US Pat. No. 10,462,250

DISTRIBUTED CACHING CLUSTER CLIENT CONFIGURATION

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:requesting, by a client device from a static configuration endpoint of a cache cluster, a configuration of the cache cluster, the cache cluster comprising a set of memory caching nodes that each comprise a reserved memory space that is configured to store the configuration, the reserved memory space being exempt from one or more rules of a caching protocol, the static configuration endpoint being configured to resolve a location of the configuration within the reserved memory space of a memory caching node;
receiving the configuration from the memory caching node of the cache cluster;
transmitting, by the client device, a caching request utilizing the caching protocol and the configuration;
determining, by the client device, that a latency of a response corresponding to the caching request exceeds a threshold value;
transmitting, utilizing an extension of the caching protocol, a provisioning request for a new memory caching node to be added to the cache cluster, the new memory caching node being provisioned to the cache cluster based at least in part on transmission of the provisioning request; and
receiving, by the client device, an updated configuration of the cache cluster identifying at least an addition of the new memory caching node to the cache cluster.

US Pat. No. 10,462,249

GLOBALLY DISTRIBUTED VIRTUAL CACHE FOR WORLDWIDE REAL-TIME DATA ACCESS

SUPER MICRO COMPUTER, INC...

1. A computer-implemented method for caching data within a globally distributed virtual cache, the method comprising:provisioning, to a first server implementing a first portion of the globally distributed virtual cache, a first storage resource associated with a first geographic region to cache first data associated with a first computing device, wherein the first computing device is associated with a first user and is coupled to the first server;
determining that second data is streaming to the first computing device from a second computing device that is associated with a second user and is coupled to a second server implementing a second portion of the globally distributed virtual cache associated with a second geographic region located farther away from the first computing device than the first geographic region; and
in response:
automatically provisioning additional cache storage space to at least one of the first server and a third server implementing a third portion of the globally distributed virtual cache associated with a region located between the first geographic region and the second geographic region, and
causing one or more processors included in at least one of the first server and the third server to execute one or more applications that cause the additional cache storage space to buffer the second data while the second data is being streamed from the second computing device to the first computing device.

US Pat. No. 10,462,248

DIGITAL CONTENT SHARING CLOUD SERVICE SYSTEM, DIGITAL CONTENT SHARING CLOUD SERVICE DEVICE, AND METHOD USING THE SAME

SK PLANET CO., LTD., Seo...

1. A computer-implemented cloud service device comprising:a conversion information collection unit configured to collect conversion information including network information and device information corresponding to at least one terminal device;
a conversion factor determination unit configured to:
determine a conversion factor that is configured to convert an original content based on the conversion information;
determine a converted content size of an original content size corresponding to a download speed of the terminal device;
set the determined converted content size as a base conversion factor;
calculate a first result by applying a first application rate to the set base conversion factor, wherein the first application rate is set corresponding to performance information of the terminal device such that the first application rate is set to 100% when the set base conversion factor is allocated to the performance information having a first maximum value; and
determine the conversion factor by applying a second application rate to the calculated first result after calculating the first result, wherein the second application rate is set corresponding to storage space information of the terminal device such that the second application rate is set to 100% when the set base conversion factor is allocated to the storage space information having a second maximum value; and
a content conversion unit configured to:
convert the original content based on the conversion factor; and
transmit the converted content to the terminal device,
wherein the device information comprises the storage space information of the terminal device and the performance information of the terminal device,
wherein the performance information comprises at least one of central processing unit (CPU) information or resolution information of the terminal device,
wherein the network information comprises at least one of network type information, bandwidth information or a data rate guaranteeing a preset bit error rate, and
wherein at least one of the conversion information collection unit, the conversion factor determination unit, or the content conversion unit is executed by a processor using programs and at least one of non-transitory storage devices.

US Pat. No. 10,462,247

WEB CONTENT CUSTOMIZATION VIA ADAPTATION WEB SERVICES

1. A method comprising:accessing, by executing an instruction with a processor of a first server, a first request for web content, the web content residing on the first server, the first request originating from a client device, the first request including an indication of identifying a characteristic of the client device, the first request including personally identifiable information of a user of the client device;
generating, by executing an instruction with the processor of the first server, a second request to transform the web content into modified web content based on the characteristic of the client device, the second request including a universal resource locator of the web content, the second request not including the personally identifiable information of the user;
obtaining, by executing an instruction with the processor of the first server, the modified web content from a second server in response to the second request;
incorporating, by executing an instruction with the processor of the first server, the personally identifiable information of the user into the modified web content; and
transmitting the modified web content incorporating the personally identifiable information of the user, from the first server to the client device.

US Pat. No. 10,462,246

UNIFIED CONTENT POSTING

Intel Corporation, Santa...

1. An apparatus capable of communicating with multiple website hosts and a computer device, at least in part via a network, the apparatus comprising:at least one server capable of providing, at least in part, services that comprise at least one broker service;
the at least one broker service comprising capability to sign onto the multiple website hosts in response, at least in part, to identification of a user by the at least one server;
the identification being capable of being based, at least in part, upon user identification information provided to the at least one server via the computer device;
the at least one broker service being capable, at least in part, of signing onto the website hosts using pre-stored security-related information of the at least one broker service stored at the at least one server, the pre-stored security-related information being capable of being (1) associated, at least in part, with the user and (2) different from the user identification information;
the at least one server also being capable of receiving content data from the computer device via the network;
the content data being capable of comprising media content;
the services also being capable of comprising other capabilities comprising (1) converting, at least in part, format of the content data into another format that is capable of being associated, at least in part, with at least one website posting, and (2) performing the at least one website posting;
wherein the services are capable of being invoked, at least in part, via at least one Uniform Resource Locator (URL).

US Pat. No. 10,462,245

METHOD, TERMINAL, AND SYSTEM FOR PUSHING INFORMATION

TENCENT TECHNOLOGY (SHENZ...

1. A method for pushing information, comprising:obtaining, by a terminal, a business message from a server;
determining a type of the business message from a real-time type, a timer-setting type, and an instruction-type;
adjusting a sending policy of a heartbeat package based on a determination result of determining the type of the business message, comprising:
when the type of the business message is determined to be the real-time type, adjusting a sending interval of the heartbeat package as a first pre-set time duration and restoring the sending interval of the heartbeat package back to a benchmark time interval after a second pre-set time duration, wherein the first pre-set time duration is greater than the benchmark time interval and less than the second pre-set time duration; and
maintaining a network link connection with the server based on the sending policy of the heartbeat package to provide a pushing operation of the business message.

US Pat. No. 10,462,244

SYNDICATED CLOUD-BASED NOTIFICATION AS A SERVICE

INTERNATIONAL BUSINESS MA...

1. A system for notifying of content changes, comprising:a memory having computer readable instructions; and
one or more processors for executing the computer readable instructions, the computer readable instructions comprising:
monitoring a content source of a content provider, wherein the monitoring comprises:
periodically reading a Notification as a Service (NaaS) extension in a Rich Site Summary (RSS) feed associated with the content source, wherein the NaaS extension in the RSS feed further provides a set of available notification options and wherein the NaaS extension defines a current schema defining a plurality of interest categories of the content source;
wherein the NaaS extension defines a current schema defining a plurality of interest categories of the content source;
identifying a schema change in the content source, based on the periodically reading the NaaS extension, wherein the schema change is associated with a first interest category of the plurality of interest categories of the content source;
in response to identifying the schema change in the content source, based on the periodically reading the NaaS extension, identifying a user subscribed to receive notifications of content changes in the first interest category; and
storing the set of available notification options in a schema storage;transmitting the set of notification options to an interest widget displayed in association with the content source;receiving from the user at the interest widget a selection of a first notification option among the set of available notification options; andnotifying the user of changes in the plurality of interest categories at the content source, responsive to the schema change identified from the periodically reading of the NaaS extension, wherein the notifying the user of the schema change comprises using the first notification option, responsive to the user's selection of the first notification option.

US Pat. No. 10,462,243

METHOD AND DEVICE FOR INTERACTION BETWEEN TERMINALS

TENCENT TECHNOLOGY (SHENZ...

1. A method for interaction between terminals, performed at a device having one or more processors and a memory for storing programs to be executed by the processors, wherein the method comprises:receiving a keyboard operation message;
acquiring indication information of a corresponding operated key according to the keyboard operation message, wherein the indication information is configured to indicate information about the operated key;
acquiring key meaning information corresponding to the indication information according to a preset keyboard escape table;
displaying the indication information and the corresponding key meaning information in a shared screen; and
sending contents displayed in the shared screen to a target terminal when a sharing request of the target terminal is received.

US Pat. No. 10,462,242

RECOMMENDATIONS FOR SHAREABLE LINKS TO CONTENT ITEMS STORED IN AN ONLINE CONTENT MANAGEMENT SERVICE

Dropbox, Inc., San Franc...

1. A method for recommendations for shareable links to content items stored in an online content management service, the method performed by a computing system comprising one or more processing units and memory, the method comprising:monitoring requests to access content items via corresponding shareable links to the content items including, for each request to access a content item, incrementing, in a share history of a first user, a view count associated with the corresponding shareable link to the content item;
based, at least in part, on the monitoring, identifying a first content item, of the content items, receiving at least a threshold number of requests to access the first content item via the corresponding shareable link to the first content item according to the view count, in the share history of the first user, associated with the corresponding shareable link to the first content item;
identifying, in the share history of the first user, a target identifier of a second user with which the corresponding shareable link to the first content item is shared by the first user;
identifying a second content item that: (a) the first user is currently not sharing, and (b) has one or more characteristics in common with the first content item; and
sending a recommendation to the first user to create and share a shareable link to the second content item with the second user.

US Pat. No. 10,462,241

INTERPROGRAM COMMUNICATION WITH EVENT HANDLING FOR METRIC OVERLAYS

Bank of America Corporati...

1. A web service tagging tool comprising:a memory operable to store logging tags; and
a web service application operably coupled to the memory, and comprising:
a tagging engine configured to:
generate a subscription tag linking target data fields, target data location information, and a triggering event, wherein:
the target data fields identifies one or more user data fields on a user interface of a user application;
the target data location information identifies a location of the target data fields on the user interface; and
the triggering event identifies an event for sending data from the target data fields;
send data content comprising the subscription tag to the user application; and
send data content comprising one or more logging tags for the user interface of the user application, wherein each of the one or more logging tags is linked to:
an element of the user interface, wherein the element comprises a hyperlink; and
location information identifying a location of the element in the user application;
a data collection engine configured to:
receive data for the element linked with the one or more logging tags; and
aggregate the received data for each of the one or more logging tags;
a data feed engine operably coupled to the data collection engine, and configured to:
generate one or more data feeds comprising at least a portion of the user data;
forward the one or more data feeds based on routing instructions; and
forward at least one data feed of the one or more data feeds to an operations engine, the at least one data feed comprising user data comprising touch screen gesture data identifying one or more gestures by a user, the operations engine is configured to generate a crash report comprising the at least a portion of the user data and at least a portion of the touch screen gesture data; and
a metric overlay engine operably coupled to the data collection engine, and configured to:
generate overlay data for an overlay mapping the aggregated data to elements of the user interface of the user application, wherein the overlay displays the aggregated data overlaid with mapped elements on the user interface of the user device; and
send the overlay data to the user application.

US Pat. No. 10,462,240

REFERRAL SOURCE TRACKING

FX COMPARED US LLC, New ...

1. A hub system for tracking referral source internet traffic, the hub system comprising a processor and a memory, the memory containing computer readable instructions that, when executed by the processor, cause the processor to:interact with a first user via a first user interface;
select a plurality of providers, including a first provider associated with a first uniform resource identifier (URI) and a second provider associated with a second URI;
based on determining that the first user has been referred to the hub system by a first referral source of a plurality of selected referral sources, modify the first and second URIs, wherein the modifying comprises:
modifying the first URI to create a modified first URI, so that the modified first URI contains a first identifier corresponding to the first referral source, and
modifying the second URI to create a modified second URI, so that the modified second URI contains a second identifier corresponding to the first referral source; and
cause a first hyperlink to be displayed on the first user interface, the first hyperlink being associated with the modified first URI so that the first user is directed to a first provider system associated with the first provider upon the first user selecting, via the first user interface, the first hyperlink that is associated with the modified first URI.

US Pat. No. 10,462,239

FLEXIBLE UNITS FOR EXPERIMENTATION

Microsoft Technology Lice...

1. A method comprising:receiving, from a client device, a selection of an identifier of an experiment unit from a plurality of identifiers of a plurality of experiment units displayed in a user interface for specification of an experiment for execution on a social networking service (SNS), and a value of the experiment unit, the plurality of experiment units including an online company page, an email message, and a job page, and the value of the experiment unit including an identifier of a particular online company page hosted by the SNS;
generating, for the value of the experiment unit, logging data that logs user interactions by one or more users of the SNS, via one or more browsers, with content provided during an execution of the experiment, the generating of the logging data being performed by one or more hardware processors;
generating, for the value of the experiment unit, metric data that measures an attribute associated with the experimental unit, the attribute associated with the experimental unit and measured by the metric data, including a number of unique visitors to the particular online company page;
generating an experiment report based on the logging data and the metric data; and
causing a presentation of the experiment report in a user interface of the client device.

US Pat. No. 10,462,238

REACHABILITY ANALYTICS FOR COMMUNICATIONS

Mitel Networks, Inc., , D...

1. A non-transitory computer readable medium storing machine readable instructions comprising:a reachability engine executed by a processing unit that determines a reachability for a specified party in response to a request for reachability from a client computing device, wherein the reachability characterizes a first probability that the specified party will answer a request for communication using a specified mode of telecommunication at a given time, and wherein the reachability further characterizes a second probability that the specified party will answer the request for communication using an alternate mode of telecommunication, and wherein the first probability and the second probability are above zero percent and less than one-hundred percent;
wherein the reachability engine displays the determination of reachability to an interactive graphical user interface on the client computing device on a reachability output view of the interactive graphical user interface;
wherein the interactive graphical user interface displays information representing a duration of time that the reachability of the specified party is expected to remain above or below a threshold on a duration output view of the interactive graphical user interface;
wherein the interactive graphical user interface includes an element to initiate electronic communication with the specified party via the specified mode of telecommunication or the alternate mode of telecommunication; and
wherein the reachability is based on status data that characterizes an aggregate of at least two of direct status data characterizing a presence state of the specified party, indirect status data and historical status data for the specified party, the status data being maintained in a profile database within a reachability server and obtained from a plurality of database servers connected to a network, wherein the presence state characterizes at least a willingness of the specified party to communicate using voice communications.

US Pat. No. 10,462,237

BROWSER-BASED WORKFLOWS

1. A computing system for browser-based workflows comprising:one or more processors; and
one or more memories having stored therein instructions that, upon execution by the one or more processors, cause the computing system perform operations comprising:
tracking a group of actions performed within a web browsing application;
storing first information indicating actions in the group of actions and an order of performance of the actions in the group of actions;
comparing a plurality of sets of actions included in the group of actions that are tracked;
identifying, based at least in part on the comparing, a first set of actions that is repeated at least a specified number of times within a specified time period;
associating the first set of actions with a workflow based at least in part on the first set of actions being repeated at least the specified number of times within the specified time period;
storing second information indicating an association between the workflow and the first set of actions and indicating an order of performance of the first set of actions;
receiving a request to execute the workflow; and
causing the web browsing application to perform, based at least in part on the second information, the first set of actions.

US Pat. No. 10,462,236

COORDINATING METGADATA

Apple Inc., Cupertino, C...

1. A system comprising:at least one processor; and
at least one memory device coupled to the at least one processor and comprising instructions which, when executed by the at least one processor, cause the at least one processor to:
receive data from a media streaming source configured to stream a plurality of media items,
receive, from a metadata coordination engine, metadata corresponding to a media item of the plurality of media items, wherein the metadata comprises a plurality of geographic location-specific consumption experiences, wherein each of the plurality of geographic location consumption experiences comprises presentation information associated with the media item for a particular geographic location,
encode a secure stream including the media item and the metadata corresponding to the media item, and
send the secure stream to two or more client devices,
wherein presentation of the media item is customized for a first client device of the two or more client devices based on a first geographic location-specific consumption experience for a geographic location of the first client device from the metadata, and
wherein presentation of the media item is customized for a second client device of the two or more client devices based on a second geographic location-specific consumption experience for a geographic location of the second client device from the metadata.

US Pat. No. 10,462,235

GLOBAL PROVISIONING OF MILLIONS OF USERS WITH DEPLOYMENT UNITS

Microsoft Technology Lice...

1. A method of provisioning a service for a new client, the method comprising:periodically synching a replica global provisioning directory that is geographically proximate to a provisioning server with a global provisioning directory that is geographically distant from the provisioning server, wherein the replica global provisioning directory contains information associated with deployment units suitable for providing a service to clients, the information associated with the deployment units comprising, for each deployment unit, geographic location information for locations that the deployment unit provides the service for;
receiving, at the provisioning server, a request for services for a client; and
in response to receiving the request for service, with the provisioning server,
determining a geographic location of the client based on the received request;
performing a search, based on the determined geographic location for the client, of the replica global provisioning directory for a deployment unit associated with the determined geographic location to assign to the client for providing the service to the client;
assigning the client to the deployment unit associated with the determined geographic location, as identified in the search of the replica global provisioning directory; and
transmitting, to the client, information for receiving the service from the assigned deployment unit.

US Pat. No. 10,462,234

APPLICATION RESILIENCE SYSTEM AND METHOD THEREOF FOR APPLICATIONS DEPLOYED ON PLATFORM

HUAWEI TECHNOLOGIES CO., ...

1. An application resilience system for an application, comprising:a memory comprising instructions; and
a computer processor coupled to the memory, wherein the instructions cause the computer processor to be configured to:
analyze data captured, using a monitoring engine associated with the application, to associate an event retrieved from the data captured with an action in a pre-stored template;
store the pre-stored template in the memory, wherein the pre-stored template associates the event with the action for the application, and wherein the pre-stored template associates the event with different actions for different applications such that actions are application specific;
execute the action associated to the event, wherein the action is specified in the pre-stored template;
identify a status of the application;
fetch at least the data captured, the event retrieved from the data captured, or the action associated with the event retrieved;
store the at least the data captured, the event retrieved from the data captured, or the action associated with the event retrieved in a repository; and
notify the status of the application based on at least one notification template storing at least one value.

US Pat. No. 10,462,232

NON-TRANSITORY COMPUTER-READABLE MEDIUM FOR SERVER

Brother Kogyo Kabushiki K...

1. A non-transitory computer-readable medium storing computer-readable instructions for a server,the computer-readable instructions, when executed by a processor of the server, causing the server to execute:
receiving a first registration request from a first relay device for relaying a communication via the Internet between a communication device and the server, the first registration request including a first IP address assigned to the communication device and first identification information for identifying the communication device;
registering target information including the first IP address and the first identification information in a memory in a case where the first registration request is received;
receiving a second registration request from a second relay device for relaying a communication via the Internet between a terminal device different from the communication device and the server after the target information has been registered in the memory, the second registration request including a second IP address assigned to the terminal device and second identification information;
determining whether the second identification information included in the second registration request matches the first identification information included in the target information;
determining, by using the first IP address included in the target information and the second IP address included in the second registration request, whether the communication device and the terminal device are belonging to a same local area network; in a case where a predetermined condition is true, registering, in association with the target information in the memory, connection information for establishing a connection via the Internet between the server and the communication device, the predetermined condition including a determination that the second identification information matches the first identification information and a determination that the communication device and the terminal device are belonging to the same local area network, wherein in a case where the predetermined condition is not true, the connection information is not registered in the memory;
in the case where the predetermined condition is true, sending a sending request including the connection information and a specific IP address assigned to the communication device to the terminal device, the sending request being for causing the terminal device to send the connection information to the communication device with the specific IP address as a destination, wherein in the case where the predetermined condition is not true, the sending request is not sent to the terminal device;
receiving the connection information from the communication device after the terminal device has sent the connection information to the communication device in accordance with the sending request;
establishing the connection via the Internet between the server and the communication device by using the connection information received from the communication device; and
performing, by using the connection, a target service which is related to the communication device identified by the first identification information included in the target information.

US Pat. No. 10,462,231

CONTINUING AN APPLICATION SESSION ON A DIFFERENT DEVICE

Oath Inc., New York, NY ...

1. A method implemented on a machine having a processor, storage, and a communication platform capable of making a connection to a network to continue an application session from one device to another device, the method comprising:responsive to a successful login by a user on a first device authenticated using a certain user identity, providing the first device an instruction to collect information related to a first session of a first application and a statistic of the first application the user is engaged in;
receiving, via the communication platform, at a session information receiving unit from the first device, the information related to the first session, wherein the information indicates content and a presentation thereof on the first device;
storing, at a storage unit, the information in association with the certain user identity;
receiving, via the communication platform from a second device, an indication that the user logged on to the second device using the certain user identity; and
providing, by a session information transmission unit, the information related to the first session to the second device so that the content and the presentation thereof related to the first session and to the statistic of the first application are to be synchronized on the second device via a second application in a second session where the user is engaged in, wherein the first and second applications have at least one common function, and the statistic corresponds to an amount of webpage/document scrolled in a web browser/word processing application.

US Pat. No. 10,462,230

MIGRATING SESSIONS USING A PRIVATE CLOUD-CLOUD TECHNOLOGY

Bank of America Corporati...

1. An apparatus, comprising:a user interface operable to receive:
a request to transfer an active communication session between the apparatus and a first device such that the active communication session is between the apparatus and a second device, wherein the first device and the second device are coupled to a network, and
one or more credentials from a user;
a memory operable to store the request, the credentials from the user, an identifier of the first device, an identifier of the second device, and session information associated with the first active communication session;
a network interface operable to communicate with the network; and
a processor communicatively coupled to the user interface, the memory, and the network interface, the processor operable to;
register the first device and the second device;
detect the active communication session between the apparatus and the first device;
receive, after detecting the active communication session, a first request to transfer the active communication session between the apparatus and the first device such that the active communication session is between the apparatus and the second device;
determine, using the identifier of the first device and the identifier of the second device, whether the first device and the second device are registered and whether transfer of the active communication session is authorized;
if the first device and the second device are registered and transfer of the active communication session is authorized:
store, in the memory, the session information associated with the communication session from a header of the first request to transfer the active communication session;
receive and authenticate credentials of the user provided at the second device;
transmit the stored session information associated with the active communication session to the second device;
receive a second request associated with the active communication session that includes the transmitted session information to restore the active communication session on the second device based on the received second request and the session information; and
prohibit, after receiving the second request, access to the active communication session by the first device for a predefined period of time.

US Pat. No. 10,462,229

METHOD AND APPARATUS FOR INITIATING AND MAINTAINING SESSIONS BETWEEN ENDPOINTS

10. A method for re-anchoring a transport layer session in a communication network, the method comprising:receiving, by at least one processor, a packet comprising a notification of a transport layer session re-anchor from a peer, the packet having a header with a session identifier field, and a record type field indicating that a payload of the packet comprises transport layer session re-anchor information, wherein the packet is encoded with a session key that was negotiated using a station to station protocol, wherein the transport layer session re-anchor comprises transferring the transport layer session from a first address of the peer to a second address of the peer without tearing down the transport layer session, wherein the first address is assigned by a first access point, wherein the second address is assigned by a second access point;
updating, by the at least one processor, a session management table to include the second address of the peer, wherein the transport layer session re-anchor information comprises the second address of the peer; and
communicating, by the at least one processor, with the peer using the second address.

US Pat. No. 10,462,228

PROVIDING ACCESS TO A SMARTCARD WITHIN A REMOTE SESSION

Wyse Technology L.L.C., ...

1. A method, implemented on a server in a virtual desktop infrastructure environment, for enabling smart card access from within a remote session, the method comprising:establishing a remote session between a client and the server, including redirecting a smart card that is connected to the client to the server so that the smart card is accessible on the server;
intercepting, by a smart card stub that executes within the remote session on the server, an application programming interface (API) for accessing the redirected smart card that was made by an application executing within the remote session;
passing, by the smart card stub that executes within the remote session, the intercepted API call to a smart card proxy that is executing on the server within session 0; and
executing, by the smart card proxy that executes within session 0, the API call to access the redirected smart card.

US Pat. No. 10,462,227

ENHANCED PRIVACY AND AGENT CONTROL IN A CO-BROWSING SESSION

Avaya Inc., Basking Ridg...

1. A non-transitory computer readable storage medium having instructions stored thereon that, when executed by a co-browsing system, direct the co-browsing system to perform a method of facilitating control in a co-browsing session, the method comprising:establishing a co-browsing session for a website with a first client device and a second client device, wherein the co-browsing session is capable of accepting input from users at both the first client device and the second client device to control the website;
receiving first permission from the first client device allowing input from the second client device to be presented on the website at the first client device;
after receiving the first permission, receiving first input from the second client device; and
applying an indication of the first input to the website for presentation at the first client device.

US Pat. No. 10,462,226

METHOD FOR DETECTING FRAUDULENT FRAME SENT OVER AN IN-VEHICLE NETWORK SYSTEM

PANASONIC INTELLECTUAL PR...

1. A fraud detection method for use in an in-vehicle network system, the fraud detection method comprising:receiving at least one data frame sent to an in-vehicle network;
verifying a specific identifier in the received data frame only when the received data frame is event-driven data and a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state;
detecting the received data frame as an authenticated data frame when the verifying is successful; and
detecting the received data frame as a fraudulent data frame when the verifying fails,
wherein the predetermined state of the vehicle is the vehicle traveling.

