventing, by the DoS mitigation device, the traffic from being received by the protected network device by dropping the traffic.

US Pat. No. 10,171,491

NEAR REAL-TIME DETECTION OF DENIAL-OF-SERVICE ATTACKS

Fortinet, Inc., Sunnyval...

1. A method for detecting a distributed denial-of-service (DDoS) attack, the method comprising:receiving, at a network device, a plurality of access requests from a source Internet Protocol (IP) address;
storing, in a first database operatively coupled with the network device, temporal information relating to the plurality of access requests from the source IP address;
determining, by the network device, based on a first defined condition, whether compression is to be performed on the stored temporal information;
compressing the stored temporal information, by the network device, when a result of said determining is affirmative;
computing, by the network device, a compression ratio of the compressed temporal information with respect to the stored temporal information in uncompressed form; and
identifying, by the network device, the source IP address as malicious when the compression ratio is greater than a defined baseline value.

US Pat. No. 10,171,490

SYSTEM AND METHOD FOR STRATEGIC ANTI-MALWARE MONITORING

Tenable, Inc., Columbia,...

1. A system for detecting and remediating botnet participation in a network, comprising:a memory; and
one or more processors coupled to the memory and configured to:
communicate with a scanning target located in the network to obtain netstat information describing a plurality of current connections on the scanning target;
identify, from the obtained netstat information, a source Internet Protocol (IP) address and a destination IP address associated with each of the plurality of current connections on the scanning target;
detect that the scanning target is a participant in a botnet in response to one or more of the source IP address or the destination IP address associated with at least one of the plurality of current connections appearing in a list that includes one or more known botnet IP addresses;
determine connectivity associated with the botnet based at least in part on the netstat information describing the plurality of current connections on the scanning target, wherein the determined connectivity indicates a topology associated with one or more compromised hosts that have been recruited into participation in the botnet and botnet traffic attributable to each of the one or more compromised hosts; and
disable network connectivity for at least the scanning target and the one or more compromised hosts to isolate the network from the botnet traffic.

US Pat. No. 10,171,489

METHOD FOR COMPUTER SECURITY BASED ON MESSAGE AND MESSAGE SENDER

HUAWEI TECHNOLOGIES CO., ...

1. A method, comprising:receiving an email message that is associated with HyperText Markup Language (HTML);
determining a sender of the email message;
determining whether the sender of the email message is trusted, wherein determining whether the sender of the email message is trusted includes determining whether the sender of the email message is associated with a whitelist;
retrieving domain-related information by performing a DNS query on a domain associated with the sender of the email message;
based on at least in part on the domain-related information, determining whether the sender of the email message is verified;
when the sender is both trusted and verified, treating the email message as trustworthy;
in response to treating the email message as trustworthy, rendering the HTML when displaying the email message;
when the sender is not trusted and verified, treating the email message as not trustworthy; and
in response to treating the email message as not trustworthy, displaying a restricted version of the email message.

US Pat. No. 10,171,488

USER BEHAVIOR PROFILE

Forcepoint, LLC, Austin,...

1. A computer-implementable method for generating a cyber behavior profile, comprising:monitoring electronically-observable user interactions, the electronically-observable user interactions comprising a behavior exhibited by a user that is observed through the use of at least one of an electronic device, a computer system and a software application executing on the computing system;
converting the electronically-observable user interactions into electronic information representing the electronically-observable user interactions, the electronic information representing the electronically-observable user interactions comprising multi-layered electronic information, each layer of the multi-layered electronic information corresponding to a respective layer of user interaction; and
generating a multi-dimensional cyber behavior profile based upon the multi-layered electronic information representing the user interactions;
identifying a known good interaction between the user and the information handling system;
storing a representation of the known good interaction between the user and the information handling system within the multi-dimensional cyber behavior profile as a known good user behavior element;
identifying an anomalous interaction between the user and the information handling system;
storing a representation of the anomalous interaction between the user and the information handling system within the multi-dimensional cyber behavior profile as a suspect user behavior element;
generating a user behavior profile score and a hash based upon the known good interaction and the anomalous interaction; and,
storing the user behavior profile score and the hash within the multi-dimensional cyber behavior profile.

US Pat. No. 10,171,487

GENERATING A VIRTUAL DATABASE TO TEST DATA SECURITY OF A REAL DATABASE

International Business Ma...

1. A computer system for determining a data security risk level of a virtual database, the computer system comprising:a bus system;
a storage device connected to the bus system, wherein the storage device stores program instructions; and
a processor connected to the bus system, wherein the processor executes the program instructions to:
import an object catalog corresponding to a real database into the virtual database;
organize objects in the object catalog by levels within the virtual database;
determine whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions;
return a data security test failure result in response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action in response to determining that one or more test query messages in the traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions; and
determine a data security risk level for the virtual database based on the returned data security test result.

US Pat. No. 10,171,486

SECURITY AND AUTHENTICATION DAISY CHAIN ANALYSIS AND WARNING SYSTEM

International Business Ma...

1. A method, implemented by an information handling system that includes one or more processors and a memory accessible by at least one of the processors, the method comprising:monitoring a plurality of sets of user authentication data pertaining to a first plurality of network sites, wherein each of the sets of user authentication data is used by a user to access one of the first plurality of network sites;
storing a first set of metadata pertaining to the plurality of sets of user authentication data in a database;
gathering a plurality of outputs displayed by a second plurality of network sites, wherein the first plurality of network sites is a subset of the second plurality of network sites;
storing a second set of metadata pertaining to the plurality of outputs in the database;
performing an analytical analysis based on the sets of user authentication data and the gathered outputs; and
alerting the user regarding one or more security vulnerabilities, wherein at least one of the vulnerabilities corresponds to a selected one of the plurality of outputs matching at least a portion of a selected set from the user authentication data, and wherein the alerting further comprises providing a visual representation that depicts one or more links between the first set of metadata and the second set of metadata.

US Pat. No. 10,171,485

SYSTEM CONVERSION IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A method of providing security in a networked computing environment, comprising:detecting, by at least one computer device, a breach of a first system in the networked computing environment;
determining a distance between a second system in the networked computing environment and the first system, the second system being a non-breached system;
determining whether or not the non-breached second system is an at-risk system based on whether or not the determined distance between the non-breached second system and the first system exceeds a threshold; and
in response to determining that the non-breached second system is the at-risk system, re-generating, by the at least one computer device, the non-breached second system as a new virtual machine at a new location in the networked computing environment,
wherein the determining whether or not the non-breached second system is the at-risk system comprises determining a risk factor for the non-breached second system and comparing the risk factor to the threshold.

US Pat. No. 10,171,484

SECURING SERVICES IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

4. A system, comprising:a CPU, a computer readable memory and a computer readable storage medium associated with a computer device of a service provider;
program instructions to receive, by the computer device, a breach notification from a user device, wherein the user device includes a client that corresponds to the service provider, and the breach notification indicates a potential security compromise of the user device;
program instructions to identify, by the computer device, a plurality of user devices that have the client; and
program instructions to transmit, by the computer device, a respective security profile, from among a plurality of security profiles, to each of the identified plurality of user devices, wherein each of the plurality of security profiles defines a security challenge that must be completed by a respective user device, from among the plurality of user devices, to obtain access,
wherein the program instructions are stored on the computer readable storage medium for execution by the CPU via the computer readable memory,
wherein each respective security profile, from among the plurality of security profiles, is specific to a corresponding one of the plurality of user devices, and different from security profiles of others of the plurality of user devices.

US Pat. No. 10,171,483

UTILIZING ENDPOINT ASSET AWARENESS FOR NETWORK INTRUSION DETECTION

Symantec Corporation, Mo...

1. A method comprising:determining, by a prioritizing scan, a destination identifier from a network payload;
performing, by the prioritizing scan, a hash function on the destination identifier to compute a hash value, wherein a destination endpoint is determined by using the hash value as a key to query destination mapping data and wherein the hash function is defined in stored configuration data;
determining, by a processing device executing an intrusion device, a sensitivity level of the destination endpoint that was determined based on the hash value, wherein the sensitivity level is based at least in part on a content of data stored at the destination endpoint;
identifying one or more rules that correspond to sensitive content data stored at the destination endpoint, wherein the one or more rules describe a number of signatures in a subset of the plurality of signatures and specify individual signatures from the plurality of signatures to be included in the subset of the plurality of signatures and a prioritization action;
wherein the subset of signatures specific to the sensitive content data stored at the destination endpoint comprises a number of signatures that is proportional to a sensitivity level of content data stored at the destination endpoint, and wherein first content of the specific subset of the plurality of signatures is distinct from second content of other subsets of the plurality of signatures that correspond to other sensitivity levels; and
determining, by the intrusion device, whether network data comprises an intrusion in view of the subset of signatures, wherein determining whether the network data comprises an intrusion comprises prioritizing scanning of the network data in view of one or more thresholds for various sensitivity levels of the destination endpoint, and applying the prioritization action to the network data.

US Pat. No. 10,171,482

PRE-PROCESSING BEFORE PRECISE PATTERN MATCHING

International Business Ma...

1. A computer system for identifying a target pattern from a stream of patterns, the target pattern and the stream of patterns comprises consecutive elements and the target pattern comprises one or more of the consecutive elements of the stream of patterns, the method comprising:one or more computer processors, one or more computer-readable storage media, and program instructions stored on the one or more computer-readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising:
program instructions to acquire a first occurrence value for each element in the target pattern, wherein the first occurrence value is equal to the number of times each element occurs in the target pattern;
program instructions to store a predetermined number of consecutive elements from the stream of patterns in a buffer as a section of elements, wherein the section of elements is defined by a buffer starting point indicator and a buffer ending point indicator;
program instructions to determine a second occurrence value for each element in the target pattern, wherein the second occurrence value is equal to the number of times each element in the target pattern occurs in the section of elements stored in the buffer;
program instructions to update the buffer to include one additional element in the section of elements by moving the buffer ending point indicator towards the end of the stream of patterns by one element;
program instructions to repeat determining the second occurrence value and updating the buffer until the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to output the elements in the buffer in response to determining the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to perform a precise pattern matching operation on the outputted elements of the buffer to determine if the target pattern is contained within only the last x elements of the buffer, wherein x is equal to the number of elements in the target pattern; and
in response to determining the target pattern is not contained within the last x elements of the buffer, program instructions to reset the buffer to its initial length by updating the buffer starting point indicator to indicate the (y ?x +1)th character, wherein y is equal to the buffer ending point indicator.

US Pat. No. 10,171,481

SYSTEM AND METHOD FOR ENHANCED DISPLAY-SCREEN SECURITY AND PRIVACY

INTERNATIONAL BUSINESS MA...

1. A security system comprising:a memory;
a hardware processor coupled to the memory;
a sensitivity determining module including instructions on said memory executed by the hardware processor for assigning a sensitivity value for text in a communication, wherein when the communication includes keywords in a sequence designated as being sensitive the sensitivity value is greater than a threshold sensitivity level, and when the communication does not include said keywords designated as being sensitive, the sensitivity values is less than the threshold sensitivity level;
a parsing module including instructions on said memory executed by the hardware processor for parsing the communication into a sequence of text fragments when the value of sensitivity assigned to said text in the communication by the sensitivity determining module exceeds the threshold sensitivity value, and indicates a sensitive message, or not parsing the communication when the value of the sensitivity assigned to said text in the communication by the sensitivity determining module does not exceed the threshold sensitivity value, and indicates a message that is not sensitive, wherein the parsing module for parsing sensitive communications changes the order of letters in each word of the communication except for the first letter and last letter of said each word; and
a transmission module including instructions on said memory executed by the hardware processor for transmitting the communication of the sensitive message as the sequence of text fragments as a rapid serial visualization (RSV) presentation, or transmitting the communication without parsing when the message is not sensitive.

US Pat. No. 10,171,480

CLOUD-BASED SURVEILLANCE WITH INTELLIGENT TAMPER PROTECTION

INTERNATIONAL BUSINESS MA...

1. A computer implemented method for managing a security system, the computer-implemented method comprising:receiving, at a central communication unit from a first surveillance device, a recording of first surveillance data captured by the first surveillance device, wherein the first surveillance data is received by way of at least one of a first transmission channel and a second transmission channel between the first surveillance device and the central communication unit, wherein the second transmission channel is redundant with the first transmission channel;
transmitting the first surveillance data, from the central communication unit to a cloud storage, wherein the first surveillance data is transmitted by way of at least one of a third transmission channel and a fourth transmission channel between the first surveillance device and the central communication unit, wherein the fourth transmission channel is redundant with the third transmission channel; and
performing buffering preparations on the first surveillance data prior to the central communication unit transmitting the first surveillance data to the cloud storage, wherein the buffering preparations performed are dependent on a current state of the security system.

US Pat. No. 10,171,479

FAST MULTICAST MESSAGING ENCRYPTION AND AUTHENTICATION

SONY INTERACTIVE ENTERTAI...

1. A sender device comprising:at least one computer memory that is not a transitory signal and that comprises instructions executable by at least one processor to:
access a first key;
encrypt the first key with a second key to render an encrypted key;
encrypt the encrypted key with a key of at least a first recipient device to render a first device key (FDK);
concatenate the first FDK and the encrypted key to render a concatenation;
sign the concatenation to render a signed concatenation; and
distribute the signed concatenation to at least the first receiver for use in securely exchanging digital information at least in part by using the sender device to transmit the signed concatenation to the first receiver.

US Pat. No. 10,171,478

EFFICIENT AND SECURE METHOD AND APPARATUS FOR FIRMWARE UPDATE

1. A vehicle, comprising:an untrusted electronic control unit (ECU) comprising a receiver, a processor, and a memory, the receiver configured for receiving from a secure server a firmware update package including one or more firmware updates, and the memory of the untrusted ECU configured to store the firmware update package;
a secure ECU operatively coupled to the untrusted ECU, the secure ECU configured for authenticating the firmware update package; and
one or more target ECUs, each operatively coupled to the untrusted ECU and to the secure ECU, each respective target ECU comprising a bootloader configured for computing a checksum for a respective firmware update of the one or more firmware updates and signing the checksum with a unique key associated with the respective target ECU.

US Pat. No. 10,171,477

AUTHENTICATED DATA STREAMING

Amazon Technologies, Inc....

1. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:establish a Hypertext Transport Protocol (“HTTP”) connection to a service;
send a header of an HTTP multipart request to the service via the HTTP connection;
acquire data representing a portion of a content stream;
after sending the header, send the data to the service via the HTTP connection as a first part of the HTTP multipart request;
determine an authentication code for the portion of the content stream; and
send the authentication code to the service via the HTTP connection as a second part of the HTTP multipart request after sending the first part.

US Pat. No. 10,171,476

SYSTEM AND METHOD FOR PROTECTING THE PRIVACY OF IDENTITY AND FINANCIAL INFORMATION OF THE CONSUMER CONDUCTING ONLINE BUSINESS

1. A method of providing verification of an individual to a third party by providing to the third party a representation of an originally issued identity document associated with information provided by the individual during the verification process comprising:providing to a first electronic device first credential information relating to the individual associated with the first electronic device; the first credential information authorizing submission of a first message to a remote server;
transmitting first data from the first electronic device to the remote server, the first data comprising an authorization to submit information derived from the originally issued identity document to a second device associated with the third party;
transmitting second data from the first electronic device to the remote server, the second data comprising second credential information needed to complete independent verification of the first data by the remote server;
the remote server cryptographically combining the first data and the second data to generate a result and using the result to locate a matching verification entry in a database or similar data storage entity;
in response to locating the match of verification entry, delivering third data by the remote server to a second electronic device associated with the third party, the third data consisting of the information derived from the originally issued identity document required by the third party; and
denying delivering the third data when the matching verification entry cannot be located.

US Pat. No. 10,171,475

CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

McAfee, LLC, Santa Clara...

1. At least one machine readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:receiving, at a gateway device in a protected network from a cloud services device connected to the gateway device via a network connection, message metadata of an email message received at the cloud services device en route to an intended recipient associated with the protected network from a sender in an external network, wherein the message metadata is to be received without receiving the email message, is communicated as a bespoke extension to SMTP protocol, and includes at least one of connection information for the email message and protocol information for the email message, the connection information for the email message including at least one of an IP address of a sending host and a domain of the sending host and the protocol information for the email message including at least one of a sender email address, a sender domain name, a recipient email address, and a recipient domain name;
sending from the gateway device to the cloud services device a request for scan results data of the email message based on determining by the gateway device that receiving the email message is not prohibited by one or more metadata policies;
receiving the scan results data without receiving the email message;
based, at least in part, on the scan results data, sending a response to cause the email message to be forwarded from the cloud services device to the protected network;
receiving the email message in the protected network;
scanning the received email message for content prohibited by one or more local scan policies; and
blocking the email message from being forwarded to the intended recipient based, at least in part, on determining that sending the email message to the intended recipient is prohibited by at least one of the one or more local scan policies.

