US Pat. No. 10,715,661

SYSTEM AND METHOD FOR SCALABLE AND EFFICIENT MULTI-CHANNEL COMMUNICATION

Micro Macro Assets, LLC, ...

1. A system for establishing a communication with a customer and a user of a rep computer in communication with a second computer, comprising:the rep computer comprising a first processor and a first memory configured to store non-transitory instructions that when executed by the first processor performs the steps of:
receiving from the second computer a batch notification identifying a batch of one or more customer records in the rep computer, wherein the one or more customer records is associated with one or more customers that are being communicated with and have met a potential transfer criteria; and
receiving from the second computer a first connection transfer notification identifying a first transferred customer that is being transferred to the user, wherein at least one customer record associated with the first transferred customer is part of the batch,
wherein the communication with the customer by the user is via one or more communication modes, and a direction of the communication includes one or more of the group consisting of an inbound communication initiated by the customer and an outbound communication initiated to the customer.

US Pat. No. 10,715,660

CALLER ID VERIFICATION USING CALL IDENTIFICATION AND BLOCK LISTS

Pindrop Security, Inc., ...

1. A system comprising:a non-transitory storage medium storing a plurality of computer program instructions; and
a processor configured to execute the plurality of computer program instructions to:
receive from a computer an indication of an outgoing phone call to a first phone number from a second phone number;
transmit a first request to a user device associated with the first phone number to add the second phone number to an identification list maintained at the user device;
transmit a confirmation to the computer that the outgoing phone call can be placed to the first phone number; and
in response to the processor receiving a confirmation message that the outgoing phone call has been initiated:
transmit a second request to the user device to remove the second phone number from the identification list.

US Pat. No. 10,715,658

TELEPHONE CALL-BACK DEVICE

1. A telephone call-back device comprising:an activation device coupled to a phone line and phone;
a call source utility coupled to the activation device, wherein the call source utility identifies a source phone number of a spam incoming phone call received by the phone, regardless of whether the spam incoming phone call is answered or not answered, in response to the activation device being activated;
a call-back utility coupled to the call source utility, wherein the call-back utility sends at least one robo call-back outgoing phone call to the source phone number in response to receipt of the spam incoming phone call by the phone.

US Pat. No. 10,715,657

CALLING AN UNREADY TERMINAL

Microsoft Technology Lice...

1. A system comprising:one or more hardware processors; and
a memory comprising instructions that when executed by the one or more hardware processors, configure the one or more hardware processors to establish a call between a caller terminal and a called terminal where a client application to accept the call is not installed on the called terminal when the called terminal receives a call establishment request, by performing operations including:
receiving, by the called terminal, the call establishment request from the caller terminal to establish the call between the caller terminal and the called terminal, the call establishment request indicating an initiation of the establishment of the call at the caller terminal;
in response to receiving the call establishment request:
presenting a single prompt that requests whether a user wishes to answer the call request, and to allow installing of the client application in order to accept the call,
based on selection of the single prompt, installing the client application,
sending, via the installed client application, a reverse call establishment request to the caller terminal in response to a completion of the installing of the client application and the reception of the call establishment request from the caller terminal, the reverse call establishment request configured to cause the caller terminal to accept the reverse call establishment request, wherein the installation of the client application on the called terminal occurs during the establishment of the call at the caller terminal; and
receiving a call acceptance response to establish the call using a packet-switched network, the call acceptance response indicating a completion of the establishment of the call at the caller terminal.

US Pat. No. 10,715,656

METHOD AND APPARATUS FOR THREAT IDENTIFICATION THROUGH ANALYSIS OF COMMUNICATIONS SIGNALING EVENTS, AND PARTICIPANTS

PINDROP SECURITY, INC., ...

1. A computer-implemented method comprising:receiving, by a computer, a first carrier signaling data from a first switching device in a telephone network, the first carrier signaling data utilized by the telephone network to route a phone call to a callee's phone number;
setting, by the computer, a destination routing address of the first carrier signaling data;
transmitting, by the computer, a first continue message to the first switching device with a parameter associated with the destination routing address, such that the first switching device routes the phone call to the destination routing address;
receiving, by the computer, a second carrier signaling data from a second switching device in the telephone network, the second carrier signaling data generated by the second switching device in response to receiving the phone call;
generating, by the computer, a threat score for the phone call based upon comparing the first carrier signaling data to the second carrier signaling data;
transmitting, by the computer, a second continue message to the second switching device with the destination routing address set to the callee's phone number; and
transmitting, by the computer, the threat score to a device associated with the callee.

US Pat. No. 10,715,655

STANDARD MOBILE COMMUNICATION DEVICE DISTRACTION PREVENTION AND SAFETY PROTOCOLS

CELL COMMAND, INC., Mari...

1. A transmitter for activating a behavior in a mobile device within a specified environment, comprising:a memory configured to store software instructions; and
a processor configured to access the software instructions from the memory;
the processor configured to access the software instructions from the memory to:
broadcast a first trigger signal within the specified environment, the first trigger signal comprising discovery information corresponding to a modified universally unique identification (UUID) code of the transmitter, wherein the modified UUID code comprises a format formed through modification of at least one of a structure of a pre-existing UUID code format and a meaning of one or more bytes of the pre-existing UUID code format, and wherein at least a portion of the modified UUID code identifies at least one of:
the specified environment in which the transmitter operates; and
a specified working group information in the specified environment in which the transmitter operates; and
wherein the discovery information broadcast from the transmitter in the first trigger signal causes activation of the behavior in the mobile device within the specified environment.

US Pat. No. 10,715,651

MULTILAYER MOBILE APP INTERFACE

EMC IP Holding Company LL...

1. A method, comprising:displaying an application page;
receiving, by one or more processors, an indication to provide a previously stored application page; and
in response to receiving the indication to provide the previously stored application page, providing the previously stored application page based at least in part on information associated with the previously stored application page including information sufficient to regenerate the previously stored application page without obtaining additional data for the previously stored application page from a server or application associated with the previously stored application page.

US Pat. No. 10,715,650

DUAL-TRANSCEIVER WIRELESS CALLING

Bose Corporation, Framin...

1. A wireless audio system comprising:a first wireless transceiver configured to establish a wireless link with an audio gateway for receiving and sending call audio and exchanging call control data;
a second wireless transceiver configured to wirelessly communicate with the first wireless transceiver over a simple voice forward profile (SVFP) connection; and
a headphone system comprising a first headphone containing the first wireless transceiver and a second headphone containing the second wireless transceiver,
wherein the first wireless transceiver is configured to forward the call audio to the second wireless transceiver and exchange the call control data with the second wireless transceiver over the SVFP connection,
wherein the first headphone further comprises at least one first microphone and the second headphone further comprises at least one second microphone,
wherein the second wireless transceiver is configured to send call audio received at the at least one second microphone to the first wireless transceiver over a synchronous connection-orientated (SCO) link established by the SVFP connection, and
wherein the first wireless transceiver is configured to send the call audio received from the second wireless transceiver to the audio gateway over a synchronous connection-orientated (SCO) link established by a hands-free profile (HFP) connection.