US Pat. No. 10,462,225

METHOD AND SYSTEM FOR AUTONOMOUSLY INTERFACING A VEHICLE ELECTRICAL SYSTEM OF A LEGACY VEHICLE TO AN INTELLIGENT TRANSPORTATION SYSTEM AND VEHICLE DIAGNOSTIC RESOURCES

INNOVA ELECTRONICS CORPOR...

1. An aftermarket vehicle communication device engageable to a vehicle, for interfacing a vehicle electrical system to a V2X data stream, the device comprising:a housing detachably engageable to the vehicle;
a micro computing unit (MCU) disposed within the housing, the MCU defining a processor and a memory, the MCU being configured to derive information from the V2X data stream;
an antenna circuit, disposed within the housing and in communication with the MCU, the antenna circuit being configured to receive and communicate the V2X data stream to the MCU; and
a vehicle electrical system connecting circuit disposed within the housing and in electrical communication with the MCU, the vehicle electrical system connecting circuit being placeable in communication with the vehicle electrical system for communicating the information derived from the V2X data stream to the vehicle electrical system.

US Pat. No. 10,462,224

COORDINATOR FOR LOW POWER SENSOR NETWORK WITH TREE OR STAR TOPOLOGY

Intel Corporation, Santa...

1. An electronic processing system, comprising:a processor;
persistent storage media communicatively coupled to the processor; and
a coordinator communicatively coupled to the processor to coordinate a plurality of low power nodes, wherein the coordinator is further to:
provision each of the plurality of low power nodes,
determine transmission time slots that each correspond to when one of the low power nodes assigned to the transmission time slot is to transmit data to another low power node of the low power nodes or the coordinator,
create a first association for each of the plurality of low power nodes to assign a different one of the transmission time slots to each of the low power nodes,
create a tree topology between the coordinator and the plurality of low power nodes, wherein the tree topology is to include a plurality of branches that each include one or more of the low power nodes,
create a subsequent association based on the tree topology to reassign a plurality of the transmission time slots to a group of the low power nodes based on the branches, and
manage the plurality of low power nodes.

US Pat. No. 10,462,223

METHOD AND SYSTEM FOR DATA COMMUNICATION

Bank of America Corporati...

1. An electronic computer implemented method of data communication, comprising:via a computer-based network, receiving a plurality of virtual nodes with EDI data payload including a node attribute, a GPS location attribute and a biometric ID attribute and at least one data element associated with the GPS location attribute;
electronically via a data communications network, processing the EDI data payloads including the node attribute, the GPS location attribute and the biometric ID attribute and the at least one data element associated with the GPS location attribute and outputting a subset of the EDI data payloads to define a smart data set;
electronically processing the smart data set in a network with machine learning and providing an electronic message responsive thereto; and
transmitting via an EDI data payload, the electronic message to a device associated with the biometric ID attribute.

US Pat. No. 10,462,222

CLOUD STORAGE METHODS AND SYSTEMS

Wolfram Research, Inc., ...

1. A method for adding data to a cloud storage object for storing data, the method comprising:receiving, at one or more processors, one or more messages corresponding to a request to add data to an electronic storage object that is accessible on a network, the one or more messages corresponding to the electronic storage object to which data is to be stored, and including raw data corresponding to the data that is to be stored; and
responsive to the one or more messages:
locating, at one or more processors, the electronic storage object in a database,
identifying, at one or more processors, data conversion metadata in the electronic storage object that indicates how the raw data is to be converted to formatted data in a format that is recognized by a computational application,
using the data conversion metadata to convert, at one or more processors, the raw data to the formatted data in the format recognized by the computational application, and
storing the formatted data to the electronic storage object in the database.

US Pat. No. 10,462,221

DISTRIBUTED STORAGE RESOURCE MANAGEMENT IN A HYPER CONVERGED INFRASTRUCTURE

VMware, Inc., Palo Alto,...

1. A method for distributed resource management in a hyper converged infrastructure, the method comprising:accessing, by a computer, a virtualized infrastructure comprising:
a plurality of host machines, each of said plurality of host machines having resources, the resources comprising:
a central processing unit (CPU), a memory, and a storage, each of the plurality of host machines communicatively coupled with one or more virtual machines;
disaggregating, by said computer, the resources in each of the host machines;
aggregating, by said computer, the resources based on a nature of the resource into a common pool of shared resources;
receiving, at said computer, a request for a workload application having a resource requirement;
matching, by said computer, the resource requirement of the workload application with resources in the common pool of shared resources; and
assigning, by said computer, the matched resources in the common pool of shared resources to the workload application, wherein said plurality of said host machines are communicatively coupled via a host bus adapter, said method further comprising:
utilizing a four queue depth capacity value for said host bus adapter when said workload application has a low performance requirement.

US Pat. No. 10,462,220

CELLULAR NETWORK HIERARCHICAL OPERATIONAL DATA STORAGE

1. A system comprising:a first hardware processor for storing, in a first key-value column-based database, a plurality of data records from a plurality of data sources of a cellular network, the plurality of data records transformed into a single format, wherein a plurality of customer identifiers is used as key-values for indexing the plurality of data records in the first key-value column-based database, wherein at least two of the plurality of data records include:
distance values representing distances of an endpoint device to a cell site; and
bearing values representing bearings of the endpoint device with respect to the cell site;
a second hardware processor for creating a plurality of session records from the plurality of data records that is transformed into the single format, wherein at least a first session record of the plurality of session records includes a velocity of the endpoint device associated with a first session of a plurality of sessions and a number of inter-cell handoff attempts for the first session, wherein the velocity of the endpoint device is calculated from the distance values and the bearing values, and wherein each of the plurality of session records is labeled with a session identifier comprising a customer identifier of the plurality of customer identifiers and a timestamp; and
a third hardware processor for creating a plurality of cell-level records from the plurality of session records, wherein at least a first cell-level record of the plurality of cell-level records comprises a plurality of key performance indicators for the cell site of the cellular network segregated by a plurality of endpoint device types, wherein the third hardware processor is further for storing the plurality of cell-level records, the plurality of cell-level records comprising a fewer number of records and a smaller data volume as compared to a number of records and a data volume of the plurality of data records and the plurality of session records.

US Pat. No. 10,462,219

DISTRIBUTED NETWORK SECURITY SYSTEM PROVIDING ISOLATION OF CUSTOMER DATA

iboss, Inc., San Diego, ...

1. A computer-implemented method executed by one or more processors comprising:assigning, by a multi-tenant node, a first node in a distributed network to a first customer, the first node selected from a set of unassigned nodes that are not assigned to any customer, wherein each of the unassigned nodes reside in the distributed network, wherein the first node is associated with a first physical computing device;
receiving, by a multi-customer computer-security system, first network traffic generated by the communications between first clients on a first network of the first customer, the first network being logically separated from and in data communication with the distributed network;
configuring, by the multi-tenant node, the assigned first node to process network traffic only from the first customer;
processing, by the assigned first node, the first network traffic by applying at least one first computer-security policy to the first network traffic in order to alter the first network traffic to conform to the at least one first computer-security policy;
maintaining, on a second network of a second customer, a resident node on the second network so that the resident node processes second network traffic of the second network by applying at least one second computer-security policy to the second network traffic in order to alter the second network traffic to conform to the at least one second computer-security policy, the second network being logically separated from and in data communication with the distributed network the second customer being different than the first customer, the second network traffic generated by the communications between second clients on the second network of the second customer;
determining, by the multi-tenant node, that the resident node requires additional processing resources in order to process the second network traffic of the second network;
in response to the determining, selecting, by the multi-tenant node, a second node from the set of unassigned nodes residing in the distributed network for the second customer, wherein the second node is different than the first node, wherein the second node is associated with a second physical computing device different than the first physical computing device, and wherein the second node is selected based at least in part on the associated second physical computing device including no nodes that are assigned to the first customer;
assigning, by the multi-tenant node, the second node to the second customer;
configuring, by the multi-tenant node, the assigned second node to process network traffic only from the second customer; and
processing, by the assigned second node, some of the second network traffic of the second network by applying the at least one second computer computer-security policy to the second network traffic in order to alter the second network traffic to conform to the at least one second computer-security policy, wherein the network traffic of the second customer is isolated from the network traffic of the first customer.

US Pat. No. 10,462,218

SYSTEM AND METHOD FOR SENDING PROPOSALS WITHIN A DISTRIBUTED STATE MACHINE REPLICATION SYSTEM

Google LLC, Mountain Vie...

1. A method of sending an original remote procedure call (RPC) having a payload including a proposal for a replicated state machine protocol, the proposal including a unit of data to be written, the method comprising:determining whether a size of the payload meets a predetermined threshold;
splitting, with one or more processors, the proposal into a plurality of Paxos fragments wherein splitting the proposal is based on the size of the payload meeting the predetermined threshold;
sending each of the plurality of Paxos fragments as a separate RPC to a destination device;
receiving an acknowledgement from the destination device for each Paxos fragment received by the destination device;
determining whether the acknowledgement for any Paxos fragment is received within a predetermined time period;
performing an action if the acknowledgement is not received with the predetermined time period;
revising, with the one or more processors, the original RPC, the revising including replacing the payload of the original RPC with a separate reference for each Paxos fragment of the plurality of Paxos fragments sent so that the original RPC can be reconstructed using the one or more references; and
sending, with the one or more processors, the revised RPC to the destination device.

US Pat. No. 10,462,217

PIVOT INTERFACE ELEMENT FOR A MESSAGING SYSTEM

FACEBOOK, INC., Menlo Pa...

15. An apparatus comprising:a non-transitory computer-readable medium storing logic; and
a hardware processor circuit configured to execute the stored logic, the logic configured to cause the processor to:
provide a network interface component configured to receive an input, the input received based on information entered in a one-on-one message composition display;
provide an intent determination component configured to:
analyze information associated with the input to determine that the input is associated with an intent to produce content, wherein an intent to produce content comprises an intent to create a new group message or thread;
in response to determining that the input is associated with an intent to produce content, transmit an instruction to the messaging client to display a pivot interface element within the one-on-one message composition display; and
receive a selection from the messaging client of the pivot interface element, the selection indicating an intent to switch from composing a one-on-one message or thread to a group message or thread;
provide messaging logic configured to create a group message in response to a request from the intent determination component; and
provide a group selection component configured to:
analyze information associated with the input to automatically identify a plurality of suggested users to participate in the group message; and
transmit identifiers for the plurality of suggested group users to a source of the input.

US Pat. No. 10,462,216

WEBRTC API REDIRECTION WITH INTERCEPTION TECHNIQUES

CITRIX SYSTEMS, INC., Fo...

1. A computing system comprising:a virtual desktop server comprising:
a desktop and a desktop application framework associated therewith and a real-time media application to provide real-time communications (RTC), and a native RTC engine to execute a first portion of the real-time media application so as to integrate with other desktop applications and other operating system functionality, and
an API code redirection module to redirect intercepted APIs of the real-time media application intended for the native RTC engine based on redirection code injected into the real-time media application so that a second portion of the real-time media application is redirected; and
a client computing device comprising a client RTC API engine communicating with the API code redirection module through a virtual channel to execute the redirected second portion of the real-time media application, with the redirected second portion of the real-time media application corresponding to real-time media processing and networking being off-loaded to said client computing device.

US Pat. No. 10,462,215

SYSTEMS AND METHODS FOR AN INTELLIGENT DISTRIBUTED WORKING MEMORY

MICROSOFT TECHNOLOGY LICE...

1. A system for intelligent memory sharing and contextual retrieval across multiple devices and multiple applications of a user, the system comprising:at least one processor; and
a memory for storing and encoding computer executable instructions that, when executed by the at least one processor is operative to:
maintain a shared working memory of the user for temporary storage of information until an occurrence of a condition;
collect data from working memories of any device associated with the user;
store the data on the shared working memory;
collect an intelligence framework;
store the intelligence framework on the shared working memory;
analyze the data to determine elements listed within the data utilizing world knowledge, wherein world knowledge is other information discovered and accessed through a network connection, and wherein the world knowledge is associated with and enriches the data;
determine a user context based on the elements;
store the user context in the shared working memory;
send an update to all active devices of the of the user regarding changes to the shared working memory;
analyze the intelligence framework based on the user context;
determine a response based the analysis of the intelligence framework and the world knowledge;
compare the response to a relevancy threshold;
determine that the response meets the relevancy threshold;
send the response to all the active devices of the user and store the response in the shared working memory, upon making the determination that the response meets the relevancy threshold;
determine that the condition occurred; and
in response to the occurrence of the condition, delete all information stored on the shared working memory.

US Pat. No. 10,462,214

VISUALIZATION SYSTEM AND VISUALIZATION METHOD

NEC CORPORATION, Minato-...

1. A visualization system comprising;a processor configured to:
read, from a memory, configuration information on a first virtual machine and a first virtual network; and,
display on a display, based on the configuration information:
a first image, representing the first virtual machine, in a first area representing a first server, wherein the first server hosts the first virtual machine;
a second image, representing a second virtual machine, in a second area representing a second server, wherein the second server hosts the second virtual machine;
a first line, representing a first virtual network, wherein the first virtual network corresponds to communication between the first virtual machine and the second virtual machine,
a first object at an intersection between a second line and the first line, wherein the second line is between the first image and the first line,
a second object at an intersection between a third line and the first line, wherein the third line is between the second image and the first line, and
a fourth line between a third image, representing a switch, and the first area, and a fifth line between the third image and the second area,
wherein the first object and the second object indicate that the first virtual machine is capable of communicating with the second virtual machine through the first virtual network,
the fourth line indicates that the switch is capable of communicating with the first server, and
the fifth line indicates a pathway by which the switch is capable of communication with the second server.

US Pat. No. 10,462,213

BLOCK CHAIN ENCODING WITH FAIR DELAY FOR DISTRIBUTED NETWORK DEVICES

Bank of America Corporati...

1. A system comprising:a first network node wherein the first network node is configured to store a first ledger comprising a first data block and a second data block, wherein the second data block comprises information derived from the first data block;
a second network node wherein the second network node is configured to store a second ledger comprising a third data block and a fourth data block, wherein:
the third data block is identical to the first data block; and
the fourth data block is identical to the second data block; and
a third network node comprising:
a hardware processor configured to:
receive a data entry;
generate a plurality of shares derived using the data entry, wherein generating the plurality of shares comprises:
setting a share quantity indicating the number of shares to generate;
setting a threshold value indicating the number of shares from the share quantity needed to determine the data entry;
assigning a first reference number to the first ledger;
assigning a second reference number to the second ledger;
generating a first share for the first ledger by inputting the first reference number assigned to first ledger into a polynomial function, wherein:
 the degree of the polynomial function is equal to the threshold value minus one; and
 the result of the polynomial function at zero is the data entry; and
generating a second share for the second ledger by inputting the second reference number assigned to the second ledger into the polynomial function;
aggregate the first share with enriched data to generate a first enriched share, wherein:
the enriched data comprises information indicating a first time to publish the first enriched share in the first ledger of the first network node; and
the enriched data comprises an index referencing the data entry;
aggregate the second share with the enriched data to generate a second enriched share, wherein:
the enriched data comprises information indicating a second time to publish the second enriched share in the second ledger of the second network node;
the first time and the second time are the same; and
the enriched data comprises the index referencing the data entry;
transmit the first enriched share to the first network node; and
transmit the second enriched share to the second network node.

US Pat. No. 10,462,212

HYBRID CLOUDS

1. A method, comprising:identifying an edge device in network communication with a cloud extension component of a managed hybrid cloud, wherein the edge device is located outside a core network supporting the managed hybrid cloud;
deploying a lightweight management container to the edge device, the lightweight management container sharing a common control plane with a standard management container used on a traditional compute node in the managed hybrid cloud;
enrolling the edge device in the managed hybrid cloud using the lightweight management container; and
satisfying a resource request directed to the managed hybrid cloud using a resource of the edge device.

US Pat. No. 10,462,211

SYSTEM AND METHOD FOR PROVIDING MORE APPROPRIATE QUESTION/ANSWER RESPONSES BASED UPON PROFILES

International Business Ma...

1. A computer-implemented method comprising:receiving, by a computing device, a question from a user;
generating, via the computing device, after the question is received, a real-time Personality/Experience/Trait (PET) Model from a profile of the user;
providing the question, via the computing device, to at least one subject matter expert;
identifying, via the computing device, a first answer in response to the question from the user, wherein the first answer is provided by a first subject matter expert;
identifying, via the computer device, a second answer in response to the question from the user, wherein the second answer is provided by a second subject matter expert;
mapping, via the computing device, after the first answer and the second answer are identified, the user to at least one trained PET Model created by the at least one subject matter expert;
determining that the profile of the user matches a first profile of the first subject matter expert more than a second profile of the second subject matter expert, wherein determining that the profile of the user matches the first profile of the first subject matter expert more than the second profile of the second subject matter expert includes:
applying a weight to one or more features of the profile of the user, the first profile of the first subject matter expert, and the second profile of the second subject matter expert, wherein applying the weight to the one or more features is based upon, at least in part, determining a correlation between the one or more features of the profile of the user and the first profile of the first subject matter expert, wherein the weight to the one or more features of the profile is determined based upon a similarity of attributes between the real-time PET Model relative to the user and the trained PET Model relative to the at least one subject matter expert; and
upon determining the correlation between the one or more features of the profile of the user and the first profile of the first subject matter expert, applying a higher weight the one or more features having the correlation between the profile of the user and the first profile of the first subject matter expert; and
sending to the user the first answer provided by the first subject matter expert with a preference over the second answer provided by the second subject matter expert based upon, at least in part, determining that the profile of the user matches the first profile of the first subject matter expert more than the second profile of the second subject matter expert first answer provided by the first subject matter expert is more appropriate than the second answer provided by the second subject matter expert based upon the correlation between the one or more features of the profile of the user and the first profile of the first subject matter expert, wherein the first answer provided by the first subject matter expert is determined to be more appropriate than the second answer provided by the second subject matter expert even when the first answer provided by a first subject matter expert is equally as accurate as the second answer provided by the second subject matter expert.

US Pat. No. 10,462,210

TECHNIQUES FOR AUTOMATED INSTALLATION, PACKING, AND CONFIGURATION OF CLOUD STORAGE SERVICES

ORACLE INTERNATIONAL CORP...

1. A computer-implemented method comprising:receiving, from a computer of an administrative system, a configuration script at an installation framework executing in a cloud-based storage service provided by a storage system, wherein the configuration script defines a plurality of nodes to be deployed in the cloud-based storage service in the storage system, the plurality of nodes including a set of storage nodes configured to store data, a proxy node configured to handle one or more access requests for the data stored by the set of storage nodes, and a master proxy node configured to generate a mapping file that stores a mapping between data objects stored by the storage system and their physical locations on the set of storage nodes;
parsing the configuration script to identify configuration data for the plurality of nodes, wherein the configuration data includes configuration information for configuring the set of storage nodes, configuration information for configuring the proxy node, and configuration information for configuring the master proxy node;
installing the master proxy node based upon the configuration information for configuring the master proxy node, wherein the installing the master proxy node includes generating a token key and the mapping file;
after installing the master proxy node, installing the proxy node based upon the configuration information for configuring the proxy node and propagating, by the master proxy, a copy of the mapping file to the proxy node for local storage of the copy of the mapping file at the proxy node such that the proxy node can identify the physical locations of the data objects on the set of storage nodes, wherein the configuration information includes the token key;
after installing the proxy node, installing the set of storage nodes based upon the configuration information for configuring the set of storage nodes; and
deploying the plurality of nodes in the storage system for providing the cloud-based storage service to a subscribing customer.

US Pat. No. 10,462,209

INCREASING AN EFFICIENCY OF A FILE TRANSFER BY USING MULTIPLE COMMUNICATION RESOURCES

Verizon Patent and Licens...

1. A first user device, comprising:one or more memories; and
one or more processors, communicatively coupled to the one or more memories, to:
receive an indication to connect to a source device for a file transfer,
the source device being a second user device,
the second user device being one of:
 a smartphone, or
 a tablet;
identify a set of files for the file transfer;
receive a password from the source device,
the password being provided to the first user device;
transmit, to the source device, authentication information to establish authentication between the first user device and the source device;
determine a quantity of connections based upon a quantity of the set of files;
cause a first connection, of the determined quantity of connections, with the source device to be established;
receive, from the source device and over the first connection, of the quantity of connections, a first portion of the set of files;
determine a first metric associated with the file transfer;
cause a second connection, of the determined quantity of connections, with the source device to be established based on the first metric;
receive, from the source device and over the second connection, of the determined quantity of connections, a second portion of the set of files;
store a list of received files, of the set of files, or files in a process of being received;
determine a third portion of the set of files to be requested based upon the list of received files or files in the process of being received;
determine a second metric associated with the file transfer within a threshold amount of time after the second connection is established; and
terminate the second connection based on the second metric indicating a reduction in performance of the file transfer.

US Pat. No. 10,462,208

FILE TRANSFER SYSTEM WITH DYNAMIC FILE EXCHANGE CONTROL FUNCTIONS

Bank of America Corporati...

8. A method, comprising:at a computing platform comprising at least one processor, memory, and a communication interface:
receiving, by the at least one processor and via the communication interface, an instruction to transmit a file from a first location to a second location;
prior to transmission of the file to the second location:
evaluating, by the at least one processor, the file to determine whether one or more criteria to implement dynamic controls are met, evaluating the file including evaluating metadata of the file to determine one or more characteristics of the file and identifying content of the file;
responsive to determining, based on the characteristics determined from the metadata and the content of the file, that the one or more criteria to implement dynamic controls are met
transferring, by the at least one processor and via the communication interface, the file from the first location to a file distribution control computing device, the file distribution control computing device being different from the first location and the second location;
hold the file at the file distribution control computing device;
after transferring the file from the first location to the file distribution computing platform, identify, based on the characteristics determined from the metadata and the content of the file, one or more dynamic controls, the one or more dynamic controls including approval of the transmission of the file from at least two different individuals;
implement the identified one or more dynamic controls;
determining, by the at least one processor, whether the identified one or more dynamic controls have been fulfilled; and
responsive to determining that the identified one or more dynamic controls have been fulfilled, generating and executing, by the at least one processor, an instruction to transmit the file to the second location.

US Pat. No. 10,462,206

BIDIRECTIONAL NETWORKED REAL-TIME DATA EXCHANGE USING A SPREADSHEET APPLICATION

Real Innovations Internat...

1. A method for real-time interaction with a spreadsheet application (SSAPP), the method comprising:obtaining data propagated from a data source;
creating a persistent connection with a SSAPP;
subscribing the SSAPP to subscribed data, wherein the subscribed data includes at least some of the data obtained from the data source;
propagating the subscribed data to the SSAPP through the persistent connection as the subscribed data is obtained;
operating in a non-authoritative configuration, wherein operating in the non-authoritative configuration further includes:
storing a data set
receiving a connection from an authoritative client device;
responsive to receiving the connection, obtaining an authoritative data set from the authoritative client device;
storing the authoritative data set
determining that the authoritative client device disconnected; and
responsive to the authoritative client device disconnecting, notifying the SSAPP that the authoritative client device is no longer providing data.

US Pat. No. 10,462,205

PROVIDING MODIFIES PROTOCOL RESPONSES

International Business Ma...

1. A computer program product comprising:one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising:
program instructions to receive, by a gateway computer system from a client computer system, a first search request, wherein the gateway computer system and the client computer are connected to an enterprise computing environment;
program instructions to identify keywords of the first search request;
program instructions to transmit a request in a protocol for the first search request to a web service, wherein the protocol is a Hypertext Transfer Protocol (HTTP);
program instructions to receive a response in the protocol for the first search request from the web service, wherein the response includes body content;
program instructions to determine whether the first search request is similar to a previously submitted search request, based on identified keywords of the first search request and keywords of the previously submitted search request, wherein the previously submitted search request was submitted by a user from the enterprise computing environment, wherein the previously submitted search request was received and stored by the gateway computer system, and wherein one or more webpages visited by the user during a prior search session corresponding with the previously submitted search request are recorded;
program instructions to, responsive to determining that the first search request is similar to the previously submitted search request, modify, by the gateway computer system, the body content of the response to include Hypertext Markup Language (HTML) containing contact information of the user that submitted the previously submitted search request and the recorded one or more webpages; and
program instructions to transmit the modified response from the gateway computer system to the client computer system from which the first search request originated.

US Pat. No. 10,462,204

METHOD AND SYSTEM FOR TRANSMITTING IMAGE BY USING STYLUS, AND METHOD AND ELECTRONIC DEVICE THEREFOR

Samsung Electronics Co., ...

1. A method for transmitting data by a first electronic device, the method comprising:displaying, on a first touch screen of the first electronic device, a first image comprising a plurality of objects;
receiving, through the first touch screen, a plurality of touch inputs generated by a stylus pen on each of the plurality of objects displayed on the first touch screen, respectively;
in response to receiving the plurality of touch inputs, generating a plurality of pieces of information for the plurality of objects respectively, each of the plurality of pieces of information including a session identifier for a corresponding object of the plurality of objects;
transmitting, to the stylus pen, the plurality of pieces of information to be transmitted from the stylus pen to a second electronic device, wherein the plurality of pieces of information comprise a plurality of session identifiers;
receiving, directly from the second electronic device, a request message including at least one session identifier that is selected by the second electronic device among the plurality of session identifiers; and
transmitting, directly to the second electronic device, a second image to be displayed on a second touch screen of the second electronic device, wherein the second image comprises at least one object corresponding to the at least one session identifier among the plurality of objects based on the request message.