US Pat. No. 10,171,474

NETWORK ACCESS BASED ON SOCIAL-NETWORKING INFORMATION

Facebook, Inc., Menlo Pa...

1. A method comprising:receiving, at a wireless access point, from a client system of a first user, a request to access a network through the wireless access point, the wireless access point being operated by an entity;
sending, by the wireless access point, an identifier comprising a unique code that uniquely identifies the client system to a social-networking system, the social-networking system comprising at least one social graph, the social graph comprising a plurality of nodes and a plurality of edges connecting the nodes, each of the edges between two of the nodes representing a relationship between the nodes, wherein a first node of the plurality of nodes corresponds to the first user;
receiving, at the wireless access point, from the social-networking system, a positive authorization determination, wherein the positive authorization determination is made based on a timeline associated with a social-networking profile of the first user indicating that the first user has liked a profile page associated with the entity on an online social network maintained by the social-networking system and based on the user having authorized automatic check-ins with the entity; and
providing the client system with access to the network through the wireless access point in accordance with the positive authorization determination.

US Pat. No. 10,171,473

CONTENT FILTERING FOR PERSONAL PRODUCTIVITY APPLICATIONS

International Business Ma...

1. A method comprising:determining a set of content rules that controls delivery of messages stored on a user device by an e-mail application running on the user device according to a first context profile;
receiving a selection of the first context profile from a set of context profiles;
responsive to the selection of the first context profile, filtering a first set of messages associated with the e-mail application to identify context-specific messages by applying the set of content rules; and
causing the e-mail application to deliver only the context-specific messages for display on the user device;
wherein:
each context profile of the set of context profiles is associated with a corresponding set of content rules; and
the determining a set of content rules includes identifying the corresponding set of content rules associated with a context profile selected from the set of context profiles.

US Pat. No. 10,171,472

ROLE-SPECIFIC SERVICE CUSTOMIZATION

Microsoft Technology Lice...

1. One or more computing devices comprising:one or more processors; and
one or more memory storing computer-executable instructions, which, when executed by the one or more processors, cause the one or more computing devices, in aggregate, to:
provide a computer-network-accessible service that is interacted with by an individual user, the individual user having multiple roles and interacting with the service differently depending on which of the multiple roles the individual user has assumed during the individual user's interaction with the service;
receive a detected action of the individual user;
select, from among the multiple roles, a current role of the individual user based on the detected action of the individual user, the detected action having been previously associated with the current role as a role determinant of the current role; and
select a current role profile, which controls the individual user's interactions with the service, based on the selected current role, the current role profile comprising an explicit enumeration of both: (1) at least one included profile detail and (2) at least one excluded profile detail.

US Pat. No. 10,171,471

EVIDENCE-BASED ROLE BASED ACCESS CONTROL

International Business Ma...

1. A method for assigning roles to multiple users of a computer system, comprising:assigning, to the multiple users, respective sets of original roles for accessing data stored on the computer system;
performing, in response to requests from the multiple users, multiple operations on the data;
generating a transaction log file comprising a plurality of entries, each of the entries storing attributes of a given operation;
identifying, by a processor based on the entries in the log file, a respective set of learned roles for each of the multiple users by defining, for each transaction log entry, a connection comprising one or more of the attributes and indicating a path from one of the multiple users to a given table accessed by the one of the users, identifying a unique set of the connections, defining a set of initial roles in a one-to-one correspondence with the unique set of the connections, each of the initial roles comprising an initial set of the users and a set of initial permissions, and applying, by the processor to the initial roles, a Hierarchical Clustering algorithm to identify the set of learned roles, each of the learned roles comprising a set of clustered permissions and associated with a subsequent set of the users;
assigning, to each given user, the respective sets of the learned roles associated with the given user; and
restricting, to the multiple users based on their respective assigned learned roles, access to the data on the computer system.

US Pat. No. 10,171,470

TECHNIQUES FOR SECURE DEBUGGING AND MONITORING

NetIQ Corporation, Provo...

1. A method, comprising:obtaining, by executable instructions that execute on a hardware processor, selections that identify a debugging level of detail for debugging a resource controlled by a service, wherein obtaining further includes: verifying the selections are permissible based on a principal identity for the principal and a service identity for the service and enforcing a policy for determining whether the selections are permissible for the principal;
providing, by the executable instructions, a token to a principal associated with the selections, wherein providing further includes generating the token as a security token that defines a limited scope of usage for a single session of the principal and includes a limited time to live;
validating, by the executable instructions, the principal in response to the token being presented by the service; and
identifying, by the executable instructions, the debugging level of detail for the service from the token.

US Pat. No. 10,171,469

INFORMATION PROCESSING SYSTEM, ACCESS METHOD, AND TERMINAL DEVICE

Ricoh Company, Limited, ...

1. An information processing system comprising:a terminal device; and
an information processing apparatus including,
a processor configured to register information, the information linking a content to a target image, and
a memory configured to store a medium code and device information such that the medium code is associated with the device information, the device information identifying the terminal device wherein
the terminal device including a processor configured to,
obtain a captured image by capturing a subject, the captured image including the target image and a code image extractable from the captured image, the code image being on the target image, the code image being designable based on the target image,
acquire access destination information from the information processing apparatus based on the captured image, the access destination information indicating a source of the content,
retrieve, via the source, the content corresponding to the captured image based at least on the medium code acquired from the code image such that, if the medium code is registered to a different terminal device, the processor of the terminal device is unable to retrieve the content from the source, and
provide, via a display, the content linked to the target image included in the captured image based on the code image extracted from the captured image.

US Pat. No. 10,171,468

SELECTIVE PROCESSING OF APPLICATION PERMISSIONS

International Business Ma...

1. A method for processing application permission requests, the method comprising:detecting, by a processor of a computing system, that an application has been downloaded to the computing system;
establishing, by the processor, a data exchange between the application and a gateway interface of the computing system to prevent a data exchange between an operating system of the computing device and the application, by at least one of intercepting and overriding APIs of the application, in response to the application being downloaded to the computing system;
receiving, by the processor, one or more permission requests from the application for resources located on the computing system;
determining, by the processor, that at least one of the one or more permission requests is a required permission of the application;
prompting, by the processor, the user to decide the one or more permission requests;
receiving, by the processor, a denial of the required permission from the user, in response to the prompting;
responding, by the processor, to the application by providing spoofed resources to the application to satisfy the required permission of the application;
generating, by the processor, one or more templates of simulated spoofed resources over time based on a learning algorithm that analyzes historical responses of spoofed resources to required permissions; and
storing, by the processor, the one or more templates for automatically simulating spoofed resources to satisfy the required permissions of subsequent applications downloaded to the computing system.

US Pat. No. 10,171,467

DETECTION OF AUTHORIZATION ACROSS SYSTEMS

International Business Ma...

1. A computer-implemented method comprising:receiving, at a first system and from a second system unauthorized by the first system, a request for operating a resource of the first system;
in response to an authorization chain being detected based on a first record, authorizing the operation of the resource of the first system, the authorization chain including at least a third system that authorizes the second system and is authorized by the first system, the first record at least indicating one or more systems that are authorized by the first system to operate resources of the first system wherein a record associated with the authorization chain is updated, based on a user input, creating a dynamic authorization relationship.

US Pat. No. 10,171,466

MAINTAINING A COMMON IDENTIFIER FOR A USER SESSION ON A COMMUNICATION NETWORK

Sprint Communications Com...

1. A method of operating a communication network comprising:an access node receiving an access request from a user device and responsively transferring a first authentication request for the user device to an authentication node;
the authentication node receiving the first authentication request for the user device and authorizing a communication session for the user device;
the authentication node transferring a billing identifier for the communication session for the user device to the access node responsive to the communication session authorization;
the access node receiving the billing identifier for the communication session for the user device and responsively transferring an application registration for the user device to an application node;
the application node receiving the application registration for the user device and responsively transferring a second authentication request for the user device to the authentication node;
the authentication node receiving the second authentication request for the user device, correlating the second authentication request to the authorized communication session for the user device, and transferring the billing identifier for the communication session for the user device to the application node;
the application node receiving the billing identifier for the communication session for the user device;
the access node tracking network usage for the user device over the communication session and transferring network usage records having the billing identifier for the communication session for the user device to a billing node;
the application node tracking mobile internet application usage for the user device over the communication session and transferring mobile internet application usage records having the billing identifier for the communication session for the user device to the billing node; and
the billing node receiving the network usage records and the mobile internet application usage records and responsively reconciling the network usage and the mobile internet application usage for the user device based on the billing code.

US Pat. No. 10,171,465

NETWORK AUTHORIZATION SYSTEM AND METHOD USING RAPIDLY CHANGING NETWORK KEYS

1. A method for authenticating a client device for access to a host device, the client device having a device identifier, the method comprising the steps of:generating a first timestamp in the client device, the first timestamp including at least two time unit values;
retrieving a first group of character strings from a host string table in the client device, each character string within the first group being related within the host string table to a time unit value of the first timestamp;
combining the first group of character strings into a first string set;
creating an initiating string in the client device, the initiating string including the device identifier, the first timestamp, and the first string set;
sending the initiating string to the host device;
retrieving a second group of character strings from a host string table in the host device,
each character string within the second group being related within the host string table to a time unit value of the first timestamp;
combining the second group of character strings into a second string set;
comparing the first string set to the second string set;
generating a second timestamp in the host device, the second timestamp including at least two time unit values;
sending the second timestamp to the client device;
retrieving a third group of character strings from a client string table in the client device,
each character string within the third group being related within the client string table to a time unit value of the second timestamp;
combining the third group of character strings into a third string set;
creating a verification string in the client device, the verification string including the device identifier, the second timestamp, and the third string set;
sending the verification string to the host device;
retrieving a fourth group of character strings from a client string table in the host device, the client string table being associated with the client device, each character string within the fourth group being related within the client string table to a time unit value of the second timestamp;
combining the fourth group of character strings into a fourth string set; and
comparing the fourth string set with the third string set;
granting the client device access to an advanced login stage when the fourth string set is identical to the third string set;
generating a third timestamp in the client device, the third timestamp including at least two time unit values;
sending the third timestamp to the host device;
retrieving a fifth group of character strings from a client string table in the host device, each character string within the fifth group being related within the client string table to a time unit value of the third timestamp;
concatenating the fifth group of character strings into a fifth string set in an order determined by a client sequence table in the host device, the client sequence table relating an order of time units to the value of one of the time units;
sending the third timestamp and third string set to the client device;
retrieving a sixth group of character strings from a client string table in the client device, each character string within the sixth group being related within the client string table to a time unit value of the third timestamp;
concatenating the sixth group of character strings into an order determined by a client sequence table in the client device, the client sequence table relating an order of time units to a time unit value of the third timestamp; and
comparing the sixth string set with the fifth string set; and
blocking the host device from accessing the client device when the fifth string set does not match the sixth string set.

US Pat. No. 10,171,464

DATA PROCESS APPARATUS, DATA SHARING METHOD, AND DATA PROCESS SYSTEM

Ricoh Company, Ltd., Tok...

1. A data process apparatus comprising:a processor that is configured to:
receive a creation request for creating a sharable data storage space from an unauthenticated data terminal that is not authenticated to access the sharable data storage via a first authentication route and transmit a response to the unauthenticated data terminal, the response including access data indicating authorization for accessing the sharable data storage space via a second authentication route that is different from the first authentication route and data indicating the sharable data storage created in association with the access data;
authenticate the access data when the data process apparatus receives an access request including a designation of the access data for accessing the shared data storage space from an unauthenticated data terminal connected to a same network as the data process apparatus;
receive the access request from the unauthenticated data terminal when the authentication of the access data succeeds and perform a predetermined process in accordance with the access request, and
automatically generate the access data including an access code for each sharable data storage space and transmit the response including the access data in response to the creation request from the unauthenticated data terminal the access,
wherein the data process apparatus has a table in which the access data including the access code is managed in association with said each shareable data storage.

US Pat. No. 10,171,463

SECURE TRANSPORT LAYER AUTHENTICATION OF NETWORK TRAFFIC

Amazon Technologies, Inc....

1. A method for authenticating secure transport layer network packets, the method comprising:receiving, at a computing device, a secure transport layer network packet sent from a source computing device and addressed to a destination computing device, the secure transport layer network packet comprising a transport layer network packet and a token packet associated with the transport layer network packet, wherein the secure transport layer network packet comprises one of a User Datagram Protocol (UDP) packet or a Transmission Control Protocol (TCP) packet;
obtaining, by the computing device, a verification key for the secure transport layer network packet;
utilizing, by the computing device, the verification key to verify authenticity of the secure transport layer network packet based on data contained in the token packet;
determining, by the computing device, that the verification is successful; and
in response to determining that the verification is successful, forwarding, by the computing device, the transport layer network packet to the destination computing device.

US Pat. No. 10,171,462

SYSTEM AND METHOD FOR SECURE INTERNET OF THINGS (IOT) DEVICE PROVISIONING

Afero, Inc., Los Altos, ...

1. A method comprising:generating, by an IoT service, an association between a new Internet of Things (IoT) device identification (ID) code and an association ID code, wherein the new IoT device ID code and the association ID code are each an equal length code;
storing, by the IoT service, the association in an IoT device database of the IoT service, wherein the IoT device database includes a first value indicating an IoT device has not been provisioned, and a second value indicating an IoT device has been provisioned;
providing, by the IoT service, a barcode or a Quick Response (QR) code to be printed on a new IoT device, the barcode or QR code encoding the association ID code, wherein the new IoT device stores the new IoT device ID code in a secure communication module, the secure communication module including a programmable subscriber identity module (SIM);
establishing, by an IoT hub, a local communication channel via a Bluetooth Low Energy (BTLE) link with the new IoT device, the new IoT device including the barcode or QR code printed thereon;
optically reading, by the IoT hub, the barcode or QR code to determine the association ID code from the new IoT device;
transmitting, by the IoT hub, the association ID code to the IoT service via a secure communication channel, the IoT service performing a lookup in the IoT device database using the association ID code to determine the new IoT device ID code;
identifying, by the IoT service, an encryption key on the IoT service, wherein the IoT service is to use the new IoT device ID code as the encryption key;
establishing, by the IoT service, an encrypted communication channel with the new IoT device using the encryption key and elliptic curve encryption;
provisioning the new IoT device with the IoT service;
authorizing, by the IoT service, the IoT hub to communicate with the new IoT device after the new IoT device has been provisioned; and
updating, by the IoT service, the IoT device database to indicate the new IoT device has been provisioned.

US Pat. No. 10,171,461

SYSTEM AND METHOD OF SECURE ENCRYPTION FOR ELECTRONIC DATA TRANSFER

Ceelox Patents, LLC, Ove...

1. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a hardware processor, perform a method of securely transferring data between a sender and a recipient, comprising the steps of:receiving, from the sender, information indicative of biometric authentication information for the recipient, the information indicative of biometric authentication information for the recipient useable to determine a transaction-specific encryption key;
determining, by the sender, the transaction-specific encryption key;
encrypting, by the sender and using the transaction-specific encryption key, a message including the data to obtain an encrypted message;
transmitting, by the sender, the encrypted message;
receiving, by the recipient, the encrypted message;
receiving, from the recipient, biometric authentication information for the recipient, the biometric authentication information for the recipient useable to determine a transaction-specific decryption key;
determining, by the recipient, the transaction-specific decryption key;
decrypting, by the recipient and using the transaction-specific decryption key, the encrypted message to obtain the message including the data.

US Pat. No. 10,171,460

PROXIMITY-BASED SYSTEM FOR AUTOMATIC APPLICATION OR DATA ACCESS AND ITEM TRACKING

PROXENSE, LLC, Bend, OR ...