US Pat. No. 10,715,648

USER INTERFACE FOR VIRTUAL ASSISTANT INTERACTIONS ON TELEPHONY DEVICE

Cisco Technology, Inc., ...

1. A method comprising:displaying, through a user interface on a display of a telephony device, a plurality of lines associated with the telephony device, the displayed plurality of lines including at least a designated line for a user of the telephony device and a shared line for a virtual assistant, wherein the virtual assistant is integrated with the telephony device and is presented as the shared line of the telephony device;
in response to receiving an incoming call to the designated line, displaying, through the user interface, a plurality of features associated with handling the incoming call, the displayed plurality of features including an assistant feature to direct the incoming call to the virtual assistant;
in response to the incoming call being directed to the virtual assistant, displaying, through the user interface, a plurality of features associated with managing a conversation between the virtual assistant and a caller during the incoming call; and
after the incoming call has ended, displaying, through the user interface, a call history associated with the incoming call.

US Pat. No. 10,715,647

MOBILE TERMINAL

ZHEJIANG GEELY HOLDING GR...

1. A mobile terminal, comprising a terminal body and a control unit, wherein the terminal body is provided with a flash lamp, a zoom lens is provided in an advancing direction of a light of the flash lamp, the control unit is configured to control the flash lamp to switch between a flash mode and a flashlight mode according to an input command, and the zoom lens has a plurality of operating states and converges the light of the flash lamp in at least one operating state;the terminal body is further provided with a laser lamp and a camera, the laser lamp and the camera are located on the same surface of the terminal body, the control unit is further configured to control the laser lamp to emit light according to an input command, control the camera to capture an image of an object irradiated by the laser lamp, and calculate a distance between the camera and the object according to a distance between a bright spot of the laser lamp in the captured image and an image center of the captured image.

US Pat. No. 10,715,646

SMARTPHONE WITH WALLET AND KEYCHAIN FUNCTIONS

1. A smartphone openable into two parts, comprising:a smartphone having first and second parts, the first part having opposed outer and inner faces, and the second part having opposed inner and outer faces, the second part being pivotally joined, along one edge thereof, to the inner face of the first part, the inner face of the second part being selectively and releasably lockable against the inner face of the first part;
an expandable multi-compartment pocket secured to the inner face of the second part and the inner face of the first part, the expandable multi-compartment pocket being expandable therebetween; and
at least one pair of flexible knurled hooks secured to the inner face of the second part, the at least one pair of flexible knurled hooks being configured to releasably receive at least one key therebetween.

US Pat. No. 10,715,643

SYSTEMS AND/OR METHODS FOR INTELLIGENT AND RESILIENT FAILOVER FOR CLOUD COMPUTING ENVIRONMENTS

Software AG, Darmstadt (...

1. A method of operating a distributed computing system including a plurality of computing nodes cooperating to execute a shared application and/or service accessible by client computing devices over a network, the method comprising:receiving a signal indicative of a potential problem with a component of the distributed computing system and/or the network;
responsive to receipt of the signal, identifying, from a store including a plurality of rules, at least one rule to be executed to determine how to respond to the potential problem, the at least one rule being identified based on (a) attributes of the received signal including which component generated the signal and what information is included in and/or otherwise associated with it, and (b) other network-related data;
executing the at least one identified rule to determine whether a failover is or might be needed;
in response to a determination that a failover is needed, confirming that the failover is needed and, based on the confirming, selectively triggering a failover service to initiate a preprogrammed failover sequence; and
in response to a determination that a failover might be needed, initiating operation of a resilience mode in which:
information regarding the potential problem is communicated to one or more components of or connected to the distributed computing system, other than the component that generated the received signal, without immediately initiating a preprogrammed failover sequence; and
the operation of the resilience mode is continued, without initiating a preprogrammed failover sequence, until one or more predefined conditions are met, at which point either (a) the operation of the resilience mode is cancelled and the failover service is triggered to initiate a preprogrammed failover sequence, or (b) the operation of the resilience mode is cancelled and the failover service is not triggered.

US Pat. No. 10,715,642

INTERFACE DEVICE AND RECEIVER INCLUDING THE SAME

SOCIONEXT INC., Kanagawa...

1. An interface device included in a DTV receiver, the interface device transmitting a data signal in sync with a clock signal, the device comprising:at least one processor including:
a reception unit performing demodulation processing and error correction processing on an input carrier wave and outputting signals resulting from these types of processing;
a transport stream (TS) packet acquisition unit acquiring a TS packet included in outputs of the reception unit;
a variable-length packet acquisition unit acquiring a variable-length packet included in the outputs of the reception unit; and
a first selector selecting either the TS packet or the variable-length packet and outputting the selected packet as the data signal,
wherein the variable-length packet is either a type length value (TLV) packet or an Internet protocol (IP) packet.

US Pat. No. 10,715,641

SYSTEM AND METHOD FOR IDENTIFYING DEVICES BEHIND NETWORK ADDRESS TRANSLATORS BASED ON TCP TIMESTAMPS

VERINT SYSTEMS LTD., Her...

1. A system, comprising:a network interface; and
a processor, configured to:
receive, via the network interface, a plurality of packets that belong to respective Transmission Control Protocol (TCP) connections associated with an unknown number of respective devices,
identify respective TCP timestamps of the packets, and respective receipt times at which the packets were received,
partition the TCP connections into a plurality of TCP-connection subsets, by iteratively:
selecting one of the TCP connections that does not yet belong to any of the TCP-connection subsets, and
iteratively:
selecting one of the TCP-connection subsets,
tentatively adding the selected one of the TCP connections to the selected one of the TCP-connection subsets to form a tentatively-augmented TCP-connection subset to which a subset of the packets belong,
calculating a deviation by which a relationship between (i) the respective TCP timestamps of the subset of the packets, and (ii) the respective receipt times at which the subset of the packets were received, deviates from a linear relationship, wherein the deviation is a mean squared error (MSE) that would result from fitting a line to those of the two-dimensional coordinates that represent the subset of the packets,
calculating a threshold deviation for the tentatively-augmented TCP-connection subset, wherein the threshold deviation is a threshold MSE, and
provided that the deviation is less than the threshold deviation, adding the selected one of the TCP connections to the selected one of the TCP-connection subsets, and
in response to the partitioning, generate an output that indicates that each one of the TCP-connection subsets is associated with a single one of the devices.

US Pat. No. 10,715,640

INTERNET OF THINGS GATEWAYS OF MOVING NETWORKS

EMC IP Holding Company LL...