US Pat. No. 10,462,203

HARDWARE ENCODER

WOWZA MEDIA SYSTEMS, LLC,...

1. A hardware encoder comprising:a network interface configured to receive configuration information from a remote device via a network, wherein the remote device includes an application associated with a social network, and wherein the remote device comprises a mobile device or a computing device; and
a processor configured to:
encode a media signal based on the configuration information to generate at least one encoded media stream;
receive second configuration information from the remote device in response to detecting a change of a capacity of the network, a buffering capacity of the remote device, a number of viewers of the at least one encoded media stream, or a combination thereof; and
adjust, during the encoding of the media signal, the configuration information based on the second configuration information,
wherein the network interface is further configured to send the at least one encoded media stream to the application of the remote device or a publishing destination associated with the social network.

US Pat. No. 10,462,202

MEDIA STREAM RATE SYNCHRONIZATION

JBF Interlude 2009 LTD, ...

1. A computer-implemented method comprising:receiving a video presentation comprising a plurality of media streams, each media stream having a respective playback rate;
selecting a first one of the media streams as a clock stream;
playing simultaneously the media streams according to their respective playback rates; and
synchronizing at least a second one of the media streams with the clock stream, the synchronizing comprising:
determining that an end of a first time interval has been reached;
determining, at the end of the first time interval, a current playback time of the clock stream and a current playback time of the second media stream; and
modifying the playback rate of the second media stream based on the current playback time of the clock stream and the current playback time of the second media stream, the modifying comprising calculating a new playback rate for the second media stream as a function of (1) a difference in current playback times between the clock stream and the second media stream and (2) a length of time of a next interval.

US Pat. No. 10,462,201

WIRELESS CONTROL OF STREAMING COMPUTING DEVICE

Microsoft Technology Lice...

1. A wireless controller, comprising:a processor and memory storing instructions to cause the processor to:
establish a first direct wireless connection with a target device;
establish a second direct wireless connection with a host device while maintaining the first direct wireless connection; and
send, in response to detecting that the host device is responding via the second direct wireless connection, system data via the first direct wireless connection to the target device and control data to the host device via the second direct wireless connection.

US Pat. No. 10,462,200

SYSTEM FOR CLOUD STREAMING SERVICE, METHOD FOR STILL IMAGE-BASED CLOUD STREAMING SERVICE AND APPARATUS THEREFOR

SK PLANET CO., LTD., Seo...

1. A cloud streaming server comprising: a memory; anda processor configured to execute instructions stored in the memory and to:
capture a changed region contained in a changed frame in comparison with a previous frame, wherein:
the changed region comprises a specific region changed in a screen area corresponding to the changed frame in comparison with a screen area corresponding to the previous frame; and
the changed region can be determined by at least one or more of data size, image type, number of colors, and pixel values, corresponding to the changed region;
select a still image compression technique based on one or more of a size of data of the changed region and an image type corresponding to the changed region;
perform a still image encoding of the changed region corresponding to one frame by using the selected still image compression technique; and
perform a cloud streaming service based on a still image by sending the still-image-encoded changed region to a user,
wherein the processor is configured to select the still image compression technique primarily based on the size of the data of the changed region when the size of the data of the changed region is equal to or greater than a predetermined reference value and secondly based on the image type, and
wherein the processor is further configured, if the image type is a mixed image of a natural image and a synthetic image, to select the still image compression technique in accordance with the image type corresponding to a larger part in the changed region by comparing a part corresponding to the natural image with another part corresponding to the synthetic image.

US Pat. No. 10,462,199

INTELLIGENT AND NEAR REAL-TIME MONITORING IN A STREAMING ENVIRONMENT

CERNER INNOVATION, INC., ...

1. A computer-implemented method comprising:obtaining an enriched data stream via a streaming platform;
executing at least one rule against the enriched data stream;
when an event is detected based on execution of the at least one rule against enriched streamed data of the enriched data stream, receiving a notification of the event detection;
determining, in near real time, to instantiate one or more actions based on the notification and the event detected;
using the at least one rule executed against the enriched streamed data to detect the event, identifying one or more of a middleware component, a remote user device, an application, a database storing electronic records specific to individuals, or a raw data capture device, corresponding to the one or more actions; and
instantiating the one or more actions by directing instructions for performance of the at least one of the one or more actions to the one or more of the middleware component, the remote user device, the application, the database storing electronic records specific to individuals, or the raw data capture device identified,
wherein the one or more of the middleware component, the remote user device, the application, the database storing electronic records specific to individuals, or the raw data capture device perform the at least one of the one or more actions according to the instructions.

US Pat. No. 10,462,198

COMMUNICATION METHOD AND STORAGE MEDIUM STORING COMMUNICATION PROGRAM

Brother Kogyo Kabushiki K...

1. A communication method for performing a teleconference between clients through a server, the communication method comprising:executing, by the server, a first conference process that is a conference process for performing the teleconference;
connecting each of first and second clients with the first conference process;
after connecting each of the first and second clients with the first conference process, performing the teleconference between the first client and the second client through the first conference process, based on first information relating to a conference process and a client that perform communication with the first conference process;
after connecting each of the first and second clients with the first conference process, transmitting an addition request from the first conference process to the server, the addition request being for activating a second conference process different from the first conference process;
in response to receiving the addition request, activating the second conference process by the server;
synchronizing the first information with second information, the second information relating to a conference process and a client that perform communication with the second conference process;
after synchronizing the first information with the second information, transmitting a switching instruction from the first conference process to the second client, the switching instruction being for switching a connection destination from the first conference process to the second conference process;
in response to receiving the switching instruction, connecting the second client with the second conference process; and
after connecting the second client with the second conference process, performing the teleconference by the second client through the second conference process, based on the second information,
wherein the first information includes:
a first table including information on a conference process and a client that have a session directly connected with the first conference process; and
a second table including information on a client that has a session directly connected with the first conference process and information on a client that has a session connected with the first conference process through a conference process other than the first conference process; and
wherein the second information includes:
a third table including information on a conference process and a client that have a session directly connected with the second conference process; and
a fourth table including information on a client that has a session directly connected with the second conference process and information on a client that has a session connected with the second conference process through a conference process other than the second conference process.

US Pat. No. 10,462,197

ON DEMAND IN-BAND SIGNALING FOR CONFERENCES

Atlassian Pty Ltd, Sydne...

1. A computer-implemented method comprising:transmitting initial signaling data for a video conference from a signaling server over a video conference signaling channel to a plurality of client computing devices, wherein the initial signaling data comprises data needed for a client computing device to connect to the video conference;
transmitting signaling data for the video conference to the plurality of client computing devices providing identifiers to media data corresponding to a selective subset of the client computing devices;
establishing, by a media server, the video conference with the plurality of client computing devices, the plurality of client computing devices having used the initial signaling data to connect to the media server;
selectively sending, by the media server, media data to the selective subset of the client computing devices.

US Pat. No. 10,462,196

TANGIBLE SOCIAL NETWORK

Massachusetts Institute o...

1. An interactive physical object communication frame, comprising:a housing, the housing being adapted to receive physical installation of, and to display, multiple ones of a plurality of interactive physical objects in such a manner that the physically installed interactive physical objects are physically connected to the frame and are located inside the perimeter of the housing when installed, the physical connection being such that the interactive physical objects are repeatably removable, rearrangeable as to their position with respect to installed ones of the plurality of interactive physical objects, and then reinstallable within the frame according to the desire of a user;
a communications subsystem, the communications subsystem being adapted for receiving and managing communications with the installed interactive physical objects, and for receiving and managing communications between each installed interactive physical object and an associated remote interactive physical object that is installed in a second physical object communication frame and is communicatively-linked to, and paired with, the installed interactive physical object in such a manner that an exclusive paired dedicated communication channel is formed between the installed interactive physical object and the associated remote interactive physical object; and
a controller, the controller being located within the housing and being adapted for:
receiving and processing commands and data received from the communications subsystem; and
generating at least one response command or data in response to the received commands and data.

US Pat. No. 10,462,195

METHODS, APPARATUS AND/OR SYSTEM FOR USING EMAIL TO SCHEDULE AND/OR LAUNCH GROUP COMMUNICATIONS SESSIONS

Intermedia.net, Inc., Mo...

1. A method of operating a communication service provider system, comprising:receiving, at an email server within the communication service provider system, a first email from a first communications device, the first email containing a sender email address, one or more recipient email addresses, and a communication service provider email address, the communication service provider email address not being assigned to an individual user;
scanning the first email to determine that the first email contains an invitation to participate in an online meeting;
determining that the sender email address is not associated with an account egistered with the communication service provider;
in response to the determination that the sender email address is not associated with a conference host account registered with the communication service provider;
automatically creating a conference host account, with the communication service provider, associated with the sender email address without further input from the sender email address;
automatically storing an email reference chain associated with the first email along with the sender email address and the one or more recipient email addresses in an email thread store, the email reference chain including one or more emails pertaining to the online meeting;
generating, using information from the first email, a sender email invitation containing conference call launch details specific to a host of an online conference call;
generating, using information from the first email, one or more invitee email invitations containing conference call join details for participants of the online conference call;
sending the sender email invitation to the sender email address; and
sending the one or more invitee email invitations to the one or more recipient email addresses.

US Pat. No. 10,462,194

MINIMIZING PRODUCTIVITY LOSS IN A COLLABORATIVE SHARING ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method comprising:establishing, by a local network device, a real-time communication session with a remote network device in a communication network;
designating, by the local network device, at least one program from a plurality of programs executable by the local network device for access by the remote network device to yield a designated program, the designating of the at least one program to yield the designated program including a drag and drop operation;
generating, by the local network device, a shared display object having a shared access area;
associating, by the local network device, the designated program with the shared display object to permit display of at least a portion of the designated program by the local network device and the remote network device;
instantiating, by the local network device, one or more shared control objects associated with the shared display object, the one or more shared control objects including a shared pointer, the shared pointer separately displayed with a local pointer assigned to the local network device;
facilitating, by the local network device, access to the designated program for the remote network device using at least one of the one or more shared control objects;
restricting, by the local network device, interaction of the one or more shared control objects to the designated program by fencing the one or more shared control objects within the shared access area; and
maintaining, by the local network device, access for the local network device to each program not designated by the local network device when the remote network device accesses the designated program using at least one of the one or more shared control objects.

US Pat. No. 10,462,193

VEHICLE ADD-ON MULTIMEDIA PLAYBACK AND CAPTURE DEVICES

GM Global Technology Oper...

1. A portable communication device, for implementation with a host vehicle of transportation having an on-board diagnostics port and a limited-access head-unit display, comprising:an on-board diagnostics connector sized and shaped to connect to the on-board diagnostics port of the host vehicle;
a hardware-based processing unit in communication with the on-board diagnostics connector; and
a non-transitory storage device in communication with the processing unit, the storage device comprising:
a media-options presentation module that, when executed by the processing unit:
sends, by way of the on-board diagnostics connector and port, media-options data to the host vehicle for presenting user media options by way of the limited-access head-unit display; and
receives user-selection data responding to the user media options; and
a media streaming module that, when executed by the processing unit:
obtains streaming media based on the user-selection data; and
sends the streaming media to the host vehicle for presentation;
wherein the media streaming module, when executed by the processing unit to obtain the streaming media based on the user-selection data, obtains the streaming media from a remote server;
the portable communication device is a primary portable communication device;
the primary portable communication device comprises a short-range wireless transceiver configured to communicate with a secondary portable communication device; and
the media streaming module, when executed by the processing unit to obtain the streaming media based on the user-selection data and from the remote server, communicates with the secondary add-on device to obtain the streaming media from the secondary add-on device having received the streaming media from the remote server.

US Pat. No. 10,462,192

RADIO RESOURCE MANAGEMENT FOR PACKET-SWITCHED VOICE COMMUNICATION

Apple Inc., Cupertino, C...

1. A method, comprising:receiving, by a base station prior to establishment of a dedicated bearer for IP multimedia subsystem (IMS) signaling for a user equipment (UE) device, first information from the UE device in a radio resource control (RRC) connection request message, wherein the first information indicates that the UE is requesting at least one of voice or video communication over a packet-switched network; and
initiating, by the base station in response to the first information, configuration of a dedicated bearer for IMS signaling for the UE device, wherein the configuration is based on the first information; and
using, by the base station, the dedicated bearer for IMS signaling and a dedicated IMS voice or video data bearer for the voice or video communication.

US Pat. No. 10,462,191

CIRCUIT-SWITCHED AND MULTIMEDIA SUBSYSTEM VOICE CONTINUITY WITH BEARER PATH INTERRUPTION

BlackBerry Limited, Wate...

1. A method of performing voice continuity in a network node, the method comprising:receiving, via a call session control function (CSCF) at a continuity control function (CCF) of the network node, a first message from a client of a first subsystem, the first message including at least one transition indication indicating transition of an ongoing session from the first subsystem to a second subsystem, wherein the CCF anchors active circuit-switched subsystem (CS) calls and home multimedia subsystem (MS) sessions;
in response to receiving the first message, sending a first response from the CCF via a communication interface on the network node;
receiving, from a client of the second subsystem at the CCF, a second message via a target access leg, the second message comprising a CCF public service identities (PSI); and
sending, from the CCF via the communication interface, a session initiation protocol (SIP) 200 OK message to indicate voice continuity of the ongoing session has been successful,
wherein the ongoing session is anchored at the CCF in an MS, and wherein the network node is configured to invoke the CCF when a bearer path interruption occurs while transferring the ongoing session between a CS and the MS to maintain the ongoing session during the transfer.

US Pat. No. 10,462,190

VIRTUAL ETHERNET TAP

Counter Link LLC, Portla...

1. A system for extending the listening capability of a lawful interception (LI) network packet probe beyond the location of the probe, comprising:an LI network packet probe device connected to a network that receives authorized interception information from a mediation system that receives warrant information entered in the mediation system from a warrant of a law enforcement agency (LEA) for at least one target user identified in the warrant and creates a set of criteria for interception from the authorized interception information; and
at least one LI network packet software application running on a different networked device or virtual machine and connected to the network or different network that
communicates with the probe,
receives the set of criteria for interception from the probe for the at least one target user,
monitors network traffic at the Ethernet-frame level to and from the different networked device or virtual machine for packets matching the set of criteria for interception, and
sends copies of information from monitored packets that match the set of criteria for interception to the probe that, in turn, communicates intercepted information about the at least one target user to the mediation system that presents the intercepted information to the LEA, wherein the at least one LI network packet software application does not include communications functions for communicating the information from monitored packets directly to the mediation system for the LEA and instead relies on the probe for the communication functions.

US Pat. No. 10,462,189

METHOD FOR PROVIDING WIRELESS APPLICATION PRIVILEGE MANAGEMENT

BlackBerry Limited, Wate...

1. A method for generating administration policies at a server for implementation on a user device, the method comprising:generating a client administration policy, wherein the client administration policy is to be used, on the user device, to provide management of the user device;
generating an application administration policy, the application administration policy to be used to provide management of at least one application executable by the user device; and
transmitting, to the user device:
the application administration policy; and
the client administration policy.

US Pat. No. 10,462,188

COMPUTER NETWORK SECURITY SYSTEM

OPAQ Networks, Inc., Her...

1. A computer security system, comprising:a host computer that executes an endpoint agent to monitor network connections to and from the host computer, wherein the endpoint agent is configured to:
determine that a network connection is being initiated from or being accepted at the host computer;
obtain metadata for the network connection;
determine whether the obtained metadata matches any rule in a rules cache maintained by the endpoint agent;
in response to determining that the obtained metadata does not match any rule in the rules cache, send a connection escalation request containing the obtained metadata to a controller to obtain an action for handling the network connection;
hold the network connection, preventing the passage of data, pending a response from the controller;
receive the response from the controller, the response comprising an action for handling the network connection;
cache in the rules cache a rule comprising the action received from the controller to handle future network connections having the obtained metadata; and
handle the network connection in accordance with the action.

US Pat. No. 10,462,187

NETWORK SECURITY POLICY CONFIGURATION BASED ON PREDETERMINED COMMAND GROUPS

General Electric Company,...

1. A method comprising:monitoring data traffic transmitted between a first device and a second device in a network to identify a plurality of commands transmitted between the first device and the second device;
determining, from the plurality of commands, a first set of commands that were transmitted between the first device and the second device and a count of the first set of commands;
determining a predetermined threshold;
providing a first predetermined command group, the first predetermined command group including a list of electronic commands and not a list of devices;
determining, using at least one hardware processor, that the first set of commands includes a threshold number of commands represented within the first predetermined command group, the threshold number of commands exceeding the predetermined threshold; and
dynamically generating, by the at least one hardware processor, a first policy based on the first predetermined command group;
wherein the first policy allows all commands in the command group to be transmitted between the first device and the second device.

US Pat. No. 10,462,186

SECURE CONFIGURATION EVALUATION, REMEDIATION, AND REPORTING TOOL (SCERRT)

The United States of Amer...

9. A secure configuration evaluation, remediation, and reporting system comprising:a first non-transitory computer readable storage medium adapted to store a plurality of non-transitory machine instructions adapted to be read by a machine processor comprising:
a configuration baseline developer system;
wherein the configuration baseline developer system comprises:
a vulnerability scanner that scans a plurality of developer machine files searching for one or more STIG file elements comprising a plurality of predetermined files, data, or settings then generates a matching or non-matching list an update script generator that generates an update script that includes machine instructions that are read by one or more target machines matching one or more configurations of the configuration baseline developer system to update or replace one or more of a plurality of user selected or designated target machine files, data, or settings files referenced in the non-matching list with the one or more STIG file elements;
a compiler or translator program that translates the update script into target machine readable instructions that the one or more target machines will execute and then outputs a target machine update file; and
an encryption program that encrypts the target machine update script into an encrypted target machine update file and outputs the encrypted target machine update file;
a second non-transitory computer readable storage medium adapted to store a plurality of non-transitory machine instructions adapted to be read by another machine processor comprising:
a picklist user interface system and a target machine update control system;
wherein the picklist user interface system generates a picklist user interface that enables a user to select, deselect, or add to the STIG file elements in the encrypted target machine update file and save as a modified encrypted target machine update file;
wherein the target machine update control system selectively sends the modified encrypted target machine update file and a second vulnerability scanner to one or more of the target machines where the modified encrypted target machine file update will be selectively executed by a respective said target machine's processors based on a control message from the target machine update control system.

US Pat. No. 10,462,185

POLICY-MANAGED SECURE CODE EXECUTION AND MESSAGING FOR COMPUTING DEVICES AND COMPUTING DEVICE SECURITY

Sequitur Labs, Inc., Iss...

1. A system for secure transmission and managed execution of executable code within an encrypted file bundle on a computing device, the system comprising:a file identifier for identifying the encrypted file bundle containing executable code;
a secure memory for storing executable code as independent trusted applications;
a policy server coupled to the secure memory and communicatively coupled to the file identifier via an encrypted backchannel, for adjudicating requests from a requestor regarding permissibility of execution of the executable code within the file bundle, where the adjudication of the request is completely hidden from the requestor;
a decryption key stored in the secured memory for decrypting the encrypted file bundle and for storing the decrypted executable code in the secure memory when the policy server approves a request to execute the executable code within the file bundle;
a policy enforcement point for each independent trusted application coupled to the policy server for enforcing policy decisions from the policy server pertaining to the execution of the trusted application; and
at least one processor coupled to the policy enforcement points for executing the decrypted executable code as independent trusted applications.

US Pat. No. 10,462,184

SYSTEMS AND METHODS FOR ENFORCING ACCESS-CONTROL POLICIES IN AN ARBITRARY PHYSICAL SPACE

Symantec Corporation, Mo...

1. A computer-implemented method for enforcing access-control policies in an arbitrary physical space, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying a collection of devices that are located within a predetermined physical space;
determining a physical location of each device in the collection of devices;
establishing, based on the collection of devices:
a list of controlled devices, selected from the collection of devices, that are subject to an access-control policy that describes restricted functions of each controlled device in the list of controlled devices; and
a list of monitoring devices, selected from the collection of devices, that are capable of observing actions performed by users within a physical proximity;
matching, based at least on comparing the physical locations of each device in the collection of devices, each of the controlled devices with at least one of the monitoring devices that is capable of observing actions performed by users within physical proximity to the controlled device;
monitoring, for each of the controlled devices and by each of the monitoring devices matched to the controlled device, one or more actions performed by a user as part of a user attempt to access a restricted function from among the restricted functions of the controlled device; and
performing a security action based on the user attempt to access the restricted function of the controlled device that was observed by at least one monitoring device that is matched to the controlled device.

US Pat. No. 10,462,183

FILE SYSTEM MONITORING AND AUDITING VIA MONITOR SYSTEM HAVING USER-CONFIGURED POLICIES

International Business Ma...

1. A method to improve a file system monitoring system operating in association with plural file systems in an enterprise computing environment, comprising:probing the enterprise computing environment to discover the plural file systems;
providing each of the plural file systems discovered with a software agent that runs locally in the file system to collect file system access activity local to the file system together with network segment traffic that is visible to the software agent;
providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored and enforced at the file system by the software agent;
receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system by the software agent in accordance with the security policy, the audit trail data including any network segment traffic that is visible to the software agent, and one or more classifiers generated by the software agent to classify file system activity that involves sensitive data or application-specific details; and
storing the audit trail data received from the plural file systems; and
applying the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, taking a given action;
wherein the security policies for the plural file systems are managed and applied centrally for the enterprise computing environment to provide an enterprise-wide view of monitoring and auditing of file system access for the plural file systems while file access activity is collected, enforced and classified locally by the software agent.

US Pat. No. 10,462,182

THIN AGENT-BASED SSL OFFLOADING

VMware, Inc., Palo Alto,...

1. A computer-implemented method, comprising:receiving, by a first virtual machine, a data packet sent by an application running on a second virtual machine, addressed for transmission to a computer, and intercepted prior to being transmitted to the computer;
storing the data packet in a cache;
sending a request message to a transmission protocol stack of the second virtual machine, the request message used to initiate an encrypted session between the second virtual machine and the computer;
receiving a response message indicating the encrypted session between the second virtual machine and the computer is established;
in response to receiving the response message indicating the encrypted session between the second virtual machine and the computer is established, encrypting the stored data packet; and
transmitting the encrypted data packet to the transmission protocol stack of the second virtual machine for transmission to the computer.

US Pat. No. 10,462,181

METHOD, SYSTEM, AND APPARATUS TO IDENTIFY AND STUDY ADVANCED THREAT TACTICS, TECHNIQUES AND PROCEDURES

QUADRANT INFORMATION SECU...

1. A system implementing security within a customer network, comprising:a virtual honeypot;
a threat intelligence database including a lookup table storing historical attack information associated with unsophisticated network attackers, the historical attack information including Internet Protocol (IP) address information; and
a host device in communication with the customer network, the virtual honeypot and the threat intelligence database, the host device:
receiving traffic from an attacker IP address via the Internet;
determining whether the attacker IP address corresponds to an IP address stored within the threat intelligence database;
ceasing connection, internally within the host device, with the attacker IP address when the attacker IP address is stored within the threat intelligence database; and
routing data, internally within the host device, between the attacker IP address and the virtual honeypot when the attacker IP address is not stored within the threat intelligence database.

US Pat. No. 10,462,180

SYSTEM AND METHOD FOR MITIGATING PHISHING ATTACKS AGAINST A SECURED COMPUTING DEVICE

IntSights Cyber Intellige...

1. A method for mitigating, by one or more processors, phishing attacks against a secured computing device, the method comprising:receiving from one or more domain registrars, at least one first DNS zone file at a first timing and at least one second DNS zone file at a second timing;
parsing the first DNS zone file, to produce a first list comprising one or more domain names;
parsing the second DNS zone file, to produce a second list comprising one or more domain names;
comparing the first list and second list to detect at least one newly registered domain name that is present only in one of the first DNS zone file and second DNS zone file;
attributing a registration time stamp (RTS), associated with timing of a registration of the at least one newly registered domain name at a domain registrar to the at least one newly registered domain name, according to at least one of the first timing and the second timing; and
configuring at least one perimeter module to restrict at least one data transmission between the secured computing device and a computing device that is associated with the newly registered domain name, based on the RTS.

US Pat. No. 10,462,179

SYSTEM AND METHOD FOR SCALED MANAGEMENT OF THREAT DATA

Arbor Networks, Inc., We...

1. A computer-implemented method to manage threats to a network with threat management computer system having a network monitor device operatively coupled to a network and a plurality of threat management devices coupled intermediate the network and a protected network, and a scaling module device operably coupled to the network monitor and the plurality of threat management devices, the method comprising:receiving volume threat data that indicates a volume of threat data that needs to be managed;
determining a volume range from a plurality of volume ranges to which the received volume threat data belongs;
determining a number of threat management devices needed to manage threat traffic associated with the volume range determined;
selecting automatically a subset of threat management devices from the plurality of threat management devices to be used to manage received threat data in response to the determined number of threat management devices needed to manage threat traffic associated with the determined volume range;
assigning automatically, each packet of the threat traffic to a group, each group corresponding to a threat management device of the selected threat management devices; and
directing automatically each packet of the threat traffic to the threat management device that corresponds to the group to which the packet is assigned whereby threat traffic is prevented from reaching the protected network.