1. A system comprising:one or more processors; and
a memory including instructions that, when executed by the one or more processors, causes the system to:
determine one or more prerequisites for accessing a computing device that is physically shared by a plurality of users, the one or more prerequisites including an authentication and selection of a user name;
subsequent to authentication of a first user, identify a first user name associated with the first user;
subsequent to authentication of a second user, identify a second user name associated with the second user;
receive the first user name as a selected user name from a group including the first user name and the second user name; and
subsequent to receiving the selected user name, launch one or more applications based on the selected user name, wherein the authentication and selection of the user name satisfy the prerequisites for accessing the computing device that is physically shared.

US Pat. No. 10,171,459

METHOD OF PROCESSING A CIPHERTEXT, APPARATUS, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A method executed by an authentication system that includes a terminal device and an encryption processing device, the method comprising:acquiring, by a sensor included in the terminal device, biometric information;
generating, by a first processor included in the terminal device, a ciphertext from the acquired biometric information;
receiving, by a second processor included in the encryption processing device, a request for an authentication from the first processor, the request including the generated ciphertext;
acquiring a part of a plurality of encrypted elements included in the ciphertext, each of the plurality of encrypted elements being an encrypted element in which values of a plurality of elements in a multidimensional determination target vector are respectively encrypted by homomorphic encryption, in response to the request;
decrypting the acquired part of the plurality of encrypted elements; and
determining that the authentication is failed when at least one of values obtained by the decrypting is a value other than 0 and 1.

US Pat. No. 10,171,458

WIRELESS PAIRING AND COMMUNICATION BETWEEN DEVICES USING BIOMETRIC DATA

Apple Inc., Cupertino, C...

1. A system for wireless pairing and communication between devices using biometrics, the system comprising:a device, comprising:
a processing unit;
a wireless communication component coupled to the processing unit;
a touchscreen display coupled to the processing unit;
a biometric sensor coupled to the processing unit; and
a non-transitory storage medium storing instructions executable by the processing unit to cause the device to:
display a pairing prompt on the touchscreen display when a host and the device are in wireless communication range of each other;
capture biometric data using the biometric sensor when a user initiates pairing using the touchscreen display; and
receive a configuration file from the host based at least on the captured biometric data, wherein:
the configuration file specifies an arrangement of one or more navigation items in a user interface of the host; and
the device reconfigures, based at least in part on the configuration file, an arrangement of one or more navigation items in a user interface of the device according to the arrangement of the one or more navigation items in the user interface of the host, thereby causing a configuration of the device to resemble the configuration of the host.

US Pat. No. 10,171,457

SERVICE PROVIDER INITIATED ADDITIONAL AUTHENTICATION IN A FEDERATED SYSTEM

International Business Ma...

1. A method for accessing, initiated by a service provider, a high value transaction website using an additional authentication, the method comprising:accessing, by a processor, a website hosted by a service provider, wherein;
the access to the website requires an authorization of a user identification associated with the user and a password associated with the user; and
the website utilizes Federated Single Sign-On (FSSO) along with a plurality of websites;
responsive to receiving a validated user identification associated with the user and password associated with the user, requesting, by the processor, a token from an identity provider that maintains the FSSO credentials for the website, wherein;
the token provides access to an application programming interface (API) for the plurality of websites utilizing FSSO;
the token restricts the user to access only a transaction at the website; and
the transaction requires an additional credential, beyond the user identification associated with the user and the password associated with the user, to acquire access;
receiving, by the processor, the token and causing the token to be stored at the service provider;
receiving a second indication, by the processor, that the token has been inserted into a security protocol and is validated by the identity provider, wherein the security protocol is an open standard data format for exchanging authentication and authorization data between a plurality of processors;
receiving, by the processor, a second indication that the user's session of the website has expired;
subsequent to the second indication that the user's session of the website has expired, requesting to access, by the processor, the transaction at the website;
executing, by the processor, the API, using the token, to determine the service provider has access to the token associated with the user and to request a one-time password, from the identity provider, for access to the transaction at the website;
subsequent to the second indication that the user's session of the website has expired, causing, by the processor, the one-time password to be transmitted to the user without the user resubmitting the user identification associated with the user and the password associated with the user; and
responsive to validation of a submission of the one-time password accessing, by the processor, the transaction at the website hosted by the service provider.

US Pat. No. 10,171,456

WIRELESS AUTHENTICATION SYSTEM AND WIRELESS AUTHENTICATION METHOD FOR ONE TIME PASSWORD OF MOBILE COMMUNICATION TERMINAL HAVING NEAR FIELD COMMUNICATION FUNCTION

SCTECHONE CO, LTD., Seou...

1. A one-time password (OTP) authentication system comprising an OTP authentication server, the OTP authentication system comprising:a web service server configured for providing one of an OTP generator registration means and an OTP authentication means depending on whether an OTP generator is registered when a user requests a web service requiring OTP authentication through a user authentication terminal, transmitting one of an OTP generator registration request signal, which comprises user identification information and identification information for a mobile communication terminal of the user, and an OTP authentication request signal, and providing the web service depending on an OTP verification result received in response thereto;
a wireless OTP generator configured for generating and displaying an OTP when an OTP generation event occurs and wirelessly transmitting the OTP when an OTP request signal is received;
a mobile communication terminal configured for obtaining the OTP generated by the wireless OTP generator when an OTP request message is received and transmitting OTP authentication information comprising the OTP and identification information of the mobile communication terminal; and
a touch authentication server configured for obtaining the OTP authentication information and registering the wireless OTP generator and the mobile communication terminal through the mobile communication terminal when the OTP generator registration request signal is received from the web service server, obtaining the OTP authentication information through a mobile communication terminal corresponding to the user identification information when an OTP authentication request signal for registered user identification information is received, verifying an OTP of the obtained OTP authentication information through the OTP authentication server, and providing an OTP verification result to the web service server,
wherein the wireless OTP generator comprises: an OTP processing unit configured for generating, displaying, and outputting the OTP; and
a wireless processing unit configured for receiving and storing the OTP and wirelessly transmitting the stored OTP to the mobile communication terminal through an antenna when an OTP request signal is received from the mobile communication terminal through the antenna, and
wherein the wireless processing unit comprises: a wireless card processing unit configured for performing operations according to a wireless card function;
a wireless OTP processing unit configured for receiving and storing, in an activated state, an OTP output from the wireless processing unit, and wirelessly transmitting the stored OTP to the mobile communication terminal through the antenna, upon receiving the OTP request signal through the antenna; and
an OTP interlocking unit configured for activating the wireless card processing unit to perform the wireless card function by default, and receiving a wireless OTP processing unit driving request signal through communication with the OTP processing unit to activate the wireless OTP processing unit,
wherein the OTP processing unit comprises:
a first display unit, displaying the OTP;
an input unit, comprising at least one button, which comprises an OTP generation button, and outputting a button signal indicating a pressed button;
a power supply unit, supplying power to the OTP processing unit; and
an OTP control unit, receiving the power to operate the OTP processing unit, detecting the OTP generation event due to an input of the OTP button signal to generate the OTP, displaying the OTP on the first display unit, and outputting the OTP, and
wherein the web service server transmits transaction information to the touch authentication server when a transaction event is generated by an arbitrary web service, and determines whether to provide a corresponding web service according to whether the transaction information is approved,
the touch authentication server transmits, to the mobile communication terminal, the transaction information upon receiving the transaction information by the transaction event generated from the web service server, and receives information about whether to approve the transaction information from the mobile communication terminal and provides the information about whether to approve the transaction to the web service server,
the mobile communication terminal displays the transaction information to a user upon receiving the transaction information, requests driving of the wireless OTP processing unit of the wireless OTP generator upon receiving approval of the user, and transmits the transaction information,
the wireless OTP processing unit of the wireless OTP generator stores the transaction information upon receiving the transaction information, and
the OTP processing unit loads the transaction information when the transaction information is stored in the wireless OTP processing unit at a time that the OTP generation event occurs, and reflects the transaction information to generate the OTP.

US Pat. No. 10,171,455

PROTECTION OF APPLICATION PASSWORDS USING A SECURE PROXY

International Business Ma...

1. A computer system comprising one or more hardware processors, one or more tangible computer readable storage media, a memory, and program instructions stored on at least one of the one or more tangible computer readable storage media, which, when executed by at least one of the one or more hardware processors, cause the at least one of the one or more hardware processors to perform a method comprising:receiving, by a proxy server from a client computer, a request to access a protected resource located on a target server;
sending, by the proxy server to the client computer, an authentication challenge;
receiving, by the proxy server from the client computer, a response to the authentication challenge;
in response to authenticating, by the proxy server, the received response to the authentication challenge, initiating a secure active session between proxy server and client computer;
forwarding, by the proxy server to the target server, the protected resource access request;
receiving, by the proxy server from the target server, an access request response, wherein the access request response is a credential form including credential fields required to access the protected resource;
injecting, by the proxy server, into each required credential field, a corresponding credential field tag;
sending, by the proxy server to the client computer, the tagged credential form;
receiving, by the proxy server from the client computer, the tagged credential form with tagged credentials in the required credential fields with the credential field tags;
retrieving, by the proxy server from a protected datastore, target credentials mapped by the credential field tags;
replacing, by the proxy server, the tagged credentials in the tagged credential form with the corresponding retrieved target credentials;
sending, by the proxy server to the target server, the target credentials;
receiving, by the proxy server from the target server, an indication that the target credentials are invalid;
updating, by the proxy server, the target credentials and storing the updated target credentials in the protected data store without client computer intervention;
sending, by the proxy server to the target server, the updated target credentials; and
allowing, by the proxy server, the client computer to access the protected resource, in response to the target server validating the updated target credentials.

US Pat. No. 10,171,454

METHOD FOR PRODUCING DYNAMIC DATA STRUCTURES FOR AUTHENTICATION AND/OR PASSWORD IDENTIFICATION

1. A method for generating a changing authentication input or password required for a user in an access attempt for accessing a computing device such as a smartphone or server over a network, where said computing device is in operative communication with both a display capable of rendering objects in a Graphic User Interface (GUI) and an alphanumeric input component such as a keyboard, and running software adapted for operation and the steps of:communicating to said user, a GUI for input of a static code for and storing said static code in electronic memory as a stored static code;
communicating a GUI to said user for inputting of recognizable objects to be depicted amongst said objects;
storing said recognizable objects input by said user in electronic memory as uploaded recognizable objects;
having said user employ said input component to communicate alphanumeric characters associated to each respective uploaded recognizable object;
storing said alphanumeric characters communicated from said user in electronic memory as inputted alphanumeric characters which are associated with each said uploaded recognizable object, in a relational database;
upon an access attempt to said computing device, communicating a said GUI displaying at least one said uploaded recognizable object as at least one recognizable object depicted in a group of depicted said objects;
communicating a said GUI directing said user to input alphanumeric characters identifying said at least one recognizable object,
having said user communicate a current input of said static code;
generating an alphanumeric string from a combination of said alphanumeric characters input as identifying said at least one recognizable object in a combination with said current input of said static code input by said user;
generating a comparative authentication string from said inputted alphanumeric characters stored in electronic memory which are associated with said uploaded recognizable object depicted as said at least one recognizable object, in combination with said stored static code; and
authenticating said user if said comparative authentication string is determined to have a match with said alphanumeric string whereby access security for users of computers, websites and servers is enhanced by generation of different alphanumeric strings which must match differently generated comparative authentication strings, with each access attempt.

US Pat. No. 10,171,453

GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS

INTERNATIONAL BUSINESS MA...

1. A system, comprising:a memory; and
a processor programmed to execute a secure messaging component to:
determine, at the secure messaging component as part of providing a generalized certificate use service within a secure messaging environment, that a request to send a message has been generated by a message sender, where the generalized certificate use service provides real-time selective use of different secured digital certificates for different messages sent by the message sender, and the different secured digital certificates are digital certificates other than a digital certificate of the message sender;
identify, within the memory, a message protection policy configured to process the message under the generalized certificate use service within the secure messaging environment, where the message protection policy specifies the different secured digital certificates that are each configured with an associated private key to digitally sign the message on behalf of the message sender;
determine, based upon the message protection policy, to digitally sign the message using the private key of a secured digital certificate selected from the different secured digital certificates specified in the message protection policy; and
sign the message on behalf of the message sender using the private key of the selected secured digital certificate.

US Pat. No. 10,171,452

SERVER AUTHENTICATION USING MULTIPLE AUTHENTICATION CHAINS

International Business Ma...

1. A method to authenticate a server to a client, the server having an associated public key, comprising:associating “n” distinct certificates to the server's public key, each of the “n” distinct certificates being issued by a distinct certificate authority (CA), wherein each of the distinct certificates has a certification chain with a different root certificate authority, wherein the certificate chains for the “n” distinct certificates are valid and non-overlapping with respect to their intermediate and root CAs;
responsive to the client initiating a request for a secure channel to the server during a cryptographic handshake, providing the client the “n” distinct certificates; and
responsive to receipt from the client of an indication that the public key satisfies a client public key acceptance policy, establishing completing the cryptographic handshake to establish the secure channel between the client and the server;
the client public key acceptance policy specifying a required number of valid, non-overlapping certificate chains that must be present to satisfy a client threshold level of trust to thereby improve security of the cryptographic handshake.

US Pat. No. 10,171,451

DISTRIBUTED SINGLE SIGN-ON

International Business Ma...

1. A method for use, at an authentication server being one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the method comprising:storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t1 storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t2=t1 of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data, wherein said username is different for every verifier server, and wherein said secret data comprises data indicative of said username for each verifier server;
on receipt from the user computer of an authentication request sent to each of at least t1 authentication servers on input of a password attempt at the user computer, communicating via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers;
on receipt from the user computer of a token request sent to each of at least a plurality T=t1 of said at least t1 authentication servers on reconstruction of said secret data, communicating with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

US Pat. No. 10,171,450

GLOBAL TIME BASED AUTHENTICATION OF CLIENT DEVICES

Sprint Communications Com...

1. A system for authenticating client devices for communication with one or more wireless communications networks, the system comprising:a time tracking system; and
a security gateway comprising a processor and a non-transitory computer storage medium storing computer-useable instructions that, when used by the processor, cause the processor to:
receive at least one gateway global time from the time tracking system, the gateway global time being synchronized with a client global time;
provide an authentication challenge to the client device, the authentication challenge generated based on the at least one gateway global time and a client device identifier;
generate an expected response to the authentication challenge based on at least the authentication challenge, the client device identifier, and the client global time;
receive a response to the authentication challenge, the response generated by the client device; and
authenticate the client device on a wireless communications network based on comparing the response and the expected response using a matching function.

US Pat. No. 10,171,449

ACCOUNT LOGIN METHOD AND DEVICE

TENCENT TECHNOLOGY (SHENZ...

1. An account login method, comprising:storing, by a server, an association relation between a first account and a second account, and storing information of a login target corresponding to the second account;
receiving, by the server, a login request for using the first account to log in to the login target corresponding to the second account, retrieving login configuration information of the second account based on the association relation between the first account and the second account, and sending the login configuration information of the second account to the login target corresponding to the second account; and
logging in to the login target corresponding to the second account according to the login configuration information of the second account;
wherein the login request is a common login request that comprises an account identity of the first account, an account password of the first account, and the information of the login target corresponding to the second account; and the method further comprises:
authenticating the first account based on the account identity of the first account and the account password of the first account.

US Pat. No. 10,171,448

SINGLE SIGN-ON FOR UNMANAGED MOBILE DEVICES

AIRWATCH LLC, Atlanta, G...

8. A system, comprising:at least one computing device comprising a processor and a memory; and
a service provider executable by the at least one computing device, the service provider configured to cause the at least one computing device to at least:
receive an access request from a first client application executed in a client device;
cause a mapping between a predefined scheme name and a second client application to be registered with the client device;
cause the first client application, using a redirection response that redirects the access request to an identity provider, to request an authentication token from the second client application executed in the client device, the authentication token being requested by the first client application using a local uniform resource locator (URL) beginning with the predefined scheme name that is registered with the client device to correspond to the second client application;
receive the authentication token from the first client application; and
authenticate the first client application in response to verifying the authentication token.

US Pat. No. 10,171,447

SINGLE SIGN-ON FOR UNMANAGED MOBILE DEVICES

AIRWATCH LLC, Atlanta, G...