1. A method, comprising:obtaining, by a first cloud-based IoT gateway service of an IoT gateway moving network, a radio signal from a first mobile sensor device, wherein the IoT gateway moving network comprises a plurality of cloud-based IoT gateway services that communicate with a content delivery network;
converting, using at least one processing device, the radio signal to a message in a machine-to-machine IoT connectivity protocol; and
providing, using the at least one processing device, the message to a message broker of the first cloud-based IoT gateway service that determines a topic of the message and publishes the message using the topic,
wherein the message is published to an origin server of the content delivery network, and
wherein the message is consumed from at least one edge server of the content delivery network and published to a second cloud-based IoT gateway service of the IoT gateway moving network, wherein the second cloud-based IoT gateway service publishes the message as an additional radio signal using the topic to at least one additional mobile sensor device within a range of the second cloud-based IoT gateway service for receiving radio signals.

US Pat. No. 10,715,638

METHOD AND SYSTEM FOR SERVER ASSIGNMENT USING PREDICTED NETWORK METRICS

NEC CORPORATION, Tokyo (...

1. A method for assigning a server to provide a resource to a client in a distributed network, the method comprising:receiving a request for the resource from the client;
measuring a network metric at different points in the network;
inputting the network metric measurements to a deep learning model;
predicting, using the model, the network metric between the client and each of a plurality candidate servers which have the resource and have not had a prior connection with the client; and
assigning one of the candidate servers to provide the resource to the client based on the predictions of the network metric.

US Pat. No. 10,715,637

SYSTEMS AND METHODS FOR AUTOMATED APPLICATION DEPLOYMENT MANAGEMENT

MASTERCARD INTERNATIONAL ...

1. A method of automated deployment management for a computer network, the method implemented using a distributed deployment agent that includes a server system agent operating on a server system and a client system agent operating on a client system, the client system agent being communicatively coupled to the server system agent, the method comprising:performing, by the server system agent, an environment discovery process to discover a plurality of connected devices including the client system and at least one target location present on the plurality of connected devices at a respective target location;
determining, by the server system agent based on the environment discovery process, one or more target locations of the at least one target location associated with the client system, the one or more target locations requiring at least one of a system update and a software update;
generating, by the server system agent, using a configuration file, a command file, wherein the command file includes computer-executable instructions configured to be executed on the client system, the client system hosting a computer application at the one or more target locations;
configuring, by the server system agent, the command file with deployment instructions for the client system to automate deployment of the command file;
transmitting, by the server system agent, a compressed file to the client system, wherein the compressed file includes the command file;
causing the client system agent to extract the command file from the compressed file; and
causing the client system agent to execute the command file on the one or more target locations, wherein the execution activates one or more of a system update event on the client system and a software update event for the computer application.

US Pat. No. 10,715,636

LOYALTY SWITCH

Switch Technology Solutio...

1. A computer implemented method for connecting a client computing resource with at least one loyalty host computing resource, the method comprising: receiving a first message from the client computing resource by a loyalty switch to initiate a client connection, the loyalty switch having a client message queue, a selector handler pool manager, and one or more selector handlers; storing the first message within the client message queue; assigning the client computing resource to an assigned selector handler from the one or more selected handlers by the selector handler pool manager; establishing the client connection between the client computing resource and the assigned selector handler; receiving a transaction message from the client computing resource over the client connection; determining a matching loyalty host computing resource from the at least one loyalty host computing resource by the assigned selector handler using selector routing logic; responsive to a determination that a host connection does not exist between the assigned selector handler and the matching loyalty host computing resource, establishing the host connection; transmitting the transaction message over the host connection to the matching loyalty host computing resource; transmitting a client response message by the assigned selector handler over the client connection indicating a status indication in response to the transaction message, the status indication comprises a success indication and a failure indication, wherein determining the matching loyalty host computing resource using selector routing logic comprising: identifying a request type for the transaction message; responsive to the request type being forward all, storing the transaction message within a write buffer corresponding to all host connections associated with the at least one loyalty host computing resources supporting the client computing resource; responsive to the request type being reverse transaction, fetching a server ID associated with the reverse transaction and storing the transaction message within the write buffer corresponding to the server ID; responsive to the request type not being loyalty ID, fetching the server ID associated with a loyalty sequence ID of the transaction message and storing the transaction message within the write buffer corresponding to the server ID; responsive to the request type being loyalty ID and the loyalty sequence ID not being null, fetching the server ID associated with a loyalty sequence ID of the transaction message and storing the transaction message within the write buffer corresponding to the server ID; and responsive to the request type being loyalty ID and the loyalty sequence ID being null, perform the following: responsive to matching a pattern with the loyalty ID with all host connections associated with the at least one loyalty host computing resources, identifying the server ID of the matching pattern; and storing the transaction message within the write buffer corresponding to the server ID of the matching pattern.

US Pat. No. 10,715,634

SYSTEM AND METHOD FOR CREATING VIRTUAL INTERFACES BASED ON NETWORK CHARACTERISTICS

Cisco Technology, Inc., ...

1. A method comprising:obtaining, by a local network node, network-neighborhood information from one or more network neighbors of the local network node, wherein the network-neighborhood information includes duplex-neighborhood information that indicates at least a set of neighboring devices to a network neighbor, and a set of remote network nodes accessible via a respective network neighbor;
determining, based on the network-neighborhood information, a first group of the network neighbors having first common network characteristics, wherein the first group of the network neighbors includes first mutually-connected network peers;
defining, by the local network node, a first virtual interface for the first group of network neighbors, wherein member nodes of the first virtual interface include the local network node and the first mutually-connected network peers;
determining, based on the network-neighborhood information, a second group of the network neighbors having second common network characteristics different from the first common network characteristics, wherein the second group of the network neighbors includes second mutually-connected network peers; and
defining, by the local network node, a second virtual interface, different from the first virtual interface, for the second group of network neighbors, wherein member nodes of the second virtual interface include the local network node and the second mutually-connected network peers.

US Pat. No. 10,715,633

MAINTAINING REACHABILITY OF APPS MOVING BETWEEN FOG AND CLOUD USING DUPLICATE ENDPOINT IDENTIFIERS

Cisco Technology, Inc., ...

1. A method, comprising:monitoring network characteristics of a cloud environment, wherein the cloud environment includes a central cloud network and a fog network, wherein the central cloud network hosts an application that serves at least a first client device, wherein the application is assigned an endpoint identifier, the endpoint identifier being mapped to a first locator identifier associated with the central cloud network, and wherein the fog network comprises a mapping cache, the mapping cache comprising a first entry mapping the endpoint identifier to the first locator identifier;
determining, based on the monitored network characteristics, that a condition for executing the application at the fog network is satisfied;
causing an instance of the application to be executed in the fog network;
assigning the endpoint identifier to the instance of the application;
mapping the endpoint identifier to a second locator identifier associated with the fog network;
clearing the first entry in the mapping cache; and
receiving a request at the fog network from the first client device to access the application, and in response, based on the cleared first entry, determining from a mapping server that the endpoint identifier is mapped to the second locator identifier.