US Pat. No. 10,462,178

SECURITY COUNTERMEASURE MANAGEMENT PLATFORM

Alert Logic, Inc., Houst...

1. A method to improve an operation of a countermeasure computing system in a computing environment, comprising:configuring a set of agents to collect information security risk data from one or more sources in the computing environment;
implementing a security countermeasure workflow to address a security exposure identified by the information security risk data from one or more sources by:
receiving the information security risk data from one or more sources in each of one or more distinct risk categories, each risk category associated with a distinct type;
augmenting the received information security risk data with other data to generate an aggregate risk entity, the other data being one of: information security standards data, and risk impact attribute data;
processing the aggregate risk entity against a vulnerability-to-countermeasure knowledge base that includes countermeasure attribute data to discover, with respect to the aggregate risk entity, one or more countermeasures applicable to address a security exposure as represented in the aggregate risk entity, the vulnerability-to-countermeasure knowledge base grouping vulnerabilities to impact categories that correspond to countermeasures; and
with respect to particular security exposure represented in the aggregate risk entity, presenting information regarding the one or more countermeasures, the information identifying (i) an expected cost of implementing a countermeasure, (ii) an expected effectiveness of implementing a countermeasure, (iii) an indication of whether a countermeasure is available in the computing environment, (iv) a list of one or more recommended countermeasure configuration settings, and (v) when multiple countermeasures are identified, an ordered ranking of the multiple countermeasures according to their respective effectiveness; and
based at least in part on the security countermeasure workflow, controlling a countermeasure mechanism in the countermeasure computing system to address the security exposure by performing at least one of the one or more presented countermeasures.

US Pat. No. 10,462,177

TAKING PRIVILEGE ESCALATION INTO ACCOUNT IN PENETRATION TESTING CAMPAIGNS

XM Cyber Ltd., Hertsliya...

1. A method of carrying out a penetration testing campaign of a networked system by a simulated penetration testing system for the purpose of determining a way for an attacker to compromise the networked system, wherein the simulated penetration testing system assigns a plurality of network nodes of the networked system to classes based on current information about the compromisability of the plurality of network nodes at a current state of the penetration testing campaign, the classes consisting of (i) a red class, wherein each network node that is a member of the red class is known to be compromisable by the attacker in a way that gives the attacker full control of the red-class-member network node, (ii) a blue class, wherein each network node that is a member of the blue class is not known to be compromisable by the attacker, and (iii) a purple class, wherein each network node that is a member of the purple class is known to be compromisable by the attacker in a way that does not give the attacker full control of the purple-class-member network node, the method comprising:a. selecting a first target network node of the plurality of network nodes of the networked system;
b. handling the first target network node, the handling of the first target network node comprising:
i. based on the selected first target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a first vulnerability that can compromise the first target network node;
ii. checking whether compromising the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node; and
iii. in response to determining that the compromising of the first target network node using the first vulnerability would result in the attacker achieving full control of the first target network node, assigning the first target network node to the red class;
c. selecting a second target network node of the plurality of network nodes of the networked system;
d. handling the second target network node, the handling of the second target network node comprising:
i. based on the selected second target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a second vulnerability that can compromise the second target network node;
ii. checking whether compromising the second target network node using the second vulnerability would result in the attacker achieving full control of the second target network node; and
iii. in response to determining that (i) the compromising of the second target network node using the second vulnerability would not result in the attacker achieving full control of the second target network node and (ii) the attacker would be able to achieve full control of the second target network node by using (A) one or more privilege escalation techniques and (B) one or more access rights to the second target network node obtained by the compromising of the second target network node using the second vulnerability, assigning the second target network node to the red class;
e. selecting a third target network node of the plurality of network nodes of the networked system;
f. handling the third target network node, the handling of the third target network node comprising:
i. based on the selected third target network node and based on the current assignment of the plurality of network nodes to the blue, red and purple classes, determining a third vulnerability that can compromise the third target network node;
ii. checking whether compromising the third target network node using the third vulnerability would result in the attacker achieving full control of the third target network node; and
iii. in response to determining that (i) the compromising of the third target network node using the third vulnerability would not result in the attacker achieving full control of the third target network node and (ii) the attacker cannot achieve full control of the third target network node by using (A) any combination of privilege escalation techniques and (B) any combination of access rights to the third target network node obtained by the compromising of the third target network node using the third vulnerability, assigning the third target network node to the purple class;
g. based on at least one of the first vulnerability, the second vulnerability and the third vulnerability, determining the way for an attacker to compromise the networked system; and
h. reporting the determined way for an attacker to compromise the networked system, the reporting comprising at least one action selected from the actions group consisting of (i) causing a display device to display a report including information about the determined way to compromise the networked system, (ii) recording the report including the information about the determined way to compromise the networked system in a file, and (iii) electronically transmitting the report including the information about the determined way to compromise the networked system.

US Pat. No. 10,462,175

SYSTEMS FOR NETWORK RISK ASSESSMENT INCLUDING PROCESSING OF USER ACCESS RIGHTS ASSOCIATED WITH A NETWORK OF DEVICES

Palantir Technologies Inc...

1. A computerized method comprising:by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors,
determining a network topology of a network, the network topology comprising a plurality of nodes each connected to one or more of the plurality of nodes, wherein each node is associated with one or more network devices;
accessing information indicating compromise values associated with respective nodes; and
providing, for presentation, an interactive user interface, wherein the interactive user interface presents a graphical depiction of the network topology and compromise values associated with the plurality of nodes.

US Pat. No. 10,462,174

COMPUTER SYSTEM FOR DISTRIBUTED DISCOVERY OF VULNERABILITIES IN APPLICATIONS

Synack, Inc., Redwood Ci...

1. A computer vulnerability discovery system comprising:a central controller connected to one or more target systems via a computer network;
a plurality of researcher computer network connections for a plurality of researcher computers, each researcher computer network connection for sending and receiving data between a researcher computer of the plurality of researcher computers and the central controller, the central controller monitoring at least some communications between the plurality of researcher computers and at least some of the one or more target systems, wherein the each researcher computer provides a user interface to an invited researcher that is a person or organization selected to participate in one or more computer vulnerability research projects related to the one or more target systems;
storage for tracking, at the central controller, assignment and scope of a particular computer vulnerability research project of the one or more computer vulnerability research projects to an assigned researcher computer, to be operated by the invited researcher assigned to the particular computer vulnerability research project, wherein the particular computer vulnerability research project relates to a particular target system;
storage for access credentials for providing an assigned researcher computer access to the central controller and/or the particular target system;
a monitoring computer process to monitor networked data communications between the assigned researcher computer and the particular target system, wherein the networked data communications include communications that are usable to identify security vulnerabilities of the particular target system; and
an evaluation computer process to determine a candidate security vulnerability of the particular target system based on a candidate security vulnerability report received from the assigned researcher computer resulting from the invited researcher's use of the assigned researcher computer to interact with the particular target system.

US Pat. No. 10,462,173

MALWARE DETECTION VERIFICATION AND ENHANCEMENT BY COORDINATING ENDPOINT AND MALWARE DETECTION SYSTEMS

FireEye, Inc., Milpitas,...

1. A system to determine maliciousness of an object, comprising:a first endpoint, including at least one processor, configured with a first software profile, further configured to detect one or more features exhibited by an object during processing by the first endpoint and determine if the features detected are suspicious;
a malware detection system, including at least one processor, communicatively coupled directly or indirectly to the first endpoint over a network, the malware detection system configured to process a received object in a virtual machine of one or more virtual machines that operate within the malware detection system to detect one or more features in response to the first endpoint determining the features of the object are suspicious, the virtual machine being provisioned with the first software profile;
a security logic engine configured to (i) receive information associated with features detected, during processing of the object, by the first endpoint and by the virtual machine of the malware detection system, (ii) correlate the received information associated with the received features, (iii) generate a first determination of maliciousness of the object, and (iv) in response to the generation of the first determination of maliciousness of the object, issue an alert,
wherein the security logic engine is further configured to direct the malware detection system to process the object within a second virtual machine of the one or more virtual machines that is provisioned with a second software profile, in response to receipt of information associated with features from a second endpoint with the second software profile.

US Pat. No. 10,462,172

SYSTEMS AND METHODS DETECTING AND MITIGATING ANOMALOUS SHIFTS IN A MACHINE LEARNING MODEL

Sift Science, Inc., San ...

1. A machine learning-based system for deploying a machine learning model for predicting and/or classifying digital fraud or digital abuse, the system comprising:a machine learning-based service implemented by a distributed network of computers, wherein the machine learning-based service:
implements a machine learning model validation system that:
identifies incumbent digital threat scores generated by an incumbent machine learning model and successor digital threat scores generated by a successor digital threat machine learning (ML) model;
operates the incumbent digital threat ML model in a live mode in which the incumbent digital threat ML model produces digital threat scores that are publicly exposed to a service provider;
operates the successor digital threat ML model in a shadow mode in which the successor digital threat ML model produces digital threat scores that are not publicly exposed to the service provider;
implements anomalous-shift-detection that detects whether the successor digital threat scores of the successor digital threat ML model produces an anomalous shift, wherein the anomalous shift relates to a measurable variance in values of the successor digital threat scores of the successor digital threat ML model relative to values of the incumbent digital threat scores of the incumbent digital threat ML model,
wherein the anomalous-shift detection includes:
identifying whether an anomalous shift exists in a successor threat score distribution of the successor digital threat ML model relative to an incumbent threat score distribution of the incumbent digital threat ML model based on an assessment of an overlapping coefficient against an anomalous shift threshold,
wherein the anomalous shift exists in the successor threat score distribution if the overlapping coefficient satisfies or exceeds the anomalous shift threshold;
if the anomalous shift is detected by the machine learning model validation system:
blocks a deployment of the successor digital threat model to a live ensemble of digital threat scoring models that generate digital threat scores based on the collected digital event data associated with the one or more online services of the service provider; or
if the anomalous shift is not detected by the machine learning model validation system, deploys the successor digital threat ML model by replacing the incumbent digital threat ML model in a live ensemble of digital threat scoring models with the successor digital threat ML model.

US Pat. No. 10,462,171

METHODS, SYSTEMS, AND DEVICES FOR DYNAMICALLY MODELING AND GROUPING ENDPOINTS FOR EDGE NETWORKING

Sentinel Labs Israel Ltd....

1. A computer-implemented method for protecting security and integrity of an elastic computer network, the method comprising:installing an autonomous software agent of a plurality of autonomous software agents on each of a plurality of endpoint devices forming an elastic computer network;
accessing, by each autonomous software agent, an operating system of an corresponding endpoint device on which the autonomous software agent is installed to obtain visibility of operating system processes and network communications of the corresponding endpoint device;
monitoring, by each autonomous software agent, the operating system processes and the network communications of the corresponding endpoint device to obtain endpoint data, the endpoint data comprising information regarding at least one of the operating system processes or network processes of the corresponding endpoint device;
transmitting, by each autonomous software agent, the endpoint data to a central server system;
identifying, by the autonomous software agent using a local security protocol stored on each of the plurality of autonomous software agents, one or more local anomalous indicators on the corresponding endpoint device based at least in part on the endpoint data;
responding, by each autonomous software agent, to the one or more local anomalous indicators on an endpoint-level based at least in part on the local security protocol, wherein each of the local security protocols comprises one or more rule sets, policies, or access rights, wherein each of the local security protocols is based on a baseline usage pattern unique to each corresponding target endpoint device and designed to ensure local security of each of the plurality of endpoint devices;
receiving, by the central server system, the endpoint data from each autonomous software agent on each of the plurality of endpoint devices;
analyzing, by the central server system, the endpoint data received from each autonomous software agent on each of the plurality of endpoint devices to identify network-wide activity patterns;
identifying, by the central server system using a network-wide security protocol, one or more network-wide anomalous indicators on a network level across the plurality of endpoint devices based at least in part on the identified network-wide activity patterns; and
responding, by the central server system, to the one or more network-wide anomalous indicators on the network level across the plurality of endpoint devices based at least in part on the network-wide security protocol,
wherein the central server system comprises a computer processor and an electronic storage medium, and
wherein each of the plurality of autonomous agents is capable of identifying and responding to the one or more local anomalous indicators of the corresponding endpoint device independently of the central server system.

US Pat. No. 10,462,170

SYSTEMS AND METHODS FOR LOG AND SNORT SYNCHRONIZED THREAT DETECTION

Alert Logic, Inc., Houst...

1. A method for automated threat detection in a computer network, the method comprising:temporally correlating time segments parsed from a log stream and tagged time segments from an intrusion detection system stream to identify correlated time segments, the correlating performed by a server computer configured for monitoring network traffic to and from the computer network;
extracting features from a correlated time segment identified from the correlating, the extracting performed by the server computer and comprising determining tuples associated with the correlated time segment, each tuple containing a message type, a location, and an out of vocabulary word in the correlated time segment;
generating a multidimensional feature vector for the correlated time segment, the multidimensional feature vector containing a select number of the tuples; and
providing the multidimensional feature vector for the correlated time segment as input to a machine learning module, the machine learning module implementing a machine learning model and operable to determine, based on the machine learning model, whether the correlated time segment indicates a true incident.

US Pat. No. 10,462,169

LATERAL MOVEMENT DETECTION THROUGH GRAPH-BASED CANDIDATE SELECTION

SPLUNK INC., San Francis...

1. A method, comprising:accessing, by a computer system, event data indicative of a plurality of events related to a plurality of entities associated with a network;
identifying, by the computer system, based on the event data, lateral movement candidate entities by identifying a subset of the plurality of entities as being associated with particular events that indicate lateral movement in the network;
creating, by the computer system, based on the event data, a graph data structure that is indicative of a sequence of events associated with the lateral movement candidate entities, wherein the graph data structure includes a plurality of nodes and one or more connections between the nodes, each of the nodes represents an entity of the plurality of entities and is associated, via the graph data structure, with a feature vector that is derived from a set of events that are associated with the node, and a connection from a first node to a second node in the graph data structure represents a sequence of events in the plurality of events; and
analyzing, by the computer system, the graph data structure to identify a potential security threat by identifying a subset of the lateral movement candidate entities that are associated with a particular sequence of events.

US Pat. No. 10,462,168

ACCESS CLASSIFYING DEVICE, ACCESS CLASSIFYING METHOD, AND ACCESS CLASSIFYING PROGRAM

NIPPON TELEGRAPH AND TELE...

6. An access classifying device comprising processing circuitry configured to:generate multiple trees, in which at least a first server and a second server are nodes and a command for transferring an access from the first server to the second server is an edge;
calculate a degree of similarity between the trees in accordance with a degree of matching between partial trees included in each of the trees generated;
classify the trees into multiple groups that are made up of trees, between which the degree of similarity is high, in accordance with the degree of similarity calculated; and
generate a partial tree that represents a characteristic of each group as a representative tree for each group that is obtained during the classifying.

US Pat. No. 10,462,167

USING DATA SCIENCE TO AID IN DETECTION OF UNAUTHORIZED DISTRIBUTION

Synamedia Limited, Stain...

1. A method performed by a system that includes at least one processor, the method comprising:obtaining subscriber data of a plurality of subscribers, wherein said subscriber data comprises at least one of: consumption data relating to subscribed content consumption by said plurality of subscribers, or network data relating to data transmittal via one or more computer networks by the plurality of subscribers, wherein said subscriber data comprises a number of times a subscriber tuned in or out during a particular time period and/or for a particular program identifier and a number of times the subscriber raised an electronic program guide during a particular time period and/or with for a program identifier;
detecting anomalous data by comparing subscriber data of different subscribers in the plurality of subscribers;
identifying one or more suspected subscribers out of the plurality of subscribers as being suspected of unauthorized subscribed content distribution, the one of more suspected subscribers being associated with the anomalous data; and
providing a respective identity for the one or more suspected subscribers.

US Pat. No. 10,462,166

SYSTEM AND METHOD FOR MANAGING TIERED BLACKLISTS FOR MITIGATING NETWORK ATTACKS

Arbor Networks, Inc., We...

1. A computer-implemented method to manage blacklists used for mitigating threat traffic associated with a network attack, the method comprising:manage, using a central blacklist manager, first, second and third mitigation systems, wherein the first mitigation system includes a first blacklist, the second mitigation system includes a second blacklist and the third mitigation system includes a third blacklist and wherein the first blacklist is upstream the second and third blacklists with the second blacklist being upstream to the third blacklist relative to one or more protected devices, and wherein the central blacklist manager has a processor such that upon execution of instructions is configured to:
monitor the first blacklist used by a first mitigation process of the first mitigation system and determine an amount of time a blacklist entry has been on the first blacklist;
monitor the second blacklist used by a second mitigation process of the second mitigation system and determine an amount of time a blacklist entry has been on the second blacklist;
monitor the third blacklist used by a third mitigation process of the third mitigation system and determine an amount of time a blacklist entry has been on the third blacklist, whereby a blacklist entry is moved from the third blacklist to the second blacklist if it is determined the blacklist entry was on the third blacklist beyond a threshold time, and move a blacklist entry from the second blacklist to the first blacklist if it is determined the blacklist entry was on the second blacklist beyond the threshold time;
determine an amount of time entries are included with the first blacklist;
determine if any of the time entries have been included with the first blacklist for more than a threshold amount of time; and
remove from the first blacklist each blacklist entry determined to have been included with the first blacklist for more than the threshold amount of time.

US Pat. No. 10,462,165

INFORMATION SECURITY IMPLEMENTATIONS WITH EXTENDED CAPABILITIES

8x8, Inc., San Jose, CA ...

1. A security system comprising:at least one central server coupled to a plurality of client computers and configured to:
provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the plurality of client computers, the trigger events defined by the configuration data as a function of a sensitivity level of the sensitive data and monitored data communications;
in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications therefrom;
restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data;
receive identified data from applications running on the plurality of client computers and that indicates an access of sensitive data matching the criteria indicated by the configuration data;
in response to the identified data indicating that a first trigger event occurred, determine whether or not the identified data indicates that a second trigger event occurred, wherein the first trigger event includes at least access of an external email address and the second trigger event includes at least use of a cut and paste operation; and
select and perform a security action based on the determination of the occurrence of the first and second trigger events, an association between the first and second trigger events, and a risk-level based on the association of the first and second trigger events.

US Pat. No. 10,462,164

RESISTING THE SPREAD OF UNWANTED CODE AND DATA

GLASSWALL (IP) LIMITED, ...

1. A method of processing an electronic file to create a substitute electronic file containing only allowable content data, the method comprising:receiving, at a computer system, an incoming electronic file containing content data encoded and arranged in accordance with a predetermined file type;
determining a purported predetermined file type of the incoming electronic file by analyzing the encoded and arranged content data, and an associated set of rules specifying allowable content data for the purported predetermined file type;
determining nonconforming data in the content data by determining that the nonconforming data does not conform to the predetermined data format;
determining that the nonconforming data is authorized by determining that the nonconforming data is not a threat;
extracting, from the incoming electronic file, the nonconforming data by removing the nonconforming data from the incoming electronic file; and
if the nonconforming data is determined to be authorized, regenerating the nonconforming data to create the substitute electronic file in the purported file type by inserting the nonconforming content data into the substitute electronic file,
wherein the incoming electronic file is not scanned for unwanted code.

US Pat. No. 10,462,163

RESISTING THE SPREAD OF UNWANTED CODE AND DATA

GLASSWALL (IP) LIMITED, ...

1. A method of processing an electronic file to create a substitute electronic file containing only allowable content data, the method comprising:receiving an incoming electronic file containing content data encoded and arranged in accordance with a predetermined file type at a server;
determining a purported predetermined file type of the incoming electronic file analyzing the encoded and arranged content data, and an associated set of rules specifying allowable content data for the purported predetermined file type;
determining at least an allowable portion of the content data by determining if the portion of the content data conforms with the set of rules corresponding to the determined purported predetermined file type;
extracting, from the incoming electronic file, the at least an allowable portion of content data by removing the at least an allowable portion of content data from the incoming electronic file;
creating a substitute electronic file in the purported predetermined file type by inserting the at least an allowable portion of content data into the substitute electronic file;
forwarding the substitute regenerated electronic file; and
forwarding the incoming electronic file to an inbox of the recipient if a portion, part or whole of the content data does not conform, and the intended recipient of the incoming electronic file has not pre-approved the predetermined data format and sender of the electronic file, only when the intended recipient is notified by the server and approves the electronic file at the time of receipt at the server.

US Pat. No. 10,462,162

DETECTING MALICIOUS PROCESSES BASED ON PROCESS LOCATION

Rapid7, Inc., Boston, MA...

1. A method for identifying malicious processes, the method comprising:receiving, using an interface, at least one path indicating where a process was launched;
determining, using an analysis module executing instructions stored on a memory, a number of times the process was launched;
determining a number of different paths the process was launched from;
computing, using the analysis module, at least one inequality indicator for the at least one path based on the number of times the process was launched and the number of different paths the process was launched from to determine whether the process is malicious, wherein the inequality indicator is based on a pattern across multiple paths that is identified autonomously and not previously defined; and
isolating the process upon determining the process is malicious, wherein isolating the malicious process includes relocating the malicious process to a quarantine module for analysis.

US Pat. No. 10,462,161

VEHICLE NETWORK OPERATING PROTOCOL AND METHOD

GM GLOBAL TECHNOLOGY OPER...

1. A communication network comprising:a plurality of nodes, each of the nodes being operably connected to a bus, a transmitting node of the plurality of nodes being configured to communicate in accordance with a predetermined protocol a data communication having a predetermined frame structure via the bus to a receiving node of the plurality of nodes, which is configured to receive the data communication,
wherein each data communication contains information to be communicated, and
the receiving node is configured to determine from the data communication a compromised state of the transmitting node and to initiate a response strategy, and the transmitting node being configured to disassociate from the bus in accordance with the response strategy, wherein
in accordance with the response strategy the receiving node is configured to induce the transmitting node to dissociate from the bus by being configured to engage in communication activity of a nature to be perceived by the transmitting node as if the transmitting node has generated communication errors such that the transmitting node self-determines to dissociate from the bus in accordance with the predetermined protocol.

US Pat. No. 10,462,160

METHOD AND SYSTEM FOR IDENTIFYING UNCORRELATED SUSPICIOUS EVENTS DURING AN ATTACK

CHECK POINT SOFTWARE TECH...

1. A method for identifying events associated with a malware attack initiated on a computerized endpoint, comprising:obtaining a listing of a sequence of processes executed or created on the computerized endpoint during the malware attack, the sequence of processes in the listing including a first process, that includes a root of the malware attack, and a plurality of processes, each respective process in the plurality of processes being traceable back to the first process through a linkage formed from a combination of executions and creations of the processes in the sequence of processes, wherein the plurality of processes includes all processes that are linked to the first process, wherein the root is the first malicious execution on the computerized endpoint that is part of the malware attack;
retrieving at least one event that occurred on the computerized endpoint during a time interval associated with the malware attack; and
determining that occurrence of the at least one event that occurred on the computerized endpoint during the time interval associated with the malware attack was caused by the execution of a process excluded from the obtained listing of the sequence of processes.

US Pat. No. 10,462,159

BOTNET DETECTION SYSTEM AND METHOD

NTT INNOVATION INSTITUTE,...

1. A botnet detection system, comprising:a network having one or more nodes and one or more command and control devices coupled to each other;
a storage device having a plurality of pieces of data about the network including a plurality of internet protocol addresses with each internet protocol address corresponding to one of a node, a command and control devices and at least one known botnet and network traffic flow data indicating a communication between one of at least one node and at least one command and a communication and at least one known botnet and a domain name service cache; and
a botnet detection component coupled to the storage device, the botnet detection component detecting a new botnet by matching the network traffic flow data against an IP address of the at least one known botnet.

US Pat. No. 10,462,158

URL SELECTION METHOD, URL SELECTION SYSTEM, URL SELECTION DEVICE, AND URL SELECTION PROGRAM

NIPPON TELEGRAPH AND TELE...

1. A URL selection method to be executed in a URL selection device that is connected to a wide area network, the method comprising:a first extraction step of extracting URLs up to an upper limit value of the number of URLs set to each of URL groups in a range where a total number of URLs is within a predetermined number of URLs, in order of priority set to each of the URL groups, from each of the URL groups which are differently identified by analyzing a same traffic log by a respective different analysis technique from different categories of analysis techniques, the traffic log being obtained from a terminal device configured to collect the traffic log in a first network that connects to the wide area network, wherein the wide area network is accessible by at least one of an attacker terminal, a malware distribution server, and a malicious server;
a second extraction step of further extracting URLs within the predetermined number of URLs, based on the priority, when the total number of URLs extracted from each of the URL groups in the first extraction step is less than the predetermined number of URLs;
generating a URL list based on the extracted URLs; and
distributing the URL list to a security-related device as destination URLs, accesses from which are to be filtered,
wherein the order of priority for extracting the URLs and the upper limit value is set to each of the URL groups according to the respective different analysis technique of the respective URL group, and the order of priority and the upper limit value is assigned based at least partially on whether or not a malicious URL was detected during a previous evaluation performed on a URL group identified by each of the different analysis techniques.