1. A non-transitory computer-readable medium embodying a program executable in a client device, the program, when executed by the client device, being configured to cause the client device to at least:receive a first request for an identity assertion from a client application executed in the client device, wherein the first request for the identity assertion is received through a local uniform resource locator (URL) having a scheme name corresponding to the program, the scheme name corresponds to a unique identifier, the local URL includes callback information corresponding to the client application, and the first request is being initially redirected from a service provider to an identity provider and subsequently redirected from the identity provider to the program;
authenticate with the identity provider using at least one security credential;
send a second request for the identity assertion to the identity provider;
receive the identity assertion from the identity provider; and
return the identity assertion to the client application.

US Pat. No. 10,171,446

METHOD AND APPARATUS FOR LIMITING TRAFFIC RATE TO AN ORIGIN SERVER

CLOUDFLARE, INC., San Fr...

1. A method in a proxy server of limiting a rate at which traffic is received at an origin server, the method comprising:receiving, from a client device, a first request for a resource at an origin server;
transmitting, to the client device, a first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached, and wherein the refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed;
receiving as a result of the refresh instruction a second request for the resource from the client device, wherein the second request includes the first cryptographic token;
determining that the first cryptographic token is not valid; and
responsive to determining that the first cryptographic token is not valid, performing:
(a) determining a number of requests that are to be transmitted to the origin server as a result of validity of their respective cryptographic token,
(b) responsive to determining, based on the number of requests that are to be transmitted to the origin server and based on a maximum number of client devices that can access the origin server during a predetermined interval of time, that the second request can be assigned a second cryptographic token that is not valid until a second predetermined time is reached, wherein the second predetermined time occurs earlier than the first predetermined time, transmitting a second response including the refresh instruction, a second refresh time, and the second cryptographic token,
(c) responsive to determining that the second request cannot be assigned the second cryptographic token, transmitting a third response that includes the refresh instruction, the first refresh time, and the first cryptographic token,
(d) receiving a third request for the resource from the client device, wherein the third request includes at least one of the first cryptographic token and the second cryptographic token,
(e) repeating (a), (b), (c) and (d) until receiving a request from the client device that includes at least one of the first cryptographic token and the second cryptographic token that is valid, and
(f) responsive to determining that at least one of the first cryptographic token and the second cryptographic token is valid, fulfilling the third request.

US Pat. No. 10,171,445

SECURE VIRTUALIZED SERVERS

International Business Ma...

13. A computer program product for providing secure access to physical resources via a partitionable input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a computer processing circuit to cause the circuit to perform the method comprising:receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resources are assigned to the particular WPAR;
accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;
receiving, from the Kerberos server, a valid ticket,
granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.

US Pat. No. 10,171,444

SECURITIZATION OF TEMPORAL DIGITAL COMMUNICATIONS VIA AUTHENTICATION AND VALIDATION FOR WIRELESS USER AND ACCESS DEVICES

IronClad Encryption Corpo...

1. One or more access devices or one or more user devices or both one or more access devices and one or more user devices comprising: at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory; one or more real or one or more virtual master distributed auto-synchronous array (DASA) databases or both one or more real and one or more virtual master distributed auto-synchronous array (DASA) databases located within or external to said access devices and said user devices, where said master (DASA) databases at least store and retrieve data and also include at least two or more partial distributed auto-synchronous array (DASA) databases, wherein said partial DASA databases function in either an independent manner, a collaborative manner or both an independent manner and a collaborative manner, wherein said master and said partial DASA databases analyze and provide information in a form of data and act to control one or more output devices, wherein said output devices are computing devices, wherein said one or more output devices create user devices, and wherein said master and said partial DASA databases configure bi-directional transmission of data to and from multiple partial user devices, to and from multiple partial access devices or to and from both multiple partial user and multiple partial access devices, wherein said user devices and said access devices are computing devices, and wherein one or more partial user and one or more partial access devices store and provide at least partial copies of portions of said master DASA databases, and wherein said master DASA databases, said partial DASA databases or both said partial DASA databases and said master DASA databases are linked and communicate with each other as well as inclusion of one or more logging and monitoring databases that provide statistical and numerical calculations utilizing data, wherein said one or more access devices authenticate using a first set of computing operations, and validate using a second set of computing operations, and wherein a third set of computing operations controls access for a specified set of users, wherein said computing operations define rules utilized to provide logic with regard to communications between said master and said partial DASA databases and said partial user and said partial access devices.

US Pat. No. 10,171,443

DISPLAYING THE ACCESSIBILITY OF HYPERLINKED FILES

International Business Ma...

1. A method for displaying an accessibility of a hyperlinked file, the method comprising:extracting a hyperlink from a target file, wherein the hyperlink references a resource displayable on a display apparatus, wherein the hyperlink is extracted from the target file in response to determining that a predetermined duration of time has lapsed since a previous determination of the accessibility of the resource, wherein extracting a hyperlink from a target file further comprises:
retrieving a FORM tag from a source code of the resource;
determining the source code of the resource comprises a first INPUT tag having a first attribute comprising a password attribute;
determining the source code of the resource comprises a second INPUT tag having a second attribute comprising a submit attribute;
determining the source code of the resource comprises a third INPUT tag having a third attribute that is not a password attribute and not a submit attribute; and
determining the hyperlink includes an authentication screen;
attempting to acquire the resource by performing a first authentication operation configured to fail and, in response, receiving a first object, wherein the first authentication operation configured to fail comprises the first authentication operation configured to generate an error screen, wherein the first object comprises a first screenshot of the error screen, wherein the first authentication operation includes inputting into an authentication screen a character string that includes characters that are not permitted to be used as the authentication information;
acquiring a second object by performing a second authentication operation using pre-determined authentication information, wherein the second object comprises a second screen shot of a screen resulting from the second authentication operation, wherein the pre-determined authentication information is associated with network position information of the resource, and wherein the second authentication operation is based, at least in part, on the network position information, wherein the pre-determined authentication information comprises a user identifier, a password, a determination date, and a determination time for the network position information, wherein the determination date indicates a date the second authentication operation was previously performed, and wherein the determination time indicates a time that the second authentication operation was performed on the determination date;
comparing the first object and the second object to determine if the first object is the same as the second object, wherein comparing the first object and the second object comprises comparing the first screen shot to the second screen shot; and
presenting, via the display apparatus, information indicating the accessibility of the resource, wherein the information is based, at least in part, on the comparison between the first object and the second object and further based, at least in part, on the target file.

US Pat. No. 10,171,442

PREDICTING A NEED FOR AND CREATING TEMPORARY ACCESS TO A COMPUTER COMPONENT IN INFRASTRUCTURE INFORMATION TECHNOLOGY

International Business Ma...

1. A method of provisioning temporary access to a computer component, the method performed by at least one hardware processor, the method comprising:based on monitoring the computer server, receiving a signal comprising a request that requires executing an action on a computer server;
determining a server configuration associated with the computer server by accessing at least one storage device storing a configuration database;
determining based on the server configuration, a technology associated with executing the action on the computer server;
searching a user profile database stored on the at least one storage device to identify candidate users having a skill set associated with the technology;
determining availability, location and a skill level of the candidate users;
predicting based on historical data a duration the candidate users would take to execute the action on the computer server;
based on at least the duration, the availability, the location and the skill level of the candidate users, determining at least one user from the candidate users to execute the action on the computer server; and
creating a temporary access credential for the at least one user to access the computer server to execute the action, the temporary access credential having expiration duration, the expiration duration covering a duration of time the at least one user takes to perform the action,
wherein the temporary access credential is created by interfacing with an authentication system associated with the computer server, and wherein the action is executed on the computer server.

US Pat. No. 10,171,441

SYSTEM AND METHOD FOR TRANSFORMING CHANNEL ID COMMUNICATIONS IN MAN-IN-THE-MIDDLE CONTEXT

International Business Ma...

1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising:generating, by a Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspector, a secret;
receiving, from a client, the Channel ID communication comprising a public key value;
deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication;
generating, by the SSL/TLS inspector, a new private key based upon the random seed value;
deriving, by the SSL/TLS inspector, a new public key based upon the new private key;
generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and
forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.

US Pat. No. 10,171,440

METHOD AND APPARATUS FOR MANAGING ENCRYPTION KEYS FOR CLOUD SERVICE

SAMSUNG SDS CO., LTD., S...

1. A key management method, comprising:encrypting a service key used by an instance of a first user of a cloud service, by using a master key;
generating, with a key access server, two or more key pieces for reconstructing the master key;
distributing, by the key access server, the two or more key pieces to two or more host servers included in a host group for providing the cloud service via a key sharing protocol, and storing each key piece in a different host server;
receiving a request for the service key from the instance of the first user;
receiving, at the key access server, the two or more key pieces from the two or more host servers and reconstructing, by the key access server, the master key based on the received two or more key pieces; and
decrypting the encrypted service key by using the reconstructed master key, wherein the key sharing protocol is a protocol which permits data communication between the key access server and the two or more host servers and does not permit data communication between the two or more host servers, and
wherein the two or more host servers determine whether the key access server is a malicious server by verifying key pieces opened by the key access server.

US Pat. No. 10,171,439

OWNER BASED DEVICE AUTHENTICATION AND AUTHORIZATION FOR NETWORK ACCESS

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method comprising:granting access to a network to any one of multiple devices of a same-owner,
each of said multiple devices having been previously associated with said same-owner at an authentication server, with the result that a plurality of device keys for authenticating said multiple devices are stored on said authentication server; and
said same-owner has previously been authorized to gain access to said network, such that a same-owner identification (ID) is stored on said authentication server;
listing of a device selected from any one of said multiple devices of said same-owner on said authentication server controlled by a network operator;
adding said same-owner ID to a same-owner-based access list of said same-owner associated with an operator ID of said network operator;
for each said device of said multiple devices, a private key is stored on said device, whereas a public key, associated with said same-owner, is stored on said authentication server on the public internet in the cloud;
associating each of said plurality of said device keys with a respective one of a plurality of device identification (IDs) or at least one of said multiple devices in said same-owner-based access list;
updating said same-owner-based access list to associate at least one of said plurality of device keys, or at least one of said plurality of device IDs with said same-owner ID;
receiving by said network operator, a network access request from and for said device to connect to said network, said device being one of said multiple devices of said same owner, wherein said network access request includes a device ID of said device requiring said network access request to be identified by said authentication server, but said network access request does not include said same owner ID;
receiving, by said authentication server from said network operator the network access request for said device;
authenticating, by said authentication server, said device using said device ID included in said network access request and a device key selected from said plurality of device keys, that is associated with said device ID on said same-owner-based access list and stored on said authentication server;
performing additional authentication in a challenge-response process between said authentication server and said device, based on the device key;
confirming, responsive to the additional authentication being successful, that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list; and
sending a notification causing said network operator to grant said device selected from any one of said multiple devices of said same-owner, access to said network, upon authenticating said device and confirming that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list;
wherein said network access request is confirmed by said authentication server, if said device, selected from any one of said multiple devices of said same-owner, is successfully authenticated, or if said same-owner of said device is confirmed to be associated to said device on said authenticated server, such that, in either case, said same-owner is authorized to access said network with the result that the access is same-owner-based and not device-based.

US Pat. No. 10,171,438

GENERATING A PASSWORD

INTERNATIONAL BUSINESS MA...

1. A method for generating a password, the method comprising:receiving, by a computer system, user input from a user for identifying a particular account from among a plurality of accounts;
selecting, by the computer system, a set of questions specific for the particular account from among a plurality of questions;
receiving, by the computer system, further user input comprising one or more received responses to each question of the set of questions;
determining, by the computer system, at least one hash by applying a hash function to the one or more received responses of each question of the set of questions;
generating, by the computer system, a password for the account based on the one or more received responses by selecting at least one hashed character from the at least one hash as one or more characters of a plurality of characters of the password; and
associating, by the computer system, an ordered index of the set of questions from among the plurality of questions and a particular character position of each at least one hashed character within the at least one hash, for use in recreating the password.

US Pat. No. 10,171,437

TECHNIQUES FOR SECURITY ARTIFACTS MANAGEMENT

Oracle International Corp...

1. A method comprising:receiving a request to manage security of an application;
identifying, by a computer system of a security management system, a plurality of security artifacts related to security for accessing the application, wherein the computer system is in a secure zone protected by one or more security measures;
determining, by the computer system, security access for accessing the application;
generating, by the computer system, a security artifact archive for the application, the security artifact archive including security data and security artifact data, wherein the security data is based on the security access, wherein the security data includes an access policy that indicates the security access and the security data includes attribute data indicating one or more attributes of the application, and wherein the security artifact data identifies one or more of the plurality of security artifacts;
storing the security artifact archive in association with an application identifier that identifies the application and a version identifier corresponding to the application, wherein the version identifier indicates a version of the security artifact archive, and wherein different versions of the security artifact archive correspond to changes in security access based on a different version of the application; and
responsive to the request, transmitting, by the computer system, the security artifact archive to the application, wherein the application operates to manage security for accessing the application based on the security artifact data and the security access in the security data of the security artifact archive, and wherein the application is outside the secure zone.

US Pat. No. 10,171,436

DISTRIBUTED LEARNING AND AGING FOR MANAGEMENT OF INTERNET PROTOCOL (IP) ADDRESSES

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a device, a packet associated with a malicious source,
the device including a plurality of security process units (SPUs) arranged in a ring of SPUs;
receiving back, by a first SPU in the ring of SPUs, a delete query message generated by the first SPU;
changing, by the first SPU, a first entry, associated with the packet, of the first SPU based on receiving back the delete query message; and
providing, by the first SPU and based on changing the first entry of the first SPU, a delete action message to a second SPU in the ring of SPUs,
the delete action message including an instruction to change a state of a second entry of the second SPU, and
the second entry corresponding to the first entry.

US Pat. No. 10,171,435

DEVICES THAT UTILIZE RANDOM TOKENS WHICH DIRECT DYNAMIC RANDOM ACCESS

IronClad Encryption Corpo...

1. One or more devices that encrypt data transmitted to or decrypt data received from or both transmit said data to and decrypt said data received from said devices that utilize one or more master keys comprising:at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory;
at least one encrypter or decrypter or both an encrypter and a decrypter that encrypt or decrypt or both encrypt and decrypt said data or associated data files or both said data and said associated data files that utilize one or more master keys and one or more key selectors, where one or more key selectors provide selection and provision of one or more encryption keys for each segment of bit by bit data or byte by byte data or both bit by bit data and byte by byte data, wherein said master keys and said key selectors produce a specific set of one or more executable encryption keys that encrypt or decrypt or both encrypt and decrypt said data or said associated data files or both said data and said associated data files where one or more said key selectors coincide with at least one value that directly corresponds with created cipher data or created cipher data files or both said created cipher data and said created cipher data files,
and wherein said key selectors are also encrypted and decrypted,
and wherein said key selectors and said created cipher data and said created cipher data files produce result data and result data files where said created cipher data and said created cipher data files together with said result data and said result data files are sealed to produce encrypted data and encrypted data files that are only encrypted and decrypted with one or more said master keys and one or more said key selectors.

US Pat. No. 10,171,434

MANAGED DEVICE SCATTERNET ADMINISTRATION

AIRWATCH LLC, Atlanta, G...

1. A non-transitory computer-readable medium embodying program code executable in at least one computing device, the program code being configured to cause the at least one computing device to at least:receive a network entry request from a client device;
examine a structure of a network to identify an opening for the client device in a network sublayer of the network in response to the network entry request;
transmit network access data to the client device, the network access data comprising a network address of a sublayer propagator device for the network sublayer having the opening;
transmit client admission data to the sublayer propagator device, the client admission data comprising a unique identifier for the client device and a session key for communications with the client device; and
dispatch configuration data for the client device to the sublayer propagator device.

US Pat. No. 10,171,433

SYSTEM AND METHOD FOR AUTHENTICATING USERS

PACID TECHNOLOGIES, LLC, ...

1. A method for authenticating a user, comprising:receiving, by an application running on a mobile phone, a unique user input, said application processing said unique user input and generating a secret;
storing said secret at the mobile phone, said secret being stored with an identifier so as to be retrievable when the unique user input is received again by the mobile phone;
receiving at the mobile phone from a remote computer-based station a first communication comprising a request for user credentials of the user of the mobile phone, said first communication including the identifier associated with the secret;
responsive to said receiving, the mobile phone prompting a user via a user interface for the unique user input, verifying said unique user input, and transmitting to the remote computer-based station a second communication encoded using the secret.

US Pat. No. 10,171,432

SYSTEMS TO IMPLEMENT SECURITY IN COMPUTER SYSTEMS

Ari Birger, Palo Alto, C...