US Pat. No. 10,715,631

METHOD AND APPARATUS FOR HANDLING APPLICATION TRIGGERING EVENTS

Ford Global Technologies,...

1. A system comprising:a smart-phone processor configured to:
provide access to a publish-subscribe service, wherein data from entities other than the smart-phone can be published to the publish-subscribe service and a triggering service, executing on the smart-phone, can subscribe to the data;
wirelessly receive vehicle data published to the publish-subscribe service;
receive the vehicle data at the triggering service, when the vehicle data corresponds to data to which the triggering service has subscribed;
determine, via the triggering service, an application trigger that indicates that an application should be launched on the basis of the received vehicle data, the application trigger provided to the triggering service when the application was installed and used by the triggering service as a basis to subscribe to data, from the publish-subscribe service, that corresponds to the application trigger; and
launch the application responsive to the trigger.

US Pat. No. 10,715,630

COMMON INFORMATION MODEL INTEROPERABILITY SYSTEM

Dell Products L.P., Roun...

1. A Common Information Module (CIM) interoperability system, comprising:a server device that is coupled to a network;
at least one server component included in the server device; and
a remote access controller that is included in the server device and coupled to the at least one server component, wherein the remote access controller includes:
a CIM provider;
a CIM provider communication subsystem coupled to the CIM provider; and
a REpresentational State Transfer (REST)-CIM provider component that is configured to:
receive a REST request that was received by the server device through the network from a client device and redirected to the REST-CIM provider component by the server device;
convert the REST request to CIM request;
make a call through the CIM provider communication subsystem to the CIM provider, wherein the call is based on a type of HyperText Transfer Protocol (HTTP) method request in the REST request and includes the CIM request;
receive a CIM response through the CIM provider communication subsystem from the CIM provider, wherein the CIM response includes Common Manageability Programming Interface (CMPI) response data;
convert, using a Common Schema Definition Language (CSDL)/JavaScript Object Notation (JSON) file that was generated from a CIM Management Object Format (MOF) file, the CMPI response data to JSON objects; and
provide the JSON objects to the server device.

US Pat. No. 10,715,629

SEAMLESS CONTEXT SWITCH

GOOGLE LLC, Mountain Vie...

1. A system comprising:a browser execution module, including one or more data processors, that is configured to:
receive a first request to load a browser-based application, wherein the browser-based application is loaded onto a client device of a given user, and wherein the first request to load the browser-based application is received in response to user input directed to the client device;
in response to the first request to load the browser-based application, request, from a server, (i) application data that, upon execution, causes the browser execution module to run the browser-based application in a browser and (ii) first context data for a first account identified in the first request; and
receive, from the server, the application data and the first context data;
a state machine module, including one or more data processors, that is configured to:
generate, using the application data, a state machine that is configured to access and store context data;
run the browser-based application by executing the application data;
populate the browser-based application with the first context data; and
store the first context data in the state machine; and
a state change module, including one or more processors, that is configured to:
intercept a second request to load the browser-based application while the browser-based application is running in the browser, wherein the second request is a request for the application data that causes the browser to run the browser-based application and identifies a second account;
in response to intercepting the second request to load the browser-based application, generate a context data request;
requesting, from the server using the generated context data request, second context data for the second account without requesting the application data using the second request; and
update the running browser-based application with the second context data without reloading the browser-based application.

US Pat. No. 10,715,628

ATTRIBUTE OPERATING METHOD AND DEVICE

ZTE CORPORATION, Shenzhe...

1. An attribute operating method, comprising:receiving a request message from a sending end, wherein, parameter information carried in the request message comprises: operating indication information, a resource address to be operated, an information type to be operated, and an information content to be operated;
determining to operate on an attribute according to the operation indication information and the information type in the request message; and
executing an operation corresponding to the attribute by using the resource address and the information content in the request message, wherein the information type is an attribute type used for indicating that an object of the operation is an attribute, the operating indication information indicates to create the attribute or delete the attribute in a resource indicated by the resource address;
wherein, the resource address is a resource address of an attribute to be added, and the information content is an attribute name and an attribute parameter value of the attribute; and executing an operation corresponding to the attribute by using the resource address and the information content comprises:
determining that the attribute name is included in a resource that is indicated by the resource address of the attribute to be added;
judging whether the attribute is allowed to be created as multiple;
if the attribute is allowed to be created as multiple, then creating the attribute in the resource, wherein, a name of the attribute is determined according to the attribute name and different with a name that has already existed in the resource and corresponds to the attribute, and a parameter value of the attribute is set as the attribute parameter value; and
if the attribute is not allowed to be created as multiple, then returning a response message to the sending end, wherein, the response message carries creation failure indication information.

US Pat. No. 10,715,627

METHODS AND SYSTEMS FOR SMART RESOURCE ALLOCATION BASED ON WORK LOCATION PREDICTIONS

UNITED SERVICES AUTOMOBIL...

1. A computerized method comprising:creating, by a processor associated with an enterprise scheduling system, a user profile associated with a user, the user profile including information relating to one or more devices associated with the user and at least one work location, wherein the work location is a physical location where the user performs work associated with an organization;
determining one or more locations of the one or more devices associated with the user;
predicting a predicted work location of the user by:
comparing the location of the one or more devices with previously documented work locations, and
optimizing, by the processor associated with the enterprise scheduling system, resources based on the predicted work location of the user and predicted work locations of other users;
in response to determining that one or more of the resources at the predicted work location are insufficient, recommending, to the user, an alternative work location; and
sending, to one or more devices associated with the user, a security token that provides the user with access to the alternative work location.

US Pat. No. 10,715,626

ACCOUNT ROUTING TO USER ACCOUNT SETS

1. A system for new account routing to user account sets, the apparatus comprising:one or more processors; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:
create an account profile for each set of accounts of a plurality of sets of accounts which are assigned as sales responsibilities to a corresponding plurality of users, based on a plurality of firmographic attributes associated with each account of the plurality of sets of accounts, wherein the account profiles model probability distributions;
determine a plurality of account similarity scores for an unassigned account, which is pending assignment as a sales responsibility to any of the plurality of users who are assigned sales responsibilities for the plurality of sets of accounts, by comparing a plurality of firmographic attributes associated with the unassigned account against the corresponding plurality of accounts profiles;
identify a highest account similarity score of the plurality of account similarity scores; and
assign a sales responsibility for the unassigned account to a user who is assigned a sales responsibility for a set of accounts, of the plurality of sets of accounts, corresponding to the highest account similarity score.

US Pat. No. 10,715,625

ORIGIN AND CACHE SERVER COOPERATION FOR COMPUTE-INTENSIVE CONTENT DELIVERY

Akamai Technologies, Inc....