US Pat. No. 10,462,157

MULTI-PATTERN MATCHING ALGORITHM AND PROCESSING APPARATUS USING THE SAME

KOREA ADVANCED INSTITUTE ...

1. A method for multi-pattern matching in a network intrusion detection system (NIDS) including a processor and memory, the method comprising:a moving step of moving, by the processor, a moving window from the start of a payload string in a payload of a packet one byte by one byte;
a DF1 checking step of converting, by the processor, a string on a current position of the moving window into an integer value, and of checking, by the processor, whether or not a bit of a related position in a first direct filter DF1 stored in the memory for patterns having lengths larger than 2 bytes is set to 1;
a DF moving step of checking, by the processor, one or more direct filters DF when the bit is set to 1 according to the DF1 checking step;
a re-moving step of moving, by the processor, the moving window by one byte again when the bit of a related position in a direct filter DF, which has been checked lastly, is 0;
a terminating step of checking, by the processor, whether the moving window is located at the end of the payload string or not, and of terminating the method when the moving window is positioned at the end of the payload string; and
a pattern identification step of identifying, by the processor, multiple patterns existing in the payload of the packet based on a bit of a related position in the one or more direct filters DF which is set to 1.

US Pat. No. 10,462,156

DETERMINING A REPUTATION OF DATA USING A DATA VISA

McAfee, LLC, Santa Clara...

1. At least one computer-readable medium comprising one or more instructions that, when executed by at least one processor, perform a method comprising:receiving data in a data flow;
extracting a data visa from the data flow, wherein the data visa travels with the data through the data flow and includes reputation determination information from at least one previous hop network element in the data flow;
bypassing a security filter based on the reputation determination information;
determining a reputation of the data based on the data and the reputation determination information, wherein the reputation of the data is determined from meta data included in the data visa, and the meta data includes a title or role of a user, a geo-location of the user, or a historic data use profile of the user;
storing the reputation of the data in the data visa; and
communicating the data visa and the data to a next network element in the data flow.

US Pat. No. 10,462,155

ELECTRONIC CONTROL UNIT PROTECTION FRAMEWORK USING SECURITY ZONES

Cylance Inc., Irvine, CA...

1. A system comprising:at least a portion of a communications bus;
at least one electronic control unit (ECU) electrically coupled between a plurality of nodes and the portion of the communications bus;
at least one security module comprising (i) at least one data processor and (ii) an encoding device, the at least one security module electrically coupled to the at least one ECU and the portion of the communications bus; and
memory-storing instructions, which when executed by at least one data processor result in operations comprising:
monitoring, by at least one data processor of at least one security module, a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus;
measuring, by at least one data processor, a voltage differential across at least two of the plurality of voltage lines of the at least one ECU;
comparing, by at least one data processor, the voltage differential to a plurality of predetermined signal fingerprints associated with the at least one ECU;
identifying, by at least one data processor and based on the comparing, a variance in the compared voltage differential relative to one or more of the plurality of predetermined signal fingerprints;
encoding, by the encoding device, data characterizing the identified variance, wherein the encoding is a forward error correction that injects the data characterizing the identified variance into an existing data stream on the communications bus; and
providing, by at least one data processor, the data characterizing the identified variance.

US Pat. No. 10,462,154

RESTRICTING COMMUNICATIONS BETWEEN SUBSCRIBER MACHINES

1. A method of transferring information between subscribers, the method comprising:determining, by a processing device, whether a first handle address is included in a group of handle addresses for a group of subscriber devices, the first handle address associated with a first subscriber device, the first handle address being a first proxy address distinct from a first IP address assigned to the first subscriber device, at least two subscriber devices of the group of subscriber devices associated with different handle addresses, the different handle addresses associated with a group of handle addresses, the different handle addresses being proxy addresses distinct from IP addresses assigned to the at least two subscriber devices;
transmitting, by the processing device, information from the first subscriber device to the group of subscriber devices in response to the first handle address included in the group of handle addresses based on an individual encryption associated with the first subscriber device;
tracking, by the processing device, a handle address associated with a subscriber device in the group of subscriber devices;
updating, by the processing device, subscription information associated with the subscriber device in the group of subscriber devices; and
transmitting, by the processing device, an exclusion of membership in the group of subscriber devices to the first subscriber device.

US Pat. No. 10,462,152

SYSTEMS AND METHODS FOR MANAGING CREDENTIALS USED TO AUTHENTICATE ACCESS IN DATA PROCESSING SYSTEMS

Microsoft Technology Lice...

1. A system comprising:a processor and memory; and
machine readable instructions stored in the memory and executed by the processor, configured to:
receive a first request to replace a first credential used to access one or more resources with a second credential that is to be subsequently used to access the one or more resources;
in response to receiving the first request, perform a transitional secret procedure by replacing the first credential with the second credential and by allowing temporary subsequent use of the first credential to access the one or more resources for a predetermined period, wherein a length of the predetermined period is based on a determined level of access associated with a requesting device that is using the first credential to request access to the one or more resources during the predetermined period, such that the predetermined period is different for different levels of access;
as a part of performing the transitional secret procedure, cause the transitional secret procedure to be transparent to the requesting device such that only the system, which operates as a central authentication system for granting or denying requests to access the one or more resources, is knowledgeable that both the first credential and the second credential are usable to access the one or more resources during the predetermined period; and
in response to receiving a second request to access the one or more resources using the first credential after replacing the first credential with the second credential, where the second request is received from the requesting device:
allow the requesting device to access the one or more resources using the first credential during the predetermined period, wherein both the first credential and the second credential are usable to access the one or more resources during the predetermined period, which is based on the determined level of access of the requesting device; and
generate an indication for a system administrator that the first credential was used to access the one or more resources.

US Pat. No. 10,462,151

TEMPORARY ACCESS OF A USER PROFILE

Avaya Inc., Santa Clara,...

1. A method, comprising:receiving, by an accessing device of a contact center from a user device of a user, access data, the access data comprising a user identifier for the user, an identifier identifying a third party having profile data of the user, and a user-predefined condition which must be satisfied for the profile data to be temporarily accessible by the contact center, wherein a communication is established between the user device and an agent device of a plurality of agent devices of the contact center;
after extracting the identifier identifying the third party from the access data to make the accessing device aware of the third party, determining a route for the accessing device to access the user profile from the third party and transmitting, by the accessing device, a request to the third party to temporarily access the profile data during a time period when the condition is satisfied, the request including the user identifier; and
temporarily accessing, using the accessing device, the user profile when the request is granted and providing the agent device with access to the user profile.

US Pat. No. 10,462,150

MULTICOMPUTER PROCESSING OF USER DATA WITH CENTRALIZED EVENT CONTROL

Bank of America Corporati...

1. A computing platform, comprising:at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
establish, via the communication interface, a first connection to a subordinate user computing device;
while the first connection is established, receive, via the communication interface, from the subordinate user computing device, a request to authorize an event;
establish, via the communication interface, a second plurality of connections to a plurality of social media service computing platforms;
while the second plurality of connections is established, receive first information from at least one of the plurality of social media service computing platforms;
determine, based on a comparison of the request to authorize the event with the first information received from the at least one of the plurality of social media service computing platforms, to authorize the request;
in response to determining to authorize the request, generate a command directing an event validation computing platform to authorize the event;
transmit, prior to transmitting the command, to a supervisory user computing device associated with a supervisory user, a request for supervisory authorization of the event;
receive, from the supervisory user computing device associated with a supervisory user, a command instructing the computing platform to authorize the event;
compare the request for supervisory authorization of the event with the command received from the supervisory user computing device instructing the computing platform to authorize the event;
determine, based on the comparing of the request for supervisory authorization of the event with the command received from the supervisory user computing device instructing the computing platform to authorize the event, at least one difference between the request for supervisory authorization of the event and the command received from the supervisory user computing device instructing the computing platform to authorize the event; and
prior to transmitting the command directing the event validation computing platform to authorize the event, modify, based on the at least one difference, the command directing the event validation computing platform to authorize the event; and
transmit, via the communication interface, to the event validation computing platform, the command directing the event validation computing platform to authorize the event, wherein transmitting the command directing the event validation computing platform to authorize the event causes the event validation computing platform to execute one or more actions enabling the subordinate user computing device to initiate the event.

US Pat. No. 10,462,149

DEVICE MANAGEMENT SYSTEM

Family Zone Cyber Safety ...

1. A system for managing Internet usage of a plurality of network enabled user devices, the system comprising:a policy storage that stores information indicative of a plurality of usage policy sets applicable to a plurality of user devices, each usage policy set defining Internet usage permissions and/or Internet usage restrictions for a user device and each usage policy set managed by an authorized user; and
an access point that facilitates access to the Internet, the access point separate to the user devices and configured to control access to the Internet by each user device locally disposed relative to the access point, the access point communicating with each locally disposed user device, and the access point enforcing Internet usage permissions and/or Internet usage restrictions for each locally disposed user device;
a policy server remotely disposed relative to the access point and the user devices, and the policy server and the access point in networked communication with each other; and
user device identification information for each user device associated with the system, each user device identification information being indicative of and unique to a user device associated with the system and being stored separately relative to the user device;
wherein each user device is associated with a usage policy set in the policy storage using the device identification information unique to the user device, wherein the stored policy set for a user device is accessible through the Internet by an authorized user associated with the user device from a remote location to enable the authorized user to define Internet usage permissions and/or Internet usage restrictions for the user device;
wherein the access point is configured to:
identify the device identification information of a user device when the user device connects to the access point and requests access to the Internet; and
send the identified device identification information and information indicative of the request to access the Internet to the policy server;
wherein the policy server is configured to:
receive the identified device identification information and information indicative of the request to access the Internet;
use the identified device identification information to retrieve the usage policy set associated with the user device from the policy storage;
obtain a decision to allow or deny the request to access the Internet by the user device based on the retrieved usage policy set associated with the user device; and
send information indicative of the decision to the access point; and
wherein the access point enforces the decision and thereby permits or prevents the requested access to the Internet by the user device.

US Pat. No. 10,462,148

DYNAMIC DATA MASKING FOR MAINFRAME APPLICATION

Tata Consultancy Services...

1. A processor-implemented method executed by a computing device for dynamic masking data associated with a mainframe application hosted on a mainframe server, the method comprising:receiving, via one or more hardware processors comprised in the computing device, a request to access a mainframe application from a user through a user-profile associated with the user and comprising identity information of the user attempting to access the mainframe application, wherein an authentication status of the user profile is valid;
retrieving, via the one or more hardware processors, a role assigned to the user-profile from a roles repository, wherein the role associated with the user-profile defines one or more rights to access information from the mainframe application, and wherein the role is defined based on an identity of the user;
initiating, via the one or more hardware processors, corresponding to the request an access session with the mainframe server for accessing the mainframe application, wherein the role assigned to the user-profile is associated with the access session;
receiving, via the one or more hardware processors, a screen, corresponding to the access session, comprising a plurality of fields, wherein one or more field of the plurality of fields comprises sensitive data associated with the mainframe application;
identifying, via the one or more hardware processors, uniqueness in the screen corresponding to the access session from the mainframe application, wherein identifying the uniqueness comprises determining contextual information associated with the plurality of fields of the screen and identifying differentiation of similar fields from the plurality of fields, based on relationship among the plurality of fields, wherein the uniqueness in the screen is identified by,
parsing data associated with the plurality of fields of the screen to form fragments of the data to identify relationship among the plurality of fields; and
systematically storing the fragments of the data in a traversable structure, wherein systematically storing the fragments of the data in the traversable structure facilitates in determining the contextual information and differentiate similar fields of the plurality of fields in the screen;
fetching, via the one or more hardware processors and from a rules repository, at least one rule corresponding to the screen based on the role and the uniqueness of the screen, wherein the at least one rule is configured for defining masking logic and identifying the one or more fields of the screen to be masked; and
masking, via the one or more hardware processors, the one or more fields of the screen based on the at least one rule, the contextual information associated with the one or more fields, and the differentiation of the similar fields,
wherein the masking comprises configuring an intermediate representation information comprising the contextual information associated with context of the plurality of fields of the screen, the context comprising position, and relationship between the plurality of fields.

US Pat. No. 10,462,147

NETWORK DEVICE ISOLATION FOR ACCESS CONTROL AND INFORMATION SECURITY

Bank of America Corporati...

1. An information security system comprising:a switch configured to provide network connectivity for one or more endpoint devices to a network;
a network authentication server operably coupled to the switch and configured to:
authenticate endpoint devices connected to the switch;
send a device identifier for a device to a threat management server in response to the endpoint device connecting to a port on the switch; and
the threat management server operably coupled to the switch and the network authentication server comprising:
a memory configured to store:
a port lease log file identifying:
endpoint devices with a lease for a port on the switch; and
port lease periods that indicates a time period an endpoint device is allowed to access the network; and
a device log file identifying:
endpoint devices that have failed authentication with the network authentication server; and
endpoint devices that have passed authentication with the network authentication server; and
a threat management engine implemented by a processor configured to:
identify the endpoint device for isolation in response to receiving the device identifier, comprising:
determining the endpoint device is present in the device log file using the device identifier;
determining the number of times the endpoint device has failed authentication exceeds a first threshold value within a first predetermined time period;
determining the number of times the endpoint device has passed authentication is less than a second threshold value within a second predetermined time period that is a greater period of time than the first predetermined time period; and
determining the endpoint device does not have a lease for the port on the switch; and
send a reroute command to the switch identifying the endpoint device in response to identifying the endpoint device for isolation, wherein:
the switch is configured to transform the destination of traffic associated with the endpoint device to a safe zone in response to the receiving the reroute command; and
traffic in the safe zone associated with the endpoint device is recorded;
wherein:
the threat management engine is configured to add the endpoint device to a blacklist identifying endpoint devices that are prohibited from accessing the network in response blocking the endpoint device from accessing the network; and
adding the endpoint device to the blacklist triggers the network authentication server to automatically fail authentication for the endpoint device when the endpoint device connects to the switch.

US Pat. No. 10,462,146

LEVERAGING A REGULATED NETWORK TO ENABLE DEVICE CONNECTIVITY IN A RESTRICTED ZONE

International Business Ma...

1. A method comprising:locating a component of an environment having available bandwidth for performing a task;
granting authorization to connect a device associated with the task to the component, wherein granting authorization to connect the device to the component comprises:
authorizing the device to connect to the component by determining that the device is an approved device;
authorizing a user associated with the device by determining that the user has access rights in the environment;
authorizing the component by determining that the component can support the connection to the device;
determining that the component is available for connection to the device; and
determining that the user is within a given distance of the component to permit connection to the component;
in response to determining that a set of one or more conditions are met, connecting the device to the component, wherein the connection provides network connectivity to the device via the component; and
dynamically adjusting bandwidth allocation of the component during the performance of the task based on one or more of bandwidth usage and bandwidth availability of the component;
wherein locating the component further comprises:
determining current bandwidth usage;
determining predicted bandwidth usage based on historical data; and
determining the available bandwidth based on the current bandwidth usage and the predicted bandwidth usage; and
wherein the steps of the method are implemented via at least one processor operatively coupled to a memory.

US Pat. No. 10,462,145

METHOD AND APPARATUS FOR CONTROLLING ACCESS TO CUSTOM BROWSER FUNCTIONALITY

The DIRECTV Group, Inc., ...

1. A method for controlling an access to a custom browser function, the method comprising:sending, by a processor, a request to a third party website;
receiving, by the processor, in response to the sending, a hypertext markup language code and a browser script;
rendering, by the processor, the hypertext markup language code;
detecting, by the processor, that the browser script is trying to access the custom browser function, wherein the custom browser function comprises a script, wherein the script comprises a javascript object that is not created by a manufacturer of a browser embedded in a system of the processor, and wherein the script includes a function call to check an access control list;
comparing, before allowing the browser script to access the custom browser function, by the processor, in response to the detecting, one or more parameters associated with the custom browser function to a corresponding one or more parameters in the access control list to control the access of the custom browser function, wherein the one or more parameters comprise at least one of: a domain, a path and an object; and
executing, by the processor, in response to the comparing, the custom browser function when a match of the one or more parameters is found in the corresponding one or more parameters in the access control list.

US Pat. No. 10,462,144

SYSTEMS AND METHODS FOR MANAGING PRIVACY SETTINGS OF SHARED CONTENT

Google LLC

1. A system for managing privacy of shared content, the system comprising:a terminal device, the terminal device comprising:
a content receiving device configured to receive content;
a storage configured to store content by the content receiving device;
a privacy setting determiner configured to determine privacy settings associated with a representation of an object contained in the received content, the representation of the object being associated with a user of an online account that is not associated with the terminal device;
a content obfuscator configured to obfuscate at least a portion of the received content based on the privacy settings of the representation of the object contained in the received content to generate obfuscated content,
wherein the content obfuscator comprises:
a content partitioner configured to partition the received content into a plurality of layers, the plurality of layers having two or more levels of fidelity;
a key generator configured to generate an encryption key;
a layer encryptor configured to encrypt at least one of the plurality of layers using the generated encryption key; and
an obfuscated content generator configured to generate the obfuscated content by combining the encrypted at least one of the plurality of layers with a remainder of the plurality of layers; and
a transmitter configured to transmit the obfuscated content; and
a server device, the server device comprising:
a receiver configured to receive the obfuscated content from the transmitter of the terminal device;
a publisher configured to publish the obfuscated content to one or more third parties, wherein the receiver is configured to receive a request to change privacy settings of the object of the received content; and
a de-obfuscator configured to, based on the received request to change privacy settings, de-obfuscate the at least a portion of the received content to generate de-obfuscated content, wherein the publisher is configured to publish the de-obfuscated content to one or more third parties based on the received request to change privacy settings.

US Pat. No. 10,462,143

METHOD AND SYSTEM FOR ELECTRONIC MAIL ATTACHMENT MANAGEMENT

Capital One Services, LLC...

1. A method of preventing unauthorized access to electronic mail attachment, comprising:receiving, from an administrator computing device at a message management system, one or more files designated as sensitive files;
for each file of the one or more files, converting, by the message management system, the file to one or more images;
generating, by the message management system, one or more hash values by applying a hash function to each of the one or more images corresponding to the file;
storing, by the message management system, the one or more hash values in a database;
receiving, from a client device at the message management system, an outgoing electronic message comprising an attached file;
generating, by the message management system, one or more attachment hash values for the attached file by applying the hash function to the attached file by:
converting the attached file to one or more attachment images; and
applying the hash function to the one or more attachment images;
comparing, by the message management system, the one or more attachment hash values to the database storing the one or more hash values associated with the one or more files designated as sensitive files;
determining, by the message management system, that at least one attachment hash value of the one or more attachment hash values matches at least one hash value of the one or more hash values stored in the database; and
blocking, by the message management system, the outgoing electronic message.

US Pat. No. 10,462,142

TECHNIQUES FOR IMPLEMENTING A DATA STORAGE DEVICE AS A SECURITY DEVICE FOR MANAGING ACCESS TO RESOURCES

Oracle International Corp...

1. A non-transitory computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising instructions configured to cause the one or more processors to perform processing comprising:determining that a user associated with a device is not authenticated to access a resource requested at the device, wherein access to the resource is controlled by an access management system;
identifying a storage device that is connected to the device, wherein the storage device is identified to verify registration of the storage device as a security device for authentication of the user;
determining that device information about the storage device is stored at a first location on the storage device, wherein the device information includes an identifier of the storage device;
generating, using a hashing process, an access key for verifying registration of the storage device, wherein the access key is generated based at least in part on the device information;
generating key data based on a first decryption, using the access key, of security data stored at a second location on the storage device, wherein the key data includes a private key;
transmitting a message to request the access management system to verify registration of the storage device as the security device, wherein the message is encrypted using the private key, and wherein the message includes user information about the user and the device information;
receiving, from an access management system, a response to the request to verify registration of the storage device, wherein the response includes access data to enable access to the resource requested at the device, wherein the access data is generated based on verifying that the storage device is registered with the access management system for the user, and wherein the access data is encrypted using a public key associated with registration of the storage device for the user at the access management system;
generating decrypted access data based on a second decryption of the access data using the private key; and
enabling access to the resource using the decrypted access data.

US Pat. No. 10,462,141

NETWORK DEVICE INFORMATION VALIDATION FOR ACCESS CONTROL AND INFORMATION SECURITY

Bank of America Corporati...

1. A system comprising:a threat management server in a network, comprising:
a memory configured to store:
a device log file identifying device information for endpoint devices that have passed authentication;
a threat management engine implemented by a processor, and configured to:
select an endpoint device from the device log file;
determine a device identifier for the endpoint device based on the device log file;
identify a switch connected the endpoint device based on the device log file;
send an information request comprising the device identifier to the switch, wherein the information request requests device information for the endpoint device;
receive device information for the endpoint device in response to sending the information request;
compare the received device information for the endpoint device to device information for the endpoint device in the device log file;
determine the received device information does not match the device information for the endpoint device in the device log file; and
block the endpoint device from accessing the network in response to determining the received device information does not match the device information for the endpoint device in the device log file; and
the switch operably coupled to the threat management server, configured to:
receive the information request for the endpoint device;
interrogate the endpoint device to collect device information for the endpoint device in response to receiving the information request; and
send the collected device information to the threat management server.

US Pat. No. 10,462,140

DATA TRANSMISSION AUTHENTICATION AND SELF-DESTRUCTION

Bank of America Corporati...

1. A system comprising:at least one network device configured to facilitate communications between a first computing device and a second computing device; and
at least one processor associated with the at least one network device, wherein the communications comprise instructions that, when executed by the at least one processor, cause the at least one network device to:
determine whether the at least one network device comprises a token associated with a token chain within the communications, wherein the token chain is configured to authorize the at least one network device to process the communications, and wherein the token includes a random string of characters and the token chain defines a path of authorized systems for transmission through a network;
in response to determining that the token is associated with the token chain, process the communications; and
in response to determining that the token is not associated with the token chain, destruct the communications.

US Pat. No. 10,462,139

SCALABLE UNIVERSAL FULL SPECTRUM CYBER CYBER DETERMINING PROCESS

1. A scalable universal full spectrum cyber determining process, said scalable universal full spectrum cyber determining process comprising:utilizing (a) at least one computing device (b) criteria selected from criteria that may be utilized by said cyber determining process, (c) selected information, (d) selected necessary programming, and (e) any other necessary resource, all of which being structured and utilized for providing at least one cyber determination;
wherein said at least one cyber determination is selected from the group consisting of a full spectrum of cyber determinations;
wherein said at least one cyber determination is utilized for at least one purpose selected from the group consisting of a full spectrum of purposes for which cyber determinations may be utilized;
wherein said information is derived from at least one member selected from the group consisting of (a) at one or more points in time, and (b) over at least one period of time;
wherein said information is selected from the group consisting of a full spectrum of useful information that may be utilized by said cyber determining process;
wherein said full spectrum of useful information that may be utilized by said cyber determining process may include information that was derived from at least one sensor observation;
wherein said at least one sensor observation provides information regarding at least one aspect of at least one subject of said at least one sensor observation;
wherein at least one cyber determination regarding said at least one subject of at least one sensor observation is selected from the group consisting of the full spectrum of cyber determinations regarding subjects of sensor observations;
wherein said at least one aspect of at least one subject of at least one sensor observation is selected from the group consisting of a full spectrum of observable aspects of subjects of sensor observations;
wherein said at least one subject of at least one sensor observation is selected from the group consisting of a full spectrum of subjects of sensor observations;
wherein said cyber determining process utilizes at least one observed characteristic regarding at least one aspect of said at least one subject of at least one sensor observation;
wherein said at least one observed characteristic is selected from the group consisting of a full spectrum of observable characteristics of subjects of sensor observations;
wherein said at least one sensor observation is at least one type of sensor observation selected from the group consisting of (a) visual sensor observations, (b) audible sensor observations, (c) thermal sensor observations, (d) olfactory sensor observations (e) tactile sensor observations, and (f) any other type of sensor observation selected from the group consisting of a full spectrum of types of sensor observations;
wherein said at least one sensor observation has at least one characteristic selected from the group consisting of a full spectrum of characteristics of sensor observations;
wherein each said scalable cyber determining process may be configured, in regard to included resources, to fall at one point in a range of from a minimum to a maximum, wherein at the minimum said cyber determining process includes only the resources that are needed for providing for a least complex, in regard to included necessary resources, of all cyber determination needs, and wherein at the maximum said cyber determining process includes all of the resources that are needed for providing every cyber determination from a full spectrum of cyber determinations;
wherein said scalable cyber determining process may determine and utilize at least one measure of adequacy of available resources;
wherein said scalable cyber determining process provides at least one determination selected from the group consisting of (a) at least one single cyber determination, (b) at least one intermittently provided cyber determination, and (c) at least one constantly provided cyber determination; and
wherein said scalable cyber determining process further comprises utilizing at least one part of at least one step selected from the group consisting of
(a) a first series observation step wherein said cyber determining process utilizes at least one sensor observation, wherein at least one subject of said at least one sensor observation has at least one previously determined aspect, said cyber determining process recognizing at least one characteristic regarding said previously determined aspect, said at least one recognized characteristic being utilizable by said cyber determining process in providing said at least one cyber determination, said cyber determining process assigning designations representing (i) said at least one observation, (ii) said at least one known aspect of said at least one observation subject, and (iii) said at least one observed characteristic, said cyber determining process including at least one of said designation in at least one first series observation record,
(b) a second series observation step wherein said cyber determining process utilizes at least one sensor observation, wherein at least one subject of said at least one sensor observation has at least one yet-to-be-determined aspect, said cyber determining process recognizing at least one characteristic regarding said at least one yet-to-be-determined aspect, said cyber determining process assigning designations representing (i) said at least one observation, (ii) said at least one yet-to-be-determined aspect of said at least one observation subject, and (iii) said at least one characteristic regarding said at least one yet-to-be-determined aspect, wherein said cyber determining process including at least one of said designations in at least one second series observation record,
(c) a matching step wherein said cyber determining process matching at least one designation from at least one second series observation record with at least one comparable designation from at least one first series observation record,
(d) a comparing step wherein said cyber determining process comparing designations from at least one second series observation record with designations from at least one comparable first series observation record and providing at least one conclusion from the comparison,
(e) a determining step wherein said cyber determining process utilizes at least one selected from the group of (i) said at least one conclusion from said at least one comparing step, and (ii) said useful information, for making said at least one cyber determination, and
(f) a reporting step wherein said cyber determining process providing at least one report regarding at least one aspect of at least one part of at least one cycle of operation of said cyber determining process.