1. A computing system, comprising:a server including multiple cores dedicated to compute functions, wherein each core is dedicated to a single compute function;
a key management server configured to generate and issue a unique secret key to each core to encrypt the data of each compute function to isolate the data from another compute function; and
a shared memory accessed by one or more of the multiple cores configured to store the data of each function, wherein the security of the encrypted data of each compute function is isolated by a secret key obtained from the key management server, wherein the multiple cores include a hypervisor dedicated core, a cloud or data center management agent core, an orchestration core, a self service agent core, and a network function virtualization (NFV) core.

US Pat. No. 10,171,431

SECURE MESSAGE HANDLING OF AN APPLICATION ACROSS DEPLOYMENT LOCATIONS

International Business Ma...

1. A method for secure message handling of an application across deployment locations, said method comprising:dividing, by one or more processors of a computer system, the application into multiple processing nodes which process messages and which can be deployed in multiple different locations, wherein the application processes a message comprising a plurality of data aspects, wherein each data aspect in the message includes aspect data having a data aspect value in one or more fields in the message, and wherein one or more data aspects of the plurality of data aspects include respective deployment constraints on locations in which the aspect data in the one or more data aspects is deployed;
said one or more processors analyzing the application to identify one or more processing nodes of the multiple processing nodes that reference the one or more data aspects;
said one or more processors ascertaining whether the one or more data aspects are accessed by an identified processing node of the multiple processing nodes, wherein access to each data aspect of the one or more data aspects requires a data aspect value of said each data aspect of the one or more data aspects to be known;
if said ascertaining ascertains that the one or more data aspects are accessed by the identified processing node, then said one or more processors determining a restriction for the identified processing node based on the respective deployment constraints included in the accessed one or more data aspects and deploying the identified processing node according to the determined restriction for the identified processing node;
if said ascertaining ascertains that none of the one or more data aspects are accessed by the identified processing node, then said one or more processors marking the identified processing node or a preceding processing node that precedes the identified processing node to indicate a required tokenization of the one or more data aspects, said tokenization removing the deployment constraints for the identified processing node.

US Pat. No. 10,171,430

MAKING A SECURE CONNECTION OVER INSECURE LINES MORE SECURE

1. A communication system comprising:encryption circuitry;
formatter circuitry electrically coupled with the encryption circuitry; and
transmitter circuitry electrically coupled with the formatter circuitry, wherein:
the encryption circuitry is configured for:
receiving user datagrams;
determining a first packet-to-packet boundary, a second packet-to-packet boundary, and a third packet-to-packet boundary of the user datagrams;
encrypting the user datagrams to provide encrypted datagrams;
calculating a first checksum for encrypted data between the first packet-to-packet boundary and the second packet-to-packet boundary, wherein the first checksum is a first quantity of bits;
inserting the first checksum to the encrypted datagrams at the second packet-to-packet boundary;
calculating a second checksum for encrypted data between the second packet-to-packet boundary and the third packet-to-packet boundary, wherein the second checksum is a second quantity of bits and the second quantity of bits is greater than the first quantity of bits; and
inserting the second checksum to the encrypted data at the third packet-to-packet boundary, and
providing the encrypted datagrams, the first checksum, and the second checksum to the formatter circuitry,
wherein the encryption circuitry is further configured to provide an overhead communications channel having a variable bitrate,
wherein the variable bitrate is determined at least in part by a datagram bitrate and a fixed payload availability of the formatted bit stream;
the formatter circuitry is configured for:
inserting the encrypted datagrams, the first checksum, and the second checksum as payload data to a formatted bit stream having a total bitrate of approximately 10 gigabits per second; and
providing the formatted bit stream to the transmitter circuitry, wherein the formatted bit stream is compliant to a public switched network; and
the transmitter circuitry is configured for optically transmitting the formatted bit stream over the public switched network.

US Pat. No. 10,171,429

PROVIDING SECURITY TO VIDEO FRAMES

ARRIS Enterprises LLC, S...

1. A method of processing a compressed and encrypted video media program, comprising:processing at least a portion of the video media program in a video player that includes a computer processor for processing at least a portion of the video media program, the video player operable for:
receiving the media stream, wherein the video media stream is comprised of one or more chunks;
subdividing the chunks into one or more packets, wherein one or more of the packets include video data;
obfuscating or de-obfuscating at least some of the video data, wherein the step of obfuscating or de-obfuscating comprises obfuscating or de-obfuscating the video data using a caption handling with skip and select approach where only the video data in a first set of packets is de-obfuscated so that caption data is extracted; and
concatenating the video data into one or more frames for playback by the video player.

US Pat. No. 10,171,428

CONFIDENTIAL DATA MANAGEMENT METHOD AND DEVICE, AND SECURITY AUTHENTICATION METHOD AND SYSTEM

Rowem Inc., Seoul (KR)

1. A secure authentication method for performing secure authentication of a user by an authentication system, the secure authentication method comprising:receiving, by a service server, a service request from a first communication terminal;
transmitting, by a security server, a notification message including a stored decryption key to a second communication terminal in response to a notification message transmission request received from the service server;
decrypting, by the second communication terminal, a stored encrypted code table using the decryption key received from the security server;
outputting, by the second communication terminal, a security keypad to a screen, and when at least one input value is received through the security keypad, identifying each code mapped to the received at least one input value in the decrypted code table;
generating, by the second communication terminal, authentication information consisting of a combination of each identified code, and transmitting the authentication information to the service server; and
authenticating, by the service server, the first communication terminal based on the authentication information received from the second communication terminal.

US Pat. No. 10,171,427

PORTABLE ENCRYPTION AND AUTHENTICATION SERVICE MODULE

WEBCLOAK, LLC, Irvine, C...

1. A portable, hand-held electronic device, through which a user can anonymously utilize a host device comprising a processor to communicate with a target application having a target network address, wherein the host device includes a native operating system (OS), the portable, hand-held electronic device comprises:an onboard database that stores user credential information; and
an onboard memory storing software instructions that, when executed by the processor, configure the processor to perform the steps of
(a) receiving IP addresses associated with the host device;
(b) instantiating a virtual machine that runs on top of the native OS, wherein the virtual machine comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) messaging server having an IP address different from any of the received IP address of the host device,
(c) rendering an encryption and decryption service on the virtual machine for encrypting and decrypting data between the onboard database and the virtual machine,
(d) rendering an encrypted messaging interface on the host device that utilizes the TCP/IP messaging server for encrypting and decrypting data between the virtual machine and the target application over a TCP/IP networking layer,
(e) negotiating a data encryption protocol with the target application through a private portable encryption authentication and service module (PPEASM) interface associated with the application to enable encrypting and decrypting data between the target application and a PPEASM application, and
(f) negotiating authentication of the user with the target application by utilizing the user credential information and information received at the encrypted messaging interface from the PPEASM application with user credential information on the onboard database accessed via the encryption and decryption service.

US Pat. No. 10,171,426

HOME NETWORK CONTROLLING APPARATUS AND METHOD TO OBTAIN ENCRYPTED CONTROL INFORMATION

SAMSUNG ELECTRONICS CO., ...

1. A method of controlling, by a control device, at least one device by using control information, the method comprising:receiving, from a server, information used to configure a user interface or process an event related to controlling the at least one device by the control device, which has not been encrypted;
receiving, from the server, control information used to control at least one device, which has been encrypted using an encryption process;
transmitting a control command for controlling the at least one device according to the control information.

US Pat. No. 10,171,425

ACTIVE FIREWALL CONTROL FOR NETWORK TRAFFIC SESSIONS WITHIN VIRTUAL PROCESSING PLATFORMS

Keysight Technologies Sin...

1. A method for network traffic session control within virtual processing environments, comprising:hosting a plurality of virtual machine (VM) platforms within one or more servers;
running a plurality of application instances within the plurality of VM platforms, each of the application instances being configured to provide a network service;
operating a plurality of virtual firewalls associated with the plurality of application instances;
monitoring the plurality of application instances using a plurality of agent instances also running within the plurality of VM platforms, each agent instance being associated with one of the plurality of application instances and one of the plurality of firewalls;
at each of the plurality of agent instances:
receiving firewall rules from an agent controller;
locally storing the firewall rules; and
applying the firewall rules to the firewall associated with the agent instance;
at the agent controller, maintaining a central firewall rules database and transmitting firewall rules to the plurality of agent instances from the central firewall rules database;
with the plurality of agent instances, collecting metadata associated with the plurality of application instances and reporting the metadata to the agent controller, one or more rules stored within the central firewall rules database being based upon the reported metadata; and
at each of the plurality of virtual firewalls:
receiving access requests to the application instance associated with the firewall from one or more network sources; and
controlling access to the application instance based upon the firewall rules applied by the agent instance associated with the firewall.

US Pat. No. 10,171,424

PRIVACY ENHANCING NETWORKS

MINDTOP, INC., Melrose, ...

1. A method for obscuring data flow paths through a network of gateways, the method comprising:providing a controller in communication with each gateway in the network of gateways;
receiving, at the controller, a request for a flow path through the network of gateways from an originating gateway to a destination gateway;
computing, by the controller in response to the request, a unique flow path comprising a random sequence of intervening gateways between the originating gateway and the destination gateway; and
sending, from the controller to each intervening gateway in the computed flow path, flow transformation information to enable each intervening gateway to forward received data traffic to the next intervening gateway in the random sequence.

US Pat. No. 10,171,423

SERVICES OFFLOADING FOR APPLICATION LAYER SERVICES

Juniper Networks, Inc., ...

1. A method, comprising:receiving, by a device, network traffic;
identifying, by the device, a first portion of the network traffic for an application layer inspection;
performing, by the device, the application layer inspection on the first portion of the network traffic based on identifying the first portion of the network traffic;
determining, by the device, a context regarding the network traffic based on the application layer inspection on the first portion of the network traffic;
selectively offloading, by the device, a second portion of the network traffic for transport layer inspection without the application layer inspection based on whether the context regarding the network traffic has changed for the second portion of the network traffic;
providing, by the device, the second portion of the network traffic to a destination without causing the second portion of the network traffic to be provided for application layer inspection;
determining, by the device, that a trigger associated with the network traffic is satisfied;
identifying, by the device, a third portion of the network traffic based on determining that the trigger is satisfied; and
causing, by the device, the third portion of the network traffic to be provided for application layer inspection based on identifying the third portion of the network traffic.

US Pat. No. 10,171,422

DYNAMICALLY CONFIGURABLE PACKET FILTER

Owl Cyber Defense Solutio...

1. A configurable packet filtering system, comprising:a packet filter configured to receive packets or groups of packets on an input, to compare predetermined portions of the packets or groups of packets with information or criteria stored in a filter configuration file, and, in response to the information at the predetermined portions of the packets or groups of packets matching the information or criteria stored in the filter configuration file, to forward the packets or groups of packets on an output; and
a filter configuration interface configured to receive a file on an input, to verify that the received file conforms to a predetermined specification, and, in response to the received file conforming to the predetermined specification, to automatically replace the filter configuration file with the received file.

US Pat. No. 10,171,421

INTRUSION PREVENTION AND DETECTION IN A WIRELESS NETWORK

TRAFFIC OBSERVATION VIA M...

1. A non-transitory computer-readable storage medium storing executable instructions which, when executed on one or more processors of a device of a wireless network, causes the one or more processors to:provide a security element comprising an intrusion detection and prevention (IDS) computer program, the security element located in between a physical layer of a receiver of the device and a media access control (MAC) layer of the device, the security element configured to interface with a driver of a wireless network interface of the receiver and control traffic flow between the physical layer of the receiver of the device and the MAC layer of the device;
receive wireless traffic, at the physical layer of the receiver of the device, the wireless traffic comprising first traffic and second traffic;
pass the first traffic and the second traffic to the security element located in between the physical layer of the receiver and the MAC layer of the device;
the security element is further configured to:
detect that the first traffic is allowed to pass to the MAC layer of the device by applying one or more rules from a group of rules comprising: denial of service (DoS), man-in-the-middle (MiTM), traffic inspection, Transport Control Protocol (TCP), and Internet Protocol (IP) rules to:
identify a first MAC management frame in the first traffic, instead of a MAC control frame or a MAC data frame;
detect whether a predefined information element is present in an authentication field of the first MAC management frame; and
determine that the first traffic is allowed and not malicious, responsive to detecting that the predefined information element is present in the authentication field of the first MAC management frame; and
detect that the second traffic is not allowed to pass to the MAC layer of the device by applying the one or more rules from the group of rules to:
identify a second MAC management frame in the second traffic, instead of a MAC control frame or a MAC data frame;
detect whether the predefined information element is present in an authentication field of the second MAC management frame; and
determine that the second traffic is malicious and not allowed, responsive to a failure to detect the predefined information element in the authentication field of the second MAC management frame.

US Pat. No. 10,171,420

SPATIAL REUSE FOR UPLINK MULTIUSER TRANSMISSIONS

Intel IP Corporation, Sa...

1. An apparatus of a station, the apparatus comprising: a memory; andprocessing circuitry coupled to the memory, wherein the processing circuitry is configured to:
decode a first portion of a physical layer convergence procedure (PLCP) protocol data unit (PPDU); and
if the PPDU is an overlapping basic service set (OBSS) PPDU, and a receive power of the PPDU is below an overlapping power detect level, configure the station to transmit a frame.

US Pat. No. 10,171,419

IP ROUTE CACHING WITH TWO SEARCH STAGES ON PREFIX LENGTH

Mellanox Technologies TLC...

1. A method, comprising the steps of:maintaining a routing table of destination addresses in a main memory, the destination addresses comprising binary numbers having respective prefixes of most significant bits;
receiving via a data network a packet having a packet destination address;
providing a cache memory having exactly one table of cache entries stored therein, the cache entries comprising respective cached destination addresses and respective delta values (L),
assigning a global mask size (M), wherein the global mask size specifies a number of most significant bits needed for first comparisons between the packet destination address and the cached destination addresses, and the delta value specifies a number of additional most significant bits needed for second comparisons between the packet destination address and the cached destination address;
deriving the delta values by determining a maximum prefix length of the prefixes of the destination addresses in the routing table that are compatible with the respective cached destination addresses;
in a first search of the table of cache entries making a determination that in one of the first comparisons M most significant bits of the cached destination address of a first cache entry and the packet destination address are identical;
computing a sum of the global mask size and the delta value of the first cache entry to yield a new number (M+L);
performing the second comparisons in a second search of the table of cache entries; and
when in one of the second comparisons the new number (M+L) of most significant bits of the cached destination address of a second cache entry and the packet destination address are identical, performing the steps of:
retrieving routing information from the cache memory; and
processing the packet according to the routing information.

US Pat. No. 10,171,418

METHOD AND APPARATUS FOR ACCESSING DEMILITARIZED ZONE HOST ON LOCAL AREA NETWORK

1. A method for accessing a demilitarized zone host in a local area network (LAN), comprising:configuring a mapping relationship between public internet protocol (IP) addresses obtained from a wide area network (WAN) side and private IP addresses of demilitarized zone hosts at a LAN side;
after receiving an access request sent by a client at the WAN side, modifying a destination IP address in the access request to a private IP address of a corresponding demilitarized zone host at the LAN side according to the configured mapping relationship, and sending the modified access request to the demilitarized zone host;
receiving a reply message returned by the demilitarized zone host, modifying a source IP address contained in the reply message to a public IP address of the client at the WAN side, and sending the modified reply message to the WAN side,
wherein before performing said configuring a mapping relationship between public IP addresses obtained from the WAN side and private IP addresses of demilitarized zone hosts at the LAN side, the method further comprises:
configuring slot information used for storing the public IP addresses obtained from the WAN side, wherein the slot information corresponds to the public IP addresses one-to-one,
wherein after performing said configuring the mapping relationship between the public IP addresses obtained from the WAN side and the private IP addresses of the demilitarized zone hosts at the LAN side, the method further comprises:
when dialing through the WAN side, sending an extension tag used to indicate an identity of the client at the WAN side to a server at the WAN side; and
receiving a plurality of IP addresses sent by the server at the WAN side through the extension tag, and filling public IP addresses therein into corresponding slot information.

US Pat. No. 10,171,417

DISTRIBUTED IP ALLOCATION AND DE-ALLOCATION MECHANISM IN A COMMUNICATIONS NETWORK HAVING A DISTRIBUTED S/PGW ARCHITECTURE

Telefonaktiebolaget LM Er...

