US Pat. No. 10,341,420

APPROACHES FOR PREPARING AND DELIVERING BULK DATA TO CLIENTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method comprising:generating, at a multi-tenant computing environment, a first database having a first schema and a first data model;
receiving, from a client computing device, a request to create a second database having a second schema and a second data model, wherein the second schema differs from the first schema and the second data model differs from the first data model;
receiving, from the client computing device, a first transformation specification comprising a description of the second schema;
receiving, from the client computing device, a second transformation specification comprising a mapping between the first data model and the second data model;
determining, at the multi-tenant computing environment, a transformation between the first schema and the second schema, the transformation being based at least on the first transformation specification and the second transformation specification;
generating, at the multi-tenant computing environment, the second database based on the transformation, the second database compatible with the second schema and the second data model;
storing the second database at the multi-tenant computing environment;
generating a link to the second database; and
transmitting the link from the multi-tenant computing environment to the client computing device in response to a request from the client computing device.

US Pat. No. 10,341,419

TRANSFORMATION OF A CONTENT FILE INTO A CONTENT-CENTRIC SOCIAL NETWORK

TNQ BOOKS AND JOURNALS PR...

1. A computer implemented method for transforming a content file into a content-centric social network with managed connectivity and indexable touchpoints, the method employing a file networking system comprising at least one processor configured to execute computer program instructions for performing the method comprising:injecting a tracking code with widgets for user activities into each of one or more portable copies of the content file by the file networking system based on preconfigured criteria in response to a request to access the content file from one or more first user devices, wherein the file networking system transforms said each of said one or more portable copies of the content file into one or more homed portable copies of the content file by embedding the tracking code into said each of said one or more portable copies of the content file, and wherein the file networking system radio collars said each of said one or more portable copies of the content file for tracking said each of said one or more portable copies;
distributing the one or more portable copies of the content file with the injected tracking code in the each of the one or more portable copies of the content file to one or more second user devices through a network by the file networking system based on invite information received by the file networking system with the request to access the content file, wherein the one or more second user devices comprise the one or more first user devices and invitee user devices addressed in the invite information;
establishing a bidirectional communication between the file networking system and the distributed one or more portable copies of the content file on the one or more second user devices through the network by the file networking system;
receiving tracking information comprising touchpoints by the file networking system based on usage of the distributed one or more portable copies of the content file via the established bidirectional communication while managing to cover for loss of connectivity over the network, wherein the touchpoints are defined by user interactions with the distributed one or more portable copies of the content file on the one or more second user devices and are identified by the injected tracking code in each of the distributed one or more portable copies of the content file on the one or more second user devices, wherein the file networking system inserts hidden inline frame tags automatically into a source file from which the distributed one or more portable copies of the content file is downloaded to the one or more second user devices, wherein the file networking system establishes RESTful services for receiving the tracking information from said each of the distributed one or more portable copies of the content file stored on the one or more second user devices, wherein the file networking system establishes a signaling handshake between the inline frame tag in said each of the distributed one or more portable copies of the content file and the RESTful services established on the file networking system, wherein when any of said distributed one or more portable copies of the content file is in use, the file networking system receives a signal from the inline frame tag in said distributed one or more portable copies of the content file being used through the RESTful services, wherein the received signal comprises the tracking information of said distributed one or more portable copies of the content file being used;
indexing the touchpoints in the received tracking information by the file networking system for tracking the usage of the distributed one or more portable copies of the content file;
creating a satellite internet of users of the distributed one or more portable copies of the content file on the one or more second user devices by the file networking system based on the invite information and the tracked usage of the distributed one or more portable copies of the content file; and
establishing communication between users of the distributed one or more portable copies of the content file on the one or more second user devices in the created satellite internet of users by the file networking system using one or more of the widgets for the user activities through the injected tracking code in the each of the distributed one or more portable copies of the content file and the indexed touchpoints, thereby transforming the content file into the content-centric social network with the managed connectivity and the indexable touchpoints.

US Pat. No. 10,341,418

REDUCING NETWORK BANDWIDTH UTILIZATION DURING FILE TRANSFER

Microsoft Technology Lice...

1. A computer-implemented method for reducing an amount of network bandwidth utilized to transfer a file, the method comprising:receiving, at a computing device, a request to open the file;
responsive to receiving the request, identifying one or more embedded objects in the file;
removing the one or more embedded objects from the file;
prior to transmitting the file to the network service, inserting padding bytes into the file such that a size of the one or more placeholder objects is a same size as the corresponding embedded objects;
inserting one or more unique placeholder objects in the file to replace the one or more embodied objects, the placeholder objects being objects that are more highly compressible than the embedded objects;
compressing the file;
transmitting the file to a network service configured to generate a processed file based upon the file, the processed file containing the unique placeholder objects;
receiving, at the computing device, the processed file from the network service;
replacing the unique placeholder objects in the processed file with corresponding embedded objects; andopening the processed file.

US Pat. No. 10,341,417

TARGET WEBPAGE PERFORMANCE

Oath Inc., New York, NY ...

1. A method for generating a recommendation for increasing loading time performance of a target webpage, comprising:inserting a third party window into a webpage, the third party window specifying a target webpage as a source;
providing a browser of a client device with access to the webpage, wherein the target webpage is loaded into the third party window by the browser;
selectively retrieving resource timing data for the third party window, the resource timing data retrieved from the browser and associated with the target webpage;
measuring loading time performance of the target webpage based upon the resource timing data;
responsive to the loading time performance not exceeding a threshold, generating a recommendation for increasing the loading time performance of the target webpage;
controlling a system, based upon the recommendation, to perform one or more actions comprising at least one of adjusting a hardware resource allocation, adjusting an image compression setting, merging one or more files, or transitioning hosting of the target webpage to at least one of a content delivery network or cloud provider;
at least one of:
measuring new loading time performance of the target webpage based upon new resource timing data generated from the target webpage being loaded into a new instance of the third party window; or
measuring second loading time performance of a second target webpage based upon second resource timing data generated from the second target webpage being loaded into instances of a second third party window by client devices; and
generating a second recommendation based upon at least one of the new loading time performance or the second loading time performance.

US Pat. No. 10,341,416

CONTROL OF SMALL DATA TRANSMISSION IN A MOBILE RADIO COMMUNICATIONS NETWORK

NEC Corporation, Tokyo (...

1. A mobile radio communications network within which a mobile radio communications device is configured to operate with access to a Small Data Transmission feature, the mobile radio communications network comprising:a first network device configured to receive Small Data Transmission signalling initiated by the mobile radio communications device, and
a second network device configured to receive signalling from the first network device as part of an establishment procedure for attempted Small Data Transmission communications for the mobile radio communications device within the network,
wherein the first network device is further configured to
determine if Small Data Transmission should be prevented for the mobile radio communications device based on an authentication result of a Service Capability Server/Application Server (SCS/AS), and
initiate a Small Data Transmission rejection message for use in the control of the mobile radio communications device if Small Data Transmission is to be rejected.

US Pat. No. 10,341,415

ELECTRONIC INFORMATION TREE-BASED ROUTING

Slingshot Technologies, I...

1. A method for retrieving digital content, the method comprising:receiving, at a first electronic device, a message request for the digital content;
determining a tagged rule associated with the message request;
retrieving a tagged rule associated with the first electronic device;
comparing the tagged rule associated with the message request to the tagged rule associated with the first electronic device, wherein the comparing comprises comparing a hash value result for the tagged rule associated with the message request to a hash value result for the tagged rule associated with the first electronic device; and
sending a response associated with the digital content if the tagged rule associated with the message request and the tagged rule associated with the first electronic device are equivalent.

US Pat. No. 10,341,414

FILE SHARING USING REMOTE APPLICATIONS

VMware, Inc., Palo Alto,...

1. A method for sharing a file between first and second computing devices, the method comprising:receiving, at the second computing device:
a reference identifying the file and an application associated with the file, wherein the reference is generated by a first remote access client running on the first computing device in response to one or more predefined user interactions with the first remote access client during a first remote session with a virtualized workload container that is facilitated by the first remote access client, wherein the reference is generated by the first remote access client subsequent to determining that the application associated with the file is installed in the virtualized workload container, and wherein the first remote session includes the first computing device receiving and displaying video output generated at a host server hosting the virtualized workload container and routing user input received at the first computing device to the host server where the user input is injected into the virtualized workload container, and
a selection of the received reference;
in response to the selection of the received reference, requesting a connection to be established between a second remote access client running on the second computing device and the application identified in the reference, wherein in response to the connection request the host server launches and executes the application in the virtualized workload container to which the second remote access client is connected during a second remote session; and
requesting the host server open the file identified in the reference.

US Pat. No. 10,341,413

METHOD AND SYSTEM FOR SYNCHRONIZING ROBOT WITH SERVER

Hangzhou Yameilijia Techn...

1. A method for synchronizing a robot with a server, comprising:sending by the server a time service command to the robot, the time service command comprising a current time of the server;
receiving by the robot the time service command sent from the server;
sending by the robot a response message to the server based on the time service command;
receiving by the server the response message sent from the robot, and determining whether a time service for the robot is successful based on the response message;
sending by the server a time service success message to the robot, if the time service for the robot is successful;
synchronizing the robot with the server in terms of time, after the robot receives the time service success message sent from the server; and
resending by the server the time service command to the robot if the time service for the robot is unsuccessful.

US Pat. No. 10,341,412

MULTIPLE APPLICATION REMOTING

Amazon Technologies, Inc....

1. A system comprising:one or more computing devices operating a plurality of virtual computing nodes; and
one or more memories having stored thereon computer-executable instructions that, upon execution, cause the system at least to:
receive a first request to provide access to content of a first application, wherein the first request is associated with a first user of a plurality of users;
cause a virtualization process to execute on a virtual machine of a first virtual computing node, the first virtual computing node selected from the plurality of virtual computing nodes based at least in part on the first virtual computing node not being leased by any of the plurality of users;
associate the first virtual computing node with a lease held by the first user;
cause the first application to execute on the first virtual computing node as a first child process of the virtualization process;
receive a second request to provide access to content of a second application, wherein the second request is associated with the first user;
select the first virtual computing node from among the plurality of computing nodes for executing the second application based at least in part on the second request being associated with the first user and the lease being held by the first user; and
cause the second application to execute on the first virtual computing node as a second child process of the virtualization process.

US Pat. No. 10,341,411

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR PROVIDING MESSAGE ENCODE/DECODE AS A SERVICE

Oracle International Corp...

1. A method for providing message encoding or decoding as a service, the method comprising:at an encode/decode function (EDF) node:
receiving a message containing at least one type-length-value (TLV) element, wherein the at least one TLV element includes a protocol interface identifier, a related connection or path identifier, an application identifier, an origination realm, an origination address, a destination realm, a destination address, a priority related TLV element, or a next generation networks priority services (NGN-PS) TLV element;
decoding at least a portion of the message;
generating a message identifier for identifying the message or related message content;
receiving a message encode or decode operation request containing the message identifier and an operation identifier, wherein the message encode or decode operation request includes the message identifier in lieu of a message payload to be operated on, wherein the message encode or decode operation request is from a first node configured to perform a first function associated with a distributed network function (DNF);
querying, using the message identifier, a data structure to obtain decoded message content including the at least one TLV element;
performing, using the operation identifier, a message encode or decode operation involving modifying the at least one TLV element decoded from the message indicated by the message identifier; and
sending a response indicating whether the message encode or decode operation was successfully performed.

US Pat. No. 10,341,410

SECURITY TOKENS FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

ORACLE INTERNATIONAL CORP...

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management service, the providing comprising:receiving a request from a client for obtaining an access token for a user to access a resource, the user, the client, and the resource each comprising entities of the cloud-based identity and access management service, wherein the client comprises a software application that has registered with the cloud-based identity and access management service;
determining, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource, wherein each entity of the identity and access management service belongs to one of a plurality of tenancies, and the tenancy of the client, tenancy of the user, and tenancy of the resource are determined from among the plurality of tenancies;
accessing a microservice of the cloud-based identity and access management service based on the request; and
performing an identity management service by the microservice based on the determined tenancies, wherein the identity management service includes generating the access token that identifies the tenancy of the resource, the tenancy of the client, and the tenancy of the user; and
using the generated access token to authenticate the user's access to the resource, wherein the user tenancy and resource tenancy are different.

US Pat. No. 10,341,409

SOFTWARE VERSION CONTROL WITHOUT AFFECTING A DEPLOYED CONTAINER

International Business Ma...

1. A method for executing multiple versions of an application within a networked-computing environment, the method comprising:identifying, by one or more computer processors, a request to execute an instance of a first version of an application within a networked-computing environment;
determining, by one or more computer processors, that an instance of a second version of the application is active within a first container executing within the networked-computing environment;
accessing, by one or more computer processors, a data structure including information associated with the application to obtain a first set of data corresponding to the first version of the application;
determining, by one or more computer processors, whether the obtained first set of data indicates that the first version of the application is compiled;
in response to determining that the first version of the application is compiled, copying, by one or more computer processors, from a network accessible storage device, one or more executable objects associated with the first version of the application based, at least in part, on the first set of data, to the first container executing within the networked-computing environment;
identifying, by one or more computer processors, the first set of data that corresponds to the first version of the application, wherein the first set of data includes a first information associated with a first program loader and one or more executable objects that correspond to first version of the application;
responsive to identifying that the first data does not include an indication related to one or more executable objects stored on the network accessible storage device that are associated with the first version of the application, identifying, by one or more computer processor, a third information within the data structure that is associated with the first version of the application;
generating, by one or more computer processors, at least one executable object of the one or more executable objects associated with the first version of the application based on the first set of data, and a corresponding fourth information of the generated at least one executable object based, at least in part on the third information within the data structure that is associated with the first version of the application, wherein the at least one executable object is associated with compiled code of the first application;
storing, by one or more computer processors, the generated at least one executable object of the one or more executable objects associated with the first version of the application on the network accessible storage device;
updating, by one or more computer processors, the first set of data within data structure to include the fourth information corresponding to the generated at least one executable object that is associated with the first version of the application, wherein the fourth information includes an indication of a location within the network accessible storage device for the generated at least one executable object and an identifier of the generated at least on executable object; and
executing, by one or more computer processors, the copied one or more executable objects associated with the first version that comprise the requested instance of the first version of the application within the first container, executing within the networked-computing environment, in addition to the active instance of the second version of the application while maintaining environmental variables utilized by the active instance of the second version of the application within the executing first container.

US Pat. No. 10,341,408

TRANSPORT PATH-AWARE QUALITY OF SERVICE FOR MOBILE COMMUNICATIONS

VIASAT, INC., Carlsbad, ...

1. A mobility management system comprising a hardware processor for managing streaming media service to a plurality of terminals via a multi-carrier communications system to provide quality of service for delivery of media content over capacity-constrained communications links to in-transport terminals by exploiting usage model and path awareness, the mobility management system comprising:a congestion modeler system to compute a congestion map to indicate congestion conditions at corresponding service timeframes for a plurality of carriers of the multi-carrier communications system along a predicted transport path of a transport craft vehicle traveling through the multi-carrier communications system, the transport craft vehicle having a plurality of user devices disposed therein,
wherein, in a first service timeframe of the service timeframes, during which the transport craft vehicle will be serviced by a first carrier of the plurality of carriers, the congestion map indicates the first carrier as uncongested with respect to servicing a first plurality of terminals comprising the transport craft vehicle, and
wherein, in a second service timeframe of the service timeframes, during which the transport craft vehicle will be serviced by a second carrier of the plurality of carriers, the congestion map indicates the second carrier as congested with respect to servicing a second plurality of terminals comprising the transport craft vehicle, the second service timeframe being subsequent to the first service timeframe;
a pre-positioning system to identify candidate media content portions predicted to be consumed by at least one of the second plurality of terminals during the second service timeframe; and
a mobility-aware scheduler system to schedule transmission, based on the congestion conditions indicated from the congestion map, of at least some of the candidate media content portions to the at least one of the second plurality of terminals during the first service timeframe for local storage by the at least one of the second plurality of terminals.

US Pat. No. 10,341,407

MAPPING A LOW QUALITY MEDIA FILE TO A SEGMENT OF A HIGH QUALITY MEDIA FILE

Gfycat, Inc., Palo Alto,...

1. A computer-implemented method for mapping a low quality media file to a segment of a high quality media file, the method comprising:receiving the low quality media file and the high quality media file, wherein the low quality media file corresponds to a segment of the high quality media file, the low quality media file having a duration;
generating a plurality of perceptual hashes for frames of the low quality media file;
comparing a portion of the plurality of perceptual hashes for frames of the low quality media file to perceptual hashes for frames of the high quality media file; and
determining a location within the high quality media file that comprises the segment corresponding to the low quality media file based on the comparing the portion of the plurality of perceptual hashes for frames of the low quality media file to perceptual hashes for frames of the high quality media file.

US Pat. No. 10,341,406

METHODS AND APPARATUS FOR TRANSMITTING MULTIMEDIA FILES IN A DATA NETWORK

TAMIRAS PER PTE. LTD., LL...

1. A computer-implemented method comprising:receiving, from a user computing device, a first internet protocol communication comprising a request for a digital multimedia file and identifying data for one of a plurality of referring web sites;
in response to the request, transmitting to the user computing device: (i) first data usable to establish a streaming session with a streaming server computing device; and (ii) the identifying data of the one of the plurality of referring web sites associated with the request from the user computing device;
receiving a second internet protocol communication comprising the identifying data and an initiation message based on the first data;
after receiving the second internet protocol communication, streaming requested content to the user computing device via the streaming session with the streaming server computing device based on the first data transmitted to the user computing device;
associating the streaming session with the one of the plurality of referring web sites via the identifying data and by assigning a session identifier to the streaming session and storing the session identifier in a database;
tracking advertisements transmitted to the user computing device via the streaming session; and
effecting remuneration to the one of the referring web sites using data related to the tracked advertisements transmitted to the user computing device.

US Pat. No. 10,341,405

SOCIAL NETWORKING INTERACTIONS WITH PORTIONS OF DIGITAL VIDEOS

FACEBOOK, INC., Menlo Pa...

1. A method comprising:monitoring social networking system activity associated with a digital video comprising monitoring interactions with portions of the digital video;
identifying, based on the monitored social networking system activity, one or more viral portions of the digital video, wherein identifying the one or more viral portions of the digital video comprises:
determining a weight for each monitored interaction associated with each portion of the digital video, wherein the weight determined for a monitored interaction reflects how the monitored interaction affects the virality of an associated portion of the digital video,
generating a virality score, based on the determined weights, for each portion of the digital video,
identifying portions of the digital video with virality scores within a first predetermined threshold range, and
identifying portions of the digital video with virality scores within a second predetermined threshold range; and
in response to identifying portions of the digital video with virality scores within the first predetermined threshold range and identifying portions of the digital video with virality scores within the second predetermined threshold range, providing, during playback of the digital video to a social networking system user, first indicators of the portions of the digital video with virality scores within the first predetermined threshold range and second indicators of the portions of the digital video with virality scores within the second predetermined threshold range,
wherein providing first indicators of the portions of the digital video with virality scores within the first predetermined threshold range comprises highlighting a first group of portions of a playback timeline within a video application in a first color, wherein the first group of portions correspond to the portions of the digital video with virality scores within the first predetermined threshold range, and
wherein providing second indicators of the portions of the digital video with virality scores within the second predetermined threshold range comprises highlighting a second group of portions of the playback timeline within the video application in a second color, wherein the second group of portions correspond to the portions of the digital video with virality scores within the second predetermined threshold range.

US Pat. No. 10,341,404

DYNAMICALLY UPDATING MEDIA CONTENT FOR DISPLAY TO A USER OF A SOCIAL NETWORK ENVIRONMENT BASED ON USER INTERACTIONS

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:sending a newsfeed including a plurality of news stories to a viewing user of a social network system, the plurality of news stories selected based on preference settings of the viewing user and based on a relationship type between the viewing user and other users of the social network system, wherein at least one selected news story includes information associated with at least one of the other users;
monitoring one or more interactions between the viewing user of the social network system and the other users of the social network system with whom the viewing user has established a connection;
determining, from the one or more monitored interactions, a frequency of interactions of the viewing user associated with the other users with whom the viewing user has established a connection;
obtaining a filtered set of candidate additional news stories associated with at least one of the other users with whom the viewing user has established a connection, the filtered set of candidate additional news stories excluding one or more stories based on the preference settings of the viewing user;
determining a weight for media content included in each candidate additional news story of the filtered set of candidate additional news stories based on the frequency of interactions;
classifying each candidate additional news story of the filtered set of candidate additional news stories based on whether the candidate additional news story is of short-term interest to the viewing user or of long-term interest to the viewing user, the classification performed based at least in part on a frequency of interactions of the viewing user with topics associated with the candidate additional news story;
modifying the weight for the media content included in each candidate additional news story based on a function of time, wherein a weight for a media content included in a candidate additional news story is modified to decrease over time if the candidate additional news story is classified as of short-term interest to the viewing user and wherein the weight for the media content included in the candidate additional news story remains steadily high if the candidate additional news story is classified as of long-term interest to the viewing user;
selecting, from the filtered set of candidate additional news stories, one or more additional news stories for the viewing user based at least in part on the modified weight for the media content included in each candidate additional news story of the filtered set of candidate additional news stories and the preference settings of the viewing user;
updating the newsfeed to include the one or more selected additional news stories, at least one of the additional news stories describing an action taken by at least one of the other users of the social network system with whom the viewing user has established a connection; and
sending the updated newsfeed comprising the selected additional news stories to the user device for display to the viewing user.

US Pat. No. 10,341,403

SYSTEM TO COMMUNICATE MEDIA

Affinity Labs of Texas, L...

1. A media delivery method using specialized networking components operating in an unconventional manner to facilitate a delivery decision relationship between clients and servers in an effort to enhance and improve network functionality, comprising:maintaining an application for use by a wireless enabled device that comprises a non-volatile memory, a processing device operable to execute instructions stored in the non-volatile memory, a buffer, and at least one wireless transceiver, wherein the application can be communicated to the wireless enabled device and executed at the wireless enabled device to provide an application generated interface that facilitates receiving video content from a network based distribution system;
delivering a portion of a media to the wireless enabled device in response to a request from the wireless enabled device, wherein the delivery is a streaming delivery using a Hypertext Transfer Protocol, further wherein the portion has a format;
subsequently delivering another portion of the media, which has a different format than the format, to the wireless enabled device in response to a request for the another portion from the wireless enabled device using the Hypertext Transfer Protocol, wherein the different format is selected at least in part because of a buffer fill status of the buffer; and
communicating a playlist to the wireless enabled device to facilitate a periodic outputting of requests for media portions by the wireless enabled device.

US Pat. No. 10,341,402

CONNECTING CONSUMERS WITH PROVIDERS OF LIVE VIDEOS

1. A computer-implemented method comprises:receiving, by a brokerage service system, a request from a client system of a consumer for a provider having specified provider criteria to conduct a specific type of live performance, and with the request including specific performance attributes required in the specific type of live performance;
determining, by the brokerage service system, availability of providers associated with the brokerage service system having at least some of the specified provider criteria for conducting the specific type of live performance;
sending, by the brokerage service system, to the client system a response comprising a listing of live videos of available providers having at least some of the specified provider attributes to conduct the specific type of live performance, with the specific performance attributes; and
causing, by the brokerage service system, establishment of a communication channel for electronic transmission of a live, real-time video of the performance of the selected provider, with the communication channel being between the client system of the consumer and a system of the selected provider of the live, real-time video.

US Pat. No. 10,341,401

USING MESSAGING ASSOCIATED WITH ADAPTIVE BITRATE STREAMING TO PERFORM MEDIA MONITORING FOR MOBILE PLATFORMS

The Nielsen Company (US),...

1. A media monitoring apparatus comprising:a server querier to:
access a request received from a first server of an audience measurement entity (AME), the request being for network log information corresponding to a first adaptive bitrate streaming uniform resource locator (URL) included in a first message sent by a mobile platform to a second server to request delivery of first streaming media according to an adaptive bitrate streaming protocol; and
query a third server of a service provider providing network access for the mobile platform to retrieve the network log information corresponding to the first adaptive bitrate streaming URL from the third server; and
a provider data reporter to return the network log information to the first server of the AME in response to the request.

US Pat. No. 10,341,400

SYSTEM AND METHOD FOR SIGNAL AND DATA ROUTING

1. A system for signal or data routing, the system comprising:a client side graphical user interface GUI in communication with target side GUI over a network; wherein the client side GUI represents a first user and the target side GUI represents an organizational user;
a focus server communicatively coupled to the client side GUI and the target side GUI, wherein the focus server is configured to create a conference session between the client side GUI and the target side GUI,
a routing server comprising various routing logic, configured to direct the focus server to invite the organizational user to join the conference session at the target side GUI,
a data management server coupled to the routing server, configured to store, maintain various data records comprising a single individual profile and a plurality of individual context records for a user, and an organization profile record and organization context records for an organization,
wherein the routing server is configured to:
take data record results from the data management server, and select and execute an appropriate routing logic for a target organization;
query an authentication server for a list or a group of users who meet predetermined criteria, and pass the list or the group of users back to the routing server;
fetch a presence state for one of particular users of the group from the authentication server;
pass back the presence state to the routing server to direct the focus server to invite a user from the organization to join the conference session on a provisional basis, and
direct the focus server to finalize a provisionally invited user to join the conference session, or be rejected from the conference session or ejected if already joined.