US Pat. No. 10,462,138

APPLICATION PROGRAMMING INTERFACE ACCESS CONTROLS

Google LLC, Mountain Vie...

1. A method, comprising:receiving a request from a client for a computer authorization challenge to access an application programming interface;
determining whether a previously received response to a previously provided computer authorization challenge to access the application programming interface was generated by a proof of work proxy server instead of generated by the client;
determining a target computational cost for the application programming interface based on the determination that the previously received response to the previously provided computer authorization challenge to access the application programming interface was generated by a proof of work proxy server instead of generated by the client;
determining a computer authorization challenge with a difficulty of completion that satisfies the target computational cost for the application programming interface; and
providing the computer authorization challenge to the client for access to the application programming interface.

US Pat. No. 10,462,137

SECURE CONFIRMATION EXCHANGE FOR OFFLINE INDUSTRIAL MACHINE

Cisco Technology, Inc., ...

1. A method comprising:receiving a request for authorization to commission a target device, wherein
the request for authorization to commission the target device comprises one or more requested commissioning actions, and
the request for authorization to commission the target device further comprises an identification value that identifies the target device;
determining whether each of the requested commissioning actions is authorized,
wherein
the determining comprises
determining a plurality of available licenses by querying an authorization table, wherein
the querying uses the identification value that identifies the target device, and
the available licenses are available for use by the target device, and
identifying one or more authorized commissioning actions for which a license is available for use by the target device, wherein the identifying is performed, at least in part, by comparing each of the requested commissioning actions to the plurality of available licenses;
sending a commissioning authorization, wherein
the commissioning authorization comprises information regarding the one or more authorized commissioning actions for which a license is available;
receiving a commissioning complete confirmation message, wherein
the commissioning complete confirmation message comprises a nonce associated with the target device and a commissioning code, and
the commissioning code comprises information identifying one or more completed commissioning actions;
validating the commissioning complete confirmation message, wherein
the validating comprises determining whether each of the one or more completed commissioning actions is among the one or more authorized commissioning actions; and
in response to determining that each of the one or more completed commissioning actions are among the one or more authorized commissioning actions, sending an acknowledgement message, wherein
the receiving, the determining, the sending the commissioning authorization, the receiving, the validating, and the sending the acknowledgement message are performed by an asset registry.

US Pat. No. 10,462,136

HYBRID CLOUD SECURITY GROUPS

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving a request from a first cloud network of a hybrid cloud environment at a gateway of a second cloud network of the hybrid cloud environment to transmit data from the second cloud network;
automatically analyzing a security tag associated with the data, at the gateway of the second cloud network, to yield an access determination, the automatically analyzing including an analysis of whether the security tag includes any access permissions to the data, the access permissions indicating that the data is allowed to enter the first cloud network; and
based at least in part on the access determination and if the security tag includes the access permissions indicating the data is allowed to enter the first cloud network, allowing the data to exit the second cloud network via the gateway, the hybrid cloud environment configured to prevent unauthorized access to the hybrid cloud environment while providing scalability to accommodate increases and decreases in demand for one or more computing resources, the one or more computing resources including a processing device.

US Pat. No. 10,462,135

SYSTEMS AND METHODS FOR PROVIDING CONFIDENTIALITY AND PRIVACY OF USER DATA FOR WEB BROWSERS

Intel Corporation, Santa...

1. At least one non-transitory machine-readable storage medium comprising a plurality of instructions that, responsive to being executed by processing circuitry of a computing system, cause the computing system to perform electronic operations that:securely store sensitive data associated with a remote service using a sensitive data manager component, with operations to seal the sensitive data and persist the sensitive data to a storage memory of the computing system, wherein the electronic operations to seal and persist the sensitive data are performed by first code executing within a first secure enclave of a trusted execution environment (TEE);
retrieve and decrypt the sensitive data from the storage memory, with the sensitive data manager component, using second code executing within a second secure enclave of the TEE;
communicate the sensitive data, from the sensitive data manager component to a secure communication manager, using a secure channel in the TEE;
transmit, with the secure communication manager, the sensitive data from the TEE to the remote service using an encrypted connection established by the secure communication manager, responsive to user activity in a browser that executes within the computing system, wherein the secure storage and the secure channel prevents an unencrypted or unsealed form of the sensitive data from being accessed within the computing system outside of the TEE;
process a browser request to obtain the sensitive data securely stored in the storage memory, the browser request provided from the browser to an application, wherein the browser executes outside the TEE;
communicate the sensitive data from the application to the remote service using the encrypted connection responsive to the browser request to obtain sensitive data;
communicate, via the TEE, a token to the browser, responsive to the browser request to obtain sensitive data;
receive, at the TEE, input form data for a web page rendered by the browser, wherein the input form data includes the token in an input field for the sensitive data; and
replace, via the TEE, the token in the input form data with the unsealed form of the sensitive data.

US Pat. No. 10,462,134

NETWORK DEVICE REMOVAL FOR ACCESS CONTROL AND INFORMATION SECURITY

Bank of America Corporati...

1. An information security system comprising:a switch configured to provide network connectivity for one or more endpoint devices to a network;
a network authentication server operably coupled to the switch and configured to:
authenticate endpoint devices connected to the switch;
send a device identifier for an endpoint device to a threat management server in response to the endpoint device connecting to a port on the switch; and
the threat management server operably coupled to the switch and the network authentication server comprising:
a memory configured to store:
a port lease log file identifying:
endpoint devices with a lease for a port on the switch;
port lease periods that indicate a time period an endpoint device is allowed to access the network; and
a device log file identifying:
endpoint devices that have failed authentication with the network authentication server; and
endpoint devices that have passed authentication with the network authentication server; and
a threat management engine implemented by a processor configured to:
identify the endpoint device for removal in response to receiving the device identifier, comprising:
determining the endpoint device is present in the device log file using the device identifier;
determining the number of times the endpoint device has failed authentication exceeds a first threshold value within a first predetermined time period;
determining the number of times the endpoint device has passed authentication is less than a second threshold value within a second predetermined time period that is a greater period of time than the first predetermined time period; and
determining the endpoint device does not have a lease for the port on the switch;
block the endpoint device from accessing the network via the port on the switch in response to identifying the endpoint device for removal; and
add the endpoint device to a black list identifying endpoint devices that are prohibited from accessing the network in response to blocking the endpoint device from accessing the network.

US Pat. No. 10,462,133

METHOD FOR PROVIDING USER INTERFACE FOR EACH USER, METHOD FOR PERFORMING SERVICE, AND DEVICE APPLYING THE SAME

Samsung Electronics Co., ...

1. A method of performing a service in an electronic apparatus, the method comprising:based on the electronic apparatus detecting an approach of an identifier, receiving identifier information from the identifier;
obtaining address information of a service provider based on the identifier information received from the identifier;
requesting service information to the service provider based on user information of the electronic apparatus and the address information of the service provider;
receiving the service information in response to the request to the service provider; and
displaying the received service information on a display of the electronic apparatus; wherein the identifier information and the address of the service provider are stored in a mapping table, and the address of the service provider is obtained from the mapping table.

US Pat. No. 10,462,132

QUEUE MANAGEMENT BASED ON BIOMETRIC AUTHENTICATION

Capital One Services, LLC...

1. A method, comprising:receiving, by a device, a callback request from a user device, the callback request including:
biometric information, and
a device identifier associated with the user device;
approving, by the device and based on authentication of a user of the user device based on the biometric information, a callback to the user device;
storing, by the device and based on receiving the callback request, call data in a callback queue, the call data including:
the device identifier, and
authentication data indicating a result of the authentication of the user;
providing, by the device and to a callback device and when the callback is to be performed, callback data, the callback data including:
data indicating that the callback is to be performed by the callback device, and
the device identifier; and
providing, by the device and to the callback device, authentication information, the authentication information including:
the authentication data, and
one or more instructions indicating that authentication is not to be performed during the callback.

US Pat. No. 10,462,131

REMOTE DOCUMENT EXECUTION AND NETWORK TRANSFER USING AUGMENTED REALITY DISPLAY DEVICES

Bank of America Corporati...

1. An augmented reality system comprising:a server comprising a memory operable to store a virtual file folder, the virtual file folder comprising a virtual file document;
a first augmented reality user device for a signor comprising:
a first display configured to overlay the virtual file document onto a tangible object in real-time;
a first physical identification verification engine operable to generate a signor identity confirmation token indicating a confirmation of the signor's identity; and
a first gesture capture engine operable to:
capture a gesture motion from the signor, the gesture motion representing a signor digital signature on the virtual file document; and
generate a signor transfer token, the signor transfer token comprising the signor digital signature and the signor identity confirmation token;
a second augmented reality user device for a notary comprising:
a second display configured to overlay the virtual file document onto a tangible object in real-time;
a second physical identification verification engine operable to generate a notary identity confirmation token indicating a confirmation of the notary's identity;
a gesture confirmation engine operable to:
receive the signor identity confirmation token; and
display, via the second display, the gesture motion from the signor, the gesture motion from the signor displayed on the virtual file document;
a second gesture capture engine operable to:
capture a gesture motion from the notary, the gesture motion from the notary representing a notary digital signature on the virtual file document; and
generate a notary transfer token, the notary transfer token comprising the notary digital signature and the notary identity confirmation token; and
the server further comprising:
an interface operable to receive the signor transfer token and the notary transfer token; and
a processor operable to:
generate an executed document using the signor transfer token, the notary transfer token, and the virtual file document; and
store the executed document in the virtual file folder.

US Pat. No. 10,462,130

AUTHENTICATION METHOD AND DEVICE

TENCENT TECHNOLOGY (SHENZ...

1. An authentication method performed at a server having one or more processors and memory storing a plurality of program modules to be executed by the one or more processors, the method comprising:receiving a login request sent by an initiating terminal, the login request comprising a first initiating terminal identifier of the initiating terminal;
searching, among binding relationships between initiating terminal identifiers, authentication terminal identifiers, and registered biological characteristic information according to the first terminal identifier, a target binding relationship matching the first initiating terminal identifier;
when the target binding relationship exists, sending an authentication request to an authentication terminal corresponding to an authentication terminal identifier comprised in the target binding relationship;
receiving biological characteristic information that is sent by the authentication terminal in response to the authentication request, and determining, through comparison, whether the biological characteristic information is consistent with registered biological characteristic information comprised in the target binding relationship, wherein the biological characteristic information that is sent by the authentication terminal is associated with a timestamp indicating when the biological characteristic information was collected by the authentication terminal and the timestamp is used for selecting a subset of the registered biological characteristic information for comparison with the biological characteristic information; and
when the biological characteristic information is consistent with the registered biological characteristic information,
authenticating the login request;
adding the biological characteristic information to the registered biological characteristic information comprised in the target binding relationship; and
deleting a subset of the registered biological characteristic information deemed obsolete according to its respective timestamp if the size of the registered biological characteristic information exceeds a predefined threshold.

US Pat. No. 10,462,129

SYSTEM AND METHOD FOR GAINING ACCESS OF DEVICES BASED ON USER'S IDENTITY

1. A computer implemented method of gaining access of devices based on a user's identity, the computer implemented method being executed on a target device and comprising:detecting, by a proximity sensor, a user worn accessory present in vicinity of the target device;
receiving, by a transceiver, a user identity (UID) from the user worn accessory;
matching, by a processor, the UID with a list of known UID's stored in a memory of the target device, to identify access rights assigned to the UID;
providing, by the processor, an access of the target device to the user, based on the access rights assigned to the UID;
identifying, by the processor, an unauthorized termination of connection between the target device and the user worn accessory; and
sending, by the transceiver, a trigger to the user worn accessory for generating an alarm based on the unauthorized termination of connection.

US Pat. No. 10,462,128

VERIFICATION OF BOTH IDENTIFICATION AND PRESENCE OF OBJECTS OVER A NETWORK

1. A system for verifying both identification and presence of an object, the system comprising:an identification tag associated with a single object, the identification tag comprising: a) an embedded integrated circuit that generates a one-time-password (OTP) upon each use of the identification tag, and b) non-volatile memory that stores a unique identifier, and a uniform resource locator (URL);
a reader comprising a mobile computing device including: a) a Near Field Communication (NFC) sub-system that reads data from the identification tag using radio frequency signals; b) a global navigation satellite system (GNSS) sub-system; c) a network connection device communicatively coupled with a communications network; and d) a processor that:
1) reads the following data from the identification tag: the unique identifier, the OTP, and the URL;
2) reads a current geographical location from the GNSS sub-system; and
3) transmits the unique identifier, the OTP, a current time stamp and the current geographical location to a server identified by the URL by sending a TCP/IP communication over the communications network;
4) responsive to sending the TCP/IP communication, receiving, over the communications network, a second URL;
5) sending another TCP/IP communication over the communications network to the server identified by the second URL; and
6) displaying data received from the second URL, wherein said data includes a verification message;
a database including one or more object records, wherein each object record includes a unique identifier for a specific object;
the server comprising a network connection device communicatively coupled with a communications network, and a processor that:
1) receives the unique identifier, the OTP, the current time stamp and the current geographical location from the reader via the communications network;
2) accesses an object record in the database that corresponds to the unique identifier, and logs the unique identifier, the OTP, the current time stamp and the current geographical location in association with the object record;
3) determines whether the unique identifier and the OTP are verified against the unique identifier in the object record; and
4) if said unique identifier and the OTP are verified, then generates the second URL and transmits said second URL to the reader over the communications network, wherein a web page located at the second URL includes a verification message.

US Pat. No. 10,462,127

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, AND COMMUNICATION CONNECTION METHOD

Sharp Kabushiki Kaisha, ...

5. An information processing device comprising:a display unit; and
a processor configured to:
output an initial screen to the display unit, the initial screen including a scanning function portion configured to initiate a scanning function;
generate a one-time password corresponding to an SS ID of the information processing device;
output the one-time password and the SSID to the display unit after the one-time password is generated;
activate the scanning function in the initial screen;
wirelessly connect with only a single external device by receiving the one-time password from the external device in connection with the SSID, wherein the wirelessly connecting would occur the scanning function is activated, and whereby the wirelessly connecting would occur after the one-time password and the SSID are output;
output a scan setting screen to the display unit in response to both the wirelessly connecting to the external device and the scanning function being activated in the initial screen;
accept an instruction to initiate scanning, based on the scan setting, from a user-interface;
initiate scanning in response to receipt of user input to the user-interface, the scanning being based on the scan setting;
send image data obtained by the scanning to only the external device via the wireless connection;
disconnect from the external device after sending; and
disable a wireless communication after completion of sending image.

US Pat. No. 10,462,126

SELF-ADJUSTING MULTIFACTOR NETWORK AUTHENTICATION

Bank of America Corporati...

1. A network authentication system, comprising:a cloud server implemented in hardware, configured to:
store information linked with one or more accounts for a user;
receive a request for user history for the user from an authentication server; and
send the requested user history information for the user to the authentication server; and
an authentication server implemented in hardware, wherein the authentication server is in signal communication with the cloud server, and configured to:
receive an authentication key request from a user device, wherein the authentication key request identifies an account linked with the user;
obtain an authentication key in response to receiving the authentication key request;
establish a first set of authentication rules for the authentication key, wherein the first set of authentication rules identifies:
a first number of authentication rules selected by the user; and
an authentication type for each authentication rule in the first set of authentication rules selected by the user;
identify one or more triggering events for the account, wherein a triggering event is an event associated with an increased threat to the account;
establish a second set of authentication rules for the authentication key, wherein:
the second set of authentication rules identifies:
a second number of authentication rules; and
an authentication type for each authentication rule in the second set of authentication rules; and
the second set of authentication rules is different from the first set of authentication rules;
configure key validation for the authentication key using the first set of authentication rules;
send the authentication key to the user device;
detect a triggering event from the one or more triggering events has occurred; and
configure the key validation for the authentication key using the second set of authentication rules in response to detecting the triggering event.

US Pat. No. 10,462,125

METHOD OF PUSHING PASSWORDS, PUSHING SYSTEM AND TERMINAL DEVICE

GUANGDONG OPPO MOBILE TEL...

1. A method of pushing passwords applicable to a first terminal device, comprising:receiving a first biological characteristic information of a user, wherein a sharing cryptographic library stores a plurality of application program identification codes, and one account name and one password correspond to each application program identification code;
determining that a push request is simultaneously received from a second terminal device, wherein the push request comprises a second biological characteristic information and a current application program identification code;
determining whether the first biological characteristic information captured at the first terminal device matches with the second biological characteristic information from the second terminal device; and
when the first biological characteristic information captured at the first terminal device is matched with the second biological characteristic information from the second terminal device, reading an account name and a password of the current application program identification code from the sharing cryptographic library, and pushing the account name and the password of the current application program identification code to the second terminal device;
establishing a biological characteristic library including a plurality of biological characteristic information of the user;
encrypting the sharing cryptographic library by the biological characteristic information of the biological characteristic library.

US Pat. No. 10,462,124

AUTHENTICATED SESSION MANAGEMENT ACROSS MULTIPLE ELECTRONIC DEVICES USING A VIRTUAL SESSION MANAGER

Google LLC, Mountain Vie...

1. A method of maintaining a web session for a user across multiple electronic devices, the method comprising:by a user agent of a first electronic device that is being used by a user:
discovering a plurality of electronic devices including a second electronic device that is in a communication range of the first electronic device;
presenting, to the user, identifiers associated with each of the discovered plurality of electronic devices, including an identifier for the second electronic device;
determining that the second electronic device includes a virtual session manager;
receiving a first authentication request, wherein the first authentication request comprises a request to access a first web resource for the user at the first web resource;
transmitting the first authentication request to an endpoint device via the virtual session manager of the second electronic device so that the virtual session manager can present a grant token to the endpoint device or receive the grant token from the endpoint device without the first electronic device having any access to the grant token;
receiving, from the virtual session manager, a first access token in response to the first authentication request, wherein the first access token has a life that is shorter than a life of the grant token such that the grant token is relatively long-lived and the first access token is relatively short-lived;
storing the first access token in a memory; and
using the first access token to access the first web resource and establish or maintain a virtual session with the first web resource, wherein one or more parameters associated with the user's use of the first web resource are automatically sent to maintain or automatically reconnect to the virtual session so that the virtual session is uninterrupted without manually entering the parameters.

US Pat. No. 10,462,123

SYSTEMS AND METHODS FOR CLONING AN AGENT IN A DISTRIBUTED ENVIRONMENT

VMware, Inc., Palo Alto,...

1. An apparatus comprising:a first management agent associated with a first component server in a virtualization environment, the first management agent configured to facilitate communication between the first component server and a virtual appliance, the virtual appliance to authenticate the first management agent based on first credentials including a first identifier and a first certificate; and
a second management agent associated with a second component server in the virtualization environment, the second management agent cloned from the first management agent and including a copy of the first credentials from the first management agent, wherein the second management agent is to compare the first identifier to a second identifier associated with the second management agent during cloning, and wherein, when the first identifier does not match the second identifier, the second management agent is to trigger registration with the virtual appliance to:
generate second credentials including a third identifier and a second certificate;
authenticate with the virtual appliance based on the first identifier and the first certificate using the copy of the first credentials; and
delete the copy of the first credentials.

US Pat. No. 10,462,122

PUSH NOTIFICATION AGGREGATION

Pivotal Software, Inc., ...

1. A method for delivering content to a mobile computing device, the method being implemented by one or more processors and comprising:identifying a content data set for transmission to the mobile computing device;
segmenting the content data set into multiple content segments;
generating a push notification set by generating a push notification for each content segment of the multiple content segments, each push notification of the push notification set including a payload with a corresponding content segment of the multiple content segments;
for each push notification of the push notification set, generating a corresponding metadata set including (i) data specifying a configuration for assembling the multiple content segments of the push notification set on the mobile computing device, (ii) data identifying a sequence number of the push notification, and (iii) data identifying a total number of push notifications of the push notification set based on a number of content segments of the multiple content segments;
packaging each push notification of the push notification set to include the corresponding metadata set; and
transmitting each push notification of the push notification set with the corresponding metadata set to the mobile computing device.

US Pat. No. 10,462,121

TECHNOLOGIES FOR AUTHENTICATION AND SINGLE-SIGN-ON USING DEVICE SECURITY ASSERTIONS

Intel Corporation, Santa...

1. A computing device for remote device authentication, the computing device comprising:a user authentication module to:
receive an authentication request from a client computing device;
transmit an authentication challenge to the client computing device in response to receipt of the authentication request; and
receive an authentication challenge response from an embedded technology access server of the client computing device in response to transmission of the authentication challenge, wherein the authentication challenge response includes a resource access token indicative of a security assertion of the client computing device, wherein the security assertion comprises an indication of trustworthiness assigned to the client computing device, and wherein the embedded technology access server is executed by a manageability engine of the client computing device; and
a device verification module to determine whether the client computing device is trusted based on the security assertion indicated by the resource access token of the authentication challenge response;
wherein the user authentication module is further to transmit a successful authentication response to the client computing device in response to a determination that the client computing device is trusted.

US Pat. No. 10,462,120

AUTHENTICATION SYSTEM AND METHOD

BARCLAYS SERVICES CORPORA...

1. A computerized method comprising:receiving at the processing component, a registration request from the end user;
creating by the processing component a unique registration token;
creating by the processing component a database record including an identifier for the end user and the unique registration token;
providing by the processing component to a registration device a mechanism to access an authentication application for initiating registration of the registration device;
receiving, through the authentication application, from the end user, the identifier for the end user and the unique registration token;
collecting an identifier associated with the registration device;
receiving from the registration device a public key, the public key forming a portion of a cryptographic key pair, the cryptographic key pair being created upon the end user authenticating to the registration device, wherein the registration device stores a private key of the cryptographic key pair;
calculating by the processing component a device authentication weight;
storing in a database by the processing component the public key and the device authentication weight;
receiving at a processing component, from a requesting device operated by an end user, data describing a request to access a computer program;
determining by the processing component whether an existing authentication session for the end user exists;
in accordance with a determination that the existing authentication session for the end user does not exist, prompting the end user to authenticate to the processing component;
in accordance with a determination that the existing authentication session for the end user exists, performing a risk assessment comprising a consideration of one or both of (i) one or more request characteristics associated with the request to access the computer program and (ii) one or more computer program access criteria;
in accordance with a determination that the risk assessment is positive, providing the requesting device with access to the computer program;
in accordance with a determination that the risk assessment is negative, prompting the end user to perform an authentication activity and, in response to receiving data indicating that the end user performed the authentication activity and the authentication activity is successful, establishing a new authentication session for the end user and providing the requesting device with access to the computer program.

US Pat. No. 10,462,119

CLOUD QUEUE SYNCHRONIZATION

Sonos, Inc., Santa Barba...

1. A playback device comprising:a network interface;
at least one processor;
a data storage; and
a program logic stored in the data storage and executable by the at least one processor to perform functions comprising:
sending, to a remote server over the network interface, a request for a window of media items from a cloud queue of media items that is accessible to the playback device via a wide area network, the request including (i) an indication of a reference media item and (ii) one or more parameters indicating a number of media items to include in the window;
receiving, over the network interface in response to the request for the window of media items, an indication of a particular window of media items from the cloud queue of media items, wherein the particular window of media items from the cloud queue of media items includes: (a) a window of media items preceding the reference media item, the window of media items preceding the reference media item including the number of media items indicated by the one or more parameters, (b) a window of media items subsequent to the reference media item, the window of media items subsequent to the reference media item including the number of media items indicated by the one or more parameters, or (c) a window of media items including the reference media item, the window of media items including the number of media items indicated by the one or more parameters; and
incorporating respective indications of the media items within the particular window into a local queue of media items, wherein the local queue is stored in data storage of the playback device.

US Pat. No. 10,462,118

SYSTEMS AND METHODS FOR LOGIN AND AUTHORIZATION

TENCENT TECHNOLOGY (SHENZ...