1. A system for delivering objects, the system comprising:a cache server in a content delivery network, the cache server comprising at least one hardware processor and memory storing instructions for execution on the at least one hardware processor, the instructions including instructions that upon execution cause the cache server to:
receive a request for an object from a client;
determine (a) that the object is a one of a class of objects that is configured to be modified in the content delivery network after retrieval from an origin server;
determine (b) that the object is not available to serve from a local cache in response to the request from the client;
based at least in part on the determinations (a) and (b), request the object from the origin server and include in the request a first pointer enabling a modified version of the object to be located once created in the content delivery network, the request further including a first time to live (TTL) value indicating a lifetime of the first pointer;
the origin server comprising at least one hardware processor and memory storing instructions for execution on the at least one hardware processor, the instructions including instructions that upon execution cause the origin server to:
receive the request from the cache server;
check an origin data store to determine whether there is stored, in association with the object requested by the cache server, a second pointer and a second TTL indicating a lifetime of the second pointer, the second pointer enabling the modified version of the object to be located in the content delivery network;
based at least in part on a determination that the origin data store has the second pointer and the second TTL is not expired, send a response to the request from the cache server that includes the second pointer, without sending the object;
based at least in part on a determination that the origin data store does not have the second pointer, or that the second TTL is expired, retrieve the object from a storage device and send a response to the request from the cache server that includes the object.

US Pat. No. 10,715,624

OPTIMIZED N-STREAM SEQUENTIAL MEDIA PLAYBACK CACHING METHOD AND SYSTEM

Western Digital Technolog...

1. A data storage device comprising:a hardware network interface configured to communicate with one or more clients requesting a first stream and a second stream;
a memory configured to store files associated with the first stream and the second stream;
a hardware cache; and
a processor configured to:
determine a consumption rate for each of the first stream and the second stream, the consumption rate comprising an amount of data consumed by a respective stream in a time period;
size a plurality of zones of the hardware cache, including a first zone corresponding to the first stream and a second zone corresponding to the second stream, such that refresh times of the first zone and the second zone occur during an active operation time in which the data storage device is in a first power state, wherein sizes of the first zone and the second zone are potentially different and are based on the respective consumption rate of the corresponding stream; and
cause the data storage device to enter into a second power state until the active operation time, wherein the second power state uses less power than the first power state.

US Pat. No. 10,715,623

CACHING FOR DATA STORE CLIENTS USING EXPIRATION TIMES

International Business Ma...

12. An information processing system comprising:a storage client comprising an integrated cache for reducing a number of accesses to a storage service of a plurality of storage services within the storage client;
a memory; and
a processor communicatively coupled to the memory and to the storage client, wherein the processor, responsive to executing computer instructions, performs operations comprising:
monitoring a latency for data accesses from the storage client to at least one storage service of the plurality of storage services;
increasing an amount of caching in response to the latency increasing;
decreasing the amount of caching in response to the latency decreasing;
providing an interface for using a storage service via the storage client;
implementing the interface within a storage subclient for each storage service in a plurality of different storage services, the interface being standardized across the plurality of different storage services, wherein the interface specifies at least one method, function, procedure, or subroutine, to be implemented in a computer language, for accessing a storage service in the plurality of different storage services;
associating an object expiration time with at least one object stored in the cache;
keeping the at least one object in the cache after the object expiration time has passed;
selecting, by an application, through the interface via the storage client at least one storage service in the plurality of different storage services to handle a request; and
in response to a request for a cached object whose expiration time has passed, the storage client communicating with at least one implemented interface of at least one storage subclient, the storage client contacting a storage service to determine if the cached object is current, and the storage client satisfying the request based on the at least one storage service selected to handle the request.

US Pat. No. 10,715,622

SYSTEMS AND METHODS FOR ACCELERATING OBJECT STORES WITH DISTRIBUTED CACHING

NUTANIX, INC., San Jose,...

1. An object store comprising:a distributed cache cluster including a first cache on a first node device and a second cache on a second node device;
a server communicatively coupled to the distributed cache cluster, wherein the server has programmed instructions that:
determine whether an object satisfies an object policy;
determine whether a request to store the object indicates that the object is to be split up into a plurality of shards; and
store a first shard of the plurality of shards in the first cache and a second shard of the plurality of shards in the second cache.

US Pat. No. 10,715,621

COMMUNICATION METHOD, IN-VEHICLE COMMUNICATION DEVICE, COMPUTER-READABLE MEDIUM, AND IN-VEHICLE COMMUNICATION SYSTEM

TOYOTA JIDOSHA KABUSHIKI ...

1. A communication method in which an in-vehicle communication device transmits data to a server, the communication method comprising:transmitting the data from the in-vehicle communication device to the server through a first communication link when the first communication link between the in-vehicle communication device and the server is established;
transmitting the data from the in-vehicle communication device to a relay device different from the server through a second communication link different from the first communication link when the first communication link is not established;
notifying the relay device through the second communication link that the first communication link is lost when the first communication link is not established;
temporarily storing the data received from the in-vehicle communication device in the relay device when a third communication link between the relay device and the server is not established; and
transmitting the temporarily stored data from the relay device to the server through the third communication link when the third communication link is established and the temporarily stored data is present in the relay device.

US Pat. No. 10,715,620

STREAMING NETWORK MONITORING CACHING INFRASTRUCTURE

Google LLC, Mountain Vie...

1. A network telemetry caching and distribution system comprising one or more processors connected to a physical memory and configured to:receive, from a network device, a set of network telemetry data;
store, in a first memory space of the physical memory, the set of network telemetry data as a plurality of data nodes;
maintain, in a second memory space of the physical memory, a client queue having a node pointer queue and a node pointer map, wherein the node pointer map includes a plurality of node-pointer, node-count pairs, each node pointer indicating a path to a data node corresponding to the node pointer, and the node count indicating a number of updates to the data node since a previous transmission of the contents of the data node to a client device;
receive, from the network device, a data node update;
if the data node update corresponds to a data node having a corresponding node pointer not already present in the node pointer map:
add the corresponding node pointer to the node pointer map with a count of zero and add the corresponding node pointer to the node pointer queue;
if the data node update corresponds to a data node having a corresponding node pointer already present in the node pointer map:
increment the node count for the corresponding node pointer in the node pointer map and not add the corresponding node pointer to the node pointer queue; and
transmit, to the client device, a set of node-value, node-count pairs including, for each node pointer in the node pointer queue, a data value in the data node corresponding to the node pointer, and the node count in the node pointer map corresponding to the node pointer, wherein the node count informs of the client device that it has missed one or more previous data values since the previous transmission.

US Pat. No. 10,715,619

CACHE MANAGEMENT USING A PROBABILISTIC DATA STRUCTURE

Red Hat, Inc., Raleigh, ...