US Pat. No. 10,341,399

METHOD AND APPARATUS FOR SHARING PRESENTATION DATA AND ANNOTATION

SAMSUNG ELECTRONICS CO., ...

1. A method of annotating an image corresponding to a web page using an application executable by an electronic device, the web page including a first portion and a second portion, the method comprising:receiving, through a network by using the application, data for the web page;
displaying, by using the application, the first portion of the web page based at least on the received data on a display of the electronic device while the second portion of the web page is not displayed on the display;
generating, by using the application, the image corresponding to the web page including the first portion and the second portion while the second portion of the web page is not displayed on the display;
storing, by using the application, the image corresponding to the web page including the first portion and the second portion while the second portion of the web page is not displayed on the display;
displaying, by using the application, a first portion of the image corresponding to the first portion of the web page on the display;
based at least on a selection of an annotation option, receiving, by using the application, a first pen input for an annotation on the displayed first portion of the image;
based at least on the first pen input, displaying, by using the application, an annotation over the displayed first portion of the image;
based at least on the first portion of the image being moved on the display, displaying, by using the application, a second portion of the image corresponding to the second portion of the web page on the display;
based at least on a selection of a highlight option, receiving, by using the application, a second pen input for a highlight on the displayed second portion of the image;
based at least on the second pen input, displaying, by using the application, the highlight over the displayed second portion of the image;
storing, by using the application, a first image file that is based at least on the annotation, the highlight, and the first and second portions of the image corresponding to the web page in a storage of the electronic device; and
storing a second image file including the annotation and the highlight, but not the first and second portions of the image corresponding to the web page in the storage of the device.

US Pat. No. 10,341,398

APPLICATION PROGRAM AND RELATED TECHNIQUES FOR ORGANIZING A MEETING BETWEEN PEOPLE

1. A computer-implemented method of generating a meeting among people, comprising:selecting, with a graphical user interface on a computer display, a venue;
displaying a map of the venue on the computer display, the map of the venue showing a plurality of internal features inside of the venue;
selecting a location of the meeting at the venue by dragging and dropping an icon on the map on the displayed venue to a position indicative of a selected spot proximate to one of the plurality of internal features inside of the venue;
selecting, with a graphical user interface on the computer display, a time of the meeting;
selecting, with a graphical user interface on the computer display, one or more people to attend the meeting;
communicating, to the one or more people, information identifying: the map, the selected time, the selected location of the meeting, and the selected one or more people;
displaying, in accordance with the communicating, the map of the venue on one or more respective computer displays of the one or more people; and
displaying, in accordance with the communicating, the icon on the map of the venue on the one or more computer displays of the one or more people at the selected location of the meeting.

US Pat. No. 10,341,397

NON-TRANSITORY COMPUTER READABLE MEDIUM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING SYSTEM FOR RECORDING MINUTES INFORMATION

FUJI XEROX CO., LTD., To...

1. A non-transitory computer readable medium storing a program causing a computer to execute a process for causing at least portions of display screens of a plurality of terminals connected to each other through a network to display information in a synchronous manner, the process comprising:receiving material information indicating information regarding a material to be displayed;
receiving operation information indicating details of operations that at least one presenter and at least one participant perform on the respective terminals;
comparing priorities of the operation information with each other based on types of the operation information, the comparison based upon a predetermined ordering of types of operation information, the priorities including priorities of the at least one presenter and the at least one participant, the comparing of priorities comparing the priorities of the at least one presenter and the priorities of the at least one participant; and
recording minutes information in which the material information, the operation information, and time information indicating times at which the users perform the operations are associated with each other, the operation information and material information being recorded as different pieces of information rather than as integrated information;
wherein the recording records operation information having a high priority among the plural pieces of operation information, in association with the material information and the time information, and
wherein when a period of time for which operation information of the at least one presenter is received and a period of time for which operation information of the at least one participant is acquired overlap each other, the comparing of priorities of the operation information occurs.

US Pat. No. 10,341,396

METHOD AND DEVICE FOR TRANSMITTING A TEXT MESSAGE OVER A VOICE CALL

Wipro Limited, Bangalore...

1. A method of transmitting a text message over a voice call, the method comprising:initiating, by a calling communication device, a Session Initiation Protocol (SIP) session for the voice call with a called communication device, wherein the SIP session comprises a Session Initiation Protocol (SIP) INVITE request and a SIP INFO request;
inserting, by the calling communication device, a text message in the SIP INFO request during call ringing of the voice call, wherein the text message is inserted when a callee associated with the called communication device does not answer the voice call after a predefined number of call rings;
determining, by the calling communication device, whether the called communication device is capable of receiving and interpreting the text message inserted in the SIP INFO request; and
transmitting, by the communication device, the text message in the SIP INFO request over the SIP session based on the determined capability of the called communication device, wherein the text message is displayed on the called communication device along with a call ringing notification of the voice call.

US Pat. No. 10,341,395

MODIFYING SIGNAL ASSOCIATIONS IN COMPLEX COMPUTING NETWORKS

1. An apparatus for modifying a temporal signal association in a complex computing network such that a future computing operation is executed based on the modified temporal signal association, the modification of the temporal signal association being necessarily rooted in computing technology, the apparatus for:determining association of a movable matching signal with a first signal;
receiving registration of a second signal from a signal matching server;
in response to receiving the registration of the second signal from the signal matching server, disassociating the movable matching signal from the first signal and associating the movable matching signal to the second signal, wherein:
a computing operation is executed using the second signal;
in response to determining the computing operation being executed using the second signal, a determination is made whether a matching signal is associated with the second signal; and
in response to determining the movable matching signal is associated with the second signal, the computing operation is executed based on the movable matching signal and the second signal,
wherein the movable matching signal is disassociated from the second signal upon execution of the computing operation in response to determining an attribute associated with the movable matching signal is extinguished,
wherein the computing operation is a real-time computing operation conducted at an input signal system comprising a real-time sensor,
wherein:
a second computing operation is executed using the first signal;
in response to determining the second computing operation being executed using the first signal, a determination is made whether a matching signal is associated with the first signal, and
in response to determining the movable matching signal is not associated with the first signal, the second computing operation is executed based on the first signal, and not based on the movable matching signal,
wherein the second computing operation is a second real-time computing operation conducted at a second input signal system comprising a second real-time sensor, and
wherein the first signal and the second signal are not temporal.

US Pat. No. 10,341,394

METHOD AND SYSTEM FOR CALL SETUP

MEDIATEK INC., Hsinchu (...

1. A method for setting up a call for a user equipment, comprising:receiving, by the user equipment, a measurement configuration message that specifies a set of measurement events corresponding to poor signal quality between the user equipment and a packet-switched network;
initiating, by the user equipment, a first call setup process for setting up the call using the packet-switched network;
sending, by the user equipment, a measurement report when one of the set of measurement events occurs while performing the first call setup process;
receiving a termination message, the termination message indicating termination of the first call setup process without requesting the user equipment to perform retry attempts; and
sending, by the user equipment in response to receiving the termination message, a service request to begin a second call setup process for setting up the call for the user equipment using a circuit-switched network.

US Pat. No. 10,341,393

APPARATUS AND METHOD FOR COMMUNICATIONS INVOLVING A LEGACY DEVICE

1. A method of establishing a connection between a first communication terminal and a second communication terminal, the method comprising:in response to receiving a first message from the first communication terminal that is configured to seek to establish the connection between the first communication terminal and the second communication terminal, a first gateway modifying information included within the first message and sending a second message comprising the modified information toward the second communication terminal;
the first gateway receiving a fourth message from the second communication terminal that is addressed to the first communication terminal to accept the establishing of the connection;
in response to receiving the fourth message, the first gateway determining whether the second communication terminal has a communication protocol client based on the received fourth message;
upon a determination that the second communication terminal does not have the communication protocol client, the first gateway facilitating establishment of the connection without forwarding information about at least one first Interactive Connectivity Establishment Protocol (“ICE”) candidate for facilitating formation of the connection between the first and the second communication terminals sought to be established via the first message identified by the first communication terminal in at least one third message that is received by the first gateway after the first message is received by the first gateway;
upon a determination that the second communication terminal has the communication protocol client, the first gateway sending the fourth message to the first communication terminal and sending a fifth message that identifies the at least one first ICE candidate to the second communication terminal.

US Pat. No. 10,341,392

METHOD AND APPARATUS FOR CONTROLLING SESSION BETWEEN DEVICES ON NETWORK INCLUDING MULTIPLE DEVICES

LG ELECTRONICS INC., Seo...

1. A session controlling method of a first switch device between devices on a plurality of networks, the session controlling method comprising:receiving, using a first protocol, a session control request message from a control device;
transmitting, using a second protocol, a triggering message for a specific control operation to a source device based on the received session control request message;
performing session control between the source device and a sink device by transmitting and receiving at least one message based on the triggering message;
receiving, using the second protocol, a triggering response message for indicating a result of the performing the session control from the source device;
transmitting, using the first protocol, a session control response message corresponding to the session control request message to the control device; and
determining whether the session control request message represents a session creation request message, a session termination request message or a session status request message,
wherein, in response to determining that the session control request message represents the session creation request message, the performing the session control between the source device and the sink device comprises:
transmitting a first message for a session route query to a second switch device; and
receiving a second message for a session route set from the second switch device in response to the first message,
wherein the second switch device is connected to the sink device using a High Definition Multimedia Interface (HDMI), wherein the first switch device, the sink device and the control device are included in an HDBaseT Plug & Play (HPnP) network and the source device is not included in the HPnP network, and
wherein the first switch device represents the source device in the HPnP network and takes a role of proxy to communicate between the source device and the control device.

US Pat. No. 10,341,391

NETWORK SESSION BASED USER BEHAVIOR PATTERN ANALYSIS AND ASSOCIATED ANOMALY DETECTION AND VERIFICATION

EMC IP Holding Company LL...

1. A method comprising steps of:obtaining data characterizing a plurality of network sessions for a given user identifier wherein the network sessions are initiated from one or more user devices over at least one network;
extracting features from the obtained data;
detecting at least one potentially anomalous network session among the plurality of network sessions for the given user identifier by applying the extracted features to a support vector machine model for the given user identifier; and
applying a rules-based verification process to the detected potentially anomalous network session in order to verify that the detected potentially anomalous network session is an anomalous network session;
generating an alert based at least in part on one or more results of the rules-based verification process;
automatically taking one or more remedial actions over the at least one network relating to the anomalous network session based at least in part on at least one of the one or more results of the rules-based verification process; and
updating the support vector machine model for the given user identifier as part of an unsupervised learning process;
wherein updating the support vector machine model for the given user identifier comprises:
classifying a given one of the network sessions as a non-anomalous network session; and
incorporating the extracted features of the given network session and its classification as a non-anomalous network session into the support vector machine model as a new observation;
wherein the alert is transmitted over said at least one network to a security agent;
wherein the support vector machine model for the given user identifier utilizes a designated function to determine a decision boundary separating normal network sessions within a learned class defining a behavior pattern for the given user identifier from potentially anomalous network sessions not within the learned class, by projecting the data characterizing the plurality of network sessions for the given user identifier as respective data points plotted relative to an origin, the decision boundary separating the plotted data points into a first region comprising the origin and a first subset of the data points representing the potentially anomalous network sessions and a second region comprising a second subset of the data points representing the normal network sessions;
wherein the support vector machine model for the given user identifier is one of a plurality of distinct support vector machine models maintained for respective ones of a plurality of distinct user identifiers, with automated detection of anomalous network sessions for different ones of the distinct user identifiers being based at least in part on respective different ones of the distinct support vector machine models; and
wherein the steps are performed by at least one processing device comprising a processor coupled to a memory.

US Pat. No. 10,341,390

AGGREGATION OF ASYNCHRONOUS TRUST OUTCOMES IN A MOBILE DEVICE

Google LLC, Mountain Vie...

1. A computer-implemented method performed by a computing device, the method comprising:receiving one or more signals from one or more sensors, the one or more sensors comprising at least one hardware sensor of the computing device;
determining at least a first trust level and a second trust level from the one or more signals, wherein the first trust level is determined without using the second trust level, and wherein the second trust level is determined without using the first trust level;
determining a first granular aggregated trust outcome by aggregating at least the first trust level and the second trust level, wherein the first aggregated granular trust outcome is associated with a first security measure of the computing device;
determining a second granular aggregated trust outcome by aggregating at least the first trust level and the second trust level, wherein the second aggregated granular trust outcome is associated with a second security measure of the computing device that differs from the first security measure, wherein the first granular aggregated trust outcome is determined independently from the second granular aggregated trust outcome;
modifying the first security measure based on the first granular aggregated trust outcome, wherein the second granular aggregated trust outcome is not used to modify the first security measure; and
modifying the second security measure based on the second granular aggregated trust outcome, wherein the first granular aggregated trust outcome is not used to modify the second security measure.

US Pat. No. 10,341,389

POLICY BASED ON A REQUESTED BEHAVIOR

Hewlett Packard Enterpris...

14. A system comprising:a computer processor;
a non-transitory storage medium storing instructions executable on the computer processor to:
receive a service request for a service and an authentication from an application;
identify a party authorized to communicate with a destination associated with the service;
determine a context that includes an identity of the party and information regarding a behavior requested by the party;
identify a policy based on the context;
identify the behavior requested by the party; and
deploy the policy to a network device of a network based on the party and the behavior to restrict communication of a set of network traffic of the service, the policy deployed to the network device to cause the network device to route the set of network traffic based on applying the policy, the routing comprising forwarding the set of network traffic to the destination or denying transmission of the set of network traffic to the destination;
maintain a default rule to deny the set of network traffic;
maintain a set of permissible behaviors of the service to occur on the network based on the party and the service; and
provide the default rule to the network device after completion of the behavior requested by the party.

US Pat. No. 10,341,388

MODES OF POLICY PARTICIPATION FOR FEEDBACK INSTANCES

1. A system, comprising:a processing unit; and
a memory unit that stores instructions that, when executed by the processing unit, cause the processing unit to perform operations comprising
monitoring a plurality of events for anomalies, wherein each of the plurality of events can impact a policy participation level of an active feedback instance that is utilized to effect, at least in part, a policy in a cloud computing environment,
in response to detecting an anomaly within the plurality of events, receiving an event associated with the anomaly,
mapping the event to the policy, and
determining a new policy participation level for the active feedback instance according to the policy.

US Pat. No. 10,341,387

METHODS AND SYSTEMS FOR APPLYING SECURITY POLICIES IN A VIRTUALIZATION ENVIRONMENT USING A SECURITY INSTANCE

NEUVECTOR, INC., Milpita...

1. A method of applying security policies in a virtualization environment, comprising:at an electronic device of a plurality of electronic devices in a computing network, the electronic device having one or more processors and memory storing instructions for execution by the one or more processors:
instantiating a plurality of user-space instances, wherein:
each respective user-space instance of the plurality of user-space instances is instantiated within a respective operating system environment of a first virtual machine, has a distinct virtual address space in virtual memory of the respective operating system environment, and is for executing a respective application in user space of the distinct virtual address space; and
the respective virtual address spaces of the user-space instances are distinct from a kernel address space of the virtual memory;
instantiating a security instance distinct from the plurality of user-space instances, wherein the security instance is instantiated within the respective operating system environment of the first virtual machine, has a respective virtual address space in virtual memory of the respective operating system environment that is distinct from the virtual address spaces of the plurality of user-space instances instantiated within the respective operating system environment of the first virtual machine, and is executed in user space of the respective virtual address space;
using the security instance to monitor operations for the plurality of user-space instances, and data communications sent by and/or received by the plurality of user-space instances; and
for each respective user-space instance of the plurality of user-space instances, using the security instance to apply a respective set of security policies associated with the respective user-space instance to the monitored operations for the respective user-space instance and the monitored data communications sent by and/or received by the respective user-space instance, so as to detect and/or remediate violations of the respective set of security policies.

US Pat. No. 10,341,386

SECURITY INFORMATION UPDATE SYSTEM, INFORMATION PROCESSING APPARATUS, SECURITY INFORMATION UPDATE METHOD AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM ENCODED WITH SECURITY INFORMATION UPDATE PROGRAM

Konica Minolta, Inc., Ch...

1. A security information update system that includes a management server and a plurality of information processing apparatuses,the management server comprising:
a policy storage that stores a security policy defining at least one set of two or more pieces of device identification information respectively corresponding to two or more of the plurality of information processing apparatuses, identification information for identifying security information corresponding to the two or more of the plurality of information processing apparatuses, and a corresponding reference date and time for updating the identified security information corresponding to the two or more of the plurality of information processing apparatuses; and
a first hardware processor configured to output an update instruction to all of the two or more of the plurality of information processing apparatuses in response to reception of respective preparation completion notifications from all of the two or more of the information processing apparatuses, wherein the update instructions are sent after the corresponding date and time have passed and request all of the two or more of the information processing apparatuses to update a stored piece of security information corresponding to the identification information with new security information, such that all of the two or more of the information processing apparatuses are updated with the same new security information, and
each of the plurality of information processing apparatuses comprising:
a security information storage that stores two or more pieces of security information; and
a second hardware processor, wherein the second hardware processor is configured to:
execute a process using any of the stored pieces of security information,
acquire and store the new security information,
in response to the acquisition of the new security information, transmit a preparation completion notification corresponding to identification information of the new security information to the management server, and
in response to reception of the update instruction from the management server, update the security information specified by the identification information corresponding to the update instruction among the stored pieces of security information with the new security information.

US Pat. No. 10,341,385

FACILITATING SEPARATION-OF-DUTIES WHEN PROVISIONING ACCESS RIGHTS IN A COMPUTING SYSTEM

Bank of America Corporati...

1. A system for managing risk management rules comprising:at least one processor;
a rule configuration interface used to configure a risk management rule based on user input received, from a first user, at the rule configuration interface, wherein the rule configuration interface comprises a first list of access rights available for selection by the first user, and wherein a first plurality of access rights listed in the first list of access rights comprise at least one of (i) one or more roles, (ii) one or more tasks, or (iii) one or more permissions;
a role configuration interface used to configure a role based on user input received, from the first user, at the role configuration interface, wherein the role configuration interface comprises a second list of access rights available for selection by the first user, and wherein a second plurality of access rights listed in the second list of access rights comprise at least one of (i) one or more tasks, or (ii) one or more permissions; and
memory storing instructions that, when executed by the at least one processor, cause the system to:
facilitate configuration of the risk management rule by at least:
displaying the rule configuration interface wherein displaying the rule configuration interface comprises presenting, at a first portion of the rule configuration interface, the first list of access rights;
receiving, at the rule configuration interface, input selecting a first access right from the first list of access rights, the first access right selected corresponding to a base access right for the risk management rule,
receiving, at the rule configuration interface, input selecting a second access right from the first list of access rights, the second access right selected corresponding to a conflicting access right for the risk management rule,
displaying, in the rule configuration interface and in a list of conflicting access rights for the risk management rule, the conflicting access right;
facilitate configuration of the role by at least:
displaying the role configuration interface wherein displaying the role configuration interface comprises presenting, at a first portion of the role configuration interface, the second list of access rights,
receiving, at the role configuration interface, input selecting an access right from the second list of access rights for association with the role,
evaluating whether the access right selected for association with the role violates one or more risk management rules, and
based on determining that the access right selected for association with the role violates at least one risk management rule, displaying, in the role configuration interface, an indication that the access right selected violates at least one risk management rule; and
monitor access rights provisioned at a computing system to determine whether both the base access right and the conflicting access right are provisioned to a second user of the computing system.

US Pat. No. 10,341,383

CLOUD PROTECTION TECHNIQUES

Micro Focus Software Inc....

1. A non-transitory computer-readable storage medium comprising executable instructions that when executed by one or more processors perform a method to:detect a security event indicating an intruder is operating within a source environment;
migrate resources of the source environment to a target environment;
generate fake resources to represent the resources within the source environment and creating a fake processing environment of the source environment with the fake resource operational within the fake processing environment as a combination of fake services, fake systems, fake directories, and fake data stores; and
log actions taken by the intruder against the fake resources during migration of the resources to the target environment.

US Pat. No. 10,341,382

SYSTEM AND METHOD FOR FILTERING ELECTRONIC MESSAGES

SISVEL TECHNOLOGY S.R.L.,...

1. A method for validating an electronic message received by a client machine, wherein the electronic message includes a header comprising identification data which identify a sender of the message, and a body suitable for containing digital images and one or more hyperlinks, the client machine comprising a processor, a first memory configured to store the electronic messages, a communication interface configured to receive the electronic message and a user input unit configured to receive requests for accessing the one or more hyperlinks comprised in the body from a user, wherein the processor is configured to implement the method by:processing at least one digital image found in the body for obtaining digital signatures which identify the at least one digital image,
finding and storing the one or more hyperlinks present in the body of the message in the first memory,
retrieving a set of trusted Internet domains by interrogating a database stored in a second memory using said digital signatures, wherein said database contains relations between groups of digital signatures and groups of Internet domains considered to be trusted when associated to images identified by said digital signatures,
verifying that the one or more hyperlinks present in the body of the message belong to said set of trusted Internet domains found in the database, and
allowing or denying, to the user input unit, access to at least part of the body of the message in which the one or more hyperlinks are present, based on whether said one or more hyperlinks pertain or not to said set of trusted Internet domains.

US Pat. No. 10,341,380

DETECTING MAN-IN-THE-BROWSER ATTACKS

1. A method, comprising:generating modified web page code for transmission to a client device by:
adding first code comprising decoy code to web page code, wherein the decoy code is designed to be recognized by malware as web code that is vulnerable to attack;
adding second code to the web page code, wherein the second code is configured to transmit data regarding the decoy code at the client device;
receiving one or more communications generated by the second code executing at the client device;
based on the one or more communications, determining that malicious code has interacted with the modified web page code at the client device;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,341,379

APPARATUS AND METHODS FOR MITIGATION OF NETWORK ATTACKS VIA DYNAMIC RE-ROUTING

Time Warner Cable Enterpr...

1. A method of operating a network so as to mitigate effects of malicious attacks on one or more computerized user devices in data communication with the network, the network comprising at least a computerized network controller apparatus, a plurality of processing entities, and a plurality of router devices, the method comprising:identifying, via said computerized network controller apparatus, traffic of said network, at least a portion of said identified traffic associated with data indicative of one or more malicious attacks, the identified traffic comprising at least destination data relating to a host entity within said network;
managing influx and processing of the identified traffic, the managing influx and processing comprising at least:
identifying, via said computerized network controller apparatus, an available capacity for each of the plurality of processing entities;
based at least in part on the identifying of the available capacity for each of the plurality of processing entities, selecting at least one of the plurality of processing entities so as to balance traffic influx across the plurality of processing entities;
based at least in part on said selecting of said at least one of said plurality of processing entities, enabling said at least one of said plurality of processing entities to transmit, to at least a portion of said plurality of router devices, alternate routing protocol data indicative of said at least one of said plurality of processing entities and configured to cause transmission of the identified traffic thereto;
based at least in part on said transmission of said alternate routing protocol data, enabling insertion of said alternate routing protocol data into said identified traffic, said inserted alternate routing protocol data causing switching of said identified traffic from one or more routers of said at least portion of said plurality of router devices to said at least one of said plurality of processing entities;
enabling processing of said switched identified traffic using said at least one of said plurality of processing entities so as to render said switched identified traffic non-harmful to said one or more computerized user devices; and
collecting one or more metrics related to the processing of the switched identified traffic, the one or more metrics for use in identification of a predicted amount of available capacity of the at least one of the plurality of processing entities for future management of influx and processing;
enabling removal of said inserted alternate routing protocol data from said identified and processed traffic; and
enabling routing of said identified and processed traffic to a destination associated with said destination data and said host entity.

US Pat. No. 10,341,378

METHODS, SYSTEMS, AND MEDIA FOR INHIBITING ATTACKS ON EMBEDDED DEVICES

The Trustees of Columbia ...

1. A system for inhibiting attacks on embedded devices, the system comprising a processor configured to:identify an embedded device that is configured to provide one or more services to one or more digital processing devices within a communications network;
receive a first firmware having binary executable code associated with the embedded device; and
generate a second firmware that is functionally equivalent to the first firmware for execution by the embedded device by:
determining unused binary executable code and data associated with the binary executable code within the first firmware;
removing the unused binary executable code and data to create free memory locations within the second firmware; and
using the free memory locations to restructure remaining binary executable code and data into memory positions and insert a plurality of payloads and at least one policy within the second firmware, wherein the plurality of payloads includes a first payload that includes program instructions for providing a first defensive capability to the embedded device and a second payload that includes program instructions for providing a second defensive capability to the embedded device and wherein the first defensive capability is a different type than the second defensive capability.