1. A method for login and authorization, the method comprising:receiving, at a third-party terminal executing a first third-party application, a login request from a user;
in response to the login request, sending an authorization request from the third-party terminal to a network server to trigger the network server to generate first two-dimensional-barcode information, wherein the authorization request includes authorization parameters to be validated by the network server, and the authorization parameters include an application identifier, authorization scope information indicating allowed types of operations associated with a user account to be performed after a third-party server corresponding to the first third-party application receives validation from the network server, an application callback address indicating an address at which the third-party terminal receives login state information, anti-disguise information and an application key;
generating, by the network server, the first two-dimensional-barcode information according to the authorization request;
sending the first two-dimensional-barcode information to the third-party terminal;
displaying, at the third-party terminal, a first two-dimensional-barcode image;
extracting, by a mobile terminal, the first two-dimensional-barcode information from the first two-dimensional-barcode image;
sending, by the mobile terminal, first user account information and the first two-dimensional-barcode information to the network server;
validating, by the network server, the first user account information and the first two-dimensional-barcode information based on at least information associated with stored second user account information and second two-dimensional-barcode information generated by the network server;
in response to the first user account information and the first two-dimensional-barcode information being validated, sending, by the network server, an authorization and a predetermined user identifier to the third-party server;
setting, by the third-party server, the user account associated with the user identifier to a logged-in state;
acquiring, by the third-party terminal, information related to the logged-in state from the third-party server; and
setting an interface of the first third-party application to a user-logged-in state.

US Pat. No. 10,462,117

METHOD AND SYSTEM FOR AUTHENTICATING A SURROUNDING WEB APPLICATION BY A WEB APPLICATION THAT IS TO BE EMBEDDED

Siemens Aktiengesellschaf...

1. A method for authenticating a surrounding first Web application by a second Web application before embedding the second Web application in the surrounding first Web application, the surrounding first Web application being executed in a browser, the second Web application after being embedded in the surrounding first Web application being executed in a separate execution and display area of the surrounding first Web application, the surrounding first Web application being provided by at least one first Web server, and the second Web application subsequent to being embedded in the surrounding first Web application being provided by at least one second Web server, the method comprising:authenticating the surrounding first Web application to the second Web application before embedding the second Web application in the first Web application, a first key utilized during the authentication being stored in the at least one first Web server, the first key utilized during the authentication being allocated to the surrounding first Web application the first key being utilized to sign the authentication messages utilized by the at least one second Web server, and the first key remaining within the at least one first Web server at all times;
exchanging the authentication messages signed via the first key between the at least one first Web server and the at least one second Web server via the browser; and
activating the second Web application only in an event of successful authentication or authorization.

US Pat. No. 10,462,116

DETECTION OF DATA EXFILTRATION

Amazon Technologies, Inc....

1. A computer-implemented method comprising:monitoring, with an exfiltration-monitoring device, a Transport Layer Security (“TLS”) connection between a client on an internal network and a remote service, the monitoring comprising:
acquiring account information from data contained in a TLS extension transmitted from the client to the remote service as part of a TLS handshake that establishes the TLS connection, the account information comprising an identity of an account associated with the TLS connection;
recording, in association with the MS connection, an amount of data transmitted over the MS connection from the client to the remote service;
determining that the TLS connection is potentially being used for an unauthorized transfer of data from the internal network to the remote service based at least in part on the amount of data transmitted, and the identity of the account associated with the TLS connection not being associated with the client; and
limiting the transfer of data over the TLS connection.

US Pat. No. 10,462,115

SYSTEM AND METHOD FOR NON-REPLAYABLE COMMUNICATION SESSIONS

Dropbox, Inc., San Franc...

1. A system comprising:at least one processor communicating with at least a first device and a second device over at least one network; and
a non-transitory computer-readable storage medium storing instructions which, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
registering, with the system, the first device having a first identity key pair, wherein the first identity key pair comprises a first public identity key and a first private identity key;
receiving, at the system from the first device, a communication request, the communication request specifying the second device, the second device having a second identity key pair, wherein the second identity key pair comprises a second public identity key and a second private identity key;
in response to the communication request, initiating, by the system, a communication session between the first device and the second device;
performing, by the system, a key exchange session between the first device and the second device;
conducting, by the system, a communication session between the first device and the second device by exchanging an encrypted message, wherein the encrypted message is (1) encrypted by the first device using a second public session key or (2) encrypted by the second device using a first public session key;
during the communication session, refreshing at least one of the first public session key and the second public session key to eliminate access to the encrypted message previously transmitted between the first device and the second device; and
continuing, by the system, the communication between the first device and the second device by exchanging a new encrypted message, wherein the new encrypted message is encrypted by the first device using a refreshed second public session key or encrypted by the second device using a refreshed first public session key.

US Pat. No. 10,462,114

SYSTEM AND ASSOCIATED SOFTWARE FOR PROVIDING ADVANCED DATA PROTECTIONS IN A DEFENSE-IN-DEPTH SYSTEM BY INTEGRATING MULTI-FACTOR AUTHENTICATION WITH CRYPTOGRAPHIC OFFLOADING

DEFINITIVE DATA SECURITY,...

1. A method, implemented using hardware, comprising:a. encrypting content with an inner data container using one or more unique client-generated and client-stored cryptographic keys to generate client-encrypted content; and
b. sending the client-encrypted content to a server where the client-encrypted content is encrypted with an outer data container using one or more unique server-generated and server-stored cryptographic keys, wherein encrypting the content further comprises:
implementing a cryptographic algorithm and offloading schedule to transmit client-encrypted data blocks and additional cryptographic inputs to a server application, using secure networking components and a secure network channel negotiated as a result of server application authentication and based on configuration data returned when authentication succeeds;
using the additional cryptographic inputs, generating or retrieving one or more unique content encryption keys associated with and specific to the client-encrypted content, and encrypting the client-encrypted content in a data container in a secure server store while also storing the one or more server-generated and server-stored cryptographic keys on the secure server store;
generating a globally unique data identifier and the additional cryptographic inputs, and storing the globally unique data identifier and the additional cryptographic inputs in a protected data container stored in a protected client store using a client application;
encrypting the content a block at a time; and
returning results to the client application, using an encrypted channel, where the results are used as input to continue block encryption, until all of the content is encrypted, at which point encrypted material is added to the protected data container in the client store, replacing plaintext input material.

US Pat. No. 10,462,113

SYSTEMS AND METHODS FOR SECURING PUSH AUTHENTICATIONS

Symantec Corporation, Mo...

1. A computer-implemented method for securing push authentications, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:receiving, by a security service and from a security service relying party, a push authentication for a user that the security service relying party encrypted using a public key assigned to a client device of the user, the push authentication including a core message that is encrypted by the security service relying party based on a correct answer to a challenge-response question;
forwarding, by the security service, the push authentication to the client device of the user;
receiving, by the security service, a response to the push authentication from the client device of the user; and
forwarding, by the security service, the response to the push authentication from the client device of the user to the security service relying party.

US Pat. No. 10,462,112

SECURE DISTRIBUTED AUTHENTICATION DATA

CyberArk Software Ltd., ...

1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for secure authentication for access to a restricted resource, the operations comprising:receiving a request for access to the restricted resource by a client identity;
identifying asserted authentication data associated with the request;
generating, in response to the request, an encryption key, the encryption key being uniquely generated based on the asserted authentication data;
generating, in response to the request, a non-restorable digital representation of the asserted authentication data;
retrieving an encrypted digital representation of authentication data associated with the client identity, wherein:
the encrypted digital representation of authentication data is retrieved as a plurality of data portions stored in a plurality of data storage locations; and
retrieving the encrypted digital representation of authentication data comprises reconstructing the encrypted digital representation of authentication data from at least a portion of the plurality of data portions;
decrypting the retrieved encrypted digital representation of authentication data using the encryption key to produce a decrypted digital representation of authentication data;
comparing the decrypted digital representation of authentication data to the generated digital representation of the asserted authentication data; and
generating a token for use in an authentication process for the client identity upon determining, based on the comparing, a match between the stored digital representation of authentication data and the digital representation of the asserted authentication data.

US Pat. No. 10,462,111

COMMUNICATION NETWORK WITH ROLLING ENCRYPTION KEYS AND DATA EXFILTRATION CONTROL

Bank of America Corporati...

1. An apparatus comprising: a memory configured to store: a plurality of encryption keys, wherein each encryption key is linked with an encryption key index; and an encrypted data entry, wherein the encrypted data entry comprises an encrypted data element and metadata linked with the encrypted data element, wherein the metadata identifies: a first encryption key index referencing a first encryption key from the plurality of encryption keys, and an encryption wait time period; and an encryption service engine configured to: periodically re-encrypt the encrypted data element stored in the memory, wherein re-encrypting the encrypted data element comprises: determining that the encryption wait time period has lapsed; obtaining the first encryption key from the plurality of encryption keys using the first encryption key index; obtaining the encrypted data element from the memory; decrypting the encrypted data element using the first encryption key to recover an original data element; obtaining a second encryption key; encrypting the original data element using the second encryption key; and modifying the metadata linked with the encrypted data element with a second encryption key index referencing the second encryption key; receive a data request for the encrypted data element; send the re-encrypted data element in response to receiving the data request; limit a bandwidth of a data channel used to send the re-encrypted data element; and wherein the metadata comprises an authentication token generated based on a current encryption key index, the encryption wait time period, and at least a portion of the encrypted data element.

US Pat. No. 10,462,110

SYSTEM, APPARATUS AND METHOD FOR PROVIDING A UNIQUE IDENTIFIER IN A FUSELESS SEMICONDUCTOR DEVICE

Intel Corporation, Santa...

1. An apparatus comprising:a device having a physically unclonable function (PUF) circuit including a plurality of PUF cells to generate a PUF sample responsive to at least one control signal;
a controller coupled to the device, the controller to send the at least one control signal to the PUF circuit and to receive a plurality of PUF samples from the PUF circuit;
a buffer having a plurality of entries each to store at least one of the plurality of PUF samples; and
a filter to filter the plurality of PUF samples to output a filtered value, wherein the filter is to determine a majority vote for each of a plurality of bits of the plurality of PUF samples, the filtered value corresponding to the majority vote for each of the plurality of bits and mask a first bit of the plurality of bits when a count of first values of the first bit in the plurality of PUF samples is not within a threshold range, wherein the controller is to generate a unique identifier for the device based at least in part on the filtered value, and in response to a determination that a number of the plurality of PUF samples meets a threshold number, to cause the plurality of PUF samples to be provided to the filter.

US Pat. No. 10,462,109

SECURE TRANSFER OF A DATA OBJECT BETWEEN USER DEVICES

Apple Inc., Cupertino, C...

1. A method for transferring a data object from a source device to a destination device, the method comprising:publishing, by the destination device, a request for the data object on a local network, the request including a randomly generated request identifier;
sending, by the destination device, via a first communication channel that requires participation of at least one system remote from the local network, a message requesting the data object and including the randomly generated request identifier to one or more other devices, the one or more other devices including the source device;
establishing, by the destination device, a second communication channel with the source device via the local network, the source device and the destination device both being registered devices; and
while the second communication channel persists:
exchanging with the source device, by the destination device, a first public key of the destination device and a second public key of the source device via the first communication channel, the exchanging comprising:
receiving, by the destination device via the first communication channel, a key request message from the source device, the key request message including the second public key of the source device; and
sending, by the destination device via the first communication channel, a key response message to the source device, the key response message including the first public key of the destination device;
establishing, by the destination device, via the second communication channel, a secure session for exchanging data with the source device, wherein the secure session is established using the first public key and the second public key and wherein establishing the secure session includes generating a session key;
receiving, by the destination device, via the secure session, an encrypted version of the data object from the source device; and
decrypting, by the destination device, the received data object using the session key.

US Pat. No. 10,462,108

ENHANCED DATA CONTAINER WITH EXTENSIBLE CHARACTERISTICS AND A SYSTEM AND METHOD OF PROCESSING AND COMMUNICATION OF SAME

Andrew J. Hacker, Enola,...

1. A system for using an enhanced data container with a computing device, the enhanced data container comprising:a. a first subsection comprising an extensible header section having at least one function component, and
b. a second subsection comprising a mutable content section having at least one data component;
c. where said at least one function component in said first subsection includes the capability of altering said enhanced data container.

US Pat. No. 10,462,107

COMPUTER-IMPLEMENTED SYSTEM AND METHOD FOR ANALYZING DATA QUALITY

Palo Alto Research Center...

1. A computer-implemented system for analyzing data quality, comprising:memory storing a dataset comprising attributes each associated with one or more elements;
a client comprising an interest vector module to receive from a user a request for determining data quality of at least one attribute of the dataset based on an interest vector comprising a listing of the elements of that attribute and a selection of one or more of the elements as elements of interest, wherein the client generates the interest vector from one of a hashmap and a histogram and each element is encrypted; and
a server, comprising:
a condensed vector module to populate a condensed vector comprising the same listing of elements as the interest vector with occurrence frequencies for each of the listed elements;
an encryption module to encrypt the elements of the condensed vector by computing an encrypted product of each element in the condensed vector and the corresponding element of the interest vector;
an aggregate module to determine an aggregate based on the encrypted products of each element of the interest vector and the corresponding element of the condensed vector; and
providing the aggregate as results of the data quality request.

US Pat. No. 10,462,106

SOFTWARE DEFINED NETWORK ROUTING FOR SECURED COMMUNICATIONS AND INFORMATION SECURITY

Bank of America Corporati...

1. A network routing system comprising:a routing device comprising a network routing engine implemented by a processer, configured to:
configure data traffic routing for a network device within a private network using private links, wherein:
private links allow signal communications between the network device and other devices in the private network; and
configuring data traffic routing for the network device within the private network blocks the network device from communicating with other network devices in a public network;
receive an access request requesting access data content at a destination address in the public network from the network device, wherein the access request comprises the destination address for the data content in the public network;
send the access request to a proxy server in the private network;
receive an access request response from the proxy server, wherein the access request response indicates an approval for accessing the data content at the destination address;
send the access request response to the network device, wherein the access request response comprises the approval for accessing the data content at the destination address;
receive an access approval message from the network device, wherein the access approval message comprises the approval for accessing the data content at the destination address;
configure data traffic routing between the network device and the destination address using public links in response to receiving the access approval message, wherein:
public links allow signal communications between the network device and a device associated with the destination address in the public network; and
configuring data traffic routing between the network device and the destination address bypasses the proxy server; and
communicate data traffic between the network device and the destination address using public links; and
the proxy server in signal communications with the routing device, configured to:
receive the access request;
determine whether content associated with the access request satisfies a set of access rules;
generate the access request response in response to determining the content associated with the access request satisfies the set of access rules; and
send the access request response.

US Pat. No. 10,462,105

METHOD AND APPARATUS FOR ENCRYPTION WITH VIEWER IDENTITY—AND CONTENT ADDRESS-BASED IDENTITY PROTECTION

EMC IP Holding Company LL...

1. A computer-implemented method, comprising:receiving a data stream transmitted from a source device intended for a destination device by an intercepting device other than the source device and collocated with the source device in a network at a location in a data path between the source device and the destination device;
performing a contextual analysis of content of one or more privacy-related portions of the data stream, by the intercepting device;
encrypting at least part of the content of the one or more privacy-related portions of the data stream according to the contextual analysis, including:
generating a content address for content of at least one privacy-related field of the one or more privacy-related portions of the data stream according to a policy; and
utilizing the content address in place of the corresponding content of the at least one privacy-related field; and
forwarding, as a transformed data stream, an encrypted portion of the data stream, together with a non-encrypted portion of the data stream, toward the destination device;
wherein the encrypted portion of the transformed data stream includes the content address;
wherein the content address is utilizable to access the corresponding content in a content-addressable storage device;
wherein the encrypted portion of the transformed data stream comprises at least:
a first part comprising a first encrypted content of a first privacy-related field; and
a second part comprising the encrypted content address for a second privacy-related field; and
wherein the first and second parts of the encrypted portion of the transformed data stream are encrypted utilizing respective distinct encryption keys.

US Pat. No. 10,462,104

SYSTEMS AND METHODS FOR DYNAMIC FIREWALL POLICY CONFIGURATION

Level 3 Communications, L...

1. A method for firewall configuration comprising:receiving, at a processing device, input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components;
processing, using the processing device, the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration;
automatically configuring, using the processing device, the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and
activating, using the processing device, the firewall within the communications network to manage traffic to and from the subnet,
wherein processing the input to determine that the firewall configuration and the network component configuration are logically valid comprises:
executing the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and
analyzing the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected.

US Pat. No. 10,462,102

ELECTRONIC MESSAGE ADDRESS ALIASING

Reflexion Networks, Inc.,...

1. A method for managing communications to a true address of a user in a communication network, the method comprising:receiving an outbound communication from a communications infrastructure hosting the true address for the user, the outbound communication directed from the true address to one or more recipient addresses via a respective reply channel associated with the recipient address;
generating an alias address for each one of the recipient addresses of the outbound communication to communicate with the true address;
assigning one of a plurality of discrete security states as a security attribute to each alias address, the plurality of discrete security states including a first security state prohibiting sharing of the respective alias address and a second security state permitting sharing of the respective alias address, wherein the assigned discrete security state controls communications, via the respective reply channel, from one of the recipient addresses of the outbound communication through the communications infrastructure to the true address using a corresponding one of the alias addresses, wherein the assigned discrete security state is indicative of whether the respective recipient address of the outbound communication has permission to share the corresponding one of the alias addresses, and further wherein the security attribute is stored in a server and controllable by the user to alter the assigned discrete security state after sending the outbound communication;
forwarding the outbound communication to the one or more recipient addresses through the communication network;
receiving an inbound communication from a sender different from each one of the recipient addresses, the inbound communication addressed to one of the alias addresses for the true address;
applying one or more rules based on at least a combination of an address of the sender of the inbound communication and the assigned discrete security state, wherein if the assigned discrete security state is the first security state, then the one or more rules include checking to determine if the sender of the inbound communication is permitted to send mail to the one of the alias addresses for the true address; and
processing the inbound communication based on the one or more rules.

US Pat. No. 10,462,100

METHODS AND APPARATUS FOR AN IP ADDRESS ASSIGNMENT

LENOVO ENTERPRISE SOLUTIO...

1. A computing device, comprising:a processor operable to store a mapping relationship of media access control (MAC) addresses, internet protocol (IP) addresses and device identifiers of client devices; and
a network interface coupled to the processor, the network interface being operable to receive dynamic host configuration protocol (DHCP) requests from, and transmit the IP addresses to the client devices,
wherein the processor is configured, in response to the network interface receiving a DHCP request from a client device, to:
(a) determine if an IP address has been generated for the client device;
(bi) assign the IP address to the client device in response to determining that the IP address has been generated for the client device; and
(bii) obtain a device identifier from the client device using a service discovery protocol in response to determining that the IP address has not been generated for the client device, the device identifier uniquely identifying the client device within a network environment; and
(c) generate the IP address for the client device;
(d) establish a mapping relationship of a MAC address of the client device and the device identifier of the client device with the generated IP address; and
(e) assign the generated IP address to the client device.

US Pat. No. 10,462,099

AUTO-ATTACH SIGNALING USED AS WIRELESS LOCAL AREA NETWORK (WLAN) SELECTION CRITERION

Extreme Networks, Inc., ...

1. A method for implementing auto attach for a shortest path bridging (SPB) network, the method comprising:determining, on an access point, that an auto attach device communicating in the SPB network is enabled for the auto attach;
transmitting, to a mobile station, an advertisement that auto attach capability is present for the SPB network;
receiving, from the mobile station, a request for connection to the SPB network using the auto attach;
coupling, communicably, the auto attach device and the mobile station;
receiving, from the mobile station, a virtual local area network (VLAN) identification and service instance identifier (I-SID) for communications with the SPB network;
transmitting the VLAN identification and I-SID to the auto attach device;
receiving an indication from the auto attach device that the I-SID is a valid I-SID;
creating, dynamically, a VLAN associated with the VLAN identification, wherein the VLAN associated with the VLAN identification is independent of static VLANs associated with the access point;
mapping the VLAN identification with the I-SID; and
providing data communications between the mobile station and the auto attach device via the VLAN.

US Pat. No. 10,462,098

ENDPOINT DEVICE IDENTIFICATION BASED ON DETERMINED NETWORK BEHAVIOR

1. A method comprising:detecting, by a network device, an endpoint device attempting to access a data network via a data link; and
generating, by the network device, a unique device signature for identifying the endpoint device based on the network device identifying a sequence of link layer data packets transmitted by the endpoint device upon connection to the data link, the unique device signature identifying the endpoint device by device type and identifying a behavior of the endpoint device independent of any link layer address used by the endpoint device.

US Pat. No. 10,462,097

SPACE TIME REGION BASED COMMUNICATIONS

INBUBBLES INC., Ottawa, ...

1. An apparatus suitable for space time region based communications for communicating at least one message between a first user and another second user, the apparatus comprising:a processor;
a communications interface; and
a computer readable memory, including:
a space time module including:
data structures that include spatio temporal information that are read and written by the processor, the spatio temporal information including at least one space time record including a location portion and a time portion defining a spatio temporal coordinate, the space time record further including at least one of a device UUID, an Agent type and an Other Information, the spatio temporal information further including a space time region defining a volume of space and time dimensions considered together; and
computer readable instructions that are read and executed by the processor for:
determining whether space time region criteria are met, the space time region based criteria including:
determining that the location portion and the time portion of the spatio temporal coordinate is deemed to be inside the volume of space and time dimensions considered together of the space time region, and
determining that the time portion of the spatio temporal information coordinate includes at least a time in the future; and
if it is determined that the space time region criteria are met, communicating the at least one message by one of sending and receiving via the communications interface using at least one of a device UUID, an Agent type and an Other Information;
thereby only communicating the at least one message between the first user and the second user if the location portion and time portion of the space time record are within the volume of space and time dimensions of the space time region considered together.

US Pat. No. 10,462,096

COMMUNICATIONS AND ANALYSIS SYSTEM

SETTLEITSOFT, INC., Marg...

1. An electronic communications method, comprising:receiving, by a user device, an electronic request to initiate communications;
sending, by the user device, an electronic communication to a device, based on receiving the electronic request;
receiving, by the user device, an electronic confirmation message;
sending, by the user device, electronic information;
receiving, by the user device, a value,
the value based on electronically simultaneously analyzing other electronic information being sent to the device,
wherein the value is based on a time delay associated with an electronic account associated with the electronic information, where the time delay is based on a difference in time between when a particular electronic communication actually occurred versus when the particular electronic communication was scheduled to occur,
wherein the electronic account is also associated with a specific electronic communication that did not occur within a particular period;
receiving, by the user device, an electronic recommendation message,
the electronic recommendation message including a recommended schedule of communications based on the score,
where the recommended schedule includes multiple electronic communications that are sent at particular future times by the user device to other devices,
where the recommended schedule is generated before the value is determined, and
where a quantity of the multiple electronic communications is based on the score;
sending, by the user device, an electronic request message, based on the value and the electronic recommendation message, to another user device;
analyzing that the particular electronic communication that did not occur within the particular period of time,
where the particular electronic communication is associated with a first identifier;
analyzing that another electronic communication did occur within another particular period of time,
where the other electronic communication is associated with a second identifier; and
analyzing the particular electronic communication and the other electronic communication together to determine a pattern,
where the first identifier and second identifier are associated with a common geographic area.

US Pat. No. 10,462,095

TIME AND SENTIMENT BASED MESSAGING

International Business Ma...

1. A method for time and sentiment based messaging, comprising:obtaining, by a server, information for a set of messages from online social networks related to a specified object, the information comprising at least a user identifier associated with each message, a time of each message, and content of each message;
for each unique identifier, establishing, by the server, an initial message from the set of messages related to the specified object;
analyzing, by the server, each message in the set of messages to determine a sentiment of each message toward the specified object;
building, by the server, a sentiment time line for each unique user identifier using the sentiment of each message toward the specified object;
building, by the server, a time-based sentiment model related to the specified object by overlapping the sentiment time lines for each unique user identifier according to the initial message for each unique user identifier;
identifying, by the server, a sentiment inflection point in the time-based sentiment model, the sentiment inflection point representing a change in the sentiment toward the specified object;
building, by the server, a new sentiment time line for an additional unique user identifier;
overlapping, by the server, the new sentiment time line with the time-based sentiment model according to an initial message for the additional unique user identifier;
predicting, by the server, a change in the sentiment related to the specified object by the additional unique user identifier based on the new sentiment time line, the time-based sentiment model, and the sentiment inflection point; and
generating a message targeting the predicted change in the sentiment related to the specified object by the additional unique user identifier.

US Pat. No. 10,462,094

SYNDICATED CLOUD-BASED NOTIFICATION AS A SERVICE

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for notifying of content changes, comprising:monitoring, by a computer processor, a content source of a content provider, wherein the monitoring comprises:
periodically reading a Notification as a Service (NaaS) extension in a Rich Site Summary (RSS) feed associated with the content source, wherein the NaaS extension in the RSS feed further provides a set of available notification options and wherein the NaaS extension defines a current schema defining a plurality of interest categories of the content source;
identifying a schema change in the content source, based on the periodically reading the NaaS extension, wherein the schema change is associated with a first interest category of the plurality of interest categories of the content source;
in response to identifying the schema change in the content source, based on the periodically reading the NaaS extension, identifying a user subscribed to receive notifications of content changes in the first interest category; and
storing the set of available notification options in a schema storage;
transmitting the set of notification options to an interest widget displayed in association with the content source;
receiving from the user at the interest widget a selection of a first notification option among the set of available notification options; and
notifying the user of changes in the plurality of interest categories at the content source, responsive to the schema change identified from the periodically reading of the Naas extension, wherein the notifying the user of the schema change comprises using the first notification option, responsive to the user's selection of the first notification option.