1. A non-transitory computer readable medium having stored therein instructions to be executed by a packet processing unit (PPU) in a communications network to allow a plurality of PPUs in the communications network to independently allocate IP addresses from a shared pool of IP addresses, the instructions when executed by the PPU cause the PPU to perform a set of operations comprising:receiving, by the PPU, a request to allocate an IP address to a user entity (UE), wherein the plurality of PPUs in the communications network collectively maintain a distributed hash table (DHT), the DHT stores a distributed block allocation table (DBAT) and a plurality of distributed address allocation tables (DAATs), wherein the DBAT includes an entry for each of a plurality of blocks of IP addresses to indicate which of the plurality of blocks of IP addresses are allocated to which of the plurality of PPUs, and wherein each of the plurality of DAATs corresponds to one of the blocks identified in the DBAT and includes an entry for each of the IP addresses in that one block to indicate which of the IP addresses in that one block are allocated to which UEs;
choosing, from a first block of IP addresses currently allocated to the PPU, one of the IP addresses in the first block that a locally cached version of the DAAT corresponding to the first block indicates as being available;
looking up, using a DHT algorithm, which of the plurality of PPUs is responsible for storing the DAAT entry in the DHT for the chosen IP address;
causing the PPU responsible for storing the DAAT entry in the DHT for the chosen IP address to update that DAAT entry to indicate that the chosen IP address is allocated to the UE;
updating the locally cached version of the DAAT corresponding to the first block to indicate that the chosen IP address is allocated to the UE;
allocating the chosen IP address to the UE;
determining, by the PPU, that the PPU needs another of the blocks of IP addresses to be allocated to it;
choosing one of the blocks of IP addresses that a locally cached version of the DBAT indicates as being available;
looking up, using the DHT algorithm, which of the plurality of PPUs is responsible for storing the DBAT entry in the DHT for the chosen block;
causing the PPU responsible for storing the DBAT entry in the DHT for the chosen block to update that DBAT entry to indicate that the chosen block is allocated to the PPU;
updating the locally cached version of the DBAT to indicate that the chosen block is allocated to the PPU;
causing the others of the plurality of the PPUs to update their respective locally cached version of the DBAT to indicate that the chosen block is allocated to the PPU; and
creating a locally cached version of the DAAT corresponding to the chosen block.

US Pat. No. 10,171,416

METHOD FOR ESTABLISHING DATA CONNECTION ON MOBILE NETWORK, MOBILE NETWORK, AND POLICY CONTROL ENTITY

HUAWEI TECHNOLOGIES CO., ...

1. A method for establishing data connections on a mobile network performed by a Packet Data Network Gateway (PDN GW), the PDN GW comprising one or more processor in communication with a computer readable storage medium having instructions stored therein, wherein when the instructions are executed, the one or more processors implement the method comprising:establishing a data channel with a User Equipment (UE);
establishing a policy control session with a policy control entity according to a data channel ID provided by the PDN GW, wherein the policy control session is used to implement policy control on the data channel, and the data channel ID is used to identify the data channel established between the UE and the PDN GW;
receiving an address allocation request from the UE;
allocating an Internet Protocol (IP) address to the UE according to the address allocation request sent by the UE; and
sending a policy control session update request carrying the IP address to the policy control entity for updating the policy control session.

US Pat. No. 10,171,415

CHARACTERIZATION OF DOMAIN NAMES BASED ON CHANGES OF AUTHORITATIVE NAME SERVERS

VERISIGN, INC., Reston, ...

1. A computer-implemented method, comprising:receiving a data set corresponding to name server operations for a plurality of domain names, wherein each name server operation of the name server operations is associated with a time unit;
determining, using one or more processors, an identifier for each domain name in the plurality of domain names based on the name server operations, wherein:
the identifier comprises a Name Server Switching Footprint (NSSF), textual data, and indicates name server switching operations associated with the domain name; and
the NSSF comprises a string with a first value that represents a number of add operations associated with a number of name servers added to an authoritative list of name servers for the domain name and a second value that represents a number of delete operations associated with a number of name servers deletions to the authoritative list of name servers for the domain name;
determining the identifier comprising determining the NSSF by building a string for each time unit and concatenating the strings together;
determining that an NSSF of a first domain name of the plurality of domain names is associated with a malicious domain name use by matching the first value and the second value to corresponding first and second values in an NSSF associated with the malicious domain name use; and
in response to determining that the NSSF of the first domain name is associated with a malicious domain name use, adding the first domain name to a blacklist to prevent a malicious use of the first domain name.

US Pat. No. 10,171,414

METHOD FOR ALLOCATING INTERNET PROTOCOL ADDRESSES TO CLIENTS OF A NETWORK AND CORRESPONDING APPARATUS

INTERDIGITAL CE PATENT HO...

1. A method for allocation of Internet Protocol addresses to network devices in a communication network to avoid Internet Protocol session discontinuity for the network devices, wherein said communication network comprises an Internet Protocol address server and a memory and said method is implemented by said Internet Protocol address server, said method comprising:receiving, from a first network device of said network devices in said communication network, a request for attribution of an Internet Protocol address to a Media Access Control address, the request comprising said Media Access Control address;
retrieving information from the memory to determine if an Internet Protocol address is attributed to the Media Access Control address;
if an Internet Protocol address is not attributed to the Media Access Control address, applying a Media Access Control address translation to the Media Access Control address, to obtain a translated Media Access Control address;
retrieving information from the memory to determine if an Internet Protocol address is attributed to the translated Media Access Control address; and
if an Internet Protocol address is attributed to the translated Media Access Control address, retrieving from the memory the Internet Protocol address attributed to the translated Media Access Control address and transmitting, to said first network device, the Internet Protocol address attributed to the translated Media Access Control address.

US Pat. No. 10,171,413

SECURE ELECTRONICS MAIL SYSTEM

CIRIUS MESSAGING INC., V...

1. A secure messaging system comprising:a server system including a processor configured to execute a secure messaging service program; and
a sender computing device including a processor configured to:
receive input of a message from a sender;
receive input of a send command from the sender to send the message to a recipient designated by the sender; and
send the message over a secure channel to the server system;
wherein the server system is configured to:
receive the message;
store the message in encrypted form;
generate a substitute message after receiving the message, said substitute message lacking at least some message content of the message, and including:
a link that provides functionality to authenticate a recipient and to securely retrieve the message from the server system; and
a message access key including a message identifier that identifies a unique location of the message on the server system and a service host identifier indicating to the recipient a network accessible address of the server system at which the message is stored; and
transmit the substitute message to the sender computing device via the secure channel;
wherein the sender computing device is further configured to:
send the substitute message from the sender computing device to a third party application server for transmission to a recipient computing device, wherein the substitute message is transmitted from the sender computing device to the third party application server over a secure channel; and
wherein the server system is further configured to:
receive a request for access to the message stored at the server system from the recipient computing device, the request being generated based on the message access key in the link in the substitute message; and
transmit the message to the recipient computing device via a secure communications protocol.

US Pat. No. 10,171,412

EMAIL QUOTA MANAGEMENT SYSTEM

International Business Ma...

1. A computer system comprising:one or more computer processors, one or more computer-readable storage media, and program instructions stored on one or more of the computer-readable storage media for execution by at least one of the one or more processors, the program instructions comprising:
program instructions to receive an out of office status a user has indicated on an email application, the email application using a communications network;
program instructions to determine a quota status of a quota for the user based on a previous quota usage pattern and a current quota usage pattern, wherein the quota includes an amount of storage spaced allotted to the user;
program instructions to receive a new email to be delivered to the user;
program instructions to assign a quota status to the new email;
program instructions to assign priority status to the new email, wherein the priority status is based on at least one of the user email history, the user current email trends, the subject matter of the new email, and/or an identification of the sender of the new email;
in response to the assigned quota status and the assigned priority, program instructions to determine, that the new email should not be delivered to the email application of the user and marking the new email as an outstanding email;
program instructions to receive a removal of the out of office status that the user previously indicated on an email application, the email application using a communications network; and
program instructions in response to receiving the available status of the user, delivering the outstanding email to the email application based on the outstanding email assigned quota status and assigned priority.

US Pat. No. 10,171,411

COMMUNICATION MESSAGE CONSOLIDATION WITH CONTENT DIFFERENCE FORMATTING

INTERNATIONAL BUSINESS MA...

1. A method, comprising:detecting, by a processor, a set of similar messages addressed to a user;
identifying redundantly similar portions of the set of similar messages that provide contextual details related to a progressive set of differences between the set of similar messages;
consolidating the set of similar messages into a single consolidated message comprising the redundantly similar portions preserved in association with sequential entries of the progressive set of differences in a sequence as context usable for interpretation of the progressive set of differences, and with the progressive set of differences formatted differently from formatting applied to the redundantly similar portions within the single consolidated message;
configuring a presentation level of difference details that specifies an amount of content of each of the sequential entries of the progressive set of differences viewable within the single consolidated message by the user depending upon how much time is available to the user to process messages;
filtering and removing from view, within the single consolidated message, additional content of the sequential entries of the progressive set of differences other than the specified amount of content of each of the sequential entries in accordance with the configured presentation level of difference details; and
promoting, in response to detecting a level of detail adjustment entered by the user, at least a portion of the additional content of the sequential entries of the progressive set of differences to be viewable within the single consolidated message.

US Pat. No. 10,171,410

CROSS-MODE COMMUNIATION

Microsoft Technology Lice...

1. A method comprising:receiving, from a first cross-channel account associated with a first channel, a command to initiate a cross-channel communication session, wherein the first cross-channel account receives the command via the first channel and from a first user account associated with the first channel;
generating a session identifier based on the command;
receiving, from a second, different cross-channel account associated with a second channel, a request to join the cross-channel communication session, the second channel being different than the first channel, wherein the second account receives the request via the second channel and from a second user account associated with the second channel, and wherein the request comprises the session identifier;
storing an association between the first channel and the first user account, the second channel and the second user account, and the session identifier; and
based at least in part on receiving the command and the request, relaying communication from the first cross-channel account originating from the first user account via the first channel to the second cross-channel account destined for the second user account via the second channel based on the stored association.

US Pat. No. 10,171,409

SYSTEMS AND METHODS FOR PATH OPTIMIZATION IN A MESSAGE CAMPAIGN

Selligent, Inc., Redwood...

1. A method for path optimization for a message campaign, the method being performed by one or more processors, the method comprising:displaying a graphical user interface representation of the message campaign, wherein the message campaign is electronically connected to one or more sources of destination target information, the one or more sources of destination target information collectively defining a plurality of recipients;
receiving a plurality of sets of input instructions, each respective set of input instructions in the plurality of sets of input instructions corresponding to a path in a plurality of paths in the message campaign, wherein, each path defines non-content characteristics of the message campaign according to which associated messages are sent, including: type, quantity, means for sending, recipient, and at least one of interval, order and frequency;
the plurality of paths in the message campaign including:
a first path specifying that a first subset comprising one or more electronic messages is to be sent following a delay of a first predefined wait period to a first subset of recipients, wherein the first subset of recipients includes two or more recipients; and
a second path specifying that a second subset comprising one or more electronic messages is to be sent following a delay of a second predefined wait period, different from the first predefined wait period, to a second subset of recipients, different from the first subset of recipients, wherein the second subset of recipients includes two or more recipients;
for each respective set of input instructions in the plurality of sets of input instructions, sending a respective subset of electronic messages in a first plurality of electronic messages according to a corresponding path in the plurality of paths to a respective subset of recipients in the plurality of recipients, including sending the first subset comprising one or more electronic messages to the first subset of recipients following the delay of the first predefined wait period and sending the second subset of electronic messages to the second subset of recipients following the delay of the second predefined wait period;
monitoring responses to the first subset comprising one or more electronic messages;
determining a winning path from among the plurality of paths based on a path discriminator, the path discriminator using:
i) a correlation of a criterion with a goal for the message campaign for each respective set of input instructions in the plurality of sets of input instructions, and
ii) the responses to the first subset comprising one or more electronic messages;
upweighting, responsive to the determining, the winning path from among the plurality of paths; and
using the message campaign with the upweighted winning path by causing a second plurality of electronic messages to be sent through the winning path to recipients in the plurality of recipients.

US Pat. No. 10,171,408

FOLLOWING/SUBSCRIBING FOR PRODUCTIVITY APPLICATIONS

International Business Ma...

1. A method for following asynchronous and synchronous productivity application communications comprising:providing, by an update processor, a targeted medium with a notification for changes associated with a productivity application communication based on a promotion of the productivity application communication to the targeted medium; and
receiving, by the update processor, subscriptions for receiving update notifications through the targeted medium for the changes associated with the productivity application communication,
wherein behaviors and interests are expressed via a set of rules that execute in a context of a workflow system, and subsequent changes to both a particular participating productivity application and social artifact enforce the set of rules.

US Pat. No. 10,171,407

COGNITIVE ADJUSTMENT OF SOCIAL INTERACTIONS TO EDITED CONTENT

INTERNATIONAL BUSINESS MA...

1. A method comprising:computing, a shift in sentiment using a natural language processing engine of a data processing system, the shift comprising a difference between an original sentiment value of an original content of a post on social media and an edited sentiment value of an edited content of the post, wherein the post has an associated reaction value;
computing, by applying a function to the shift, an action value, the action value corresponding to a type of action that can be used to manipulate the reaction value;
selecting an action corresponding to the type of action, wherein the type of action is a change type, wherein the action corresponding to the change type is at least one of a reset action and a reverse action, wherein the reset action resets the reaction value to a null value, and wherein the reverse action changes the reaction value to an opposite value; and
sending, to a social media server, an instruction to perform the action relative to the reaction value associated with the post, wherein the instruction causes the reaction value to be manipulated responsive to the shift in sentiment.

US Pat. No. 10,171,406

MANAGING ENCOURAGING MESSAGES FROM SOCIAL MEDIA CONTACTS TO ENHANCE PERFORMANCE

International Business Ma...

1. A method of managing messages for an individual, the method comprising the steps of:a computer receiving social media contacts of the individual via one or more social media services;
the computer deriving a sentiment from an A/B analysis of historical data indicating that a type of an encouraging message was effective in improving a performance of the individual in one or more running races prior to a current running race in which the individual is participating;
the computer determining (1) terrain features of a course of the current running race and (2) encouragement topics that reference the terrain features of the course of the current running race, the terrain features presenting a challenge to the individual in response to the individual encountering the terrain features in the current running race;
using the one or more social media services, the computer soliciting encouraging messages from the social media contacts so that the encouraging messages have the sentiment derived from the A/B analysis of the historical data that the type of the encouraging message was effective in improving the performance of the individual and include content described by the encouragement topics that references the terrain features of the course of the current running race;
in response to the step of soliciting, the computer receiving the encouraging messages from the social media contacts, the encouraging messages having the sentiment and including the content described by the encouragement topics;
during the current running race, the computer determining that a terrain feature included in the terrain features of the course of the current running race is likely to be encountered by the individual within a first specified amount of time based on a geographic position of the individual; and
during the current running race and based on the terrain feature being likely to be encountered within the first specified amount of time, the computer selecting an encouraging message from the encouraging messages so that the selected encouraging message references the terrain feature, has the sentiment derived from the A/B analysis, and includes the content that references the terrain feature, and the computer presenting the selected encouraging message to the individual, which enhances a pace of the individual in the current running race.

US Pat. No. 10,171,405

METHOD AND A SYSTEM FOR EMAIL ADDRESS VALIDATION

International Business Ma...

1. A computer system for an email address validation, the computer system comprising:one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising:
identifying an email address of a recipient listed in an email;
determining whether the email address is erroneous, wherein determining whether the email address is erroneous comprises determining a position of the recipient has changed, determining an email address is erroneous, and determining a confidentiality mismatch;
wherein determining the position of the recipient has changed comprises:
determining a current position of the recipient;
determining a previous position of the recipient, wherein the previous position comprises one or more of: a position of the recipient at a date of a previous email transmission, and a position of the recipient at a predetermined date;
determining whether the current position is the same as the previous position;
based on determining that the current position is not the same as the previous position, determining a new email address of a new recipient based on the previous position;
determining that the email includes one or more predefined specific words, wherein the predefined specific words are associated with a new position that is not a current position of the recipient;
determining a new email address based on the new position;
wherein determining the confidentiality mismatch comprises:
determining that the email includes one or more predefined specific words, wherein the predefined specific words are associated with confidentiality;
based on determining that the email address has not been previously sent by a user, displaying a recommendation to a user;
wherein determining the email address is erroneous comprises:
determining the email address is not in a database;
determining a similar email address in the database comprising one or more of:
determining the similar email address by string matching the email address to the database;
determining the similar email address by pattern matching the email address to the database;
determining the similar email address by approximate string matching the email address to the database; and
based on determining that the email address is erroneous, displaying a recommended email address to a user, wherein the recommended email address is one or more of: the new email address of the new recipient, the similar email address, the email address of the recipient.