1. A method comprising:storing, by a server, a probabilistic data structure in a memory device, the probabilistic data structure indicating a probability that a cache memory of a client device has a first version of a key-value pair, the client device being remote from the server;
determining, by the server, a second version of the key-value pair that is different from the first version of the key-value pair;
determining, by the server, a positive probability that the client device has the first version of the key-value pair stored in the cache memory using the probabilistic data structure;
based on determining the second version of the key-value pair and the positive probability that the client device has the first version of the key-value pair stored in the cache memory, transmitting, by the server, an invalidation communication over a network to the client device to cause the client device to remove the first version of the key-value pair from the cache memory; and
subsequent to transmitting the invalidation communication:
transmitting, by the server, the second version of the key-value pair to the client device for causing the client device to store the second version of the key-value pair in the cache memory of the client device; and
updating, by the server, the probabilistic data structure to indicate that there is the positive probability of the client device having the second version of the key-value pair.

US Pat. No. 10,715,618

COMPRESSIBILITY ESTIMATION FOR LOSSLESS DATA COMPRESSION

Hughes Network Systems, L...

1. A network node comprising:a memory; and
a processor programmed to execute instructions stored in the memory, the instructions including:
parse at least a portion of a data packet, wherein the packet comprises at least a first segment and a second segment;
determine a first token representing the first segment;
using the first segment, calculate a cumulative bit cost;
based on the cumulative bit cost and at least one of: a current number of parsed bytes of the packet, a total packet length, or a current number of tokens associated with the packet, predict either to transmit the packet in a compressed state or to transmit the packet in an uncompressed state;
compress the packet into the compressed state if the cumulative bit cost is less than a bit cost threshold during parsing of the packet;
determine a second token representing the second segment;
using the second segment, calculate an updated cumulative bit cost;
based on the updated cumulative bit cost and at least one of: an updated current number of parsed bytes of the packet, the total packet length, or an updated current number of tokens associated with the packet, re-predict to either transmit the packet in the compressed state or to transmit the packet in the uncompressed state; and
when the prediction is to transmit the packet in the compressed state, then perform arithmetic encoding on the first and second tokens.

US Pat. No. 10,715,617

STREAM RESERVATION CLASS CONVERTER

HARMAN BECKER AUTOMOTIVE ...

1. A network device for processing data packets transmitted between nodes of a network, the network device comprising:a processor; and
a non-transitory computer readable medium storing executable code that is executable by the processor to:
intercept data packets of a first traffic class transmitted by a first network node and addressed to a second network node, wherein a relevant field in a header of the data packets is set to define the first traffic class,
convert the intercepted data packets into data packets of a second traffic class, wherein the second traffic class has lower processing load requirements of the second network node than the first traffic class,
change bits in the relevant field of the intercepted data packets to define the second traffic class, and
transmit the converted data packets to the second network node, wherein the second network node only supports data packets that are of the second traffic class, and wherein the second traffic class is lower than the first traffic class,
wherein the network is a closed network with a fixed number of network switches.

US Pat. No. 10,715,616

PERIPHERAL DEVICE IMPLEMENTATION SYSTEM AND ASSOCIATED METHODS

Walmart Apollo, LLC, Ben...

1. A peripheral device implementation system, comprising:a central database;
a peripheral service including a peripheral service interface;
a communication platform;
a non-transitory computer-readable medium; and
a processing device, wherein the processing device is configured to execute instructions stored in the non-transitory computer-readable medium to:
via the communication platform, establish communication between a cloud environment and the central database, the peripheral service, and a client device;
establish communication between two or more peripheral devices and the cloud environment via the peripheral service interface, and automatically perform a self-registration of the two or more peripheral devices to the cloud environment via the peripheral service interface upon initial introduction of the two or more peripheral devices to the peripheral device implementation system;
notify the client device of communication of the two or more peripheral devices with the cloud environment via the communication platform;
receive as input on the client device a type of peripheral device to electronically receive a first request from the client device to the cloud environment via the communication platform regarding performing a function with one of the two or more peripheral devices, the type of peripheral device selected from a group consisting of a printer, a scanner, and a camera;
limit the two or more peripheral devices in communication with the cloud environment based on the type of peripheral device input on the client device;
provide the client device with a list of one or more peripheral devices limited to the type of peripheral device input on the client device and in communication with the cloud environment;
provide as input on the client device a selected peripheral device from the list of one or more peripheral devices limited to the type of peripheral device input on the client device and in communication with the cloud environment;
electronically transmit the first request from the client device to the cloud environment via the communication platform regarding performing the function with the selected peripheral device;
electronically transmit the first request from the cloud environment to the selected peripheral service via the peripheral service interface;
electronically transmit the first request from the peripheral service to the selected peripheral device via the peripheral service interface to initiate performing the function with the selected peripheral device; and
automatically perform a subsequent self-registration of the two or more peripheral devices to the cloud environment via the peripheral service interface upon initiation of the peripheral device implementation system from a sleep or off mode,
wherein upon automatically performing the self-registration or the subsequent self-registration of the two or more peripheral devices to the cloud environment, the two or more peripheral device become automatically available to the client device in communication with the cloud environment to receive the first request from the client device via the cloud environment.

US Pat. No. 10,715,614

ASSIGNING DATA AGENT PROXIES FOR EXECUTING VIRTUAL-MACHINE SECONDARY COPY OPERATIONS INCLUDING STREAMING BACKUP JOBS

Commvault Systems, Inc., ...

1. A method comprising:by a first data agent that executes on a first virtual machine, receiving a designation from a storage manager to act as coordinator of a first job to back up one or more third virtual machines,
by a second data agent that executes on a second virtual machine, receiving a designation to back up the one or more third virtual machines in the first job,
by the first data agent acting as coordinator of the first job, determining a first maximum limit of concurrent data streams to assign to the second virtual machine,
wherein the first maximum limit is based on at least one of: a processing capacity of the second virtual machine and an amount of random access memory of the second virtual machine, which executes the second data agent;
by the first data agent acting as coordinator of the first job, assigning to the second virtual machine one or more first concurrent data streams, up to the first maximum limit, for the second data agent to use in the first job,
wherein the one or more first concurrent data streams originate at one or more first storage devices comprising data of the one or more third virtual machines being backed up in the first job and terminates at the second data agent that executes on the second virtual machine, and
wherein the second virtual machine concurrently uses no more than the first maximum limit of concurrent data streams for storage operations including the first job;
wherein the first virtual machine executes on a first computing device comprising one or more hardware processors;
wherein the second virtual machine executes on one of: the first computing device and another computing device comprising one or more hardware processors;
wherein the one or more third virtual machines execute on at least one of: the first computing device and one or more other computing devices comprising respective one or more hardware processors; and
wherein the storage manager executes on one of: the first computing device, a second computing device comprising one or more hardware processors, and a fourth virtual machine that executes on one of: the first computing device and the second computing device.

US Pat. No. 10,715,613

PRESENCE INDICATORS

Microsoft Technology Lice...