US Pat. No. 10,341,377

SYSTEMS AND METHODS FOR CATEGORIZING SECURITY INCIDENTS

Symantec Corporation, Mo...

1. A computer-implemented method for categorizing security incidents, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:detecting, by an endpoint computing security program, a threat signature alert triggered at a client machine associated with a client;
identifying historical data that records how the client responded to previous reports of security incidents that were categorized to describe the security incidents;
assigning a category for a new security incident that corresponds to the detected threat signature alert based on an analysis of the historical data indicating that the client responded more frequently to the category than the client responded to a different category;
notifying the client, through an electronically transmitted security incident report, of both the new security incident and the category assigned to the new security incident based on the analysis of the historical data to enable the client to perform a security action to protect itself from a corresponding security threat; and
performing the security action based on the electronically transmitted security incident report, the security action comprising at least one of:
enabling one or more security settings;
applying a patch that is designed to resolve the corresponding security threat;
disabling, powering down, throttling, quarantining, sandboxing, and/or
disconnecting one or more computing resources;
updating a signature threat alert set of definitions; or
upgrading the endpoint computing security program.

US Pat. No. 10,341,376

DIVERSITY ANALYSIS WITH ACTIONABLE FEEDBACK METHODOLOGIES

Guidewire Software, Inc.,...

1. A method, comprising:assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure;
based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity;
determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and
dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.

US Pat. No. 10,341,375

RESOLVING CUSTOMER COMMUNICATION SECURITY VULNERABILITIES

20. A computer apparatus, comprising:a memory that stores instructions, and
a processor that executes the instructions,
wherein, when executed by the processor, the instructions cause the processor to perform operations comprising:
storing, in a database, a plurality of existing reports, the plurality of existing reports being customer reports of issues and associated with classifications;
analyzing traffic data for reporting customers of the plurality of existing reports to identify risky behavior;
obtaining, via a communication network, a report of an issue of a first user device and a usage history for the first user device, the usage history including communications involving the first user device;
assigning a first classification to the report of the issue of the first user device;
searching for similarities between the usage history of the first user device and the risky behavior identified for the plurality of existing reports which matches the report of the issue of the first user device;
assigning the report of the issue of the first user device a second classification based on the similarities;
assigning a score to the report of the issue of the first user device based on matching between the first classification and the second classification;
remedying, via the communication network and by an automated remote action, a first vulnerability on the first user device when the score exceeds a predetermined threshold, the automated remote action including blocking the first user device from accessing a network location, accessing the network location being identified as the risky behavior;
searching data to identify a second user device that has performed a keyword search for the network location, the second user device being in a same account as the first user device; and
proactively remedying, by the automated remote action, a second vulnerability on the second user device to block the second user device from accessing the network location, and
the second vulnerability is proactively remedied on the second user device in response to the second user device being identified in the search of the data as being in the same account as the first user device and having performed the keyword search for the network location, and not when the second end user device performs the keyword search for the network location.

US Pat. No. 10,341,374

SYSTEMS AND METHODS DETECTING AND MITIGATING ANOMALOUS SHIFTS IN A MACHINE LEARNING MODEL

Sift Science, Inc., San ...

1. A machine learning system for deploying a machine learning model for predicting and/or classifying digital fraud or digital abuse, the system comprising:one or more computing server devices that implement a remote machine learning service that collects, via one or more networks, digital event data associated with one or more online services of a service provider, wherein the remote machine learning service implements:
a machine learning model validation system that:
collects incumbent digital threat scores generated by an incumbent machine learning model and successor digital threat scores generated by a successor digital threat machine learning (ML) model;
implements anomalous-shift-detection that detects whether the successor digital threat scores of the successor digital threat ML model produces an anomalous shift, wherein the anomalous shift relates to a measurable variance in values of the successor digital threat scores of the successor digital threat ML model relative to values of the incumbent digital threat scores of the incumbent digital threat ML model, and wherein the anomalous-shift detection includes:
building a successor threat score distribution based on the successor digital threat scores generated by the successor digital threat ML model;
building an incumbent threat score distribution based on the incumbent digital threat score generated by the incumbent digital threat ML model; and
identifying an overlapping coefficient between an area under a curve of the successor threat score distribution and an area under a curve of the incumbent threat score distribution;
if the anomalous shift is detected by the machine learning model validation system:
blocks a deployment of the successor digital threat model to a live ensemble of digital threat scoring models that generate digital threat scores based on the collected digital event data associated with the one or more online services of the service provider; or
if the anomalous shift is not detected by the machine learning model validation system, deploys the successor digital threat ML model by replacing the incumbent digital threat ML model in a live ensemble of digital threat scoring models with the successor digital threat ML model.

US Pat. No. 10,341,373

AUTOMATICALLY DETECTING INSIDER THREATS USING USER COLLABORATION PATTERNS

SYMANTEC CORPORATION, Mo...

1. A computer-implemented method for automatically detecting insider threats using user collaboration patterns, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying collaborative access of one or more network resources in a network between a target user using a target network device and other users using other network devices in the network during multiple prior time periods and during a current time period;
generating prior collaboration graphs for the prior time periods with nodes representing the target user and the other users and edges representing collaborative access of the one or more network resources during the prior time periods between the target user and the other users;
generating an average collaboration graph by combining the prior collaboration graphs, the average collaboration graph including an average number of nodes and an average number of edges from the prior collaboration graphs, with nodes and edges of the average collaboration graph being probabilistically chosen based on their frequency and recency of occurrence;
generating a current collaboration graph for the current time period with nodes representing the target user and the other users and edges representing collaborative access of the one or more network resources during the current time period between the target user and the other users;
generating an anomaly score by comparing the current collaboration graph to the average collaboration graph;
determining that the collaborative access of the one or more network resources during the current time period is anomalous by determining that the anomaly score exceeds a threshold based on the current collaboration graph being larger or smaller in size than, or having a different composition than, the average collaboration graph; and
in response to the anomaly score exceeding the threshold, performing a security action on the target network device.

US Pat. No. 10,341,372

CLUSTERING FOR DETECTION OF ANOMALOUS BEHAVIOR AND INSIDER THREAT

International Business Ma...

1. A computer-implemented method for detecting anomalous user behavior in a network, the computer-implemented method comprising:logging, by a computer, user activity of a set of users in the network;
dividing, by the computer, the user activity into distinct time intervals;
for each distinct time interval, transforming, by the computer, logged user activity data to a numerical representation of each user's activities for that distinct time interval;
using, by the computer, a clustering process on the numerical representations of user activities to determine which users have similar activity patterns in each distinct time interval;
generating, by the computer, a plurality of peer groups of clustered users based on determining the similar activity patterns in each distinct time interval;
generating, by the computer, a distance metric for each user in the plurality of peer groups of clustered users within a current time interval based on comparing a position of each user in the plurality of peer groups of clustered users in the current time interval with positions of each same user over a predetermined plurality of preceding time intervals;
determining, by the computer, whether a generated distance metric corresponding to one or more users within the current time interval is greater than or equal to a defined distance metric threshold value; and
responsive to the computer determining that the generated distance metric corresponding to one or more users within the current time interval is greater than or equal to the defined distance metric threshold value, detecting, by the computer, anomalous user behavior that indicates a security threat by the one or more users to one or more secure resources protected by the computer in the network within the current time interval and blocking, by the computer, access to the one or more secure resources by the one or more users.

US Pat. No. 10,341,371

IDENTIFYING AND HANDLING THREATS TO DATA COMPUTE NODES IN PUBLIC CLOUD

NICIRA, INC., Palo Alto,...

1. A method comprising:receiving a notification from a network controller that a data compute node, which operates on a host machine in a public datacenter and executes (i) a forwarding element managed by the network controller and (ii) a local control agent that receives configuration data from the network controller and configures the forwarding element, is compromised based on data about the forwarding element;
interacting with application programming interfaces (APIs) of the public datacenter to quarantine the data compute node.

US Pat. No. 10,341,370

HUMAN-ASSISTED ENTITY MAPPING

BitSight Technologies, In...

3. A method comprising:generating a map between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets, at least part of the generating of the map being done automatically;
enabling a user to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities; and
providing the map to an application for joining to event data or scoring a security state of the entities.

US Pat. No. 10,341,369

SECURITY SYSTEM MONITORING TECHNIQUES BY MAPPING RECEIVED SECURITY SCORE WITH NEWLY IDENTIFIED SECURITY SCORE

NCR Corporation, Atlanta...

1. A method, comprising:receiving, by executable instructions that execute on a hardware processor of a server from a non-transitory computer-readable storage medium over a network, a security score along with an alert rate for the security score, wherein receiving further includes identifying a particular security rule that relies on the security score and identifying an original scoring mechanism relied on by the particular security rule, wherein the alert rate is calculated as a total number of particular alerts generated for the particular security rule divided by a total number of transactions occurring over the network;
identifying, by the executable instructions, a new security score by matching the alert rate with the new security score;
mapping, by the executable instructions, the security score to the new security score in the original scoring mechanism;
triggering, by the executable instructions, over the network, a processing of an automated security action in response to the new security score;
processing, a transaction rule directed to a financial transaction with transaction information for the financial transaction and the new security rule as the automated security action; and
declining the financial transaction when the transaction rule evaluates to true.

US Pat. No. 10,341,368

SELECTIVE MODIFICATION OF DATA PACKETS FOR NETWORK TOOL VERIFICATION

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a data packet at a network port of a network appliance that is configured to forward data packets along a data path from an originating node to a destination node on a network;
identifying, by the network appliance, a flow map associated with the data packet, where the flow map represents a policy for how the data packet is to be handled by the network appliance;
determining, by the network appliance, whether a simulated error mode has been enabled for the flow map;
in response to determining that the simulated error mode has been enabled,
modifying, by the network appliance, the data packet to produce a modified data packet that mimics abnormal traffic;
injecting, by the network appliance, the modified data packet into an outgoing traffic flow to be forwarded to a tool port of the network appliance for transmission downstream to a network tool, where the outgoing traffic flow includes the modified data packet and at least one unmodified data packet;
monitoring, by the network appliance, whether the modified data packet is blocked by the network tool in accordance with a security protocol, by determining whether the modified data packet is included in an incoming traffic flow received from the network tool; and
based on a determination of whether the modified data packet was blocked by the network tool,
generating, by the network appliance, an indication of health of the network tool that is indicative of whether the network tool is operating properly.

US Pat. No. 10,341,367

SYSTEM AND METHOD FOR INQUIRING IOC INFORMATION BY P2P PROTOCOL

Saint Security Inc., Seo...

1. A method of inquiring and storing Indicator of Compromise (IoC) information by at least first user terminal among a plurality of user terminals in an environment including the plurality of user terminals, each of the plurality of user terminals having at least an event processing module, an IoC inquiry agent module, an encryption socket communication module, and a P2P socket communication module; and the environment further including an IoC information providing server, the method comprising:a first step of determining by the event processing module of the first user terminal a target IoC information to be identified when an event occurs based on the event;
a second step of requesting by the IoC inquiry agent module of the first user terminal that the encryption socket communication module and the P2P socket communication module of the first user terminal request the target IoC information;
a third step of requesting by the encription socket communication module of the first user terminal first a IoC information corresponding to the target IoC information from the IoC information providing server;
a fourth step of requesting by the P2P socket communication module of the first user terminal a second IoC information corresponding to the target IoC information from the P2P socket communication module of one or more of the plurality of user terminals other than the first user terminal;
a fifth step of storing by the first user terminal only one of the first IoC information or the second IoC information that is received first from either the IoC information providing server or the P2P socket communication module of one or more of the plurality of user terminal other than the first user terminal, and
a sixth step of a user accessing the first user terminal and responding to the event based on the first IoC information or the second IoC information stored on the first user terminal.

US Pat. No. 10,341,366

MANAGING SECURITY BREACHES IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A method of managing security breaches in a networked computing environment, comprising:detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment comprises both a decoy system and the production system;
receiving, by the at least one computer device, a communication after the detecting the breach;
determining, by the at least one computer device, whether the communication is associated with a valid user or a malicious user; and
in response to determining that the communication is associated with the valid user, routing the valid user to an element of the production system, and in response to determining that the communication is associated with the malicious user, routing the malicious user to a corresponding element of the decoy system,
wherein:
the decoy system is separate from the production system and comprises elements corresponding to elements of the production system;
the networked computing environment comprises layers, and further comprising determining one of the layers at which the breach occurred; and
the routing comprises permitting the malicious user to access at least one element of the production system in one or more first layers up to and including the determined one of the layers.

US Pat. No. 10,341,365

METHODS AND SYSTEM FOR HIDING TRANSITION EVENTS FOR MALWARE DETECTION

FireEye, Inc., Milpitas,...

1. A non-transitory storage medium having stored thereon logic, the logic being executable by one or more processors to perform operations including:processing of an object within a virtual machine;
intercepting an attempted execution of an instruction by the object, the instruction located on a page in memory associated with the virtual machine;
responsive to determining the page includes instructions corresponding to one of a set of function calls, (i) inserting a first transition event into the memory associated with the virtual machine at a location of a first instruction of the instructions corresponding to a function call of the set of function calls wherein the location is on the page in the memory, and (ii) setting a permission of the page to be execute only; and
responsive to further processing within the virtual machine causing an attempt to read from or write to the page including the first transition event, (i) halting at least a portion of the processing within the virtual machine, (ii) performing an analysis of at least one last branch record (LBR) of a virtual central processing unit (CPU) of the virtual machine, and (iii) based on the analysis of the at least one LBR, determining whether the processing displays characteristics of a return-oriented programming (ROP) attack.

US Pat. No. 10,341,364

SYSTEMS AND METHODS FOR MONITORING AND MITIGATING NETWORK ATTACKS

Corero Networks Security,...

1. A method for facilitating protection of a network system, the method comprising performing by at least one processor the steps of:in a first module receiving packets, for a signature, during a first observation window:
(a) computing a plurality of indices using a plurality of hash functions and the signature;
(b) for each non-colliding index from the plurality of indices, updating a respective signature rate, representing a frequency of occurrence of the signature in the first module during the first observation window;
(c) designating a maximum of the signature rates that correspond to the non-colliding indices and that are updated during the first observation window as a first local maximum signature rate for the first module for the first observation window; and
(d) setting a signature rate for the signature at a colliding index using the first local maximum signature rate for the first module for the first observation window.

US Pat. No. 10,341,363

DYNAMICALLY REMOTE TUNING OF A MALWARE CONTENT DETECTION SYSTEM

FireEye, Inc., Milpitas,...

1. An apparatus comprising:a processor; and
a memory communicatively coupled to the processor, the memory has stored thereon a first detection logic including software that is configurable to enable, disable or modify analysis capabilities of the first detection logic, wherein the first detection logic, when executed by the processor, conducts a first analysis of a received object to determine if the received object is associated with a malicious attack,
wherein the first detection logic receives a configuration file, the configuration file being automatically generated by a parameter generation logic including second software to automatically generate the configuration file based on a result of the first analysis,
wherein the capabilities of the first detection logic are altered based on the configuration file, the first detection logic, after alteration of the capabilities, performs a second analysis on the received object or a second received object, the second analysis being different than the first analysis and configured to detect characteristics or behaviors associated with the malicious attack that are used to classify the received object or the second received object as malware, wherein the configuration file modifies a weighting of at least one of a first analysis score being at least part as the result of the first analysis or a second analysis score being at least part of a result of the second analysis as used in classifying the received object or the second received object as malware.

US Pat. No. 10,341,362

APPARATUS AND METHOD FOR DETECTING A CLONED BASE STATION

Continental Automotive Sy...

1. A method, performed by a wireless mobile communications device, of detecting the presence of a cloned base station, the method comprising:determining whether a Neighbor Cell List, which lists channels of base stations of neighboring cells, has been received from the current serving cell at the wireless mobile communication device;
when it is determined that the Neighbor Cell List has not been received from the current serving cell at the wireless mobile communication device, sending from the wireless mobile communication device a warning to a user of the wireless mobile communications device that the base station for the current serving cell is a base-station clone;
when it is determined that the Neighbor Cell List has been received from the current serving cell at the wireless mobile communication device, sensing, by the wireless mobile communication device, respective power levels of each of the channels listed in the Neighbor Cell List;
determining whether at least a predetermined number of neighboring cells listed in the Neighbor Cell List have a power level of zero;
when it is determined that (1) the Neighbor Cell List has been received from the current serving cell at the wireless mobile communication device, and (2) at least the predetermined number of neighboring cells listed in the Neighbor Cell List have a power level of zero, sensing, by the wireless mobile communication device, a power level of the current serving cell;
determining whether the power level of the current serving cell is greater than a current-serving-cell threshold power level; and
when it is determined that (1) the Neighbor Cell List has been received from the current serving cell at the wireless mobile communication device, (2) at least the predetermined number of neighboring cells listed in the Neighbor Cell List have a power level of zero, and (3) the power level of the current serving cell is greater than a current-serving-cell threshold power level, sending from the wireless mobile communication device a warning to a user of the wireless mobile communication device that the base station for the current serving cell is a base-station clone.

US Pat. No. 10,341,361

TRANSMITTING SECURE INFORMATION

Hewlett Packard Enterpris...

1. A method comprising:establishing, by a boot environment, a secure connection on a special port, wherein an authentication key for the secure connection is preloaded into the boot environment;
verifying, by the admin node, that the new node is marked for installation;
in response to the verification that the new node is marked for installation:
transmitting, by the admin node, a secure key to the new node over the secure connection;
requesting, by the boot environment, a secure bundle from the admin node, the secure bundle corresponding to the new node;
decrypting, by the boot environment, the secure bundle using the secure key; and
requesting, by the boot environment, an installation image for the new node, wherein the secure bundle contains secure information that is not included in the installation image.

US Pat. No. 10,341,360

METHOD AND APPARATUS FOR USER AND ENTITY ACCESS MANAGEMENT FOR CODE SIGNING ONE OR MORE OF A PLURALITY OF DEVICES

ARRIS Enterprises LLC, S...

1. A method of managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, the method comprising:defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order:
an application platform entity that produces the plurality of devices, having a sole owner;
at least one project entity for each application platform entity, the project entity comprising the device family;
at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and
at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity;
managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising:
an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing:
sole eligibility to authorize access the application platform entity;
eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; and
eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
at least one participant account of the application platform entity or the at least one project entity, providing:
eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity,
wherein managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises:
creating the owner account associated with the application platform entity for the sole owner of the application platform entity, and
wherein creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises:
assigning the at least one manager of the at least one model entity hierarchically below the application platform entity;
assigning another manager of another model entity hierarchically below the platform entity;
the method further comprises:
creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity;
creating another participant account, wherein the another participant account is associated with another project entity;
authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity;
authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity;
wherein:
the sole owner of the owner account is a first business organization;
the at least one participant account is associated with a second business organization independent from the first business organization;
the another participant account is associated with a third business organization independent from the first business organization and the second business organization.

US Pat. No. 10,341,359

MULTI-USER SECRET DECAY

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network;
receiving, at the first device, a communication from the second device comprising a second version of the secret information;
detecting an allowable change in a count from at least one of independent counters of the first device and the second device;
determining, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information;
generating, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first version of secret information; and
storing, at the first device, the third version of the secret information.

US Pat. No. 10,341,358

AUTHENTICATION OF MANUAL METER READINGS

ITRON NETWORKED SOLUTIONS...

1. A method for authenticating a meter reading, comprising:obtaining a measurement from a sensor of a metering device, wherein the measurement represents an attribute of a user as measured by the sensor;
applying, by a computer processor of the metering device, a predetermined encoding algorithm to the measurement to generate an authentication code comprising a first subset values and a second subset of values by applying a first encoding scheme to generate the first subset of values and a second encoding scheme to generate the second subset of values, wherein the second encoding scheme is different from the first encoding scheme;
generating, by the computer processor of the metering device, the meter reading by combining the measurement with the authentication code;
presenting, by the metering device, the meter reading to the user;
receiving, at a meter reading analysis device, a reported meter reading from a user, wherein the reported meter reading comprises a different value than the meter reading presented to the user;
applying, by the meter reading analysis device, a pre-determined decoding algorithm associated with the pre-determined encoding algorithm to the reported meter reading to detect that the reported meter reading does not equal the meter reading; and
generating, by the meter reading analysis device and in response to the detecting, a dispatch request to dispatch a human inspector for validating the measurement.

US Pat. No. 10,341,357

SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION

iboss, Inc., San Diego, ...

1. A method performed by data processing apparatus, the method comprising:receiving, from a device within a network, a domain name service (DNS) request for an address of a first resource outside the network;
determining that the first resource is associated with a security policy of the network that specifies decrypting encrypted traffic between the device within the network and the first resource;
responsive to the determination that the first resource is associated with a security policy of the network that specifies decrypting encrypted traffic between the device within the network and the first resource, returning, to the device within the network in response the DNS request, a DNS response comprising an address of a gateway within the network, the gateway address having previously been associated with the first resource address;
establishing a first encrypted connection between the device and the gateway, and a second encrypted connection between the gateway and the first resource, to facilitate encrypted communication traffic between the device and the first resource;
decrypting, by the gateway, all of the encrypted communication traffic passing between the device and the first resource such that all of the encrypted communication traffic passing between the device and the first resource is available to the gateway for inspection; and
inspecting at least some of the encrypted communication traffic passing between the device and the first resource;
receiving, from a second device within the network, a second domain name service (DNS) request for an address of a second resource outside the network;
determining that the second resource is not associated with a security policy of the network that specifies decrypting encrypted traffic between the second device with the network and the second resource;
responsive to the determination that the second resource is not associated with a security policy of the network that specifies decrypting encrypted traffic between the second device and the second resource, sending, to the DNS, the second DNS request;
receiving, from the DNS, a DNS response;
returning, to the second device within the network and in response to receiving the second DNS request, the second DNS request; and
establishing a third encrypted connection between the second device and the second resource, to facilitate encrypted communication traffic between the second device and the second resource.

US Pat. No. 10,341,356

METHOD AND APPARATUS FOR PROVIDING AN ADAPTABLE SECURITY LEVEL IN AN ELECTRONIC COMMUNICATION

Certicom Corp., Mississa...

1. A method for providing security in an electronic communication system, comprising:preparing, by a communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;
for each individual frame:
determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;
based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and
encrypting the data according to the security level for the frame; and
transmitting the plurality of frames to a recipient device.

US Pat. No. 10,341,355

CONFIDENTIAL MALICIOUS BEHAVIOR ANALYSIS FOR VIRTUAL COMPUTING RESOURCES

Amazon Technologies, Inc....

1. A system, comprising:a plurality of computing nodes implemented by one or more hardware processors that host one or more virtual compute instances as part of a multi-tenant provider network for computing resources, wherein the virtual compute instances mount one or more block-based storage volumes, wherein access to data stored in the block-based storage volumes is restricted according to an access policy;
a network traffic metering service implemented by one or more hardware processors for the provider network configured to collect a stream of raw metering data for individual network communications sent to and from the virtual compute instances hosted at the plurality of computing nodes;
a network traffic monitoring service implemented by one or more hardware processors, configured to:
evaluate the stream of raw metering data for possible malicious behavior; and
identify, based at least in part on the evaluation of the raw metering data, different ones of the respective virtual compute instances for storage volume analysis in regard to possible malicious behavior; and
a confidential volume analysis service implemented by one or more hardware processors, configured to:
subsequent to identification of the different ones of the respective virtual compute instances for storage volume analysis, receive a request from a client to analyze one of the identified virtual compute instances, wherein the client is restricted from accessing the data stored in the one or more block-based storage volumes mounted to the one of the identified virtual compute instances according to the access policy;
in response to the receipt of the request:
perform a confidential analysis of the data stored in one or more of the block-based storage volumes mounted to the one of the identified virtual compute instances according to one or more tests for malicious software, wherein results generated for the one or more tests of the confidential analysis satisfy the access policy for the one or more block-based storage volumes; and
send the one or more results of the confidential analysis to the client.

US Pat. No. 10,341,354

DISTRIBUTED HIGH AVAILABILITY AGENT ARCHITECTURE

Oracle International Corp...