US Pat. No. 10,171,404

REPLY TO MOST RECENT MESSAGE

International Business Ma...

1. A method comprising: presenting, to a local user among a group of simultaneously displayed command icons within a first email messaging user interface window, a reply command icon labeled “Reply”; detecting that the local user has clicked on the reply command icon; presenting a pull down menu in the first user interface window in response to detecting that the local user clicked on the reply command icon, wherein presenting the pull down menu includes displaying a reply-to-most-recent command menu item among a group of simultaneously displayed pull-down menu command menu items, wherein the reply-to-most-recent command menu item is labeled “Reply to Most Recent”; detecting that the local user has clicked on the reply-to-most-recent command menu item in the pull down menu; presenting a reply-to-most-recent pop-up window labeled “Reply to Most Recent” in response to detecting that the local user has clicked on the reply-to-most-recent command menu item in the pull down menu, wherein the reply-to-most-recent window initially presents a name entry field for receiving a typed entry from the local user and does not present any list of emails; receiving, through the name entry field in the reply-to-most-recent pop-up window labeled “Reply to Most Recent”, a named typed by the local user; locating, within an inbox of the local user, and in response to receipt of the name typed by the local user into the name entry field of the pop-up window labeled “Reply to Most Recent”, a most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”; in direct response to receiving the name typed by the local user into the name entry field of the pop-up window labeled “Reply to Most Recent”, and without additional input from the local user, presenting a reply user interface display object for composing a reply message to the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, wherein the reply user interface display object includes a send button user interface object, and wherein presenting the reply user interface display object for composing the reply message to the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent” includes pre-loading, in direct response to receiving the name typed by the local user into the name entry field of the pop-up window labeled “Reply to Most Recent” and without intervention of the local user i) in a message composition portion in the reply user interface display object, an embedded message contents of the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, ii) in a plurality of address fields in the reply user interface display object, email addresses extracted from the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, and iii) in a subject field in the reply user interface display object, a subject of the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”; receiving text typed by the local user into the message composition portion in the reply user interface display object; detecting that the user has clicked on the send button user interface object in the reply user interface display object; and in response to detecting that the user has clicked on the send button user interface object in the reply user interface display object, and without further input from the local user, transmitting a reply email message with a contents equal to a complete contents of the message composition portion of the reply user interface display object, wherein the complete contents of the message composition portion of the reply user interface display object includes the text typed by the local user into the message composition portion in the reply user interface display object and the contents of the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent” that was preloaded into the message composition portion in the reply user interface display object, and with a subject equal to the subject preloaded into the subject field in the reply user interface display object from the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”, to the email addresses pre-loaded into the plurality of address fields in the reply user interface from the most recent message contained in the inbox of the local user that was sent to or received from a user corresponding to the name typed into the name entry field of the pop-up window labeled “Reply to Most Recent”.

US Pat. No. 10,171,403

DETERMINING INTENDED ELECTRONIC MESSAGE RECIPIENTS VIA LINGUISTIC PROFILES

INTERNATIONAL BUSINESS MA...

1. A method for checking against transmitting a message to an unintended recipient, said method comprising:developing a linguistic profile of a message to be transmitted to an intended recipient, using a processor on a computer and as the message is being composed by a user, the linguistic profile comprising feature vectors including one or more of word-level features, dictionary features, and topic features;
comparing said linguistic profile with a linguistic profile, previously prepared, of messages previously transmitted to the intended recipient, by calculating a similarity between feature vectors of the linguistic profile of the message being composed with feature vectors of the linguistic profile of messages previously transmitted to the intended recipient;
calculating, using a learning model classifier, a confidence level as to whom the message to be transmitted is actually intended to be transmitted, based on the comparing of linguistic profiles;
upon detecting that the confidence level of the message being composed is below a specified amount, performing a phonetic match of a name of the intended recipient, and, if no intended recipient is identified in the message to be transmitted such that no confidence level calculation is possible, identifying at least one intended recipient as based on a similarity to linguistic profiles of messages previously sent by the user composing the message; and
displaying one or more possible alternate intended recipients,
wherein the message being composed is being composed by a user U to intended recipient R and the linguistic profile of messages previously transmitted to the intended recipient is linguistic profile P_{U,R}, the method further comprising:
constructing the linguistic profile P_{U,R} for messages previously sent to said intended recipient R by user U composing said message by iterating over a set of messages that user U sent to intended recipient R, the linguistic profile P_{U,R} being constructed by computing feature vectors in the set of messages until summed proportional changes across all features falls below a predetermined threshold; and
using the linguistic profile P_{U,R} by the learning model classifier to calculate the confidence level that the message to be transmitted is actually intended to be transmitted to the intended recipient R by user U.

US Pat. No. 10,171,402

APPARATUS AND METHOD FOR OUTPUTTING MESSAGE ALERTS

Samsung Electronics Co., ...

1. An apparatus for outputting a message alert, comprising:a memory storing an alert sound, a contact and a keyword;
an audio processor for processing audio information; and
a processor configured to:
in response to receiving a message including an attached alert sound, determine whether to output the stored alert sound or an attached alert sound as an alert for the received message, by:
comparing a sender of the message to the stored contact to determine whether the sender and the stored contact match,
in response to determining that the sender matches the stored contact, parsing the message including the attached alert sound using a speech-to-text recognition to extract text from at least the attched alert sound, and detecting whether the extracted text includes the stored keyword, and
in response to determining that the extracted text does not include the stored keyword, outputting the attached alert sound as the alert for the received message using the audio processor.

US Pat. No. 10,171,401

PERSONALIZED ELECTRONIC MESSAGE

MICROSOFT TECHNOLOGY LICE...

1. A computer-implemented method for personalizing an electronic message, comprising:receiving an electronic message intended for a recipient user at a mailbox delivery agent associated with the recipient user;
identifying and extracting, by the mailbox delivery agent, context data from the electronic message including identities of a set of other recipients of the electronic message beside the recipient user;
querying, by the mailbox delivery agent, an information source for information related to the context data;
receiving, at the mailbox delivery agent, from the information source, a query response comprising information related to the context data, wherein the query response identifies information related to a subset of recipients, from the set of other recipients, with whom the recipient user does not share a close social relationship;
appending, by the mailbox delivery agent, one or more visual information elements representing the information related to the context data to the electronic message, the one or more visual information elements comprising selectable content cards including:
profiles associated with the subset of recipients with whom the recipient user does not share a close social relationship, wherein selection of a profile provides access via a link to a network store for displaying profile information regarding another recipient with whom the recipient user does not share a close social relationship, and documents related to a subject of the electronic message, wherein selection of a document provides access via a link to a network store for viewing the document; and
delivering, by the mailbox delivery agent, the electronic message comprising the appended information to a mailbox database of the recipient user, wherein the appended information is being provided within the electronic message to improve an electronic application to automatically provide personalized and related information to the recipient of the electronic message.

US Pat. No. 10,171,400

USING ORGANIZATIONAL RANK TO FACILITATE ELECTRONIC COMMUNICATION

International Business Ma...

1. A computer implemented method for electronic communications, the method comprising:receiving, from a sender, a request to communicate with a recipient via a chat application;
determining, a relative rank of the sender and a relative rank of the recipient based on organization hierarchy data stored on an enterprise server, the relative rank of the sender is determined based on a difference in a number of reporting levels between a rank of the sender and a rank of a manager common to both the sender and the recipient, and the relative rank of the recipient is determined based on a difference in a number of reporting levels between a rank of the recipient and the rank of the manager common to both the sender and the recipient, wherein determining a relative rank of the sender and a relative rank of the recipient is based on a difference in a number of social media network connections of the sender and a number of social media network connections of the recipient, a difference in organizational titles of the recipient and sender; a difference in a level of education attained by the recipient and a level of education attained by the sender; a difference in rankings assigned by an entity to the recipient and the sender, a difference in an age of the recipient and an age of the sender, and a familial relationship between the sender and the recipient, wherein the number of social media network connections of the sender, wherein a number of social media network connections is determined by an amount of “friend” connections in the social media network;
in response to determining that the recipient has a higher relative ranking than the sender, displaying to the sender, via the chat application, a first attention message notifying the sender of the higher relative rank of the recipient;
receiving a first message entered by the sender into the chat application;
in response to determining that the first message comprises a predefined word or phrase, displaying a second attention message to the sender, via the chat application, notifying the sender of a possible violation of a company policy and allowing the sender to revise the first message;
in response to determining the first message comprises an action item, sending a fourth attention message to a third party specifying that the first message comprises an action item, wherein the third party is a manager of the sender;
in response to determining the first message comprises a numerical value, sending a fifth attention message to the third party specifying that the first message comprises a numerical value; and
in response to receiving an indication from the sender to send the first message, sending the first message from the sender to the recipient.

US Pat. No. 10,171,399

MANAGING MESSAGE THREADS THROUGH USE OF A CONSOLIDATED MESSAGE

International Business Ma...

1. A method of managing message threads, the method comprising:detecting, by a message server, a message thread addressed to a client device, wherein the message thread comprises an exchange of multiple message replies to messages related to a first topic;
determining, by the message server, whether a quantity of messages in the message thread exceeds a predetermined limit during a specified amount of time;
in response to determining that the quantity of messages in the message thread exceeds the predetermined limit during the specified amount of time, generating, by the message server, a consolidated single message that describes content of the multiple message replies in the message thread; and
transmitting, from the message server to the client device, the consolidated single message.

US Pat. No. 10,171,398

METHOD AND APPARATUS FOR PROVIDING INFORMATION BY USING MESSENGER

Samsung Electronics Co., ...

1. A method for providing information through a messenger in a user device, the method comprising:displaying, by a display of the user device, a speech window including a conversation exchanged through the messenger and a background image of the messenger, the background image being displayed on a background layer of the messenger, wherein the speech window is displayed on a speech layer of the messenger;
detecting, based on a scheme, by a processor of the user device, text related to a particular content in the conversation;
displaying, by the display of the user device, a content image matched to the particular content, as a background screen in an intermediate layer which is generated between the background layer on which the background image is displayed and the speech layer on which the speech window is displayed, in response to the detecting of the text relating to the particular content; and
providing, by the processor of the user device, information related to the particular content in response to selection of the content image,
wherein the content image is selectable by a touch input,
wherein all of the speech window is displayed and at least part of the content image and at least part of the background image is covered by the speech window during the displaying of the content image, and
wherein the providing of the information related to the particular content comprises:
determining a type of the particular content when the content image has been selected,
executing an internal function or an external function operating in cooperation with the user device according to the type of the particular content, and
displaying the information related to the particular content according to the executed internal or external function.

US Pat. No. 10,171,397

SHARING OF INFORMATION EXTRACTED FROM MESSAGES IN COLLABORATIVE SYSTEMS

International Business Ma...

1. A method for sharing information in a computing infrastructure, the method comprising:intercepting a message sent from a computing machine of a first user to at least one second user;
verifying a sharing permission for sharing a content of the message, the sharing permission comprising one or more user-defined sharing rules defining policies for sharing the content of the message;
based on the sharing permission being verified, prompting, by displaying a pop-up window, the first user to authorize the sharing of the content of the message;
based on the sharing of the content of the message being authorized by the first user, adding a sharing indicator to the message, the sharing indicator comprising a custom sharing tag added to a header of the message;
based on the message comprising the sharing indicator, analyzing the content of the message to identify each matching context of one or more known contexts matching the content of the message, wherein each known context is defined by one or more keywords;
using an analytics engine based on a language processor to calculate a matching index for each known context according to a corresponding keyword comprised in a body of the message;
identifying each known context comprising a matching index higher than a threshold value as a matching context of the message;
organizing each known context comprising the matching index higher than the threshold value in a decreasing order of matching index;
extracting information from the body of the message starting with a known context having the highest matching index, the information comprising one or more questions and associated answers corresponding to the matching context, the information being extracted by implementing a text parser;
generating at least one shared entry for each matching context according to the extracted information corresponding to the matching context;
selecting at least one collaborative system for each shared entry from a plurality of known collaborative systems according to a comparison between one or more characteristics of the shared entry and one or more characteristics of each known collaborative system, wherein the one or more characteristics of the shared entry comprise a language of the shared entry, the matching context and a complexity of the shared entry, and the one or more characteristics of each known collaborative system comprise a language of each known collaborative system, a topic, and a type of participants of the known collaborative system;
formatting each generated shared entry for the at least one collaborative system by enclosing its contents into a block providing an indication of the topic and details of a member; and
submitting each formatted shared entry for publication to the at least one collaborative system corresponding to the matching context of the shared entry.

US Pat. No. 10,171,396

INTELLIGENT PREVENTION OF SPAM EMAILS AT SHARE SITES

Shutterfly, Inc., Redwoo...

1. A computer-implemented method for preventing spam emails from a share site, comprising:receiving registrations from users to set up share sites by a network-based computer system, wherein the users become owners of the share sites;
enabling the users to send emails to invite people to become members of their respective share sites;
receiving uploads at least one image or video clip from the users by the network-based computer system;
storing one or more spam detection rules in the network-based computer system;
detecting potential spam emails among the emails sent by the users based on the one or more spam detection rules by the network-based computer system;
storing one or more false alarm reduction rules in the network-based computer system;
automatically detecting, by the network-based computer system, behaviors of one or more senders of the potential spam emails at the share-site;
identifying false positive emails in the potential spam emails based on the one or more false alarm reduction rules and the behaviors of the one or more senders of the potential spam emails at the share-site, which comprises at least:
determining if the one or more senders of the potential spam emails have stored personal data, relationship data, or device data at the network-based computer system;
removing false positive emails from the potential spam emails to produce a list of verified spam emails;
identifying a first sender of the list of verified spam emails as a spammer; and
prohibiting the spammer from sending emails from one or more share sites owned by the spammer at the network-based computer system.

US Pat. No. 10,171,395

AIRCRAFT MESSAGE MANAGEMENT SYSTEM

GE Aviation Systems LLC, ...

1. A computer-implemented method of filtering aircraft messages, comprising:receiving, by one or more computing devices included in an aircraft from at least one of a first onboard system associated with the aircraft or a first remote system that is remote from the aircraft, a message comprising a plurality of data fields containing data associated with the message;
accessing, by the one or more computing devices, a set of configuration data, wherein the set of configuration data comprises a first set of data identifying a plurality of different message types, one or more message structures that can be associated with each of the different message types, and different parameters associated with each of the different message structures including one or more conditions for processing data fields of messages associated with each of the of the message structures, wherein each condition includes an action to be performed on a specified data field;
determining, based on the plurality of data fields included in the message including expected data fields matching one of the plurality of message types, a potential message type of the message;
determining, by the one or more computing devices, a determined message structure of the message based at least in part on the data fields and the determined potential message type;
processing, by the one or more computing devices, the message based at least in part on the determined message structure, and wherein processing comprises:
identifying one or more parameters associated with the determined message structure, and
accessing and editing, by the one or more computing devices, one or more of the data fields to perform an identified action including at least one of a removal, redaction, or replacement of the data contained in the respective data fields based at least in part on the one or more conditions associated with the one or more potential message types; and
generating and outputting, by the one or more computing devices, a filtered message that is based at least in part on the processed message.

US Pat. No. 10,171,394

MULTIMEDIA MAIL SERVICE

Verizon Patent and Licens...