1. A method comprising:determining, by a client device, a first set of user indicators that are displayed on a display of the client device at any point during a first period of time, each user indicator corresponding to a user of an online service, the first period of time beginning after a first user indicator is presented on the display of the client device, the first set of user indicators presented on the display as a result of a user of the client device viewing content provided by the online service;
at completion of the first period of time, determining a first set of remaining user indicators that remain displayed on the display of the client device;
determining that presence information for a first user corresponding to a first user indicator in the first set of remaining user indicators is available in a local cache memory of the client device and that presence information for a second user corresponding to a second user indicator in the first set of remaining user indicators is not available in the local cache memory of the client device;
determining that a duration of time after which the presence information for the first user was updated in the local cache memory is less than a threshold period of time;
presenting a presence indicator for the first user based on the presence information for the user that is stored in the local cache memory;
transmitting, to a server associated with the online service, a request for presence information for the second user indicator from the first set of remaining user indicators, the presence information indicating a current status of each of the second user of the online service;
receiving, from the server, the presence information for the second user of the online service; and
presenting, based on the presence information for the second user, presence indicators indicating the status of the second user of the online service.

US Pat. No. 10,715,612

IDENTIFYING USERS' IDENTITY THROUGH TRACKING COMMON ACTIVITY

Oath Inc., New York, NY ...

15. A non-transitory computer readable storage media comprising computer executable instructions that when executed by a processor perform a method, comprising:accessing a user activity log comprising a plurality of identifiers and corresponding activity information for each identifier, the user activity log based on activities of mobile devices and Internet accounts of one or more users;
filtering the user activity log to exclude popular activity information associated with activities exceeding a popularity threshold and generate a filtered user activity log;
building an inverted index of the filtered user activity log, the inverted index having at least some activity information remaining in the user activity log after the filtering as a key and sets of identifiers associated with the at least some activity information as data;
enumerating possible combinations of identifiers to generate a plurality of potential user groups, wherein each potential user group (i) includes a plurality of users, (ii) is associated with a common set of one or more websites, and (iii) is generated based upon a determination that each of the plurality of users of the potential user group are determined to have visited the common set of one or more websites associated with the potential user group, wherein generating the plurality of potential user groups comprises:
generating a first potential user group, including a first plurality of users, in association with a first common set of one or more websites based upon a determination that the first plurality of users visited the first common set of one or more websites, wherein generating the first potential user group comprises grouping a first user of the first plurality of users and a second user of the first plurality of users into the first potential user group based upon (i) a determination that the first user visited a first website of the first common set of one or more websites and (ii) a determination that the second user visited the first website; and
generating a second potential user group, including a second plurality of users, in association with a second common set of one or more web sites based upon a determination that the second plurality of users visited the second common set of one or more websites;
scoring each potential user group of the plurality of potential user groups based on a quantity of websites in the common set of one or more websites for the potential user group;
determining that users of at least one potential user group of the plurality of potential user groups are associated with a common identity of a user based upon the scoring;
selecting content to be targeted to the user; and
controlling transmission of the content to the user.

US Pat. No. 10,715,611

DEVICE CONTEXT-BASED USER INTERFACE

Adobe Inc., San Jose, CA...

1. A device comprising:a device context module implemented at least partially in hardware, the device context module configured to perform operations comprising:
tracking interactions of a user with the device;
determining a context of the device based in part on a configuration of hardware associated with the device and in part on determining that the user predominantly interacts with the device in a particular manner from a pattern of usage determined for the user's current session based on an amount of interaction time the user has with different items of the hardware, the context of the device changing responsive to changes in the configuration of hardware associated with the device and changes in the amount of interaction time the user has with the different items of hardware,
wherein the context of the device is based in part on whether the configuration of hardware includes a particular hardware item associated with the device, and
wherein the context of the device is further determined based in part on an amount of time that the particular hardware item is being used over a monitored period of time, the context of the device being different when the amount of time the particular hardware item is used is less than a threshold amount over the monitored period of time than when the amount of time the particular hardware item is used is more than the threshold amount over the monitored period of time;
selecting a respective one of a plurality of user interface configurations that corresponds to the determined context of the device, the selected user interface configuration supporting operations in the determined context of the device by displaying a combination of user interface instrumentalities suited for performing the operations according to the pattern of usage determined for the user's current session; and
automatically configuring a user interface of an application for display using the selected user interface configuration.

US Pat. No. 10,715,610

SYSTEM, METHOD, AND APPARATUS FOR GENERATING A THIRD PARTY RESOURCE USAGE MAP IN A GROUP BASED COMMUNICATION SYSTEM

Slack Technologies, Inc.,...

1. A method for maintaining a third party resource usage map associated with a group-based communication system comprising a group-based communication server, a group-based communication repository, and a plurality of group-based communication channels, the third party resource usage map comprising a plurality of third party resource usage records, the method comprising:receiving, from a first third party resource provider, a first third party resource access token, wherein the first third party resource access token is associated with a first third party resource provider identifier associated with the first third party resource provider;
transmitting, to the first third party resource provider, a first third party user account creation request comprising the first third party resource access token and first account creation instructions configured to cause the first third party resource provider to create a first third party user account associated with the first third party resource provider on behalf of a first client device associated with a first user identifier;
receiving, from the first third party resource provider, a first third party user account creation approval after the first third party resource provider has verified that the first third party resource access token is authorized for creating the first third party user account associated with the first third party resource provider on behalf of the first client device associated with the first user identifier;
generating a first new third party resource usage record associated with the first user identifier, the first new third party resource usage record comprising the first user identifier, the first third party resource provider identifier, and the first third party resource access token, wherein the first new third party resource usage record indicates the first user identifier is associated with the first third party user account created on behalf of the first client device associated with the first user identifier; and
adding the first new third party resource usage record to the third party resource usage map.

US Pat. No. 10,715,609

TECHNIQUES FOR ADJUSTING NOTIFICATIONS ON A COMPUTING DEVICE BASED ON PROXIMITIES TO OTHER COMPUTING DEVICES

Apple Inc., Cupertino, C...

15. A computing device configured to dynamically adjust a manner in which notifications are output on the computing device, the computing device comprising:at least one processor; and
at least one memory storing instructions that, when executed by the at least one processor, cause the computing device to:
determine that at least one different computing device satisfies a physical proximity threshold relative to the computing device;
determine that the at least one different computing device is included in a list of known computing devices associated with the computing device;
identify, among a plurality of notification profiles managed by the computing device, a respective notification profile that corresponds to the at least one different computing device; and
apply the respective notification profile to cause the computing device to adjust how notifications are output by the computing device.

US Pat. No. 10,715,608

AUTOMATIC SERVER CLUSTER DISCOVERY

BMC Software, Inc., Hous...

1. A non-transitory computer-readable medium storing instructions that, when executed by at least one processor of a verification server, causes the verification server to perform operations including:receiving service-node pairs from each of a plurality of nodes in a distributed computing system, a service identifier of a service-node pair representing how a called service is seen by a requestor of the service when initiating the call and a node identifier of the service-node pair identifying the node executing the service;
assigning each of the plurality of nodes to one cluster of a plurality of clusters based on the service identifiers in the service-node pairs; and
using the plurality of clusters in impact analysis or modeling.