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide an Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS), the providing comprising:establishing a connection to an AD, coupled to a first network, the AD including a plurality of organizational units (OUs), a plurality of groups and a plurality of users, each group being a member of an OU, and each user being a member of an OU and a group;
establishing a connection to an IDCS, coupled to a second network, the IDCS including a System for Cross-domain Identity Management (SCIM) directory having a plurality of user resource entries and a plurality of group resource entries;
displaying the plurality of OUs in a graphical user interface (GUI), each OU being selectable by a user;
receiving a selection of one or more OUs;
displaying each member group of the selected OUs in the GUI, each group being selectable by the user;
receiving a selection of one or more member groups of the selected OUs;
monitoring the users of the selected OUs to identify users that have been added, modified or deleted;
monitoring the selected member groups of the selected OUs to identify groups that have been added, modified or deleted;
synchronizing the identified users to the SCIM directory; and
synchronizing the identified groups to the SCIM directory.

US Pat. No. 10,341,353

SYSTEM AND METHOD FOR ISSUING, AUTHENTICATING, STORING, RETRIEVING, AND VERIFYING DOCUMENTS

Wymsical, Inc., Greenwic...

1. A computer-implemented method for authentication, validation, storage, and third party verification of a user's documents, the computer-implemented method comprising:authenticating, by a first computer, a user, wherein authentication requires the user to register with a document service using a computer network, and to provide to the document service personal information of the user, in exchange for which the user receives an unauthenticated code, which the user then presents in person with a photo identification to an ID station associated with the document service which uploads, by the first computer or a second computer, the unauthenticated code and photo identification at the document service and associates them with the user's personal information, the document service then generating a computerized validation code and sending, by the computer network, the validation code to the user for presentation to the ID station, whereby presentation of the validation code to the ID station causes the document service to generate an authenticated user code, the authenticated user code then being sent to the user;
associating a document with the authenticated user code;
transferring, by a third computer, a digital document associated with the authenticated user code from a document source to an electronic vault for the user when requested by the user, wherein the digital document comprises a digital version of the document associated with the authenticated user code;
verifying, by the second computer, the document by receipt of the authenticated user code with the document source, or by independent data;
encrypting and securely storing the digital document so that control of sending or viewing the digital document remains with the user;
storing metadata and encryption data associated with the document at the document service;
having the document service verify the authentication of the digital document in response to a request by a third party and confirm that the digital document is valid, by the user sending, by the network, the authenticated user code to the document service, the document service sending a computerized hyperlink to the third party, and upon the third party clicking on the computerized hyperlink permission is requested from the user for the document service to allow the digital document or metadata for the document to be viewed by the third party, and upon receiving, by the network, permission from the owner, the digital document or metadata is viewable by the third party.

US Pat. No. 10,341,352

GAZE INITIATED INTERACTION TECHNIQUE

1. A method for enabling a network service to enhance user anonymity whilst mediating interaction between users of personal point-of-interest beacons, the method comprising:linking an account of a first social network user to a unique identifier relating to a personal point-of-interest beacon of a second social network user, wherein the unique identifier is broadcast as an anonymous unique identifier that continuously changes while it is active;
accessing a first user profile of the first social network user, wherein the first user profile includes a plurality of inclusion criteria, a plurality of exclusion criteria, and interaction preferences;
accessing a second user profile of the second social network user, wherein the second user profile includes profile filtering parameters and personal data;
mediating communication authorization between the first social network user and the second social network user based on matching the plurality of inclusion and exclusion criteria of the first user profile with the profile filtering parameters of the second user profile;
receiving an authorization request from the second social network user to interact with the first social network user; and
selecting an interface for interaction between the second social network user and the first social network user, wherein the selection is based on the interaction preferences.

US Pat. No. 10,341,351

DIFFERENTIATED CONTAINERIZATION AND EXECUTION OF WEB CONTENT BASED ON TRUST LEVEL AND OTHER ATTRIBUTES

Intel Corporation, Santa...

1. A computing system comprising:network circuitry;
a storage device including instructions; and
processor circuitry associated with a local execution environment, the processor circuitry to execute the instructions to:
store data of a first type in a first container associated with the local execution environment;
store data of a second type in a second container associated with the local execution environment, the second type different from the first type;
determine whether to provide content to a remote execution environment separate from the local execution environment based on whether the content is unverified; and
provide the content to the remote execution environment when the content is determined to be unverified.

US Pat. No. 10,341,350

ACTIVELY IDENTIFYING AND NEUTRALIZING NETWORK HOT SPOTS

CYBERARK SOFTWARE LTD., ...

1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for actively identifying identities that have privileged access escalation vulnerabilities, the operations comprising:identifying a first identity having a first level of privileged access;
identifying a second identity having a second level of privileged access that is different from the first level of privileged access;
based on an identification of the second identity gaining access to the first identity and further based on determining that the first identity and the second identity have different levels of privileged access, classifying the second identity as a potential source of privileged access escalation vulnerabilities; and
performing, based on the classification that the second identity is a potential source of privileged access escalation vulnerabilities, at least one of:
triggering an alert regarding the potential source of privileged access escalation vulnerabilities;
performing a network security remediation operation for at least one of the first identity and the second identity, wherein the network security remediation operation includes at least one of:
prompting at least one of the first identity and the second identity with an authentication challenge; and
terminating a network session between the first identity and the second identity; and
identifying a plurality of other identities with levels of privileged access different from the first level of privileged access and that share a characteristic in common with the second identity.

US Pat. No. 10,341,349

SESSION SECURITY SPLITTING AND APPLICATION PROFILER

Cyemptive Technologies, I...

1. A computer implemented method to secure against unauthorized access to resources during application sessions, comprising:detecting a first application session established between a first client and a first application of a first host device, the first application associated with a first plurality of security time limits that divide security for the first application into a plurality of security tiers;
monitoring an active session duration of the first application session established between the first client and the first application;
executing one or more first security actions against the first application session responsive to the active session duration of the first application session reaching a security time limit of the first plurality of security time limits, wherein the one or more first security actions are specified in a first security tier of the plurality of security tiers, and wherein the one or more first security actions comprise one or more of Internet Protocol (IP) lookups, deep packet inspection, malformed packet detection, or enabling security sensors; and
executing one or more second security actions against the first application session responsive to the active session duration of the first application session reaching another security time limit of the first plurality of security time limits, wherein the one or more second security actions are specified in a second security tier of the plurality of security tiers, and wherein the one or more second security actions comprise one or more of IP lookups, deep packet inspection, malformed packet detection, or enabling security sensors.

US Pat. No. 10,341,348

ONBOARDING AND ACCOUNTING OF DEVICES INTO AN HPC FABRIC

Intel Corporation, Santa...

1. An article of manufacture that includes a storage device that includes information to cause an onboarding slave node to perform a method comprising:receiving a message that includes an address of a fabric switch master over an external network;
providing an identification message that provides an indication of a manufacturing source of an onboarding slave node, over the fabric switch network, to the fabric switch master;
receiving, the permission message, over the fabric switch network, from the fabric switch master;
receiving an accounting identifier over the fabric switch network, from the fabric switch master; and
sending the accounting identifier over the fabric switch network within a message to another node after onboarding is completed.

US Pat. No. 10,341,347

NON-RESPONSIVE NODE ACTIVITY AVOIDANCE IN A NETWORK STORAGE SYSTEM

Terdata US, Inc., Dayton...

1. A method of operating a data store system comprising:generating a registration key in response to identification of a non-responsive processing node in a plurality of processing nodes, wherein the identification of the non-responsive processing node is based on failure of the non-responsive processing node to properly respond to at least one of the other processing nodes in the plurality of processing nodes;
providing the registration key to the other processing nodes excluding the identified non-responsive node; and
providing the registration key to a plurality of storage cluster nodes in communication with the plurality of processing nodes over a network, wherein each storage cluster node is configured to manage access to a respective set of persistent storage devices, and wherein each processing node provided the registration key is authorized to access each of the persistent storage devices.

US Pat. No. 10,341,346

INFORMATION PROCESSING METHOD, INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. An information processing method executed by a computer, the processing method comprising:starting one or more network applications;
starting a security application that prevents accesses from the one or more network applications to one or more destinations, wherein the one or more destinations do not belong to a first network domain and do not have an address to which an access is allowed for the network application;
performing a detecting operation of one or more peripheral devices to be accessed by the one or more network applications;
comparing, based on the detecting operation, the detected one or more peripheral devices as a first group with one or more other peripheral devices which are detected in a previous detecting operation as a second group;
closing, when there are one or more peripheral devices which belong to only the second group, one or more second interfaces corresponding to the one or more peripheral devices which belong to only the second group; and
generating, when there are one or more peripheral devices which belong to only the first group, one or more first interfaces corresponding to the one or more peripheral devices which belong to only the first group, the one or more network applications being configured to access the one or more peripheral devices via the one or more first interfaces.

US Pat. No. 10,341,345

NETWORK BROWSER CONFIGURATION

Amazon Technologies, Inc....

1. A computer-implemented method for managing content comprising:receiving, at a trusted proxy server, a content request from a client computing device executing a programmatically configured browser application, wherein the trusted proxy server is configured to receive and respond to browser and proxy verification requests from an authenticating content server and wherein the content request corresponding to content served by the authenticating content server;
transmitting, by the trusted proxy server, a browser verification request to the client computing device;
receiving, by the trusted proxy server, information responsive to the browser verification request, the information responsive to the browser verification request including a verifiable representation of a browser application state associated with the programmatically configured browser application of the client computing device;
determining, by the trusted proxy server, based at least in part on the content request, a programmatic configuration of the programmatically configured browser application;
determining, by the trusted proxy server, based at least in part on a processing of the verifiable representation of the browser application state, that the programmatically configured browser application is operable to implement the programmatic configuration;
transmitting, by the trusted proxy server, the content request to the authenticating content server;
receiving, by the trusted proxy server, content responsive to the content request from the authenticating content server;
transmitting, by the trusted proxy server, data communications to the programmatically configured browsing application, the data communications causing an activation of the programmatic configuration; and
transmitting, by the trusted proxy server, the content responsive to the content request.

US Pat. No. 10,341,344

METHODS AND SYSTEMS FOR PERSISTENT CROSS-APPLICATION MOBILE DEVICE IDENTIFICATION

The 41st Parameter, Inc.,...

1. A system for persistently identifying a mobile device across applications, the system comprising:a memory which comprises:
a first sandbox associated with a first application;
a second sandbox associated with a second application; and
a persistent shared storage configured to store a universal device identifier which identifies a mobile device across the first application and the second application; and
a processor programmed to:
execute the first application in the first sandbox, wherein the first application is restricted from accessing the second sandbox;
execute the second application in the second sandbox, wherein the second application is restricted from accessing the first sandbox;
receive a first request from the first application to access information associated with the mobile device, wherein the first request comprises the universal device identifier;
receive a second request from the second application to access the information associated with the mobile device, wherein the second request comprises the universal device identifier;
identify data associated with the first application indicative of a fraud;
link the data associated with the first application indicative of the fraud with the universal device identifier;
store the data associated with the first application indicative of the fraud in the persistent shared storage associated with the universal device identifier; and
in response to the second request from the second application to access information associated with the mobile device, access the persistent shared storage associated with the universal device identifier and return a data packet comprising the data associated with the first application indicative of the fraud to the second application.

US Pat. No. 10,341,343

EFFICIENT AND SECURE CONNECTION OF DEVICES TO A NETWORK WITHOUT USER INTERFACES

INTERNATIONAL BUSINESS MA...

1. A method for connecting a device to a network, the method comprising:providing a device assigned with a device identifier and an asymmetric cryptographic key pair that includes a public key and a private key, wherein the device:
stores the private key on a memory thereof; and
is provided with information as to at least one of the assigned device identifier and the public key, said information detectable by a detector so as to be transmissible to a server for the server to identify the device identifier and the public key assigned to the device; and
wherein the method further comprises, at the device:
receiving, at the device, from the server a signal encrypted with the public key of the device, wherein the signal invites the device to connect to a network, said signal encoding both:
the device identifier as identified by the server based at least in part on information transmitted to the server; and
a network identifier of said network, the network identifier encrypted with the public key of the device as identified by the server based at least in part on information transmitted to the server;
decrypting, utilizing the private key of the device, the signal to obtain the network identifier of the network; and
based at least in part on the network identifier, initiating a network connection with said network.

US Pat. No. 10,341,342

CONFIGURATION DATA BASED FINGERPRINTING FOR ACCESS TO A RESOURCE

CARRIER CORPORATION, Far...

1. A method for providing access to a resource to a user system network, wherein the user system network includes a plurality of network devices, the method comprising:obtaining, by a system comprising one or more processors, configuration data that includes a device name, a device identifier, and a device address for each network device of the plurality of network devices of the user system network;
receiving, by the system, a request from the user system network for access to the resource;
generating, by the system, a single current fingerprint of the user system network by applying a hash function to a single combination, the single combination comprising all of the device names of the plurality of network devices, all of the device identifiers of the plurality of network devices, and all of the device addresses of the plurality of network devices;
comparing, by the system, the single current fingerprint of the user system network to a reference fingerprint of the user system network, wherein the reference fingerprint is associated with the resource;
determining, by the system, a degree of similarity between the single current fingerprint and the reference fingerprint;
granting, by the system, access to the resource to the user system network in response to the degree of similarity between the single current fingerprint and the reference fingerprint meeting or exceeding a predetermined similarity threshold; and
in a binding mode:
obtaining initial configuration data identifying the plurality of network devices installed at the user system network;
generating the reference fingerprint in response to the initial configuration data; and
binding the reference fingerprint to the resource.

US Pat. No. 10,341,341

RFID AUTHENTICATION ARCHITECTURE AND METHODS FOR RFID AUTHENTICATION

SMARTRAC TECHNOLOGY FLETC...

1. A method for mutual authentication in a radio frequency identification (RFID) system comprising an RFID reader and an RFID tag, the method comprising:receiving, at the RFID reader, an identifier from the RFID tag;
selecting a password based at least in part on the identifier;
selecting a first mathematical kernel having a first parameter set;
generating a first password key based on the first mathematical kernel;
encrypting the password as a first encrypted password based on the first password key; and
transmitting the first encrypted password to the RFID tag.

US Pat. No. 10,341,340

AUTHENTICATION SYSTEM FOR A MOBILE DATA TERMINAL

ASMAG-Holding GmbH, Grue...

1. An authentication system comprising:a data terminal with a data terminal device,
a communication network,
an authentication service, and
a point of sale, the point of sale comprising a remote station,
wherein the data terminal device comprises an image capturing device, an image preparing module, a wireless communication interface, and an interface for a body area network,
wherein the communication interface comprises a long-range interface and a close-range interface, the close-range interface being unidirectional,
wherein there is a first communication connection via the long-range interface of the communication network, between the communication interface of the data terminal device and the authentication service,
wherein an authentication request is triggered by the data terminal device on the point of sale via the close-range interface of the communication interface,
wherein a close-range data connection between the communication interface of the data terminal device and the corresponding remote station of the point of sale is produced via the close-range interface,
wherein the communication interface is configured to capture a unique identifier from the point of sale via the close-range data connection and is configured to transmit the unique identifier to the authentication service via the first communication connection of the communication network,
wherein the data terminal is in the form of a watch,
wherein the authentication service comprises a face detection and face recognition module, a 2D/3D image analysis module, and a database, the 2D/3D image analysis module being configured to receive at least one image, the at least one image being captured by the image capturing device and being transmitted from the data terminal to the authentication service via the first communication connection, the 2D/3D image analysis module being configured to recognize a real person as a 3D-object in the at least one image captured by the image capturing device and transmitted to the authentication service,
wherein the face detection and face recognition module is configured to perform image analysis on the at least one image,
wherein the face detection and face recognition module is configured to compare a result of the image analysis with user reference data saved in the database,
wherein the authentication service further comprises an authentication service interface,
wherein there is a second communication connection between the point of sale and the authentication service interface via the communication network, and
wherein the face detection and face recognition module is configured to transmit an authentication signal via the transmitted unique identifier directly to the point of sale via the second communication connection of the communication network.

US Pat. No. 10,341,339

TECHNIQUES FOR HEARABLE AUTHENTICATION

HARMAN INTERNATIONAL INDU...

1. An apparatus comprising:an earpiece;
a triggering device configured to generate an audio stimulus;
an electroencephalogram (EEG) sensor configured to measure an EEG signature of a user in response to the audio stimulus;
a wireless transceiver configured to communicate with a wireless access point of a wireless communication network, wherein the wireless communication network includes a device associated with a home network system of a home; and
a controller configured to establish authenticated access to the wireless communication network based on the EEG signature associated with the user;
wherein the device associated with the home network system is configured to, in response to the controller establishing authenticated access to the wireless communication network, perform one or more operations comprising at least one of deactivating a home security system of the home, powering one or more lights in the home on or off, and modifying at least one of a heating set point and a cooling set point in the home.

US Pat. No. 10,341,338

SMART CARD REDIRECTION

PARALLELS INTERNATIONAL G...

1. A method comprising:establishing, by a processing device of a server executing an application, a network connection to a client device having a smart card;
detecting a program call associated with an authentication of a user of the client device for accessing the application;
determining, based on the program call, whether the smart card is a remote smart card for the server;
responsive to determining that the smart card is the remote smart card, redirecting the program call to the client device via a communication channel of the network connection; and
authenticating, by the server using a local component, the user of the client device in view of data returned by the client device in response to the program call, the local component handling the remote smart card as local to the server.

US Pat. No. 10,341,337

SYSTEM AND METHOD FOR ISSUING OTP APPLICATION IN FACE-TO-FACE CONFIRMATION MANNER

SK PLANET CO., LTD., Seo...

1. A system for issuing an one time password (OTP) application in a face-to-face confirmation manner, the system comprising:at least one or more service provider devices configured to transmit OTP application issuance request information to an integrated service device, wherein the OTP application issuance request information includes recognition information on recognition of a terminal device tagged on a reader provided for each service provider or entering a previously set service area; and
the integrated service device configured to:
register secure storage medium identification information as medium identification information for OTP authentication; and
transmit an OTP installation guide to the terminal device when the recognition information is the secure storage medium identification information; and
transmit the OTP installation guide to the terminal device when the recognition information is terminal device identification information;
wherein the terminal device receiving the OTP installation guide is configured to determine whether the OTP application exists, and when the OTP application is determined not to exist, displays an OTP application installation guide and installs the OTP application according to selection of a user; and
wherein the service provider device is further configured to:
transmit an OTP serial number received from the service provider to the integrated service device;
wherein the service provider device includes an authentication request unit configured to, when the OTP application issuance request information is inputted, perform confirmation of a real name of a customer, request an authentication number from the integrated service device to confirm the terminal device identification information of the corresponding customer is normal, and receive the authentication number from the customer and verify the authentication number; and
wherein the integrated service device is further configured to receive and register the OTP serial number as medium identification information for OTP authentication.

US Pat. No. 10,341,336

ELECTRONIC DEVICE AND METHOD FOR GENERATING RANDOM AND UNIQUE CODE

INNOAUS KOREA INC., Seou...

1. A method comprising:obtaining, by a processor of a first electronic device, a first seed for generating a one-time password (OTP), a character set and a first unique code assigned to a first user, wherein the first unique code is generated by a server;
generating, by the processor, a first OTP using the first seed;
generating, by the processor, a numerical code that corresponds to the first unique code by forward-mapping characters in the first unique code to the character set;
summating, by the processor, the numerical code with the first OTP to obtain a summation result;
backward-mapping, by the processor, the summation result to the character set to obtain characters among the character set, each index thereof corresponding to each numeral value of the summation result;
generating, by the processor, a first sub code that corresponds to the backward-mapped summation result;
backward-mapping, by the processor, the first OTP to the character set to obtain characters among the character set, each index thereof corresponding to each numeral value of the first OTP;
generating, by the processor, a second sub code that corresponds to the backward-mapped first OTP; and
generating, by the processor, a first code using the first sub code and the second sub code, wherein the second sub code is different from the first code,
wherein a second electronic device is configured to perform authentication of the first electronic device based on a comparison between the first code generated by the first electronic device and a second code generated by the second electronic device.

US Pat. No. 10,341,335

LOCATION DETERMINATION FOR USER AUTHENTICATION

A10 Networks, Inc., San ...

1. A system for authentication of a client device, the system comprising:a processor, wherein the processor is a hardware processor configured to:
receive an authentication request from the client device;
establish a current geographical location of the client device;
establish a trusted tolerance geographical area associated with the client device, the trusted tolerance geographical area being circumscribed by a plurality of points, the plurality of points being at varying respective distances from the client device;
determine whether the current geographical location of the client device is within the trusted tolerance geographical area; and
authenticate the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area; and
a database configured to store at least data associated with the client device.

US Pat. No. 10,341,334

WEB BASED SYSTEM THAT ALLOWS USERS TO LOG INTO WEBSITES WITHOUT ENTERING USERNAME AND PASSWORD INFORMATION

Google LLC, Mountain Vie...

1. A computer-implemented method comprising:obtaining, by a client device and from user input, master credentials for a master account of a user, where website credentials for the user for multiple different websites are stored on a server in association with the master account and the master credentials controls access to the master account;
determining, by the client device, that the master credentials are valid;
obtaining, by the client device and from additional user input, particular website credentials for a particular website;
encrypting the particular website credentials with the master credentials;
providing the particular website credentials encrypted with the master credentials to the server;
removing the particular website credentials from the client device;
after providing the particular website credentials encrypted with the master credentials to the server, obtaining, by the client device, a request to access the particular website for which particular website credentials for the user are stored by the server;
in response to obtaining the request to access the particular website for which particular website credentials for the user are stored by the server and determining, by the client device, that the master credentials are valid, obtaining, with the master credentials by the client device and from the server, the particular website credentials for the user for the particular website in an encrypted form;
decrypting, by the client device, the particular website credentials for the user for the particular website with the master credentials; and
accessing, by the client device, the particular website using the particular website credentials.

US Pat. No. 10,341,333

SYSTEMS AND METHODS FOR GENERATING MULTI-DIMENSIONAL PASSWORD AND AUTHENTICATING THEREOF

Tata Consultancy Services...

1. A processor implemented method comprising:(a) processing, a selection by a user, a virtual reality (VR) environment from one or more virtual reality (VR) environments pre-stored in a database, by one or more hardware processors;
(b) presenting, by the one or more hardware processors, a graphical user interface comprising the selected VR environment on a display and dynamically rendering one or more interactive objects, wherein the one or more interactive objects are identified and positioned in the selected VR environments based on a type of the selected VR environment;
(c) tracking, by the one or more hardware processors, a first set of activities comprising (i) behavior of the user, (ii) interaction of the user with at least a subset of the one or more interactive objects, and (iii) one or more changes made to the one or more interactive objects in the selected VR environment, wherein the behavior comprises one or more of positions of the user, head rotation, time spent on a particular position, and one or more corresponding GPS coordinates, and wherein the one or more changes comprises at least one of (a) position, (b) shape, (c) color, and (d) rotation of the one or more interactive objects;
(d) generating, by the one or more hardware processors, a multi-dimensional password based on the first set of tracked activities; and
(e) communicating, by the one or more hardware processors, the multi-dimensional password and multi-media content including details of the multi-dimensional password to the user, and obtaining a confirmation from the user and storing the multi-dimensional password and the multi-media content with the first set of tracked activities in the database;
(f) processing, by the one or more hardware processors, a request for login by the user;
(g) automatically presenting, by the one or more hardware processors, the selected VR environment and rendering a set of interactive objects on a display to the user based on the request, wherein the set of interactive objects comprises at least a subset of interactive objects that are previously interacted by the user when the multi-dimensional password was generated;
(h) tracking, by the one or more hardware processors, a second set of activities comprising (i) behavior of the user, (ii) interaction of the user with the set of interactive objects, and (iii) one or more changes made to the set of interactive objects in the virtual reality (VR) environment, wherein the behavior comprises one or more of positions of the user, head rotation, time spent on a particular position, and one or more corresponding GPS coordinates, and wherein the one or more changes comprises at least one of (a) position, (b) shape, (c) color, and (d) rotation of one or more interactive objects;
(i) performing, by the one or more hardware processors, a first comparison of (i) the second set of tracked activities and (ii) the first set of tracked activities that are previously stored in the database; and
(j) authenticating, by the one or more hardware processors, the user based on the first comparison;
wherein when the first comparison of (i) the first set of tracked activities and (ii) the second set of tracked activities results in a mismatch, the method comprises:
determining, by the one or more hardware processors, number of attempts made by the user to perform the second set of activities; and
enabling, by the one or more hardware processors, based on the number of attempts, resetting of the multi-dimensional password by the user, wherein the step of resetting of the multi-dimensional password by the user comprises:
presenting, by the one or more hardware processors, an option to generate a one-time multi-dimensional image;
generating, by the one or more hardware processors, the one-time multi-dimensional image upon obtaining a confirmation from the user based on the option, wherein the one-time multi-dimensional image comprises at least a portion of sequence of the one or more interactive objects that are previously interacted by the user when the multi-dimensional password was generated;
tracking, by the one or more hardware processors, a third set of activities comprising at least one of (i) behavior of the user, (ii) interaction of the user with at least a subset of one or more interactive objects, and wherein the behavior comprises one or more of positions of the user, head rotation, time spent on a particular position, and one or more corresponding GPS coordinates; and
performing, by the one or more hardware processors, a second comparison of (i) the third set of tracked activities and (ii) the first set of tracked activities and performing, based on the second comparison, at least one of (i) the steps of (a) to (e), or (ii) the steps of (f) to (j).