1. A device, comprising:one or more memories; and
one or more processors, communicatively coupled to the one or more memories, to:
determine to provide a multimedia content message, including content, to a user associated with a recipient account,
the user being associated with one or more user devices,
the one or more user devices being associated with the recipient account,
the recipient account being associated with a recipient address;
the multimedia content message including a list of multimedia content to be received,
the list being provided via a user interface of the device;
obtain content type preferences that are associated with the recipient account,
the content type preferences being selected by the user from a list of multimedia content types provided to the user of the one or more user devices associated with the user and reduce network congestion,
the list of multimedia content types related to multimedia content types to be included in a single message, and
the list of multimedia content types including at least two or more of:
images,
URLs,
payment information,
voicemails, or
text messages,
the content type preferences identifying one or more permitted content types that are permitted to be included in the multimedia content message from the list of multimedia content types,
the user interface being provided to obtain the content,
the user interface identifying the one or more selected content types, and
the user interface permitting specification of a particular order in which to provide the content in the multimedia content message, and
determine one or more selected content types, of the one or more permitted content types, to provide in the multimedia content message;
obtain the content, of the one or more selected content types, for providing in the multimedia content message; and
provide the multimedia content message including the content in the single message.

US Pat. No. 10,171,393

METHOD AND SYSTEM FOR PROVIDING A COLLABORATIVE EVENT-SHARE SERVICE

1. An apparatus for supporting media sharing via a communication network, the apparatus comprising:a hardware processor; and
a computer-readable storage medium storing a plurality of instructions which, when executed by the hardware processor, cause the hardware processor to perform operations, the operations comprising:
providing an event tag to endpoint devices of a plurality of members of an event-share group, wherein the event-share group is related to an event, where the event tag uniquely identifies the event-share group, wherein the hardware processor is operated by a service provider of an event-share service feature;
receiving a captured media, with the event tag associated with the captured media, from one of the endpoint devices of one of the plurality of members; and
providing the captured media to the endpoint devices of the plurality of members, wherein the endpoint devices of the plurality of members present the event tag in different user selected formats along with the captured media.

US Pat. No. 10,171,392

METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR PROCESSING A REQUEST FOR A RESOURCE IN A COMMUNICATION

Gummarus LLC, Longview, ...

1. A computer-implemented method, comprising:creating at least a portion of an instant messaging network service application that is configured to cooperate with a device including a touchscreen and a client instant messaging application, the client instant messaging application, when executed, is configured to cause the device to:
display, via the touchscreen, an instant messaging interface including a text entry user interface element for receiving entered text, and one or more user interface elements for causing requests to be sent that are valid according to a criterion schema defining at least one of a format or a vocabulary, the one or more user interface elements including a first menu item with corresponding first text, wherein the instant messaging network service application, when executed, is configured to cause an apparatus to:
based on a touch selection on the first menu item with corresponding first text: receive, at the apparatus from the device and with a communicant identifier associated with a user of the client instant messaging application, a first request that is valid according to the criterion schema defining at least one of the format or the vocabulary,
after receiving, at the apparatus from the device and with the communicant identifier associated with the user of the client instant messaging application, the first request that is valid according to the criterion schema defining at least one of the format or the vocabulary: send, from the apparatus to the device and with the communicant identifier associated with the user of the client instant messaging application, a first response for causing display, via the instant messaging interface, of at least one first image that is automatically identified by the apparatus based on the first request,
based on entry, via the text entry user interface element of the instant messaging interface, of the entered text: receive, at the apparatus from the device and with the communicant identifier associated with the user of the client instant messaging application, a second request that is valid according to the criterion schema defining at least one of the format or the vocabulary, and
after receiving, at the apparatus from the device and with the communicant identifier associated with the user of the client instant messaging application, the second request that is valid according to the criterion schema defining at least one of the format or the vocabulary: send, from the apparatus to the device and with the communicant identifier associated with the user of the client instant messaging application, a second response for causing display, via the instant messaging interface, of content that is automatically identified by the apparatus based on the second request, the content being based on a user profile of the user of the client instant messaging application; and
causing storage of the at least portion of the instant messaging network service application.

US Pat. No. 10,171,391

AUTOMATIC AND DYNAMIC MANAGEMENT OF INSTANT MESSENGER DO NOT DISTURB STATE VIA ENTERPRISE APPLICATION

International Business Ma...

1. A method for peer to peer communication, the method comprising:receiving a message from a first communication program user intended for a second communication program user;
determining whether the second communication program user is in a do not disturb state;
based on the second communication program user being in a do not disturb state, determine whether to override the do not disturb state of the second communication program user, wherein determining whether to override the do not disturb state comprises:
receiving static message information and communication program user characteristics, wherein the static message information comprises metadata describing a message and content of the message, wherein the communication program user characteristics describe user employment characteristics and user communication program preferences of a user included on a communication;
determining a critical situation exists based on the received static message information;
based on the existence of the critical situation, determining a message critsit value for the user based on the received communication program user characteristics;
based on determining that the calculated message critsit value exceeds a minimum threshold value, adding the first communication program user and the second communication program user to a critsit users list;
based on determining that the first communication program user and the second communication program user are on the same critsit users list, override the do not disturb state of the second communication program user; and
based on determining that the do not disturb state of the second communication program user should be overridden, transmit messages from the first communication program user to the second communication program user.

US Pat. No. 10,171,390

SYSTEM AND METHOD FOR ALERTING A LIST OF MULTIPLE RECIPIENTS OF A USER'S REQUEST FOR ASSISTANCE

1. A method comprising:broadcasting a request to each of a plurality of recipient devices in response to a request for assistance from a first user device;
receiving an assistance response from a particular recipient device of the plurality of recipient devices;
broadcasting a message to each recipient device of the plurality of recipient devices, other than the particular recipient device, indicating that the particular recipient device provided the assistance response;
locking out communication with each recipient device of the plurality of recipient devices, other than the particular recipient device, to prevent additional assistance responses;
transmitting an assistance confirmation query to the particular recipient device;
receiving an indication that a particular recipient associated with the particular recipient device has not completed assisting the user;
unlocking communication with each recipient device of the plurality of recipient devices other than the particular recipient device; and
receiving a second assistance response to the request sent by a second recipient device of the plurality of recipient devices,
wherein the indication that the particular recipient associated with the particular recipient device has not completed assisting the user is in response to the assistance confirmation query.

US Pat. No. 10,171,389

GENERATING POLL INFORMATION FROM A CHAT SESSION

International Business Ma...

1. A method, in a data processing system comprising a processor and a memory, the memory comprising, instructions executed by the processor to specifically configure processor to implement a poll generation system for generating poll information from a chat session, the method comprising:monitoring, by the poll generation system, chat content in the multiple user chat session;
analyzing, by a question analysis component executing within the poll generation system, syntax and semantic structure of a given text message from a questioning user in the multiple user chat session to determine that the given text message contains a question;
determining, by the question analysis component, that the question is a poll question based on a question type of the question;
identifying, by an answer analysis component executing within the poll generation system, a plurality of answers to the poll question in subsequent text messages from a plurality of answering users within the chat content;
generating, by a poll generation component executing within the poll generation system, a poll user interface presenting the poll question and the plurality of answers as selectable options; and
presenting, by the poll generation system, the poll user interface to the multiple users of the chat session.

US Pat. No. 10,171,388

MESSAGE RETRIEVAL IN A DISTRIBUTED COMPUTING NETWORK

International Business Ma...

1. A method for providing a message to a recipient, the method comprising:determining that the message is received by a first message store for a recipient device wherein the first message store is a component of an active messaging engine within a multi-zone cloud computing environment;
locating a second message store where the recipient device can retrieve the message wherein the second message store is a component of a passive messaging engine within the multi-zone cloud computing environment;
determining if the message is located in a message repository;
responsive to determining the message is located in the message repository, locking the located message for the recipient device at the first message store and retrieving: message identification data for the located message, a unique token, and the location of the recorded second message store corresponding to the recipient device;
authorizing a single-purpose communication between the recipient device and the second message store, the single-purpose communication having a single purpose of retrieving the message;
wherein:
the message is duplicated in the second message store; and
the first message store and second message store are operating within a message delivery model that guarantees delivery of the message to the recipient device, allows the message to be delivered to the recipient device only once, and requires that the recipient device communicates with the first message store when retrieving the message.

US Pat. No. 10,171,387

MESSAGE RETRIEVAL IN A DISTRIBUTED COMPUTING NETWORK

International Business Ma...

1. A computer program product for providing a message to a recipient, the computer program product comprising a computer readable storage medium having stored thereon:first program instructions programmed to determine that the message is received by a first message store for a recipient device, wherein the first message store is a component of an active messaging engine within a multi-zone cloud computing environment;
second program instructions programmed to locate a second message store where the recipient device can retrieve the message, wherein the second message store is a component of a passive messaging engine within the multi-zone cloud computing environment;
third program instructions to determine if the message is located in a message repository;
responsive to determining the message is located in the message repository, forth program instructions to lock the located message for the recipient device at the first message store and retrieving: message identification data for the located message, a unique token, and the location of the recorded second message store corresponding to the recipient device;
fifth program instructions comprising:
program instructions to authorize a single-purpose communication between the recipient device and the second message store, the single-purpose communication having a single purpose of retrieving the message;
wherein:
the message is duplicated in the second message store; and
the first message store and second message store are operating within a message delivery model that guarantees delivery of the message to the recipient device, allows the message to be delivered to the recipient device only once, and requires that the recipient device communicate with the first message store when retrieving the message.

US Pat. No. 10,171,386

METHODS AND SYSTEMS FOR STORING INSTANT MESSAGING MESSAGES

ORACLE INTERNATIONAL CORP...

1. A method, comprising operations of:displaying a window in a graphical user interface (GUI), wherein the window includes a first view listing a plurality of participants in an instant messaging conference, a second view allowing for entry and editing of an instant message, a first control for sending an instant message to all of the of participants, and a second control for sending a private instant message to less than all of the participants;
receiving an entry of an instant message in the second view;
receiving a selection of one or more but less than all participants through the second view;
receiving an input activating the second control;
sending the instant message to the selected participants as a private message, wherein each operation of the method is executed on or more processors;
storing instant message conference data in a single unified record on an instant messenger server, wherein the instant message conference data is a complete record of the instant messaging conference discussion in chronological order, wherein each of a plurality of private instant messages exchanged for the instant messaging conference are integrated with the conference instant messages, and a given private instant message of the plurality of private instant messages is exchanged between a given subset of the participants and another private message of the plurality of private instant messages is exchanged between another subset of the participants;
filtering the instant message conference data, in response to a request for a search of the instant message conference data generated for a given user, wherein the request comprises a keyword, wherein the filtering comprises:
classifying a given subset of the plurality of private messages for the search, wherein the given user is a participant in each private message of the given subset of the plurality of private messages, and the given private message is a member of the given subset of the plurality of private messages; and
excluding another subset of the plurality of private messages for the search, wherein the given user is not a participant in each private message of the other subset of the plurality of private messages, and the other private message is a member of the other subset of the plurality of private messages;
searching the given subset of plurality of private instant messages and the conference instance messages in the instant message conference data for the keyword;
determining that the given private message includes the keyword; and
sending the given private message to the given user.

US Pat. No. 10,171,385

DYNAMICALLY PROVIDING SYSTEM COMMUNICATIONS IN A VIRTUAL SPACE TAILORED TO INDIVIDUAL USERS RESPONSIVE TO SPECIFIC USER ACTIONS AND INDIVIDUAL CURRENT STATES

Kabam, Inc., San Francis...

1. A system configured to dynamically provide system communications tailored to individual users responsive to occurrences of trigger events in a virtual space, the system comprising:one or more processors configured by machine-readable instructions to:
execute an instance of the virtual space, wherein the instance is configured to facilitate interaction between the individual users and with the virtual space, wherein the individual users are associated with individual client computing platforms through which command inputs are provided by the individual users that exercise control by the individual users within the virtual space;
provide an admin interface for presentation to an administrative user of the virtual space for managing system communications of the virtual space, the admin interface being configured to receive information from the administrative user, the information including one or more of new system communications, existing system communications, trigger event definitions, and/or information associated with one or more bases for determining whether an individual current state corresponds to one or more system communications;
monitor actions performed by a user within the virtual space for trigger events including a first trigger event, the first trigger event being a specific user action performed by a first user that has been defined as a trigger event, wherein the specific user action is one or more of registering as a user in the virtual space, establishing a relationship with another user and/or user character in the virtual space, customizing a user character, and/or engaging in gameplay within the virtual space;
obtain current states responsive to trigger events occurring within the virtual space, the current states being separate and discrete from the trigger events, a given current state for the first user including information indicating one or more of:
(a) a frequency of engagement by the first user in the virtual space,
(b) an amount of real-world money the first user has spent toward the virtual space, and/or
(c) total time spent by the first user while engaged in gameplay in the virtual space, wherein a first current state is obtained responsive to the first trigger event;
further responsive to trigger events occurring within the virtual space,
(i) determine whether individual current states correspond to one or more of a plurality of system communications, a given system communication being a communication configured to be provided by the system for presentation to users via one or more communication channels,
(ii) determine whether a first system communication corresponds to the first current state, and
(iii) select the first system communication responsive to the first system communication being determined to correspond to the first current state, such selection being further responsive to occurrence of the first trigger event; and
provide system communications for presentation to users via the one or more communication channels, the first system communication being presented to the first user,
wherein the admin interface includes user responsiveness information indicating user responsiveness to the system communications presented via the one or more communication channels.

US Pat. No. 10,171,384

METHOD TO CONFIGURE NETWORK BONDS AS A PORT ON AN INTEGRATION BRIDGE FOR A VIRTUALIZED MULTILAYER SWITCH

International Business Ma...

1. A computer program product, comprising:a computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code configured to perform an operation comprising:
receiving a selection of one or more network interfaces,
aggregating the selected network interfaces into a bonded network interface having a first port,
associating the first port with a network bridge having a second port by i) recording a) a media access control address (MAC) of the bonded network interface and b) the first port into a MAC caching table of the network bridge; and
ii) cross-referencing the MAC caching table to establish a communication link with the bonded interface, and
connecting the network bridge with an integration bridge of a virtual multilayer switch via the second port, wherein the aggregation is performed by a UNIX-based bonding process, wherein a version of the UNIX-based bonding process is incompatible with a version of the integration bridge, wherein a version of the network bridge is compatible with the version of the integration bridge, and wherein the bonded network interface communicates indirectly with the virtual multilayer switch via the network bridge connection with the integration bridge of the virtual multilayer switch.

US Pat. No. 10,171,383

METHODS AND SYSTEMS FOR PORTABLY DEPLOYING APPLICATIONS ON ONE OR MORE CLOUD SYSTEMS

Sony Interactive Entertai...

1. A method, comprising:receiving attributes of one or more resources and services required on a cloud system for executing an application;
generating a descriptor record for the application using the received attributes, the descriptor record defining an environment profile that is specific for the cloud system, wherein the descriptor record is generated by translating the one or more resources and services required into one or more actions to be taken for provisioning the required resources and services in the cloud system for successful execution of the application, wherein the generated descriptor record identifies a predefined sequence for the one or more actions to be taken based on the received attributes; and
storing the descriptor record in a descriptor file maintained in a deployment system database;
detecting a request for the execution of the application, the detection of the request resulting in a retrieval of the descriptor record for the application from the descriptor file, the retrieval causing automatic triggering of the predefined sequence for the one or more actions identified in the descriptor record resulting in the provisioning of the required services and resources on the cloud system to enable successful execution of the application,
wherein method operations are performed by a processor.

US Pat. No. 10,171,382

MECHANISM OF IDENTIFYING AVAILABLE MEMORY RESOURCES IN A NETWORK OF MULTI-LEVEL MEMORY MODULES

Advanced Micro Devices, I...

1. A method, comprising:identifying memory resources for each of a plurality of nodes connected in a network;
storing memory resource information describing the memory resources;
retrieving, from the network, topology information for data transmission links in the network; and
based on the stored memory resource information and based on the retrieved topology information, allocating a portion of the memory resources for execution of instructions in a workload, wherein at least a first node of the plurality of nodes is configured to execute the workload using the allocated portion of the memory resources.

US Pat. No. 10,171,381

PROVIDING A GUEST WITH ACCESS TO CONTENT OF A SOCIAL NETWORK

INTERNATIONAL BUSINESS MA...

1. A method for providing a guest with access to content of a social network, the method comprising:identifying a guest associated with content posted by a user on a social network, where the guest is not a member with access to the social network;
sending, via electronic mail (email), a notification to the guest's email address to notify the guest of the content on the social network;
receiving, via an identity provider, an identity assertion associated with the guest's email address; and
providing, based on the identity assertion, access to the content posted by the user on the social network to allow the guest to view the content;
hiding a tag for the guest associated with the content on the social network until the guest is provided access to the content posted by the user on the social network.