US Pat. No. 10,462,093

MESSAGE DATA TRANSFER

Facebook, Inc., Menlo Pa...

1. A method comprising:by a computing device, receiving a request to send data to a user;
by the computing device, selecting a particular delivery channel from a plurality of delivery channels based at least in part on a status of a client device of the user;
by the computing device, determining a first subset of the data for sending to the client device of the user and a second subset of the data for storing at the computing device, wherein the second subset of the data correspond to a portion of the data for subsequent downloading by the user;
by the computing device, in response to the first subset of the data exceeding a message size limit of the particular delivery channel, converting the first subset of the data into a plurality of messages that are based at least in part on capabilities of the particular delivery channel, wherein:
each of the messages conform to the message size limit of the particular delivery channel, and
the messages comprise sequence data describing relationship between each of the messages; and
by the computing device, automatically sending the plurality of messages through the particular delivery channel at a time that is based at least in part on the status of the client device, wherein the sequence data and content of the messages are used to reconstruct the first subset of the data from the plurality of messages at the client device of the user, and wherein the first subset of the data when reconstructed from the plurality of messages at the client device of the user comprises a link to download the second subset of the data from the computing device, and wherein the second subset of the data when downloaded replaces a portion of the first subset of the data.

US Pat. No. 10,462,092

AUTHENTICATING NOTIFICATIONS ON ONLINE SOCIAL NETWORKS

Facebook, Inc., Menlo Pa...

1. A method comprising:by a computing device associated with a social-networking system, providing an application programming interface (API) to an application running on a client system, the API being provided based on a user of the client system being logged in to the social-networking system on the application;
by the computing device, receiving, from the application, a first request, the first request comprising a new messaging token generated by a message-distribution server and stored by the application and a request to register the new messaging token to a user profile of the user on the social-networking system, wherein the new messaging token identifies the client system to the message-distribution server;
by the computing device, sending, to the application, a verification token;
by the computing device, receiving, from the application, a second request, wherein the second request comprises the verification token and context information of the application, wherein the second request was sent by the application using the API, and wherein the context information comprises an indication that the user was logged in to the social-networking system on the application at the time the second request was sent by the application; and
by the computing device, updating, in response to the received first request and the received second request, a registration of the user profile by:
discarding a previously-registered messaging token; and
registering the new messaging token to the user profile.

US Pat. No. 10,462,091

SYSTEMS AND METHODS FOR REPORTING THE ATTEMPTED TRANSMISSION OF SENSITIVE INFORMATION

Symantec Corporation, Mo...

1. A computer-implemented method, performed by a computing device comprising at least one processor, for protecting user data privacy, the method comprising:identifying a software program, running on the computing device, to which a user of the computing device granted access to his or her sensitive data when installing the software program;
monitoring networking hardware on the computing device to detect a plurality of attempts by the software program to transmit data to one or more intended recipients and to identify one or more owners of one or more network resources associated with the intended recipients, the network resources comprising at least one of a network address, a computing device, an Internet domain, and an email account;
determining that the data of the attempted transmissions includes sensitive information, wherein the sensitive information comprises personal information describing the user;
aggregating the plurality of attempts into a postcard display that displays summaries of the aggregated attempts, categorized by the software program and by the identified owners;
notifying a user of the computing device that the software program is attempting to transmit sensitive information and of the intended recipients of the attempted transmissions by displaying the postcard display to the user via a communication interface of the computing device.

US Pat. No. 10,462,090

MANAGING DATA ON COMPUTER AND TELECOMMUNICATIONS NETWORKS

Privowny, Inc., Palo Alt...

1. An email management server system for supporting multiple users of multiple client devices, the email management server system being remote from the multiple client devices, the email management server system comprising:an aliased information provisioning engine operative to provide information to a plurality of different accounts operated by a plurality of different entities, the plurality of different entities operating the plurality of different accounts using a plurality of account servers remote from the email management server system;
an alias data store operative to store a key email address for each of a plurality of different users, the alias data store further operative to store one or more alias email addresses in association with each of the key email addresses, the alias data store further operative to store a particular key email address associated with a particular user and to store a particular alias email address in association with the particular key email address, the particular alias email address being provided to a particular account associated with the particular user, the particular account being one of the plurality of different accounts;
an alias generation engine, coupled to the alias data store, operative to:
generate each alias email address of the one or more alias email addresses, including the particular alias email address for the particular account associated with the particular user, each alias email address having a domain associated with the email management server system;
store in the alias data store the particular alias email address in association with the particular key email address; and
provide the particular alias email address to the aliased information provisioning engine to provide to the particular account; and
an alias agent engine, coupled to the alias data store, operative to:
receive an email message from a third party, the email message having a message source associated with the third party and having a first message destination that includes the particular alias email address;
address the email message to a second message destination of the particular key email address stored in the alias data store in association with the particular alias email address; and
send the email message to the second message destination.

US Pat. No. 10,462,089

EMAIL BASED TASK MANAGEMENT SYSTEM

CLOVER LEAF ENVIRONMENTAL...

1. A method for use in an electronic information system, the method comprising:storing, by a processor, information regarding a plurality of individuals and information relating to one or more selections by the plurality of individuals in an information database;
generating, by the processor, a first Simple Mail Transfer Protocol (SMTP) email message that includes a plurality of mailto links, wherein each of the plurality of mailto links include a respective security token and a plurality of fields including:
a first field that indicates an email address that is associated with the electronic information system, and
a second field that indicates an action to be performed by the electronic information system, wherein the action to be performed includes at least:
updating, by the processor, particular information stored in the information database, and
transmitting, by the processor, the first SMTP email message to a particular email address that is associated with a first individual of the plurality of individuals;
receiving, by the processor, a second SMTP email message, wherein the second SMTP email message is generated in response to the first individual activating a particular mailto link from the plurality of mailto links;
identifying, by the processor, a particular security token and a particular second field that were included in the particular mailto link that was activated to generate the second SMTP email message;
determining, by the processor, whether the particular security token is valid; and
on a condition that the security token is determined to be valid, performing, by the processor, an update of the information database to reflect the action indicated by the particular second field, wherein the action indicates at least one of completion, incompletion, comment, signature and reassignment.

US Pat. No. 10,462,088

PROVIDING SOCIAL INSIGHT IN EMAIL

Microsoft Technology Lice...

1. A computing device for providing a social insight in an email, the computing device comprising:a memory configured to store instructions associated with a communication application;
one or more processors coupled to the memory, the one or more processors executing the communication application in conjunction with the instructions stored in the memory, wherein the one or more processors are configured to:
transmit the email to one or more recipients;
receive information associated with one or more actions performed by a group of the one or more recipients on the email from a tracking service, wherein the one or more actions are tracked by the tracking service in real time and include a reading status of the email by each recipient in the group of the one or more recipients on the email; and
provide to be displayed, on a user interface of the communication application that is displaying the email, feedback based on the information associated with the one or more actions performed by the group of the one or more recipients on the email, the feedback including an element within a body of the email based on the feedback, the element activatable by a user to perform an action with respect to the email from within the email, wherein, in response to the reading status of the email being unread and deleted for a predetermined subset of the group of the one or more recipients, automatically setting the action performed in response to activation of the element to a delete action of the email.

US Pat. No. 10,462,087

TAGS IN COMMUNICATION ENVIRONMENTS

Microsoft Technology Lice...

1. A method executed on a computing device to provide tags in a communication environment, the method comprising:automatically suggesting a tag to be associated with an instant message to be transmitted within a conversation;
associating the instant message with the tag such that the tag is persisted with the instant message as the instant message is exchanged within the conversation;
transmitting the instant message to a participant of the conversation over a communication exchange channel to be displayed in conjunction with the instant message through a communication user experience associated with the participant; and
in response to the participant associating an additional tag with the instant message, receiving a tag indication that identifies the instant message, the tag, the additional tag, and the participant.

US Pat. No. 10,462,086

SPLITTING POSTS IN A THREAD INTO A NEW THREAD

International Business Ma...

1. A method for improving social network users' interactions, the method comprising:analyzing content of monitored posts in an original thread of a social networking system to group said monitored posts by topic, wherein a first group of said monitored posts directed to a first topic is posted by a first set of users;
analyzing one or more of past communication patterns and liked pages of said first set of users to determine a likelihood of responding to posts; and
splitting, by a processor, posts in said original thread into a new thread containing said first group of said monitored posts directed to said first topic and having a second set of users of said first set of users to participate in said new thread, wherein each of said second set of users is selected based on said analysis of one or more of said past communication patterns and said liked pages of said first set of users, wherein each of said second set of users has a relationship with one or more users of said second set of users and has a likelihood of responding to a post that exceeds a threshold value.

US Pat. No. 10,462,085

MESSAGE DISTRIBUTION GROUPS

Comcast Cable Communicati...

1. A method comprising:removing, by at least one computing device configured to serve a message distribution group, and based on a request from a user device associated with a user, the user from distribution in the message distribution group, such that one or more future messages addressed to the message distribution group are not sent to the user device;
receiving, by the at least one computing device and from the user device, information indicating one or more words;
receiving, by the at least one computing device and after the user was removed from distribution, a first message addressed to the message distribution group; and
based on a determination that the first message comprises the one or more words, the at least one computing device:
adding the user to distribution in the message distribution group; and
delivering the first message to the user device.

US Pat. No. 10,462,084

CONTROL AND MANAGEMENT OF ELECTRONIC MESSAGING VIA AUTHENTICATION AND EVALUATION OF CREDENTIALS

VERISIGN, INC., Reston, ...

1. A computer-implemented method for controlling a first message from a sender, the first message having an external intended recipient, comprising:generating, at a processor associated with a first referee, a numerical desirability rating associated with at least part of a credential including a digital signature, wherein the numerical desirability rating measures a level of desirability with receiving a message;
receiving, at the processor associated with the first referee, the at least part of the credential from the external intended recipient, wherein the at least part of the credential is associated with the first message that was sent to the external intended recipient;
determining, at the processor associated with the first referee, if the first message is spam by evaluating the at least part of the credential based at least in part on the numerical desirability rating; and
performing an action with respect to the first message based upon a result of the evaluation.

US Pat. No. 10,462,083

METHOD, PUBLIC ACCOUNT SERVER, AND MOBILE TERMINAL FOR SENDING AND GENERATING CARDS

ALIBABA GROUP HOLDING LIM...

1. A method implemented by a server, the method comprising:receiving a card generating request message via a message channel;
parsing the card generating request message by using a message engine, to determine user information and card information of a mobile terminal;
generating card data for the mobile terminal by using a preset card data model according to the user information and the card information; and
sending the card data to the mobile terminal via the message channel, wherein the card data is used by the mobile terminal to:
acquire a card template corresponding to the card data,
generate a virtual card by using the card template, and
send, to one or more applications in the mobile terminal, a broadcast notification of sharing the virtual card.

US Pat. No. 10,462,082

COMMUNICATION MANAGEMENT SYSTEM

CALLFIRE, INC., Santa Mo...

1. A system comprising:computer-readable memory storing executable instructions; and
one or more computer processors programmed by the executable instructions to at least:
receive a first phone-based text message comprising first plain text data;
generate first formatted text data for a first chat message using the first plain text data;
send the first chat message to a first computing device;
generate second formatted text for a second chat message using the first plain text data;
send the second chat message to a second computing device separate from the first computing device;
receive a third chat message, from the first computing device, comprising third formatted text data;
generate second plain text data for a second phone-based text message using the third formatted text data; and
send the second phone-based text message;
wherein the system is associated with a plurality of different phone numbers, and wherein individual phone numbers of the plurality of different phone numbers are associated with individual collaboration systems of a plurality of different collaboration systems.

US Pat. No. 10,462,081

SUBSCRIPTION-BASED MEDIA PUSH SERVICE

1. A system, comprising:a processing system including a processor; and
a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations comprising:
identifying a media content item according to a media consumption criterion of a user;
forwarding a request from a content provider service to equipment of an independent network service provider to access equipment of the user based on the identifying of the media content item; and
obtaining a network address from the equipment of the independent network service provider, wherein the network address is identified by the equipment of the independent network service provider based on an identity of the user, wherein the equipment of the independent network service provider selects a device as a selected device from among a plurality of devices of the equipment of the user based on device capabilities responsive to the request, wherein the media content item is provided to the network address without requiring a request from the plurality of devices of the user, and wherein the selected device obtains the media content item by way of the network address, wherein the media content item comprises a live media content item, and wherein the selected device obtains the media content item by way of the network address for presentation to the user.

US Pat. No. 10,462,080

VERIFYING USERS OF AN ELECTRONIC MESSAGING SYSTEM

WhatsApp Inc., Menlo Par...

1. A method comprising:receiving, at a server, a request for a business account with a messaging system, the request including a business name and a phone number;
determining whether users of the messaging system associate the business name with the phone number, the determining comprising:
sending name verification queries to set of client devices that have the phone number stored in a local address book, the name verification queries including a representation of the business name and the phone number;
receiving, from at least some of the set of client devices, sets of one or more matching scores, each set of one or more matching scores indicating a degree to which a local name, stored in the local address book of the corresponding client device in association with the phone number, matches the representation of the business name;
determining a number of client devices in the set of client devices for which the corresponding set of one or more matching scores indicates an exact match between the representation of the business name and the local name stored in the local address book;
determining that the number of client devices for which the corresponding set of one or more matching scores indicates an exact match exceeds an exact match threshold; and
determining that the users of the messaging system associate the business name with the phone number responsive to the exact match threshold being exceeded;
determining whether at least one of the business name or the phone number has characteristics consistent with the request originating from a genuine business;
validating the business account responsive to the users of the messaging system associating the business name with the phone number and at least one of the business name or the phone number having characteristics consistent with the request originating from the genuine business;
updating, responsive to the validating, profile data of the business account to indicate that the business account is verified;
receiving, from a client device that is associated with the business account, a message including content to display to a user of the messaging system; and
sending the content to a client device associated with the user of the messaging system in conjunction with an indication that the business account is verified, wherein the client device is adapted to display the content in conjunction with a visual indicator that the business account is verified responsive to the indication.

US Pat. No. 10,462,079

CONTEXT-AWARE BADGE DISPLAY IN ONLINE COMMUNITIES

Adobe Inc., San Jose, CA...

1. A method, performed by a computing device, for providing badges for display in online interfaces used by online communities, the method comprising:storing badges awarded to one or more users, wherein storing the badges awarded to the one or more users comprises storing badge source information identifying in which online community individual badges were awarded to the one or more users, wherein the online communities are included in a hierarchy of online communities that are related by paths from a website, and the badge source information specifies at least one path of the paths;
identifying a context of an online interface in which a representation of a user will be displayed, the context identifying an online community of the online interface;
determining a related online community that is related to the online community based on positions of the online community and the related online community within the hierarchy of online communities;
identifying a set of badges for display with the representation based on the context and the badge source information, wherein identifying the set of badges comprises identifying badges awarded to the user in the online community and the related online community; and
providing the representation and the set of badges for display in the online interface.

US Pat. No. 10,462,078

USING SIGNALS EXTRACTED FROM A VOIP DATA STREAM TO DISTINGUISH BETWEEN NETWORK CONGESTION AND LINK LOSSES

WhatsApp Inc., Menlo Par...

1. A method comprising:receiving packets from a sending client device via a network, wherein each of the received packets includes chat content data and metadata for a chat session, the metadata including a timestamp indicating when the received packet was sent;
determining one or more network performance signals from the metadata of the received packets, the one or more network performance signals distinguishing between a scenario where a network problem arises from congestion and a scenario where the network problem arises from link loss, wherein the one or more network performance signals include a moving average signal, determining the moving average signal comprising:
calculating a relative one-way trip time (ROTT) for each received packet by comparing the timestamp to a time at which the received packet was received;
calculating a long-term ROTT average, the long-term ROTT average being an average of the ROTT for the last n packets received, where n is a positive integer greater than one;
calculating a short-term ROTT average, the short-term ROTT average being an average of the ROTT for the last m packets received, where m is a positive integer less than n; and
calculating a difference between the long-term ROTT average and the short-term ROTT average, wherein the difference exceeding a threshold indicates the network problem arose from network congestion;
selecting, based on the moving average signal, between attributing the network problem to network congestion and attributing the network problem to link loss;
determining a control message to send based on whether the network problem is attributed to network congestion or link loss, the control message indicating how a parameter of the chat session should be updated to address the network problem, wherein, responsive to attributing the network problem to network congestion, the control message indicates that a bitrate of the chat session should be reduced; and
sending the control message to the sending client device.

US Pat. No. 10,462,077

FILE-LEVEL COMMENTS IN COLLABORATIVE CONTENT ITEMS

Dropbox, Inc., San Franc...

1. A method comprising:identifying, in content to be included in a first comment, a file-level primitive input by a user, the file-level primitive input by the user identifying a file associated with a collaborative content item stored by a content management system and indicating that the first comment is a file-level comment on the collaborative content item;
responsive to identifying the file-level primitive input by the user, creating a reference, between the collaborative content item as a whole and the first comment;
receiving a request for the collaborative content item, and in response, generating a representation of the collaborative content item wherein generating the representation of the collaborative content item comprises generating a representation of the first comment,
wherein the representation of the first comment includes an indicator that the first comment is a file-level comment; and
sending the representation of the collaborative content item for display.

US Pat. No. 10,462,076

SYSTEM, APPARATUS AND METHOD FOR AUTOMATIC ENVIRONMENTAL DATA COLLECTION AND ANALYSIS

CLEARPATH ROBOTICS INC., ...

1. A system for automatic environmental data collection and analysis comprising:an unmanned vehicle associated with a geographical survey entity; and
a server in communication with the unmanned vehicle, comprising:
a processor and a communication interface, the processor configured to:
receive, using the communication interface, a geographic survey request from a first computing device;
determine whether one or more sets of existing geographic survey data stored in a memory is sufficient to satisfy the geographic survey request;
in response to determining the geographic survey request can be satisfied with the one or more sets of existing geographic survey data:
analyze the one or more of the sets of existing geographic survey data to generate a processed geographic survey data; and
transmit, using the communication interface, the processed geographic survey data to the first computing device; and
in response to determining the geographic survey request cannot be satisfied with the one or more of the sets of existing geographic survey data:
translate the geographic survey request into mission data for collecting geographic survey data, wherein the mission data comprises data for instructing the unmanned vehicle to collect the geographic survey data;
transmit, using the communication interface, the mission data to a second computing device associated with the geographic survey entity;
receive, using the communication interface, the geographic survey data collected by the geographic survey entity using the mission data and the unmanned vehicle;
analyze the geographic survey data to generate processed geographic survey data; and,
transmit, using the communication interface, the processed geographic survey data to the first computing device.

US Pat. No. 10,462,075

PACKET SWITCH WITH REDUCED LATENCY

Mellanox Technologies, Lt...

1. A switching device, comprising:a plurality of ports, which are configured to serve as ingress and egress ports so as to receive, queue, and transmit data packets from and to a network;
a switching core, which is coupled to transfer the data packets between the ingress and egress ports;
switching logic, which is coupled to maintain a descriptor queue containing respective descriptors corresponding to the data packets that have been received and queued by the ingress ports,
to read the descriptors from the descriptor queue according to their turn in the descriptor queue, and
to instruct the switching core to transfer the queued data packets referred to by the read descriptors, between the plurality of ports; and
port logic associated with a specific one of the plurality of ports, configured to
determine, upon receipt of a data packet from the network at the specific port, whether the data packet meets a predefined criterion, and
responsive to determining that the data packet does not meet the predefined criterion:
signal the switching logic to place a descriptor corresponding to the data packet in the descriptor queue, and
responsive to identifying the data packet as meeting the predefined criterion, to:
signal the switching logic to place a descriptor corresponding to the data packet in the descriptor queue, and
convey a request to the switching logic, to instruct the switching core to begin to transfer the data packet immediately to an egress port, thereby upon grant of the request by the switching logic, the switching core transfers the data packet to the egress port, without dependence of the switching logic reading the descriptor corresponding to the data packet from the descriptor queue.

US Pat. No. 10,462,074

INLINE POWER SYSTEM AND METHOD FOR NETWORK COMMUNICATIONS

1. An adapter having a pair of ports configured as power sourcing equipment (PSE) for coupling a communications device to a communications network via the pair of ports of the adapter, the communications device for sending and receiving first data in a first communications format, the adapter comprising:a first port of the pair of ports having a device connector having both a first inline power connection and a first data connection for connecting to the communications device to facilitate the communication of the first data in the first communications format and the inline power between the adapter and the communications device, the inline power for use in operating the communications device;
a second port of the pair of ports having a network connector having both a second inline power connection and a second data connection for connecting to a network cable for coupling to the communications network, the second port to facilitate communication of second data in a second communications format and the inline power between the network connector and the network cable, the second port coupled to the first port facilitating conduction of the inline power there-between, the network connector connecting to a pair of conductors of the network cable for receiving both the inline power and the second data formatted in the second communications format, the first communications format different from the second communications format;
a translation module positioned between the first and second ports and connected thereto for processing format transformation between the first data in the first communications format and the second data in the second communications format; and
an on-board power regulator coupled to the inline power for supplying operating power to the translation module by stepping down incoming voltage of the inline power to a level of the operating power;
wherein said first inline power connection and the first data connection are configured as only a single pair of pins for sharing both the conducting of the inline power and the conducting of the first data.

US Pat. No. 10,462,073

AIRCRAFT CONTROL DOMAIN COMMUNICATION FRAMEWORK

THE BOEING COMPANY, Chic...

1. A method comprising:receiving, via a first switch, a first selection from a first plurality of selections corresponding, respectively, to a plurality of devices;
activating, based on the first selection, a data partition of a plurality of data partitions in a storage device corresponding to a first device of the plurality of devices that corresponds to the first selection, each of the plurality of data partitions corresponding to a respective one of the plurality of devices, wherein the first device is a line replaceable unit;
deactivating, based on the first selection, data partitions in the storage device corresponding to non-selected devices of the plurality of devices;
after the activating and the deactivating, storing information in the data partition corresponding to the first device, the information comprising a software package;
receiving, via a second switch, a second selection from a second plurality of selections corresponding to the plurality of devices;
determining that the first selection matches the second selection;
retrieving, based on the determining, the information from said activated data partition; and
providing the retrieved information to the first device of the plurality of devices that corresponds to the first selection and the second selection in response to the information stored in the activated data partition being verified as authentic.

US Pat. No. 10,462,072

SYSTEM AND METHOD FOR SCALING MULTICLOUDS IN A HYBRID CLOUD ARCHITECTURE

CISCO TECHNOLOGY, INC., ...

1. An apparatus comprising:a processor;
an input/output (I/O) interface, the I/O interface including a site-to-site link interface and an inter-Intercloud Fabric Switch (inter-ICS) link interface, the I/O interface configured to obtain a packet; and
Intercloud Fabric (ICF) logic, the ICF logic including computer program code configured to be executed by the processor, the ICF logic being arranged to determine when the packet is obtained on the I/O interface from a site-to-site link interface that allows communication with an enterprise datacenter and, when it is determined that the packet is obtained from the site-to-site link interface, the ICF logic is arranged to determine whether the packet is an unknown unicast packet and to drop the packet when it is determined that the packet is the unknown unicast packet, wherein if it is determined that the packet is not obtained from the site-to-site link interface, the ICF logic is arranged to determine whether the packet is obtained on the inter-ICS link interface and, when it is determined that the packet is obtained from the inter-ICS link interface, the ICF logic is arranged to determine whether the packet is the unknown unicast packet and dropping the packet when it is determined that the packet is the unknown unicast packet.

US Pat. No. 10,462,071

METHOD AND DEVICE FOR REMOVING A CONTROL RELATIONSHIP BETWEEN A USER ACCOUNT AND A DEVICE

XIAOMI INC., Beijing (CN...

1. A method for removing a control relationship, which is applied in a server, the method comprising:receiving, by the server, a removal request from a first user account, the removal request configured to request removal of a control relationship between the first user account and a device;
determining, by the server, whether the first user account is an owner account of the device or a share account of the device; and
when the first user account is determined to be an owner account of the device:
retrieving, by the server, a first share account corresponding to the device, the first share account being an account having permission to control the device, wherein the permission to control the device has been shared with the first share account by a user account different from the first share account;
removing, by the server, a full control relationship between the owner account and the device; and
automatically removing, by the server, a limited control relationship between the first share account and the device once the full control relationship between the owner account and the device is removed.

US Pat. No. 10,462,070

SERVICE LEVEL BASED PRIORITY SCHEDULER FOR MULTI-TENANCY COMPUTING SYSTEMS

EMC IP Holding Company LL...

1. A method for allocating resources in a computing system providing a computing service to one or more clients, the method comprising:receiving parameters from the one or more clients for multiple flows associated with the one or more clients, the parameters including at least a target priority and a target performance for each of the multiple flows;
for each of the multiple flows, converting the target performance into a measurable characteristic and determining a current performance based on the measurable characteristic;
determining a current priority for each of the multiple flows executing in the computing system, wherein the current priority is based on the target priority, the target performance and the current performance;
scheduling the multiple flows for a schedule block based on the current priorities, wherein each schedule block corresponds to a predetermined period of time;
allocating resources to the multiple flows based on relative current priorities of the multiple flows for the schedule block;
updating the current priority of each of the multiple flows for a next schedule block; and
reallocating the resources to the multiple flows for the next schedule block based on the relative updated current priorities.