US Pat. No. 10,341,332

SYSTEM AND METHOD FOR PROVIDING PERSISTENT USER IDENTIFICATION

International Business Ma...

1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for providing persistent user identification, the method comprising:validating, by an authentication server, a credential of a user agent through a communication channel;
sending, from the authentication server to the user agent, a security token;
generating, by the user agent, a keystream from the security token received from the authentication server;
generating, by the user agent, a plurality of security tags, wherein each security tag is a portion of the generated keystream in sequence;
tagging, by the user agent, each of one or more packets of information with one of the plurality of security tags;
pre-requesting, by an authenticator in a network protection system, the security token from the authentication server;
receiving, by the authenticator, one or more tagged packets forwarded by the user agent;
recreating, by the authenticator, one or more comparison security tags based on the keystream generated from the security token;
comparing, by the authenticator, each security tag of the tagged packets against each of the corresponding recreated comparison security tags; and
if each security tag of the tagged packets matches each recreated comparison security tag, forwarding, by the authenticator, the packet to a network destination.

US Pat. No. 10,341,331

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND FIRMWARE PROGRAM

BUFFALO INC., Nagoya-shi...

1. An information processing system, comprising:a first device, the first device being a USB host device; and
a second device, the second device being a USB device, wherein
the first device includes first circuitry configured to:
transmit a predetermined authentication command, including an instruction for issuing authentication information, to the second device, the predetermined authentication command being a command of a small computer system interface (SCSI) format that is unique to a vendor of the SCSI,
receive a response to the predetermined authentication command from the second device, and
determine whether firmware of the second device is falsified based on whether the response received from the second device is a predetermined response and output a determination result, the predetermined authentication command including encoded authentication information,
the second device includes second circuitry configured to:
retain firmware and perform processing based on the firmware,
receive a command from the first device,
determine whether the received command is the predetermined authentication command as a processing of the firmware and, in response to determining that the received command is the predetermined authentication command,
transmit the predetermined response to the first device as the processing of the firmware, and
transmit decoded authentication information, obtained by decoding the encoded authentication information, to the first device, as the processing of the firmware, wherein
in response to receiving the decoded authentication information from the second device, the first circuitry determines whether the firmware of the second device is falsified based on the received decoded authentication information and outputs the determination result.

US Pat. No. 10,341,330

2FA AUTHENTICATION WITH QR ON HMD

1. A method for displaying confidential information, having the following steps:supplying authentication information to a user by mail;
reading in the authentication information with a recording unit of a display device arranged on a head or a recording unit of a mobile radio device;
transmitting identification information associated with the display device arranged on the head or the mobile radio device and the read-in authentication information to a service facility via an over-the-air interface, with the identification information and the read-in authentication information being known to the service facility before the authentication information is supplied;
transmitting the confidential information to the display device arranged on the head or to the mobile radio device via the over-the-air interface if the identification information and the authentication information match the identification information stored at the service facility and the authentication information, and
displaying the confidential information on the display device arranged on the head or on the mobile radio device;wherein the identification information is information negotiated with the service facility and a mobile telephone number associated with the display device, in particular a Mobile Station International Directory Number (MSISDN); andwherein the confidential information is an access password, and/or a cash-card secret code, a debit-card secret code and/or a credit-card secret code.

US Pat. No. 10,341,329

METHOD FOR GENERATING A PUBLIC/PRIVATE KEY PAIR AND PUBLIC KEY CERTIFICATE FOR AN INTERNET OF THINGS DEVICE

NXP B.V., Eindhoven (NL)...

1. A method comprising:providing an integrated circuit (IC) with an IC specific initial public and private key pair and a public key certificate signed by a manufacturer of the IC, to a customer of the IC manufacturer; and
providing a smartcard to the customer, the smartcard having stored thereon customer unique configuration data related to the IC;
wherein the smartcard enables the customer to generate a customization value and a customized public key for an Internet of Things (IoT) device using the customer unique configuration data, and wherein in response to the customer receiving the public key certificate signed by the IC manufacturer from the IC, the customer is enabled to provide the customization value, the customized public key, and a public key certificate signed by the customer to the IC, and wherein the IC is enabled to generate a customized private key for the IoT device.

US Pat. No. 10,341,328

SECURE ON-LINE SIGN-UP AND PROVISIONING FOR WI-FI HOTSPOTS USING A DEVICE-MANAGEMENT PROTOCOL

Intel Corporation, Santa...

1. A device including one or more processors, the one or more processors including circuitry, the circuitry having logic to:associate with a Wi-Fi Alliance Hotspot 2.0 (HS2.0)-enabled Wi-Fi network; establish a transport-layer security (TLS) session with a sign-up server;
send a first OMA-DM package 3 message over a wireless link of the TLS session, the first OMA-DM package 3 message including a generic alert;
send a second OMA-DM package 3 message over the wireless link of the TLS session subsequent to successful certificate enrollment; and
receive a first OMA-DM package 4 message in response to the second OMA-DM package 3 message, the first OMA-DM package 4 message to comprise a command to add a subscription management object (MO) to an OMA-DM tree of the device, the OMA-DM tree having a hierarchical structure comprised of at least a root and nodes, and wherein the OMA-DM tree comprises a fully-qualified domain name (FQDN) for at least one service provider, and a subscription MO for the at least one service provider.

US Pat. No. 10,341,327

ENABLING SECURE CONNECTIONS BY MANAGING SIGNER CERTIFICATES

Bank of America Corporati...

1. A system for managing security certificates, the system comprising:a memory device;
a network communication interface; and
a processing device operatively coupled to the memory device and the network communication interface, wherein the processing device is configured to execute computer-readable program code to:
collect data;
in response to the collection, authenticate to a server comprising a keystore comprising a plurality of certificates and having a server configuration;
in response to the authentication, determine keystore characteristics from the server configuration;
using the determined keystore characteristics, verify certificate details;
based on the verified certificate details, determine that at least one certificate in the keystore has expired;
in response to the determining that the at least one certificate in the keystore has expired, remove the at least one expired certificate from the keystore of the server;
receive at least one serial number identifying each of the at least one expired certificate;
search for other remote servers storing copies of the at least one expired certificate based on the received at least one serial number;
based on the search, determine other remote servers storing copies of the at least one expired certificate;
select one or more of the determined servers storing copies of the at least one expired certificate; and
remove the at least one expired certificate from the selected one or more servers.

US Pat. No. 10,341,326

NETWORK SECURITY FOR ENCRYPTED CHANNEL BASED ON REPUTATION

Trend Micro Incorporated,...

1. A network security device comprising a processor and a machine-readable storage medium, the machine-readable storage medium storing instructions that when executed by the processor cause the network security device to:monitor an initial communication between two endpoint devices over a computer network;
recognize and parse the initial communication used to establish an encrypted channel between the two endpoint devices;
validate a certificate chain between the two endpoint devices;
determine a reputation for each of a plurality of certificates in the certificate chain;
determine a certificate reputation for the certificate chain, the certificate reputation being determined from and representative of reputations of the plurality of certificates; and
perform a security action to allow or block a communication via the encrypted channel based on the certificate reputation.

US Pat. No. 10,341,325

SYSTEM AND METHOD FOR TRANSFERRING DEVICE IDENTIFYING INFORMATION

VMWARE, INC., Palo Alto,...

1. A system for assessing compliance of a client device while authenticating a user account comprising:a data store comprising executable instructions; and
at least one computing device comprising at least one processor, wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least:
transmit, to the client device, instructions for certificate verification, the instructions comprising a command to transmit a certificate to a key distribution center, the certificate comprising a unique device identifier for the client device, wherein the unique device identifier is assigned by a management service during an enrollment of the client device;
receive, from the client device, a ticket obtained from the key distribution center, wherein the unique device identifier is embedded in the ticket by the key distribution center based on verification that the certificate is valid;
extract the unique device identifier from the ticket;
determine that credentials received from the client device authenticate against the user account;
transmit, to the management service, a request to verify compliance of the client device with at least one compliance rule, wherein the request comprises the unique device identifier; and
authenticate the user account for access through the client device.

US Pat. No. 10,341,324

SPONSORED TRUST RELATIONSHIP MANAGEMENT BETWEEN MULTIPLE RACKS

International Business Ma...

1. A computer-implemented method comprising:sending a request by a new management node associated with a new rack to a first management node associated with a first rack;
wherein the request includes a public key of the new management node;
wherein the first management node is associated with a plurality of autonomous management nodes such that a respective mutual trust relationship exists between at least a portion of management nodes of the plurality of autonomous management nodes;
receiving, by the new management node and from the first management node, a new access token and a set of respective public keys corresponding to a set of respective management nodes of the plurality of autonomous management nodes;
wherein the new management node issues a first access token to the first management node, and the new management node and the first management node establish a mutual trust relationship based on the first access token and the new access token;
sending, by the new management node and to another respective management node of the set of respective management nodes, the public key of the new management node and the new access token;
establishing, based on the sending, a respective mutual trust relationship between the new management node and the other respective management node receiving the public key of the new management node and the new access token;
receiving, by the new management node and in response to establishing a mutual trust relationship with the other respective management node, a request and a public key associated with a second new management node, wherein the second new management node is associated with a second new rack;
sending, in response to the receiving, a second new access token to the second new management node and a second set of public keys associated with a second set of management nodes of the plurality of autonomous management nodes to the second new management node; and
establishing a mutual trust relationship between the new management node and the second new management node based on the second new access token and a third access token issued by the second new management node to the new management node.

US Pat. No. 10,341,323

AUTOMATED METHOD FOR ON DEMAND MULTIFACTOR AUTHENTICATION

GO DADDY OPERATING COMPAN...

1. A method for a domain name registrar to provide enhanced security for a domain name registered to a user, wherein the domain name directs Internet traffic to a website, comprising the steps of:upon the domain name registrar receiving a request from the user for enhanced security for the domain name, performing the steps of:
calculating by the domain name registrar a value of the domain name or determining a rate of Internet traffic to the website;
selecting by the domain name registrar one or more protected activities that will only be performed after a successful multifactor authentication for the domain name, wherein the selected one or more protected activities are at least partially based on the calculated value of the domain name or the determined Internet traffic rate to the website;
parsing by the domain name registrar public records available on the Internet to determine a plurality of authenticatees associated with the domain name or the website and one or more contact methods for each of the plurality of authenticatees;
determining or receiving by the domain name registrar for each authenticatee in the plurality of authenticatees two authentication methods corresponding to two different members of the group consisting of what you know based authentication, what you are based authentication and what you have based authentication and two different correct responses corresponding to the two authentication methods;
selecting by the domain name registrar a minimum number of authenticatees that must be authenticated for a successful multifactor authentication for the domain name, wherein the minimum number of authenticatees is directly related to the calculated value of the domain name or the determined Internet traffic rate to the website;
displaying by the domain name registrar an offer to provide enhanced security for the domain name on a client device to the user;
receiving by the domain name registrar an acceptance of the offer from the user; and
blocking one or more attempts of performing a protected activity in the one or more protected activities on the domain name prior to performing a successful multifactor authentication.

US Pat. No. 10,341,322

ON DEMAND MULTIFACTOR AUTHENTICATION

GO DADDY OPERATING COMPAN...

1. A method for protecting a first domain name registered to a user from an unauthorized first protected activity, comprising the steps of:receiving over a computer network by a domain name registrar from a client device operated by a user a selection of the first domain name registered to the user requiring a successful first multifactor authentication prior to performing a first protected activity;
receiving by the domain name registrar from the client device a selection of the first protected activity, wherein the first protected activity is selected from a group consisting of removing a first domain name from a current account, changing a domain name system record for the first domain name, editing a website pointed to by the first domain name and changing access to an email account based on the first domain name;
receiving by the domain name registrar from the client device a selection of a first plurality of authenticatees;
receiving by the domain name registrar from the client device a first minimum number of authenticatees in the first plurality of authenticatees that must be authenticated for a successful first multifactor authentication, wherein the first minimum number of authenticatees that must be authenticated for the successful first multifactor authentication is less than a number of the first plurality of authenticatees;
receiving by the domain name registrar for each selected authenticatee two authentication methods corresponding to two different members of the group consisting of what you know based authentication, what you are based authentication and what you have based authentication and two different correct responses corresponding to the two authentication methods;
receiving by the domain name registrar from the client device a contact method for each selected authenticatee in the plurality of authenticatees; and
upon receiving two correct responses from at least the first minimum number of authenticatees that must be authenticated for the successful first multifactor authentication, performing the first protected activity on the first domain name registered to the user.

US Pat. No. 10,341,321

SYSTEM AND METHOD FOR POLICY BASED ADAPTIVE APPLICATION CAPABILITY MANAGEMENT AND DEVICE ATTESTATION

MOCANA CORPORATION, Sunn...

1. A method of providing policy based adaptive application capability management during application programming interface invocations by an application executing on a device, the method comprising:sending, by a remote policy management service, the device policy to a local attestation agent on the device;
registering a security descriptor with the trusted services platform module, wherein the security descriptor includes at least authentication and authorization attributes;
negotiating protocol-based capabilities with a remote service to establish a session for secure communications;
sending an operation request through an application programming interface (“API”) to the trusted services platform module;
querying the interface access management module for action directives;
processing, by the interface handler, the received action directives to issue a function request to a security module to execute a trusted function in a trusted execution environment;
generating an operation response to the application, wherein the operation response indicates a denial or completion of the operation request; and
processing the operation response to determine whether to generate an alternative operation request.

US Pat. No. 10,341,320

BYOD CREDENTIAL MANAGEMENT

Aerohive Networks, Inc., ...

1. A method comprising:providing an identity platform system configured to authenticate a company-assigned device for accessing a first network using a first unique pre-shared key associated with the company-assigned device, a first media access control (MAC) address of the company-assigned device being bound to the first unique pre-shared key to associate the first unique pre-shared key with the company-assigned device, the first network comprising an enterprise network, the company-assigned device being assigned to a user by the company and being owned by the company;
providing a personal bring your own device (BYOD) credential management system configured to authenticate a personal BYOD for accessing a second network using a second unique pre-shared key associated with the personal BYOD, a second MAC address of the personal BYOD being bound to the second unique pre-shared key to associate the second unique pre-shared key with the personal BYOD, the second network comprising a guest network, the personal BYOD being owned by the user;
providing a network administrator interface configured to provide access to the identity platform system for a network administrator;
including a personal BYOD credential management system application program interface (API) as part of the identity platform system and configured to provide the identity platform system access to the personal BYOD credential management system as if the personal BYOD credential management system is embedded in the identity platform system;
allowing the network administrator to access the identity platform system through the network administrator interface and manage the personal BYOD credential management system through the personal BYOD credential management system API by accessing the identity platform system.

US Pat. No. 10,341,319

UTILIZING A CUSTOMIZED DIGITAL FONT TO IDENTIFY A COMPUTING DEVICE

ADOBE INC., San Jose, CA...

1. In a digital medium environment for managing digital assets, a method of utilizing electronic fonts to securely identify and authenticate computing devices seeking to access digital assets, comprising:generating, by at least one server device storing client information corresponding to a computing device, a customized digital font unique to the computing device for authenticating the computing device by changing a first character order of a base digital font to a second character order specific to the computing device;
sending the customized digital font from the at least one server device to the computing device;
upon receiving, by the at least one server device, a request for the client information from the computing device, authenticating the computing device based on the computing device utilizing the customized digital font by:
sending a second request to the computing device to render a textual element utilizing the customized digital font;
identifying the textual element by capturing an image of the textual element rendered by the computing device via a web browser; and
determining that the textual element rendered by the computing device via the web browser uses the customized digital font by applying an optical character recognition algorithm to the image of the textual element rendered by the computing device and comparing the textual element with a reference text generated utilizing the customized digital font; and
in response to authenticating the computing device based on the customized digital font, providing the client information corresponding to the computing device from the server device to the computing device.

US Pat. No. 10,341,318

SKILL-BASED SECURE DYNAMIC CONTACT CENTER AGENT ACCESS

Avaya Inc., Santa Clara,...

1. A method comprising:providing a virtualized network infrastructure, wherein the virtualized network infrastructure comprises a plurality of virtual service networks;
assigning a service instance identifier (ISID) to each of a plurality of skills, wherein each of the ISIDs corresponds to a respective one or more of the plurality of virtual service networks and effective to identify VLAN/VRF traffic across the virtualized network infrastructure;
obtaining, at a processor, configuration information of a call center, wherein the configuration information includes one or more service instance identifiers (ISIDs) each associated with a respective skill, wherein each ISID corresponds to a secure virtual service network associated with the respective skill;
detecting, at the processor, an authenticated agent logon of an agent from an agent device, wherein the authenticated agent logon is a logon to the call center;
retrieving, at the processor, agent skill information from skill group information, wherein the agent skill information corresponds to the agent;
determining, at the processor, based on the agent skill information, one or more secure virtual service networks to permit the agent device to access, wherein the one or more secure virtual service networks are associated with a respective customer identifier and one or more of the ISIDs, wherein the ISID associated with each of the one or more secure virtual service networks that the agent device is permitted to access corresponds to a skill that matches the agent skill information; and
connecting, at the processor, the agent device to access the one or more secure virtual service networks associated with the respective customer identifier using one or more of the ISIDs corresponding to one or more skills matching the agent skill information.

US Pat. No. 10,341,317

SYSTEMS AND METHODS FOR IMPLEMENTING A PERSONALIZED PROVIDER RECOMMENDATION ENGINE

1. A system for making personalized provider recommendations in related categories, the system comprising:a network attached hardware storage configured to store:
a plurality of entity categories, each entity category indicating at least one of a type of good and a type of service offered by a provider, and providers from different entity categories offer different types of goods or different types of services;
a plurality of provider specific profiles, each provider specific profile including an associated provider and at least one associated entity category from the plurality of entity categories;
a plurality of category relationships, each category relationship indicating that two or more entity categories from the plurality of entity categories are related; and
a plurality of user accounts, each user account including associated authentication data and associated user profile data;
a user interface configured to:
receive authentication information from a user;
transmit the authentication information to a computer server system;
receive context information indicating at least one of a current condition or an attribute of an environment of the user;
transmit the context information to the computer server system;
receive a plurality of providers from the computer server system; wherein the plurality of providers is personalized to the user; and
display the plurality of providers; and
the computer server system being communicatively coupled to the network attached storage and the user interface, the computer server system being configured to:
receive the authentication information from the user interface;
identify a first user account from the plurality of user accounts based on the authentication information;
compare the authentication information with a first authentication data that is associated with the first user account;
authenticate the user based on the comparison of the authentication information with the first authentication data;
receive the context information from the user interface, the context information comprises a determined geographic location, of the user, determined by a mobile device of the user;
identify a first entity category from the plurality of entity categories based on the context information;
identify a first category relationship from the plurality of category relationships based on the first entity category, the first category relationship indicating that the first entity category and a second entity category are related, wherein the second entity category is different from the first entity category;
select a first provider specific profile from the plurality of provider specific profiles based on first user profile data that is associated with the first user account, wherein the first provider specific profile is associated with the first entity category;
select a second provider specific profile from the plurality of provider specific profiles based on the first user profile data, wherein the second provider specific profile is associated with the second entity category;
transmit to the user interface, a first provider associated with the first provider specific profile and a second provider associated with the second provider specific profile, wherein the first provider and the second provider are different providers;
process a content provisioning management layer engine to provide an intermediary content interface for the first provider and the second provider to manage intermediary content transmitted by an intermediary system to the user interface on behalf of the first provider and the second provider where the content provisioning management layer engine analyzes the intermediary content transmitted and based on the analysis assigns the intermediary system to one or more of a specific category and a general category, to thereby provide a central management for intermediary content information transmitted between the first and second providers, the intermediary system and the user interface; and
in response to transmitting the first and second providers to the user interface, adjust the user interface to lower resolution of the user interface and computational resources required to display the transmitted providers on the mobile device of the user.

US Pat. No. 10,341,316

INJECTING CREDENTIALS INTO WEB BROWSER REQUESTS

AVAST SOFTWARE S.R.O., P...

1. A method comprising:determining that a form includes a password field for a server application, wherein the form is displayed within a tab or a window of a browser executing on a device;
requesting a password for the server application from a password manager, wherein the password manager is executed on the device and includes a request interceptor;
receiving data from the password manager responsive to the request, wherein the data is not the actual password for the server application, and wherein the password manager maintains an internal reference associating the data with the actual password for the server application;
creating a password proxy from the data;
filling in the password field with the password proxy;
issuing, by the browser, a login request containing the password proxy, wherein an intended address of the login request is a server hosting the server application;
intercepting, by the request interceptor on the device, the login request containing the password proxy that is intended for the server application;
determining, by the request interceptor on the device, the actual password for the server application by reversing the password proxy to obtain the data from which the password proxy was created and obtaining the actual password from the internal reference associating the data with the actual password;
replacing, by the request interceptor on the device, the password proxy with the actual password in the login request;
forwarding, by the request interceptor on the device, the login request including the actual password to the server application; and
deleting the data received from the password manager and the password proxy in response to determining that the tab or the window of the browser within which the form is displayed has closed.

US Pat. No. 10,341,315

MANAGEMENT OF ACCESS SESSIONS

AIRWATCH LLC, Atlanta, G...

1. A computer-implemented method for providing an access session for at least one application, the computer-implemented method comprising:generating a key for the access session based on a code obtained through a user interface, wherein the key decrypts data stored in a data store of a client device;
encrypting the key based on a boot time that represents a latest time the client device was booted, wherein the boot time and the key are applied as inputs to an encryption algorithm;
storing the key in secured storage of the client device, wherein the secured storage is accessible by the at least one application based on a developer certificate; and
accessing the data based on the key.

US Pat. No. 10,341,314

METHOD OF SECURITY AND VERIFIABILITY OF AN ELECTRONIC VOTE

ELECTION-EUROPE, Boulogn...

1. A method of securing and verifying an electronic vote, the method being implemented by at least one processing device, the method comprising the steps of:receiving a temporary voting ballot from a voting entity, the temporary voting ballot being encrypted by a public voting encryption key;
receiving one or more validation voting ballots from the voting entity for the temporary voting ballot, the one or more validation voting ballots each being encrypted by a public validation encryption key, of one or more public validation encryption keys, the one or more public validation encryption keys each being different from the public voting encryption key;
decrypting the one or more validation voting ballots using one or more respective private validation encryption keys corresponding to the one or more public validation encryption keys used to encrypt the one or more respective validation voting ballots; and
sending a validation request generated based on the one or more decrypted validation voting ballots to the voting entity,
wherein upon receiving, from the voting entity, a validation of the validation request, the encrypted temporary voting ballot is registered as a definitive voting ballot to be counted without having been decrypted and the one or more validation voting ballots are eliminated.

US Pat. No. 10,341,313

PERIPHERAL DEVICE, WIRELESS COMMUNICATION CHIP, COMPUTER-READABLE NON-TRANSITORY STORAGE MEDIUM HAVING APPLICATION PROGRAM STORED THEREIN, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD

Nintendo Co., Ltd., Kyot...

1. A peripheral device capable of performing data communication with an authentication service via a predetermined intermediary communication device, the peripheral device comprising a processor and a communications interface connected to the processor, the processor and communications interface configured to:transmit, to the authentication server, an encryption key for encrypted communication, identification information which is information capable of uniquely identifying the peripheral device, and signature information which is a digital signature of the identification information;
receive, from the authentication server, first data which is data based on a result of an authentication process executed in the authentication server on the basis of the identification information and the signature information transmitted by the first communication section, then, encrypt, with the encryption key, request information indicating a transmission request for second data, and transmit the encrypted request information to the authentication server;
receive the second data encrypted and transmitted from the authentication server in response to the request information transmitted by the second communication section, then, decrypt the encrypted second data by use of the encryption key, and transmit the decrypted second data to the authentication server; and
receive, from the authentication server, third data which is data based on a result indicating that authenticity of the second data transmitted by the third communication section has been confirmed in the authentication server, and then execute a communication process using fourth data encrypted with the encryption key, between the peripheral device and the predetermined communication device,
wherein the processor and communications interface are configured to use the same encryption key to (a) encrypt the request information indicating a transmission request for second data, (b) decrypt the encrypted second data and (c) use the encrypted fourth data.

US Pat. No. 10,341,312

CONTENT MANAGEMENT

Nokia Technologies Oy, E...

1. An apparatus comprising:at least one secure integrated component configured to store at least two credentials, each of the at least two credentials comprising a cryptographic key which enables decryption of content, and
at least one processing core configured to cause a first one of the at least two credentials to be employed to decrypt a first encrypted media stream to produce a first decrypted media stream, to cause a second one of the at least two credentials to be employed to decrypt a second encrypted media stream to produce a second decrypted media stream, and to cause the first decrypted media stream be provided to a first rendering device over a first secured tunnel connection, wherein an endpoint of the first secured tunnel connection resides in the apparatus, and to cause the second decrypted media stream to be provided to a rendering device over a second secured tunnel connection.

US Pat. No. 10,341,311

COMMUNICATION DEVICE FOR IMPLEMENTING SELECTIVE ENCRYPTION IN A SOFTWARE DEFINED NETWORK

Schweitzer Engineering La...

1. A communication device configured to selectively encrypt data in a software defined network (SDN), the communication device comprising:a data bus;
a communication interface in communication with the data bus, the communication interface configured to receive a plurality of unencrypted data packets originating from a data producing device in an electric power system;
an SDN controller communication subsystem in communication with the data bus and configured to:
receive from an SDN controller a first criterion used to identify a subset of the plurality of unencrypted data packets to be encrypted;
an encryption subsystem configured to generate an encrypted data payload from an unencrypted data payload based on an encryption key;
a packet processing subsystem configured to:
identify unencrypted data packets to be encrypted based on the first criterion and comprising unencrypted routing information and an unencrypted payload;
selectively parse each identified data packet to extract the unencrypted routing information and the unencrypted data payload;
pass the unencrypted data payload to the encryption subsystem;
generate an encrypted data payload using the encryption key;
receive the encrypted data payload from the encryption subsystem;
generate a substitute packet comprising the unencrypted routing information and the encrypted data payload; and
transmit the substitute packet to a data consuming device in the electric power system using the unencrypted routing information via the communication interface;
wherein the first criterion comprises a determination that a first physical location at which the data consuming device identified by the routing information is separated from a second physical location at which the communication device is located;
wherein the encryption subsystem is further configured to generate a hash message authentication code (HMAC) and to append the HMAC code to the substitute packet; and
wherein the communication device is configured for use in a network that provides end-to-end encryption between the data producing device and the data consuming device that each lack encryption capabilities.

US Pat. No. 10,341,310

SYSTEM FOR AUTHENTICATING USERS USING MULTIPLE FACTORS

OROCK TECHNOLOGIES, INC.,...

1. A system for authenticating a user comprising:an encryption key management system configured to store a plurality of encryption keys; and
a monitoring server coupled to the encryption key management system, the monitoring server configured with specific computer-executable instructions to at least:
receive a first vein ID and a first key ID from a user device, wherein the first key ID references a first encryption key stored in the encryption key management system,
receive a username and password combination from a second user device,
receive behavioral data captured by the second user device as the user enters the username and password combination,
transmit the first key ID to the encryption key management system,
receive the first encryption key from the encryption key management system,
retrieve an encrypted second vein ID,
decrypt the encrypted second vein ID using the first encryption key to generate a decrypted second vein ID,
authenticate a user associated with the user device at least partly by determining that the decrypted second vein ID matches the first vein ID, that the received username and password combination matches a stored username and password combination, and that the received behavioral data matches stored behavioral data,
transmit an indication to the encryption key management system that the user is authenticated,
receive a second key ID and a second encryption key from the encryption key management system, wherein the second key ID references the second encryption key,
re-encrypt the decrypted second vein ID using the second encryption key, and
transmit the re-encrypted second key ID to the user device for storage on a storage device.

US Pat. No. 10,341,309

CRYPTOGRAPHICALLY PROTECTING DATA TRANSFERRED BETWEEN SPATIALLY DISTRIBUTED COMPUTING DEVICES USING AN INTERMEDIARY DATABASE

Allstate Insurance Compan...

1. A method comprising:receiving, at a first computing device and from a plurality of sensors, sensor data;
processing, by the first computing device, the sensor data to generate processed data;
encrypting, by the first computing device and using a first encryption key associated with the first computing device, the processed data to generate first encrypted data;
transmitting, by the first computing device and to an intermediary database, the first encrypted data encrypted using the first encryption key;
after receiving a selection, by a second computing device, of the first encrypted data, receiving, by the first computing device and from the second computing device, a second encryption key associated with the second computing device, wherein the receiving the selection of the first encrypted data comprises:
transmitting, by the first computing device and to the second computing device, a third encryption key, wherein the third encryption key comprises a public key associated with the first computing device, and
receiving, by the first computing device, an encrypted incentive encrypted using the third encryption key, wherein the incentive comprises data exchanging for the sensor data;
responsive to the selection of the first encrypted data, receiving, at the first computing device and from the intermediary database, the first encrypted data;
decrypting, by the first computing device and using the first encryption key, the first encrypted data received from the intermediary database to generate decrypted data;
decrypting, by the first computing device and using a private key corresponding to the public key associated with the first computing device, the encrypted incentive;
encrypting, by the first computing device and using the second encryption key, the decrypted data to generate second encrypted data, wherein the incentive is associated with the second encrypted data encrypted using the second encryption key; and
transmitting, by the first computing device, via the intermediary database, and to the second computing device, the second encrypted data for the second computing device to decrypt and use.

US Pat. No. 10,341,308

METHOD FOR TRANSMITTING INFORMATION FROM A FIRST INFORMATION PROVIDER TO A SECOND INFORMATION PROVIDER VIA AN INFORMATION INTERMEDIARY

Proximic, LLC., Reston, ...

1. A method for transmitting information from a first information provider to a second information provider via an information intermediary, the method comprising:receiving, at a first point in time and at the information intermediary, first information from the first information provider;
generating a plurality of different types of data regarding the first information, wherein the plurality of different types of data regarding the first information are two or more of an extract of the first information, a summary of the first information, one or more keywords, one or more categories, other meta data about or from the first information, and a compression of the first information;
associating and storing the plurality of different types of data regarding the first information with a unique identifier of the first information;
receiving, at a second point in time that is after the first point in time and at the information intermediary, a token comprising the unique identifier of the first information and an identifier of the type of data regarding the first information;
retrieving, based on the unique identifier of the first information and the identifier of the type of data regarding the first information, the data regarding the first information of the type indicated in the token; and
transmitting, from the information intermediary, at least part of the data regarding the first information of the type indicated in the token to the second information provider.

US Pat. No. 10,341,307

METHOD AND SYSTEM FOR SECURE DOCUMENT EXCHANGE

International Business Ma...

1. A method of protecting a document at a first computing machine, comprising:instrumenting an application of the first computing machine by hooking a document protection mechanism directly to the application independent of an operating system layer, the document protection mechanism having a document protection mechanism interface, wherein the application has at least one native function to which the document protection mechanism interface is coupled to instrument the application, thereby transforming the application to provide a secure document exchange function between the first computing machine and a second computing machine located remote from the first computing machine; and
upon a given occurrence that executes the native function and, using the document protection mechanism interface, invoking an encryption utility to encrypt the document prior to its transfer to and receipt at the second computing machine, the encryption utility located in a processing environment distinct from the first computing machine and configured to encrypt the document according to a policy;
wherein the application is a document management application.

US Pat. No. 10,341,306

SYSTEMS AND METHODS FOR APPLICATION IDENTIFICATION

DIVX, LLC, San Diego, CA...

1. A method for granting access to a software library on a user device using a session token, the method comprising:receiving a request for access to a software library on a user device, where the request for access includes a session token, provisioning data and the name of the software library;
where the session token is associated with the software library, is encrypted using information specific to the software library, grants access to the software library when authenticated, and denies access to the software library when not authenticated;
negotiating a session token key with the software library using the user device; and
encrypting the session token with the session token key;
decrypting the session token using the information specific to the software library;
authenticating the decrypted session token;
granting access to the software library when the decrypted session token is authenticated; and
denying access to the software library when the decrypted session token is not authenticated;
receiving at least a portion of an encoded bitstream containing media content;
decoding the at least a portion of an encoded bitstream to access the media content using the user device; and
playing back the accessed media content by the user device.

US Pat. No. 10,341,305

ENCRYPTED COMMUNICATIONS METHOD AND COMMUNICATIONS TERMINAL, AND COMPUTER STORAGE MEDIUM

Sanechips Technology Co.,...

1. An encrypted communication method, comprising:reading, by a source communication terminal, an encryption algorithm and an index of the encryption algorithm from a first Near Field Communication (NFC) security label card;
encrypting, by the source communication terminal, a data packet to be transmitted with the encryption algorithm to generate an encrypted data packet;
sending, by the source communication terminal the encrypted data packet to a target communication terminal; and
sending, by the source communication terminal, the index to the target communication terminal;
wherein the index is used by the target communication terminal to obtain the encryption algorithm, to retrieve a decryption algorithm from a second NFC security label card according to the index, and to decrypt the encrypted data packet according to the decryption algorithm to obtain a decrypted data packet;
the encrypted data packet comprises an encrypted part and an unencrypted part;
the method further comprises:
adding an encryption label to the unencrypted part;
wherein the encryption label is arranged to indicate that the data packet where the label locates is the encrypted data packet, when the encrypted data packet comprises the encryption label, the encryption label indicates that the data packet is the encrypted data packet.

US Pat. No. 10,341,304

DEVICE INDEPENDENT ENCRYPTED CONTENT ACCESS SYSTEM

Snap Inc., Santa Monica,...

1. A method, comprising:receiving a first authentication credential at a user device, the first authentication credential being associated with a user;
based on the first authentication credential, accessing, by one or more processors of the user device, a second authentication credential stored on a key server;
generating, by the one or more processors, an authentication token and an encryption token;
based on the authentication token, accessing, by the one or more processors, a plurality of encrypted content elements, an encrypted master key, and a plurality of encrypted content keys, each content element of the plurality of content elements associated with a separate encrypted content key of the plurality of encrypted content keys;
in response to accessing the encrypted master key, decrypting the master key to generate a master key using the encryption token;
in response to generating the master key, decrypting the plurality of encrypted content keys to generate a plurality of content keys using the master key;
decrypting one or more encrypted content elements of the plurality of encrypted content elements using one or more content keys of the plurality of content keys associated with the one or more encrypted content elements to generate a plurality of content elements;
causing presentation of at least a portion of the plurality of content elements on a display device of the user device.

US Pat. No. 10,341,303

AUTOMATING THE CREATION AND MAINTENANCE OF POLICY COMPLIANT ENVIRONMENTS

STEELCLOUD, LLC, Ashburn...

1. A method for creating a policy compliant computing environment for a target computing device, comprising:receiving, from an electronic device, a customized file incorporating a published policy standard modified for a set of operational requirements defined for the target computing device;
loading the customized file into a memory of the target computing device;
validating the customized file subsequent to loading the customized file into the memory of the target computing device;
parsing the customized file to determine one or more requirements for the target computing device dictated by the published policy standard and the one or more modifications for the set of operational requirements, wherein the one or more requirements include an operating system security policy and a local security policy;
comparing current settings of the target computing device to the one or more requirements defined in the customized file, where a difference between the current settings and the one or more requirements indicates the target computing device is out of compliance;
updating the current settings of the target computing device to satisfy the one or more requirements dictated by the published policy standard and the one or more modifications for the set of operational requirements defined in the customized file, thereby ensuring the target computing device maintains compliance; and
creating a log that records details of the updating the current settings of the target computing device.

US Pat. No. 10,341,302

OPTIMIZED TRANSPORT LAYER SECURITY

Massachusetts Institute o...

3. A method for establishing a secure communication session over a communication path between a client device and a server device according to a communication protocol, the method comprising:storing session initiation information associated with the server device at a second communication interface located on the communication path between the client device and the server device;
sending, in a session initiation phase, a first message from the server device for establishing the secure communication session between the client device and the server device, the first message including session initiation information;
receiving and processing, in the session initiation phase, the first message at a first communication interface implemented on an intermediate device located on the communication path, the processing including forming a second message for establishing the secure communication session including replacing the session initiation information with a reference to the session initiation information;
sending, in the session initiation phase, the second message from the first communication interface over the communication path;
receiving and processing, in the session initiation phase, the second message at a second communication interface on the communication path between the client device and the server device, the processing including forming a third message for establishing the secure communication session including replacing the reference to the session initiation information with the session initiation information stored at the second communication interface such that the third message conforms to the communication protocol;
sending, in the session initiation phase, the third message from the second communication interface to the client device over the communication path;
establishing, in the session initiation phase, the secure communication session using the third message received at the client device; and
passing, in a data communication phase following the session initiation phase, data messages between the client device and the server device in the secure communication session, wherein the intermediate device and the second communication interface do not have access to the content of the data messages,
wherein a first portion of the communication path between the intermediate device and the client device is associated with a high latency and/or a low bandwidth relative to a second portion of the communication path between the intermediate device and the server device.

US Pat. No. 10,341,301

METHOD FOR TRANSMITTING ENCRYPTED DATA, METHOD FOR RECEIVING, CORRESPONDING DEVICES AND COMPUTER PROGRAMS

Ingenico Group, Paris (F...

1. A method of transmitting data from a first terminal, called a sender terminal, to a second terminal, called a receiver terminal, wherein the method comprises:obtaining a piece of current time data;
determining a piece of transmission time data as a function of the piece of current time data and at least one predetermined parameter comprising a duration to be added to the piece of current time data to obtain the piece of transmission time data;
obtaining a piece of data to be encrypted from a concatenation of at least one piece of data to be transmitted and at least one piece of transmission time data;
encrypting, by means of an encryption key, said preliminarily obtained piece of data to be encrypted to generate a piece of encrypted data;
transmitting said piece of encrypted data at a point in time defined by said piece of transmission time data.

US Pat. No. 10,341,300

SYSTEM, METHOD, APPARATUS AND MACHINE-READABLE MEDIA FOR ENTERPRISE WIRELESS CALLING

Cisco Technology, Inc., ...

1. A method, comprising:receiving one or more packets via a secure tunnel from a user device, wherein the user device is connected to a source network via a Wi-Fi access point;
identifying control plane data associated with an ongoing Wi-Fi calling session;
determining that a first packet of the one or more packets is associated with the Wi-Fi calling session by comparing information in the first packet with the control plane data, and in response to determining that the first packet is associated with the Wi-Fi calling session, analyzing the first packet to identify an anomaly in the first packet;
determining that the established Wi-Fi calling session is a threat based, at least in part, on the identified anomaly of the first packet;
taking a mitigating action in response to determining that the Wi-Fi calling session is a threat;
receiving a second one or more packets via a second secure tunnel from a second user device, wherein the second user device is connected to the source network via a second Wi-Fi access point;
identifying second control plane data associated with a second ongoing Wi-Fi calling session;
determining that a second packet of the second one or more packets is associated with the second Wi-Fi calling session by comparing information in the second packet with the second control plane data, and in response analyzing the second packet to identify a potential anomaly in the second packet;
determining that the second Wi-Fi calling session is not a threat based, at least in part, on the analyzing of the second packet;
establishing a signaling link to the source network in response to determining that the second Wi-Fi calling session is not a threat; and
sending a message to the source network over the signaling link to instruct the source network to prioritize network traffic associated with the second Wi-Fi calling session.

US Pat. No. 10,341,299

COLLECTING FIREWALL FLOW RECORDS OF A VIRTUAL INFRASTRUCTURE

Nicira, Inc., Palo Alto,...

1. A computer-implemented method for collecting firewall flow records, the method comprising:receiving firewall flow records from a plurality of data end nodes of a virtualized infrastructure comprising a distributed firewall according to a collection schedule, wherein the collection schedule defines which data end nodes of the plurality of data end nodes from which firewall flow records are collected, a frequency of collection of firewall flow records from the data end nodes, and an amount of firewall flow records collected from the data end nodes;
processing received firewall flow records received at a firewall flow record collection queue, such that the received firewall flow records are prepared for storage at a flow record data store; and
dynamically adapting the collection schedule based at least in part on the processing of the received firewall flow records to control data loss based on available system resources, such that the firewall flow record collection queue is available for processing firewall flow records prior to receiving additional firewall flow records from the data end nodes.

US Pat. No. 10,341,298

SECURITY RULES FOR APPLICATION FIREWALLS

Amazon Technologies, Inc....

1. A system for applying an encrypted customer security rule set to an application firewall, comprising:at least one processor;
a memory device including instructions that, when executed by the at least one processor, cause the system to:
receive an automated notification from a shared data store that an encrypted customer security rule set is available for use by the application firewall operating on a server at an entry point to a computing service environment, wherein the application firewall is a managed service provided by a computing service provider for use with an application hosted in the computing service environment and the application firewall utilizes customer security rules to monitor, filter, and manipulate network traffic associated with the application;
obtain the encrypted customer security rule set from the shared data store accessible to a computing service customer and the computing service environment, wherein the encrypted customer security rule set is owned by the computing service customer and the encrypted customer security rule set is encrypted using a customer encryption key owned by the computing service customer;
obtain the customer encryption key from a key management system using a cross-account security role that provides access to the customer encryption key, wherein the computing service customer creates the cross-account security role granting access to the customer encryption key;
decrypt the encrypted customer security rule set in volatile computer memory of the application firewall forming a corresponding unencrypted customer security rule set in the volatile computer memory; and
register the unencrypted customer security rule set located in the volatile computer memory with the application firewall, wherein the application firewall is configured to apply the unencrypted customer security rule set to network traffic received at the application firewall.

US Pat. No. 10,341,297

DATAPATH PROCESSING OF SERVICE RULES WITH QUALIFIERS DEFINED IN TERMS OF TEMPLATE IDENTIFIERS AND/OR TEMPLATE MATCHING CRITERIA

NICIRA, INC., Palo Alto,...

1. A method of performing a service on a data message having a set of attributes, the method comprising:selecting a service rule comprising (i) a rule identifier for matching against the set of attributes of the data message, the rule identifier defined by reference to a first template identifier that identifies a template for instantiating a multi-tier application deployment in a network, and (ii) a service parameter for performing a service on data messages, wherein an instantiation of the template comprises instantiating multiple data compute nodes (DCNs) with different DCNs implementing different applications in the multi-tier application deployment;
determining that the selected service rule is applicable to the data message, said determining comprising determining that (i) at least a second template identifier associated with the data message is associated with a particular DCN, (ii) the first template identifier and second template identifiers match, and (iii) the particular DCN was deployed by using the template; and
in response to the determination, performing the service on the data message based on the service parameter.

US Pat. No. 10,341,296

FIREWALL CONFIGURED WITH DYNAMIC COLLABORATION FROM NETWORK SERVICES IN A VIRTUAL NETWORK ENVIRONMENT

VMWARE, INC., Palo Alto,...

1. A method for automatic firewall configuration in a virtual computing network environment, the method comprising:mapping virtual machine (VM) inventory objects to Internet protocol (IP) addresses of VMs running on a plurality of host computing systems on one or more computing networks, wherein the VM inventory objects are VMs and associated virtual network interface cards (vNICs);
configuring firewall rules using VM inventory objects based on the mapping, wherein the VM inventory objects are specified in a source and/or destination of the configured firewall rules;
transforming the firewall rules by replacing the VM inventory objects that are specified in the source and/or destination of the configured firewall rules with network interface card (NIC) assigned IP addresses using an IP address management table (IPAM) table and network address translation (NAT) IP addresses using a NAT table;
sending the transformed firewall rules to a firewall engine for filtering communication from and to VMs running on a first host computing system on the one or more computing networks and communication from and to VMs running on a second host computing system on the one or more computing networks at a firewall according to the transformed firewall rules;
determining whether there are any updates made to the configured firewall rules, the IPAM table, the NAT table and/or the VM inventory objects; and
automatically updating the transformed firewall rules sent to the firewall engine by repeating the steps of configuring, transforming and/or sending when there are updates made to the configured firewall rules, the IPAM table, the NAT table and/or the VM inventory objects.

US Pat. No. 10,341,295

SECURITY AND ACCESS CONTROL

Trend Micro Incorporated,...

1. A non-transitory computer readable medium having stored thereon machine readable instructions to provide security and access control, the machine readable instructions, when executed by at least one processor of a computer, cause the computer to: receive traffic that is related to a first application tier of an application, the application comprising a plurality of application tiers that includes the first application tier and a second application tier, the traffic to be routed to the second application tier;analyze attributes of the traffic;
determine the application based on the attribute analysis;
determine a policy related to the application from a plurality of policies respectively directed to each application tier of the plurality of application tiers of the application;
determine a type of the traffic based on the attribute analysis, the type of the traffic indicating whether the traffic is writing data to or reading data from the second application tier;
compare the type of the traffic to the policy to determine whether the traffic is valid traffic or invalid traffic;
based on a determination that the traffic is valid traffic, forward the valid traffic to an intended destination of the valid traffic;
based on a determination that the traffic is invalid traffic, one of forward the invalid traffic to a predetermined destination and block the invalid traffic; and
implement the plurality of application tiers using components implemented in a virtual environment.

US Pat. No. 10,341,294

UNAUTHORIZED COMMUNICATION DETECTION SYSTEM AND UNAUTHORIZED COMMUNICATION DETECTION METHOD

HITACHI, LTD., Tokyo (JP...

1. An unauthorized communication detection system that improves security and performance of a communication network, the system comprising:a communication interface that is communicatively coupled to a plurality of sensors via the communication network;
a memory that stores a determination list for determining whether there is unauthorized communication, wherein the determination list includes a packet pattern and determination pattern that specifies a variation amount and a frequency for each of the plurality of sensors; and
a processor that is communicatively coupled to the communication interface and the memory, wherein the processor:
receives, using the communication interface, a communication packet that from a particular sensor from the plurality of sensors,
extracts a measurement from the communication packet based on the packet pattern of the particular sensor,
retrieves, from the memory, a particular determination pattern for the particular sensor,
determines whether the frequency of the measurement is higher than the frequency of the particular determination pattern, and
on a condition that the frequency of the measurement is higher than the frequency of the particular determination pattern, deletes the communication packet from the communication network.

US Pat. No. 10,341,293

TRANSPARENT FIREWALL FOR PROTECTING FIELD DEVICES

HONEYWELL INTERNATIONAL I...

1. A method of cyber protecting a field device in a process control system including a process controller for controlling said field device which utilizes a communications network using a process communication protocol, comprising:positioning a field device firewall in said communications network between a field network communication interface and said process controller, wherein said field device firewall has a stored list of known device types, types of requests and types of commands, does not support any native communications with said field device, and lacks an IP address on said communications network, said field device firewall including a processor that runs a cyber-protection algorithm implementing:
comparing information including a device type and a type of request or a type of command in a received packet to said known device types, said types of requests or said types of commands in said stored list;
allowing transmission of said received packet to said field device if said comparing determines said information is all on said stored list, and
blocking transmission of said received packet to said field device if said comparing determines said information is not all on said stored list.

US Pat. No. 10,341,292

INCREASED PORT ADDRESS SPACE

Avi Networks, Santa Clar...

1. A method for managing network ports, comprising:receiving network session identification information associated with a destination IP address and a destination network port; and
using a processor to determine for a new session to be established for a source IP address, an available source network port based on the destination IP address and the destination network port, wherein the available source network port is identified as available to be assigned to the new session for the source IP address including by determining that for at least a combination of the destination IP address and the destination network port, the available source network port has not been already assigned for the source IP address;
wherein a same port number of the determined to be available source network port for the new session to be established for the source IP address is concurrently assigned to a different network session for the same source IP address but for a different destination IP address or a different destination network port.

US Pat. No. 10,341,291

METHOD, EQUIPMENT, SYSTEM AND COMPUTER STORAGE MEDIUM FOR IMPLEMENTING NUMBER PORTABILITY ANNOUNCEMENT

ZTE CORPORATION, Guangdo...

1. Method for implementing Number Portability Announcement NPA, comprising:receiving a calling request;
triggering Telephone Number Mapping ENUM to execute an ENUM query and acquiring a query result;
judging whether a callee number generates Number Portability NP according to the query result and acquiring a judgment result; and
sending an announcement instruction to an Media Resource Function Processor MRFP when the judgment result is that the callee number generates the NP, so as to enable the MRFP to announce an NP prompt tone to a caller according to the announcement instruction.

US Pat. No. 10,341,290

METHOD AND SYSTEM FOR PRESENTING RECOMMENDATION INFORMATION

Tencent Technology (Shenz...

1. A method for presenting recommendation information, comprising:receiving, by an information issue server, a data obtaining request from a client terminal, recording an address of the client terminal at this time as a first address, and presenting recommendation information corresponding to a region where the first address belongs for the client terminal;
receiving, by a data collection server, a response message sent from the client terminal after the client terminal has played the recommendation information, recording an address of the client terminal at this time as a second address, and storing a corresponding relationship between the first address and the second address into an address data file, wherein after the client terminal has played the recommendation information, the client terminal sends a feedback message containing a recommendation information identifier to a third-party monitoring system, and the third-party monitoring system calculates a number of times of presenting the recommendation information corresponding to the recommendation information identifier according to the feedback message;
reading, by an address analysis server, a specified address from a region address database which is corresponding to a specified region, and obtaining corresponding relationships each with the first address being the specified address from the address data file; wherein each region corresponds to its own region address database which contains all addresses assigned to the corresponding region; and
when determining, by the address analysis server, via the obtained corresponding relationships that the specified address has been converted by intelligent routing, not presenting, by the information issue server, recommendation information corresponding to the specified region to the specified address when requesting data.

US Pat. No. 10,341,289

SYSTEMS AND METHODS OF CALCULATING COMMUNICATIONS STRENGTHS

FACEBOOK, INC., Menlo Pa...

1. A method comprising:providing, within a graphical user interface on a client device associated with a user, a list of co-users associated with the user within a communications system;
determining a number of a first type of electronic messages exchanged between a user and a first co-user of the communications system;
determining a number of a second type of electronic messages exchanged between the user and the first co-user;
determining a frequency of electronic messages exchanged between the user and the first co-user;
calculating, using at least one processor, a communications strength between the user and the first co-user using:
the number of the first type of electronic messages exchanged between the user and the first co-user,
the number of the second type of electronic messages exchanged between the user and the first co-user, and
the frequency of electronic messages exchanged between the user and the first co-user;
determining the communications strength between the user and the first co-user is greater than a communications strength between the user and a second co-user included on the list of co-users within the graphical user interface;
based on the communications strength between the user and the first co-user being greater than the communications strength between the user and the second co-user, updating the list of co-users within the graphical user interface by automatically adding a first identifier corresponding to the first co-user to the list of co-users and automatically removing a second identifier corresponding to the second co-user from the list of co-users; and
in response to detecting a selection of the first identifier of the first co-user from the list of co-users within the graphical user interface, automatically generating an electronic message to send to the first co-user.

US Pat. No. 10,341,288

METHODS CIRCUITS DEVICES SYSTEMS AND ASSOCIATED COMPUTER EXECUTABLE CODE FOR PROVIDING CONDITIONAL DOMAIN NAME RESOLUTION

SAGUNA NETWORKS LTD., Yo...

1. A conditional domain name system (CDNS) associated with an access point of a data communication network, said system comprising:a DNS query detector to detect a DNS query generated by a data client device communicatively coupled to the access point, wherein the DNS query is addressed to an external DNS and requests a network address of a given networked data resource and continues towards the external DNS;
control logic circuitry to search a functionally associated data repository or cache for a conditional DNS record relating to the given networked data resource, wherein the conditional DNS record includes or links with: (a) an identifier or designator of the given networked data resource, (b) a given network address for the given networked data resource, and (c) a definition of a condition under which said CDNS will provide the given network address as a response to the DNS query for the given networked data resource.

US Pat. No. 10,341,287

DIRECT TRANSMISSION OF DATA BETWEEN APPLICATIONS IN A MULTI-TENANT ENVIRONMENT

International Business Ma...

1. A method for direct transmission of data between applications in a multi-tenant environment, the method comprising:responsive to determining a first tenant and a second tenant exist within a same runtime and a transmission method having a high overhead, establishing a mechanism for transmitting data between the first tenant and the second tenant, wherein the mechanism for transmitting data between the first tenant and the second tenant has a low overhead for transmitting data; and
responsive to a connection being made between the first tenant and the second tenant and a opening of the server socket of the first tenant, establishing the mechanism for transmitting data between the first tenant and the second tenant.

US Pat. No. 10,341,286

METHODS AND SYSTEMS FOR UPDATING DOMAIN NAME SERVICE (DNS) RESOURCE RECORDS

PISMO LABS TECHNOLOGY LIM...

1. A method for updating domain name service (DNS) resource records at a first system, comprising:(a) receiving an update message from a network node periodically and upon occurrence of a first predefined event;
(b) updating a corresponding DNS resource record substantially based on the update message;
wherein the update message comprises an Internet Protocol (IP) address field, a unique identifier field and a network interface identifier field;
wherein the network node comprises a plurality of network interfaces; and
wherein the first predefined event is selected from a group consisting of change of IP address of at least one of the plurality of network interfaces, assignment of IP address of at least one of the plurality of network interfaces, change of DNS resource recorded in at least one of the plurality of network interfaces, change of performance observed in at least one of the plurality of network interfaces connected to the Internet, detection of new Dynamic Host Configuration Protocol (DHCP) server, expiration of DHCP IP address lease, status check, and health check.

US Pat. No. 10,341,285

SYSTEMS, METHODS AND DEVICES FOR INTEGRATING END-HOST AND NETWORK RESOURCES IN DISTRIBUTED MEMORY

OPEN INVENTION NETWORK LL...

23. A method for storing data across distributed digital data storage devices over a digital network, the method comprising:generating for a portion of data a data address from a range of addresses associated with the distributed digital memory resources, the data address comprising therein embedded information that identifies one or more characteristics of said portion;
sending data requests relating to the portion of data over the digital network to a digital network switching interface using said data address, said digital network switching interface comprising a physical mapping database and plurality of network interface ports, said physical mapping database comprising access to a forwarding table stored on accessible physical memory, wherein the digital network switching interface employs congestion monitoring methodology, by having the switching interface monitor latency statistics of the network interface ports, and invalidates forwarding table entries that point to congested ports and adds new forwarding table entries further associating of the data address with the digital data storage device;
receiving the data request at the digital network switching interface and checking to see if the data address has been associated in the forwarding table with information relating to a storage location in the distributed digital data storage devices communicatively coupled to the digital network switching interface;
forwarding the data request to the storage location associated with the data address in the forwarding table, if the data address is associated with information relating to a storage location in the forwarding table, else forwarding the data request to the distributed digital data storage devices in accordance with a data routing methodology; and
remapping the association between a given data address and the corresponding information relating to a given storage location in the forwarding table based on said one or more characteristics.

US Pat. No. 10,341,284

METHODS AND SYSTEMS FOR RECIPIENT MANAGEMENT WITH ELECTRONIC MESSAGES

Pecan Technologies Inc, ...

1. A method of recipient management with electronic messages having time defined actions comprising:using a processor of a message server for:
receiving data inputted by a user, and an electronic address of the recipient at a user client terminal;
creating an electronic message and defining for the electronic message at least one non-message action for the recipient associated with the electronic address inputted by the user, to perform at a location within a defined time frame, said at least one non-message action and said time frame are defined in a metadata included in said electronic message;
sending the electronic message to the electronic address of the recipient for access by a recipient client terminal of the recipient;
triggering an external data source to monitor performance of the at least one non-message action by the recipient associated with the electronic address inputted by the user during the defined time frame according to said metadata, said monitoring detects the recipient being at the location at the defined time frame and performing the at least one non-message action at the location and at the defined time frame; wherein the external data source is in electrical communication with said message server and is independent of actions performed on the electronic message by the recipient client terminal;
receiving via a network an indication of the performance of the at least one non-message action based on the monitoring from the external data source; and
sending instructions to present on the user client terminal a notification in response to the indication.

US Pat. No. 10,341,283

SYSTEMS AND METHODS FOR PROVIDING DATA ANALYTICS FOR VIDEOS BASED ON A TIERED ARCHITECTURE

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:acquiring, by a computing system, a video resource at a first level of a tiered architecture;
generating, by the computing system, based on the video resource, a first video representation at a second level of the tiered architecture, the first video representation being associated with a first publisher;
detecting, by the computing system, that at least a first post posted to a social networking system by a first user and a second post posted to the social networking system by a second user are utilizing the first video representation, the first post and the second post being representable at a third level of the tiered architecture; and
aggregating, by the computing system, data analytics for the first video representation based on the detecting that the first post posted by the first user and the second post posted by the second user are utilizing the first video representation, wherein
the data analytics are associated with social engagement information,
the social engagement information includes at least a first quantity of social engagement with the first post and a second quantity of social engagement with the second post, and
the aggregating the data analytics for the first video representation includes aggregating the first quantity of social engagement and the second quantity of social engagement.

US Pat. No. 10,341,282

IDENTIFYING DIGITAL MAGAZINE SERVER USERS BASED ON ACTIONS BY THE USERS WITH CONTENT ITEMS PRESENTED BY THE DIGITAL MAGAZINE SERVER

Flipboard, Inc., Palo Al...

1. A computer-implemented method comprising:presenting a content item to a plurality of users of a digital magazine server;
receiving information identifying actions performed by a set of users involving the content item, each of the set of users presented with the content item;
storing information identifying each user in the set of users in association with the content item;
receiving a request from a user to provide a comment in association with the content item including data that identifies an additional user, the request including data comprising the comment;
retrieving the information identifying each user in the set of users presented with the content item;
identifying candidate users of the set of users presented with the content item based on the information identifying each user in the set of users presented with the content item and information included in the comment, each candidate user associated with information identifying the candidate user that at least partially matches the data included in the comment identifying the additional user;
determining an order of information identifying each candidate user based on a frequency with which each candidate user performed actions involving the content item presented to each of the candidate users by the digital magazine server; and
presenting information identifying the one or more candidate users to the user in the determined order.

US Pat. No. 10,341,281

ACCESS CONTROL POLICIES ASSOCIATED WITH FREEFORM METADATA

AMAZON TECHNOLOGIES, INC....

1. A computer implemented method for using tags to control access to resources, comprising:associating both a first access control policy and a second access control policy with a single metadata tag, the metadata tag including a freeform character string specifying a key and a key value,
wherein the first access control policy identifies principals that are allowed to assign the metadata tag to the at least one computing resource and
wherein the second access control policy identifies operations that are allowed or not allowed to be performed on resources associated with the key and the key value of the metadata tag;
receiving, from a user using an application programming interface (API), a request to assign the metadata tag to the at least one computing resource;
evaluating the first access control policy based at least in part on a combination of the key and the key value of the metadata tag;
assigning the metadata tag to the at least one computing resource in response to determining that the first access control policy allows the user to assign the metadata tag;
receiving a request to perform an operation on the at least one computing resource;
evaluating, based at least in part on both of the key and the key value of the metadata tag, the second access control policy associated with the metadata tag via an identity management service that retrieves the second access control policy in addition to one or more other access control policies that are related to the request to perform the operation on the computing resource; and
authorizing the request to perform the operation on the at least one computing resource based at least in part on the evaluation of the second access control policy.

US Pat. No. 10,341,280

METHOD, SYSTEM, AND RECORDING MEDIUM FOR PROVIDING MESSAGE BASED ON GROUP UNIT

NAVER Corporation, Seong...

1. A method implemented in a computer for providing text messages in a text message box of a user terminal for receiving the text messages sent through a communication network, the method comprising:classifying, by a processor, a plurality of text messages received at the user terminal into a predefined group based on message content parsed from the received text messages without the received text messages being indicated to be classified into the predefined group by senders of the plurality of text messages, the plurality of text messages including at least two text messages sent to the user terminal from at least two separate senders;
creating, by the processor, a representative item of the predefined group using a select text message included in the predefined group; and
providing, by a processor, message items through a message list displayed in the text message box that includes the representative item as an item associated with the predefined group and a plurality of individual text messages received at the user terminal and not included in the predefined group,
wherein the plurality of text messages classified into the predefined group are provided in the message list as a bundle item, the bundle item being ranked in the message list, and
wherein the representative item of the group is displayed in the bundle item.

US Pat. No. 10,341,279

ACTION LINKS

salesforce.com, inc., Sa...

1. A method of delivering customized action options that integrate a feed system with a non-feed system, the method including:storing an action-link-group, the action-link-group including a plurality of action links, an executions-allowed parameter, and a category parameter indicating a display attribute of the plurality of action links within the feed system, wherein an action link of the plurality of action links is stored with information including:
a label for the action link,
an action-link-URL referencing an API entry of the non-feed system,
an action type indicating a type of action to be taken with respect to the action-link-URL in response to invoking the action link, and
authorization data to be passed during invocation of the action link;
integrating the action-link group as a feed item of the feed system based on the category parameter, wherein an execution status of the action link is maintained with the feed item for comparison with the executions-allowed parameter;
receiving an invocation request, from a user authenticated with a host-user ID, the invocation request including the action link of the plurality of action links;
invoking the action-link-URL with the authorization data;
receiving third-party data from the non-feed system generated responsive to invoking the action-link-URL; and
causing display of the third-party data from the non-feed system as a feed item of the feed system.

US Pat. No. 10,341,278

ADAPTIVE PRESENTATION OF COMMENTS BASED ON SENTIMENT

Flipboard, Inc., Palo Al...

1. A method for ranking comments associated with a content item in a digital magazine, the method comprising:determining, by a processor, a topic of the content item selected by a user of the digital magazine maintained by a digital magazine server;
obtaining emotion scores of comments associated with the content item by the processor, an emotion score of a comment representative of sentiments of a plurality of users toward the comment and determined from emoticons attached to response comments to the comment;
obtaining, by the processor, prior response comments received from the user for comments for content items having the topic;
determining, by the processor, a user propensity of responding to previous comments for content items having the topic by applying a model to the prior response comments received from the user for comments for content items having the topic and emotion scores for previous comments for content items having the topic for which the user provided one or more response comments;
determining, by the processor, response likelihood scores of the comments associated with the content item, a response likelihood score of the comment representing a likelihood of the user responding to the comment and determined based on an emotion score for the comment and the user propensity of responding to previous comments for content items having the topic;
determining a ranking of the comments associated with the content item based on the determined response likelihood scores by the processor; and
displaying the comments associated with the content item in locations of a display area of a client device of the user based on the ranking.

US Pat. No. 10,341,277

PROVIDING VIDEO TO SUBSCRIBERS OF A MESSAGING SYSTEM

1. A method, comprising:obtaining a first live video stream generated by a video source; and
publishing, by one or more computer processors, one or more messages comprising one or more frames of the first live video stream to a first channel of a plurality of channels of a publish-subscribe system, wherein the video source is associated with the first channel.

US Pat. No. 10,341,276

SYSTEMS AND METHODS FOR PROVIDING COMMUNICATIONS WITH OBSCURED MEDIA CONTENT BACKGROUNDS

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:receiving, by a computing system, a communication thread comprising a plurality of responses wherein at least one of the plurality of responses comprises a media content item;
obscuring, by the computing system, the media content item to produce an obscured media content item;
presenting, by the computing system, the communication thread wherein the plurality of responses and the obscured media content item are overlaid in an order based on time data associated with each response and the obscured media content item;
removing, by the computing system, while a first touch gesture is detected, each response and the obscured media content item from presentation of the communication thread in reverse of the order based on time data, wherein removing the obscured media content item comprises:
presenting the media content item while the first touch gesture is detected, wherein the presenting the media content item comprises presenting an unobscure animation to show the media content item; and
ending, by the computing system, the communication thread when a second touch gesture is detected.

US Pat. No. 10,341,275

SHARED CONTENT ITEM COMMENTING

Dropbox, Inc., San Franc...

1. A computer-implemented method, comprising:under the control of one or more computer systems configured with executable instructions,
receiving a scrollable content item uploaded to a first account with an online content management provider;
providing for display, on an interface of a first computing device, the scrollable content item and a comment section associated with the scrollable content item, wherein the scrollable content item is provided using a native application associated with the scrollable content item and wherein the online content management provider provides the comment section through an application associated with the online content management provider on the first computing device and the comment section associated with the scrollable content item is a layer on top of the native application associated with the scrollable content item;
adding, in response to an acceptance of a first share invitation, a copy of the scrollable content item and access to the comment section to a second account;
receiving a first modification to the scrollable content item that includes data associated with at least one first comment to the comment section;
synchronizing the first modification to the scrollable content item with the copy of the scrollable content item in the second account, wherein the synchronization of the first modification provides the at least one first comment to the comment section to the second account;
providing for display, on an interface of a second computing device, the scrollable content item, the comment section associated with the scrollable content item, and the at least one first comment, wherein the scrollable content item is displayed in the native application and the online content management provider provides the comment section and the at least one first comment through an application associated with the online content management provider on the second computing device;
receiving at least one second modification to the scrollable content item, including data associated with a second comment to the comment section, from the application associated with the online content management provider on the second computing device; and
receiving at least one of revisions or additions to the scrollable content item from the application associated with the online content management provider on the first computing device; and
synchronizing the at least one second modification and the at least one of revisions or additions to the copy of the scrollable content item with the scrollable content item in the first account, wherein the synchronization of the at least one second modification provides the second comment to the comment section of the first account.

US Pat. No. 10,341,274

SYSTEMS METHODS AND COMPUTER-READABLE STORAGE MEDIA FOR MESSAGING AND PRESENCE MODIFICATION

PECAN TECHNOLOGIES INC., ...

1. A method of modifying electronic messages, said method comprises:(a) composing at least one electronic message by at least one member selected from the group consisting of: a sending terminal and message generator;
(b) pre-modifying said at least one message by a pre-modification agent, said pre-modifying comprises prescribing at least one pre-modification parameter to said at least one message, wherein said pre-modification parameter defines a conditional action performed in respect to at least one constituent of said message, performed upon meeting a predefined criterion;
(c) providing access to at least one modification parameters database, said database comprising a plurality of modification parameters;
(d) retrieving an updated set of said modifications parameters from said database;
(e) modifying at least one constituent of said message, by a message modification agent, in accordance with at least one parameter selected from the group consisting of:
[i] said modification parameters retrieved from said database;
[ii] said at least one pre-modification parameter prescribed by said pre-modification agent, and
[iii] a combination of said modification parameters and said at least one pre-modification parameter;
(f) receiving said message, as modified by said message modification agent, by a message user agent and presenting said modified message to a recipient;
(g) dynamically updating said modification parameters in said database upon at least one event selected from the group consisting of:
[i] a process actively initiated by a machine associated with said message user agent of said recipient;
[ii] a process actively initiated by a provider of communication services for a machine associated with said message user agent of said recipient;
[iii] a process actively initiated by the database management system of said database;
wherein said method is not implementable for defense against spam or unsolicited messages;
wherein said modification parameters in said database are not updated by the recipient himself/herself, and
wherein said modification parameters are unrelated to the characteristics of said message;
wherein said modification parameters in said database are dynamically updated prior to said modifying of said at least one constituent of said message;
wherein a datum/file necessary for said modification is selected from the group consisting of: a datum/file contained within attachments of said message, datum/file obtainable from an IP address, datum/file obtainable via a URI and/or datum/file obtainable from a URL.

US Pat. No. 10,341,273

COORDINATION OF DATA RECEIVED FROM ONE OR MORE SOURCES OVER ONE OR MORE CHANNELS INTO A SINGLE CONTEXT

III HOLDINGS 2, LLC, Wil...

1. A method for electronically coordinating data from one or more sources, the method comprising:receiving, at a coordination manager via a network from a user device, a user's spoken request for information, the spoken request for information comprising parts of complete data to form a complete request;
identifying, by the coordination manager, whether the received data is partial data or complete data to form the complete request;
responsive to identifying that the received data is complete data, transmitting the received data to an application server; and
responsive to identifying that the received data is partial data:
storing the received data that is identified as partial data;
detecting a data state that indicates a need for a request for data associated with the parts of complete data received in the spoken request;
initiating, by the coordination manager, based on the detected data state, the request for data associated with the parts of complete data received in the spoken request;
receiving by the coordination manager, the requested data associated with the parts of complete data received in the spoken request; and
compiling, by the coordination manager, the stored partial data and the data associated with the parts of complete data received in the spoken request to form the complete request.

US Pat. No. 10,341,272

PERSONALITY REPLY FOR DIGITAL CONTENT

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving, by an automated conversational assistant system that is configured to conduct an automated conversation with a user and from a user device, an image;
generating, by the automated conversational assistant system, one or more image labels and a corresponding score for each image label, wherein each image label is descriptive of a feature depicted in the image and each score indicates a prominence of the feature relative to other features depicted in the image;
selecting, by the automated conversational assistant system and from the one or more image labels, a particular image label that corresponds to a prominent feature depicted in the image based on the score for the particular image label exceeding a threshold score;
based on the particular image label that corresponds to the prominent feature of the image, generating, by the automated conversational assistant system, one or more conversational replies to the image using past conversations between multiple users, predetermined conversational replies, and quotations from media content;
selecting, by the automated conversational assistant system and from among the one or more conversational replies, a conversational reply based on a relationship between content of each of the one or more conversational replies and the particular image label; and
providing, for output by the automated conversational assistant system and to the user device, the conversational reply.

US Pat. No. 10,341,271

METHOD, SYSTEM AND RECORDING MEDIUM FOR COMMUNICATING AND DISPLAYING CONTENT IN A MESSENGER APPLICATION

Line Corporation, Tokyo ...

1. An online communication method performed by a computer, the method comprising:receiving, by at least one processor, a selection instruction from at least one user terminal associated with a user, the selection instruction including information related to content provided by a content provider on a website;
determining, by the at least one processor, a business operator relevant to the content based on the received selection instruction from a plurality of business operators;
establishing, by the at least one processor, an online communication link between a first account of the user associated with a messenger service via the at least one user terminal, the first account being previously registered with the messenger service, and a second account associated with the determined business operator;
generating, by the al least one processor, a talk window associated with the messenger service, the talk window configured to permit message transmission and reception between the first account and the second account based on the selection instruction, without a relationship being established between the first and second accounts, and messenger service settings associated with the user, the generating including,
anonymously processing personal information of the user associated with the first account by replacing the personal information of the user with arbitrary information to be displayed at a terminal associated with the second account when no relationship has been established between the first and second accounts and the messenger service settings indicate that the personal information of the user associated with the first account is set to private;
monitoring, by the at least one processor, a reply rate of the business operator to a message sent via the first account in the talk window;
determining, by the at least one processor, the reply rate based on an average reply time taken by the business operator to reply to messages sent via the first account and a total reply rate of the business operator for replying to messages sent by all users;
determining, by the al least one processor, whether to display a user interface along with the content on a service screen provided by the content provider to enable a messenger call based on the reply rate; and
displaying, by the at least one processor, the user interface based on results of the determining whether to display the user interface.

US Pat. No. 10,341,270

PROVIDING ENHANCED APPLICATION INTEROPERABILITY

Citrix Systems, Inc., Fo...

1. A method, comprising:presenting, by a computing device, and on a display screen of the computing device, a first user interface that is associated with a first application;
detecting a physical rotation of the computing device from a first orientation to a second orientation;
switching, by the computing device and in response to the detected physical rotation of the computing device, from the first application to a second application different from the first application, wherein switching from the first application to the second application comprises:
launching, based on the detected physical rotation of the computing device and before receiving additional user inputs to the computing device, the second application;
passing, from the first application to the second application, contextual information comprising at least some information included in the first user interface of the first application;
replacing, by the computing device, and on the display screen, the first user interface associated with the first application with a second user interface that is associated with the second application to present the second user interface that is associated with the second application, the second user interface of the second application comprising at least some of the contextual information passed from the first application to the second application; and
suspending the first application, wherein an operating state of the first application prior to the suspension is preserved during the suspension when the second user interface that is associated with the second application is presented, the preserved operating state of the first application allowing the computing device to resume operation of the first application at the preserved operating state after switching from the first application to the second application;
after presenting the second user interface that is associated with the second application, determining, by the computing device, that the computing device has been rotated from the second orientation to the first orientation; and
based on determining that the computing device has been rotated from the second orientation to the first orientation, switching, by the computing device, from the second application back to the first application,
wherein switching from the second application back to the first application comprises presenting, on the display screen, the first user interface that is associated with the first application, and
wherein switching from the second application back to the first application comprises updating the first application based on second contextual information comprising at least some information included in the second user interface of the second application.

US Pat. No. 10,341,269

THREADED CONVERSATION CHANNEL WITH A TEMPORARILY EXCLUSIVE CONVERSATION

Microsoft Technology Lice...

1. A data processing system implementing a threaded conversation channel, the data processing system comprising:a network interface coupled to a network;
a memory for storing instructions; and
an electronic processor coupled to the network interface and the memory, the electronic processor configured to execute the instructions stored in the memory to
generate the threaded conversation channel, the threaded conversation channel associated with a plurality of users,
receive conversation parameters including an at least one recipient, a delivery time, and initial message content,
post, to the threaded conversation channel, a temporarily exclusive conversation based on the conversation parameters, wherein the temporarily exclusive conversation is hidden from at least a first user of the plurality of users and viewable by at least a second user of the plurality of users on the threaded conversation channel, the conversation parameters indicating to hide the temporarily exclusive conversation from the first user or make viewable the temporarily exclusive conversation to the second user, and
reveal, to the first user at the delivery time, the temporarily exclusive conversation on the threaded conversation channel.

US Pat. No. 10,341,268

METHOD AND DEVICE FOR IMPLEMENTING INSTANT MESSAGING

BEIJING QIHOO TECHNOLOGY ...

1. A method for implementing instant messaging through a browser, wherein a plug-in interface of an instant messaging tool is preset on the browser, the method comprises:a master process of a browser creating a plug-in process corresponding to the instant messaging tool;
triggering the plug-in interface to inform the master process of the browser to reload a browser window;
the master process of the browser dividing page presentation ranges of a plug-in page of the instant messaging tool and a page presentation range of a current tab of the browser window in the browser window, and informing the plug-in process;
the plug-in process generating the plug-in page according to the divided page presentation ranges, and loading the plug-in page and the re-rendered current tab side by side in the browser window.

US Pat. No. 10,341,267

ANONYMIZED IDENTIFIERS FOR SECURE COMMUNICATION SYSTEMS

Microsoft Technology Lice...

1. A relay system comprising:at least one processor; and
one or more computer-readable storage media having instructions stored thereon that are executable by the at least one processor to perform operations comprising:
receiving, at the relay system, a message including an identifier of a sending user and an identifier of an intended recipient;
determining an encryption process for the intended recipient based on the identifier of the intended recipient, wherein an encryption function applied by the encryption process is unique to the intended recipient;
generating an anonymized identifier of the sending user by applying the determined encryption process to generate an encrypted version of the identifier of the sending user to provide to the intended recipient;
generating a version of the message that includes the anonymized identifier of the sending user and does not include an unencrypted version of the identifier of the sending user; and
sending, for receipt by the intended recipient, the version of the message that includes the anonymized identifier of the sending user and does not include the unencrypted version of the identifier of the sending user;
wherein the identifier of the sending user is obtainable, from the version of the message including the anonymized identifier, with a decryption process that corresponds to the determined encryption process.

US Pat. No. 10,341,266

E-MAIL RELAY DEVICE, E-MAIL RELAY METHOD, AND NON-TRANSITORY STORAGE MEDIUM

NEC CORPORATION, Tokyo (...

1. An e-mail relay device comprising:a memory configured to store program instructions; and
a processor configured to execute the program instructions including:
an e-mail receiving unit that acquires an e-mail to be delivered before the e-mail reaches a transmission destination, the e-mail being transmitted from a transmission source mailer through simple mail transfer protocol (SMTP);
a request notification unit that transmits, after the e-mail receiving unit acquires the e-mail to be delivered, a notification e-mail to a transmission source e-mail address of the e-mail to be delivered, the notification e-mail including an authentication URL to allow communication with a predetermined authentication server through Internet protocol (IP);
a transmission source IP address acquisition unit that acquires, in a case a transmission source terminal communicates with the predetermined authentication server after the notification e-mail is transmitted, an IP address of the transmission source terminal contained in an IP header of an IP packet transmitted and received during the communication; and
a determination unit that determines the reliability of the e-mail to be delivered based on the IP address of the transmission source terminal.

US Pat. No. 10,341,265

DRAG AND DROP INVITATION CREATION

FACEBOOK, INC., Menlo Pa...

1. A method comprising:providing, for display on a client device associated with a user, a user interface comprising:
an electronic calendar interface that comprises one or more user-generated calendar events and a plurality of areas that each correspond to a time parameter defining a date and a time, and
an electronic contact list interface adjacent to the electronic calendar interface that comprises one or more user-identified contacts;
receiving an indication of a drag and drop action from the client device;
determining from the indication of the drag and drop action, using at least one processor, that an identifier associated with a contact displayed in the electronic contact list interface has been dragged and dropped from the electronic contact list interface onto an area from the plurality of areas of the electronic calendar interface; and
in response to determining that the identifier has been dragged and dropped from the electronic contact list interface onto the area from the plurality of areas of the electronic calendar interface:
identifying, using the least one processor, a time parameter that corresponds to the area from the plurality of areas of the electronic calendar interface; and
automatically creating, using the at least one processor, a new calendar event associated with the contact and the identified time parameter and adding an indication of the new calendar event to the electronic calendar interface.

US Pat. No. 10,341,264

TECHNOLOGIES FOR SCALABLE PACKET RECEPTION AND TRANSMISSION

Intel Corporation, Santa...

1. A network device to process packets, the network device comprising:one or more processors that include a plurality of cores;
a network interface controller (NIC) coupled to the one or more processors; and
one or more memory devices having stored therein a plurality of instructions that, when executed by the one or more processors, cause the network device to:
establish a ring in a memory of the one or more memory devices, wherein the ring is defined as a circular buffer to store entries representative of packets;
generate and assign, at a rate that is independent of a rate at which packets are received from a network by the NIC, receive descriptors to the slots in the ring, wherein each receive descriptor corresponds with a memory buffer to store packet data;
determine whether the NIC has received one or more packets;
copy, with direct memory access (DMA) and in response to a determination that the NIC has received one or more packets, packet data of the received one or more packets from the NIC to the memory buffers associated with the receive descriptors assigned to the slots in the ring; and
copy the receive descriptors from the ring to a NIC receive queue before the determination of whether the NIC has received one or more packets, wherein the ring comprises one or more of receive descriptors, metadata, and transmit descriptors interleaved with each other and the NIC receive queue comprises contiguous receive descriptors.

US Pat. No. 10,341,263

SYSTEM AND METHOD FOR ROUTING NETWORK FRAMES BETWEEN VIRTUAL MACHINES

University of Central Flo...

14. A virtual machine-to-virtual machine (VM-to-VM) switch embedded in a network interface card (NIC), the switch comprising:initialization circuitry configured for associating the virtual machine-to-virtual machine (VM-to-VM) switch with a physical port of the NIC, for establishing two or more virtual ports of the VM-to-VM switch and for associating at least one virtual machine (VM) of a first CPU with a first one of the virtual ports of the VM-to-VM switch and associating at least one virtual machine (VM) of a second CPU with a second one of the virtual ports of the VM-to-VM switch, wherein the first CPU and the second CPU are on a common physical server;
receiving circuitry configured for receiving network frames from the physical port of the NIC and from the virtual ports of the VM-to-VM switch, wherein the network frames comprise a Quality of Service (QoS) written into an Internet Protocol (IP) header of the network frames, wherein the QoS identifies a routing path for the network frames;
circuitry configured for reading the QoS written in the IP packet header of the network frames to determine if the QoS of the network frames is consistent with a QoS assigned to the network frames by a user configuration module;
circuitry configured for modifying the QoS of the network frames by rewriting the QoS in the IP packet header of the network frames, using hardware in the VM-to-VM switch, to be consistent with the QoS assigned to the network frames by the user configuration module if it is determined that the QoS of the network frames is not consistent with the QoS assigned to the network frames by the user configuration module; and
routing circuitry configured for routing network frames between the VMs associated with the virtual ports through the VM-to-VM switch based upon the QoS modified by the circuitry of the VM-to-VM switch.

US Pat. No. 10,341,262

PACKET OR PASSIVE OPTICAL NETWORK SYSTEM WITH PROTECTION SWITCHING CAPABILITIES

ELECTRONICS AND TELECOMMU...

1. A packet or passive optical network system with a packet-based protection switching capability, comprising:a transmitter terminal;
a plurality of packet paths; and
a receiver terminal,
wherein the receiver terminal receives a packet that arrives first among identical packets transferred through the plurality of packet paths and discards packets that arrive after the first packet,
wherein the receiver terminal comprises: a duplicate reception prevention filter configured to normally receive the packet that arrives first among the identical packets transferred through the plurality of packet paths and discard packets that arrive after the first packet; and a normal received packet record configured to store a packet that has been previously normally received or a packet identifier of the normally received packet, thereby enabling the duplicate reception prevention filter to determine whether the same packet as the stored packet arrives at the receiver terminal.

US Pat. No. 10,341,261

BONDING DEVICE AND METHOD

TQ DELTA, LLC, Austin, T...

1. A communications device comprising:a plurality of transceivers configurable to simultaneously operate with a combination of bonded and unbonded transceivers, wherein a first DSL transceiver of the plurality of transceivers is operable at a first data rate, and a second DSL transceiver of the plurality of transceivers is simultaneously operable at a second data rate that is different than the first data rate, wherein the first and second transceivers are operable as bonded transceivers and wherein the first and second bonded DSL transceivers are connected to a multi-pair multiplexer and are operable to transmit a single stream of ATM cells or packets on two substreams over two twisted wire pairs from a service provider to a first DSL subscriber,
and wherein a third DSL transceiver, of the plurality of transceivers, is simultaneously operable at a third data rate, wherein the third transceiver is not bonded with any other transceiver and wherein the third DSL transceiver is not connected to the multi-pair multiplexer and is operable to transmit a single stream of ATM cells or packets over one twisted wire pair from the service provider to a second DSL subscriber.

US Pat. No. 10,341,259

PACKET FORWARDING USING PROGRAMMABLE FEATURE PRIORITIZATION

Amazon Technologies, Inc....

1. A network device, comprising:an input interface configured to receive an incoming packet via a network, the incoming packet comprising a packet header;
a virtual routing and forwarding (VRF) classification logic configured to classify the incoming packet for processing;
a plurality of VRF subsystems, each VRF subsystem comprising a plurality of packet processors comprising one or more routing tables, wherein each packet processor for a given VRF subsystem is configured to process the incoming packet and generate a respective action code based on certain functionalities supported by the given VRF subsystem and the packet header;
a plurality of priority arbiters, each priority arbiter logically connected to each of the VRF subsystems, wherein each priority arbiter is configured to generate a respective forwarding decision for the incoming packet based on a mapping of action codes representing different types of system event to a set of priorities associated with a respective priority arbiter; and
an arbiter selector configured to provide an output decision for the incoming packet from a plurality of forwarding decisions generated by the priority arbiters based on a mapping of the given VRF subsystem to one of the priority arbiters,
wherein the classifying the incoming packet comprises assigning the incoming packet to one of the plurality of VRF subsystems.

US Pat. No. 10,341,258

DYNAMIC ADJUSTMENT OF CONNECTION PRIORITY IN NETWORKS

Ciena Corporation, Hanov...

1. An apparatus adapted to dynamically adjust a connection's priority in a network, the apparatus comprising:circuitry adapted to configure the connection with a dynamic priority and setting a current priority based on one or more factors, wherein the connection is a Layer 0 connection, a Layer 1 connection, and a combination thereof;
circuitry adapted to detect an event in the network requiring a change to the current priority, wherein the event changes the one or more factors; and
circuitry adapted to cause a change in the current priority of the connection based on the event,
wherein the connection is a backup path for another connection, and wherein the event is the connection becoming active for the another connection.

US Pat. No. 10,341,257

DATAPATH FOR MULTIPLE TENANTS

NICIRA, INC., Palo Alto,...

1. A method for operating a gateway machine at the edge of a provider network interfacing an external physical network, the method comprising:from the provider network, receiving a packet having a logical network identifier;
executing, on a processor of the gateway machine, a plurality of pipeline stages for determining a next destination of the packet,
wherein executing the plurality of pipeline stages comprises (i) executing a first logical router stage when the logical network identifier is for a first logical network that uses the first logical router, and (ii) executing a second logical router stage when the logical network identifier is for a second logical network that uses the second logical router; and
forwarding the packet to the external physical network based on the determination of the next destination of the received packet.

US Pat. No. 10,341,256

EXCHANGE SWITCH PROTOCOL VERSION IN A DISTRIBUTED SWITCH ENVIRONMENT

International Business Ma...

1. A method for managing a distributed Fibre Channel (FC) fabric, the method comprising:establishing a switch link between a first switching element and a second switching element of the distributed FC fabric;
transmitting, to the second switching element, a control-plane request frame that specifies at least one version of a protocol supported by the first switching element, wherein the control-plane request frame includes a capability descriptor comprising a code identifying the protocol, a lowest supported version value for the protocol, and a highest supported version value for the protocol, and wherein the lowest supported version value and the highest supported version value are specified in distinct fields in the capability descriptor;
receiving, from the second switching element, a control-plane response frame that specifies an accepted version of the protocol mutually supported by the first switching element and the second switching element; and
operating the switch link established between the first switching element and the second switching element using the accepted version of the protocol.

US Pat. No. 10,341,255

SWITCH RESOURCE MANAGER

Hewlett Packard Enterpris...

1. A network switching device, comprising:ports;
a packet switching device associated with the ports;
a central processing unit (CPU) and memory;
an operating system kernel to mediate access to the CPU, memory, and packet switching device, the operating system kernel including a driver for the packet switching device;
a first network operating system (NOS) instance;
a second NOS instance;
a switch resource manager to:
(1) allocate a first plurality of the ports to the first NOS instance and a second plurality of the ports to the second NOS instance,
(2) enforce the allocation such that the first NOS instance can control the packet switching device for only the first plurality of the ports and the second NOS instance can control the packet switching device for only the second plurality of the ports, the switch resource manager including a software development kit (SDK) for the packet switching device in order to interface with the driver for the packet switching device,
(3) maintain a resource map to track the allocation of the ports to the first and second NOS instances,
(4) enforce the allocation by verifying that calls from the first and second NOS instances to the SDK for the packet switching device do not violate the allocation contained in the resource map, and
(5) deny a call from the first or second NOS instance if the call violates the allocation.

US Pat. No. 10,341,254

LINKING INSTANCES WITHIN A CLOUD COMPUTING ENVIRONMENT

International Business Ma...

1. A method for linking instances within a cloud computing environment, comprising:receiving, from a user, a request to link a second cloud instance with a first cloud instance, the request comprising information for generating a set of rules, the information comprising a reaction to be performed with respect to the second cloud instance when an action is performed with respect to the first cloud instance, wherein the set of rules is configurable by a user from options including:
restart the second cloud instance when the first cloud instance is restarted,
delete the second cloud instance when the first cloud instance is deleted,
start the second cloud instance when the first cloud instance is started,
start the second cloud instance when the first cloud instance is stopped, and
create the second cloud instance when the first cloud instance is active;
generating, based on the information included in the request, the set of rules, wherein the set of rules define the reaction to be performed with respect to the second cloud instance when the action is performed with respect to the first cloud instance;
performing the action on the first cloud instance; and
causing the reaction of the second cloud instance, according to the set of rules, in response to the action;
wherein the first cloud instance performs a first function and the second cloud instance performs a second function, and wherein the first function and the second function are different from one another.

US Pat. No. 10,341,253

AUTOMATIC CONSOLIDATION OF NETWORK RESOURCES

Accenture Global Solution...

1. A device, comprising:one or more processors to:
receive data associated with network resources,
the data being received from another device and from a system,
the data including first data that identifies one or more physical dimensions of the network resources;
process the data to align the data received from the other device and from the system;
determine a manner in which the network resources are to be consolidated based on the one or more physical dimensions of the network resources;
determine an order in which to consolidate the network resources based on the one or more physical dimensions; and
perform an action based on determining the manner in which the network resources are to be consolidated,
the action being associated with consolidating the network resources.

US Pat. No. 10,341,252

PARTITION ARBITRATION OPTIMIZATION

Veritas Technologies LLC,...

1. A computer-implemented method comprising:in response to a cluster being partitioned into a plurality of network partitions,
determining, using a first node in a first network partition of the plurality of network partitions, whether
the first node wins a race between the first node and another node, for one or more coordination points of a plurality of coordination points, wherein the first node, in response to winning the race, can configure the one or more coordination points to fence off the other node in the cluster in order to preclude access by the other node to one or more storage devices, and
the plurality of coordination points comprise an odd number of coordination points,
transmitting the determination of the first node to a second node in the first network partition, and
determining, using the second node, whether the second node wins one or more additional coordination points of the plurality of coordination points, other than the one or more coordination points.

US Pat. No. 10,341,251

METHOD AND SYSTEM FOR SECURELY TRANSMITTING VOLUMES INTO CLOUD

Citrix Systems, Inc., Fo...

1. A method comprising:(a) receiving, by a device of a cloud computing service, a first instruction to generate a virtual machine, the generated virtual machine receiving via a first connection a number uniquely associated with a volume service;
(b) receiving, by the device of the cloud computing service, a second instruction to generate one or more target volumes to associate with the generated virtual machine, and generating the one or more target volumes;
(c) receiving, by the generated virtual machine, one or more messages via a second secured connection, the one or more messages comprising an identification of one or more volumes of data and an identification of the number uniquely associated with the volume service received via the first connection;
(d) authenticating, by the generated virtual machine, the one or more messages based at least on the number uniquely associated with the volume service by matching the number uniquely associated with the volume service received via the first connection with the identification of the one or more volumes of data and the identification of the number uniquely associated with the volume service received via the second secured connection;
(e) receiving, by the generated virtual machine, the one or more volumes of data to be stored to the generated one or more target volumes; and
(f) storing the one or more volumes of data to the generated one or more target volumes.

US Pat. No. 10,341,250

DEVICE BASED AUTOMATIC NETWORK PROVISIONING

Accenture Global Solution...

1. A device, comprising:one or more processors to:
receive, from a first party, a user identifier identifying the first party;
provide, to the first party, a user interface including information identifying one or more types of network functionalities for implementation, by a second party, in a network implementation,
the user interface being associated with a configuration automatically identified based on the user identifier identifying the first party, and
the user interface being associated with receiving a selection of the configuration for the network implementation;
detect an interaction with the user interface associated with selecting the configuration for the network implementation,
the configuration for the network implementation indicating integration of a set of third party network functionalities associated with a set of third parties;
automatically provision a set of computing resources for the network implementation based on the configuration for the network implementation,
the set of computing resources providing the set of third party network functionalities; and
provide, to the first party, access to the network implementation based on automatically provisioning the set of computing resources.

US Pat. No. 10,341,249

METHOD FOR UPDATING MESSAGE FILTER RULES OF A NETWORK ACCESS CONTROL UNIT OF AN INDUSTRIAL COMMUNICATION NETWORK ADDRESS MANAGEMENT UNIT, AND CONVERTER UNIT

Siemens Aktiengesellschaf...

1. A method of updating message filter rules of a network access control unit within a firewall system of an industrial communication network including a first communication device, a second communication device, the firewall system further including an address management unit and a converter unit, the method comprising:assigning at least one address-based message filter rule defined symbolically based on device descriptions to the first communication device;
registering the at least one address-based message filter rule defined symbolically based on device descriptions with a corresponding communication network address and a communication device description in the address management unit of the firewall system further including the network access control unit and the converter unit upon identifying an activation, the communication device description comprising at least one of a function indication and a topology indication;
replacing the first communication device with the second communication device, and registering the second communication device in the address management unit of the firewall system further including the network access control unit and the converter unit in response to the replacement of the first communication device with the second communication device such that a communication network address and a communication device description of the second communication device are acquired;
checking, by the address management unit of the firewall system further including the network access control unit and the converter unit, during the registration of the second communication device, whether a communication device with an identical communication device description is already registered;
upon determining that there is a positive check result by the address management unit of the firewall system further including the network access control unit and the converter unit, the address management unit of the firewall system transmitting a change message relating to the registration of the second communication device with a communication device description that is identical to that of the first communication device to the network access control unit or to the converter unit, the change message comprising at least the communication network address and the communication device description of the second communication device; and
upon receiving the change message, replacing the communication network address of the first communication device with the communication network address of the second communication device based on the at least one address-based message filter rule defined symbolically based on device descriptions to update the message filter rules of the firewall system including the address management unit, the network access control unit and the converter unit of the industrial communication network.

US Pat. No. 10,341,248

EVALUATION DEVICE, EVALUATION METHOD AND RECORDING MEDIUM

NIPPON TELEGRAPH AND TELE...

1. An evaluation device, comprising: a communication interface configured to communicate with a control device which is connected to a network that includes at least one transfer device and to receive, from the control device, records used for transmission control of data currently circulating in the network: andprocessing circuitry configured to implement
a first evaluator configured, for each of the records, to evaluate extent of variation of an amount of the data, based on a history of the amounts of the data matching a condition of the record;
a second evaluator configured, for each of the records, to evaluate a size of a space represented by the record, based on the condition of the record; and
a calculator configured, for each of the records, to calculate an index value representing a possibility that the respective record corresponds to a future spike flow at a future time when a predetermined or a greater amount of the data matches the condition of the record within a fixed period of time, based on an evaluation result by the first evaluator, and an evaluation result by the second evaluator,
wherein the processing circuitry is configured to control an output of an indication of a possibility that one of the records corresponds to a future spike flow based on the calculated index values for each of the records.

US Pat. No. 10,341,247

HANDLING PATH ISSUES FOR STORAGE COPY SERVICES

International Business Ma...

1. A method for determining path health to conduct a plurality of Input-Output (IO) operations along a healthy path in a network, the method comprising:receiving an original IO request from a user;
sending the received original IO request on a first path from a primary site to a secondary site;
determining a first IO response associated with the sent original IO request has exceeded a threshold time on the first path between the primary site and the secondary site;
generating a duplicate IO request based on the exceeded threshold time for a response on the first path between the primary site and the secondary site;
sending the generated duplicate IO request on a second path;
receiving a second IO response associated with the sent duplicate IO request on the second path;
receiving the first IO response associated with the original IO request on the first path;
determining that the first IO response was received on the first path after the second IO response was received on the second path;
determining a health state associated with the first path based on determining that the first IO response was received on the first path after the second IO response was received on the second path; and
refreshing a path state machine based on the determined health state associated with the first path.

US Pat. No. 10,341,246

UPDATE PACKET SEQUENCE NUMBER PACKET READY COMMAND

Netronome Systems, Inc., ...

1. A method involving a network flow processor integrated circuit, wherein the network flow processor integrated circuit comprises a first network interface circuit, a second network interface circuit, a bus, and at least a part of a memory system, the method comprising:(a) storing a multicast packet in the memory system;
(b) receiving an egress packet descriptor from the memory system via the bus and onto the first network interface circuit, wherein the egress packet descriptor includes a packet sequence number and a packet ready command, wherein the packet ready command includes a multicast value, an updated sequence number, and an indicator of a network interface circuit, wherein the multicast value indicates whether a packet described by the egress packet descriptor is a multicast packet or a unicast packet, and wherein the first network interface circuit uses and maintains sequence numbers in a first sequence of sequence numbers;
(c) determining a communication mode as a function of the multicast value, wherein the indicator of the network interface circuit of the packet ready command indicates the second network interface circuit, and wherein the second network interface circuit uses and maintains sequence numbers in a second sequence of sequence numbers; and
(d) as a result of the determining of (c) replacing the packet sequence number of the egress packet descriptor with the updated sequence number of the packet ready command thereby generating a modified egress packet descriptor, wherein the receiving of (b), the determining of (c), and the replacing of (d) are performed by the first network interface circuit, wherein at least one copy of the multicast packet is transmitted out of the network flow processor integrated circuit via at least one of the first network interface circuit and the second network interface circuit.

US Pat. No. 10,341,245

BURSTY DATA TRANSMISSION IN A CONGESTION CONTROLLED NETWORK

VMWare, Inc., Palo Alto,...

1. A computer-implemented method comprising:receiving low-latency data, the low-latency data is configured to be transmitted over a network link employing a transport layer congestion control protocol;
determining a window threshold period based on the transport layer congestion control protocol, the window threshold period representing a length of time before a congestion window of the transport layer congestion control protocol begins to decrease in size based on a lack of data transmissions during the length of time;
detecting an idle period between transmissions of bursts of low-latency data; and
transmitting priming data only when the idle period between the transmissions of the bursts of the low-latency data is to exceed the window threshold period, the priming data being transmitted such that the congestion window progressively increases in size or is prevented from decreasing in size.

US Pat. No. 10,341,244

APPARATUS AND METHOD FOR SELECTION OF ENHANCED DISTRIBUTED CHANNEL ACCESS PARAMETERS FOR OFDMA

Nokia Technologies Oy, E...

1. A method, comprising:by an apparatus,
selecting a group of packets for at least one access category;
determining a set of contention parameters based on the at least one access category;
transmitting the selected group of packets by using the determined set of contention parameters;
obtaining information about collision of the transmitted group of packets; and
determining an updated set of contention parameters based on the obtained collision information and a predefined condition;
wherein the set of contention parameters includes a contention window size, and the determining an updated set of contention parameters comprises increasing the contention window size, determining a new access category, and using the minimum of the increased contention window size and the maximum allowed contention window size of the new access category as the updated contention window size.

US Pat. No. 10,341,243

SYSTEMS AND METHODS FOR PROVIDING CONTENT AND SERVICES ON A NETWORK SYSTEM

NOMADIX, INC., Agoura Hi...

1. A method of managing network access using a network management system, the method comprising:receiving a domain name system (DNS) request for a DNS server to resolve a first internet protocol (IP) address associated with a destination site from a user device, wherein the destination site is located external to a network of the network management system;
in response to the DNS request, sending a second IP address to the user device, wherein the second IP address is different than the first IP address and wherein the second IP address corresponds to a network system that is a part of the network of the network management system;
completing a transmission control protocol handshake between the second IP address and a source IP address of the user device;
receiving an HTTP request for the destination site from the user device;
in response to receiving the HTTP request, generating response data, the response data including alternate content that is different from content of the destination site;
sending to the user device the generated response data including alternate content; and
replacing an address of the requested DNS server with an address of a local DNS server.