US Pat. No. 10,715,607

PERFORMING CONTEXT-RICH ATTRIBUTE-BASED SERVICES ON A HOST

NICIRA, INC., Palo Alto,...

1. A method of configuring a set of service nodes on a host computer to provide a set of attribute-based services to data compute nodes (DCNs) on the host computer, the method comprising:on the host computer:
collecting a first set of attributes associated with attribute-based service rules processed by the set of service nodes on the host computer;
collecting a second set of attributes associated with at least one data message flow of a DCN;
comparing the first and second sets of attributes to generate a service tag to represent a subset of attributes associated with the data message flow that are relevant for the service rules of the service node set; and
associating the service tag with the data message flow for the set of service nodes to use subsequently to retrieve the subset of attributes associated with the data message flow and to use the retrieved subset of attributes to process the attribute-based service rules for data messages of the data message flow.

US Pat. No. 10,715,606

APPLICATION CONTROL INTERWORKING IN NETWORK

NOKIA SOLUTIONS AND NETWO...

1. A method, comprising:receiving capabilities relating to an application server at a policy and charging rules function,
wherein the receiving further comprises receiving an indication whether or not the application server supports a control interface to provide session information to the policy and charging rules function when a user session is established between a user equipment and the application server; and
creating application detection and control rules based on the capabilities received.

US Pat. No. 10,715,605

SYSTEM AND METHOD FOR LIMITING ACTIVE SESSIONS

ServiceNow, inc., Santa ...

1. A system comprising:a non-transitory memory; and
one or more hardware processors configured to read instructions from the non-transitory memory to perform operations comprising:
receiving one or more login requests to access a client instance;
routing the one or more login requests to a first node of a plurality of nodes based at least on respective workloads distributed among the plurality of nodes;
creating a first session with the first node based at least in part on credentials of the one or more login requests, wherein the credentials are associated with an account having a group of users;
responsive to creating the first session, searching for one or more concurrent sessions each having one of a plurality of session types that use different credentials that are associated with the account with the client instance to terminate at least one of the one or more concurrent sessions;
determining whether a number of active sessions of the plurality of session types exceeds a threshold, wherein the number includes the first session and does not include sessions having certain session types;
determining whether the at least one of the one or more concurrent sessions is on the first node; and
based on the determination that the number of active sessions exceeds the threshold, terminating the at least one of the one or more concurrent sessions by sending a cluster message from the first node to the plurality of nodes to terminate the at least one of the one or more concurrent sessions when the at least one of the one or more concurrent sessions are not on the first node.

US Pat. No. 10,715,604

REMOTE SYSTEM PROCESSING BASED ON A PREVIOUSLY IDENTIFIED USER

Amazon Technologies, Inc....

1. A computer-implemented method comprising:receiving, from a device corresponding to a device identifier (ID), first audio data corresponding to a first utterance;
determining first speech characteristics corresponding to the first utterance;
determining the first speech characteristics correspond to stored speech characteristics data associated with a user ID;
storing first data associating the user ID with the device ID for a length of time;
determining first speech processing data representing the first audio data;
based at least in part on the first speech processing data and the user ID, determining second data responsive to the first utterance;
causing the device to output the second data;
after causing the device to output the second data, receiving, from the device within the length of time, second audio data corresponding to a second utterance;
determining second speech characteristics corresponding to the second utterance;
determining the second speech characteristics are unassociated with profile data associated with the device;determining the user ID is to be used to respond to the second utterance based at least in part on determining the second speech characteristics are unassociated with the profile data;determining second speech processing data representing the second audio data;
based at least in part on the second speech processing data and the user ID, determining third data responsive to the second utterance; and
causing the device to output the third data.

US Pat. No. 10,715,603

SYSTEMS AND METHODS FOR SHARING APPLICATION DATA BETWEEN ISOLATED APPLICATIONS EXECUTING ON ONE OR MORE APPLICATION PLATFORMS

Microsoft Technology Lice...

1. A method of operating an application platform executing a consumer application to consume application data generated by one or more producer applications, the method comprising:receiving, by the application platform, an instruction to invoke the consumer application in a runtime environment,
wherein the instruction is generated by a data sharing platform based on one or more application data feeds generated by the one or more producer applications registered with the data sharing platform;
processing the instruction to automatically invoke the consumer application in the runtime environment, wherein the instruction identifies the consumer application to be invoked and configuration information associated with an action to be performed by the consumer application,
wherein the configuration information includes a modification to existing event setting information ; and once the consumer application is invoked, directing the consumer application to perform the action.

US Pat. No. 10,715,602

ADAPTIVE INTERNET-OF-THINGS SERVICE SYSTEM USING DETACHABLE/ATTACHABLE HARDWARE MODULE

VITCON CO., LTD., Seoul ...

1. An adaptive Internet-of-things (IoT) service system employing a removable hardware module, the system comprising:a control board including a mainboard configured such that the removable hardware module for controlling a peripheral device connected with an existing IoT device is mountable to and removable from the mainboard;
a management server configured to store hardware-related information including a type and installation position of the removable hardware module mounted on the mainboard of the control board and to update the hardware-related information when a new IoT device is added or a change in the existing IoT device occurs; and
a user terminal configured to receive a drive program and control information from the management server and to support remote-controlling of the added IoT device by installing the received drive program, or adding or applying the drive program and the control information to an application program installed in the user terminal.

US Pat. No. 10,715,601

ENHANCED DEPLOYMENT OF APPLICATIONS IN AIRBORNE AND SPACEBORNE NODES

Lockheed Martin Corporati...

1. A method comprising:identifying an application associated with sensing an object of interest;
identifying one or more physical nodes of a plurality of physical nodes comprising airborne nodes or spaceborne nodes able to provide sensor data associated with the object of interest, wherein a first portion of the sensor data from a first sensor and a second portion of the sensor data from a second sensor correspond to the object of interest;
determining accessibility data for the plurality of physical nodes to access the sensor data for the application from the one or more physical nodes, wherein the accessibility data comprises quality of service relating to at least data throughput information associated with accessing the sensor data;
determining whether the first portion or the second portion provide a better quality of service; and
deploying the application to at least one physical node of the plurality of physical nodes based on the accessibility data by at least selecting the at least one physical node as providing a better quality of service for access to either the first portion or the second portion.

US Pat. No. 10,715,600

NETWORK HUB, TRANSFER METHOD, AND ONBOARD NETWORK SYSTEM

PANASONIC INTELLECTUAL PR...

1. A network hub connected to a bus of a first network and connected to a second network in an onboard network system, the onboard network system including the first network for transmission of first-type frames relating to traveling control of a vehicle over the bus following a first communication protocol, and the second network for transmission of second-type frames following a second communication protocol that is different from the first communication protocol, the network hub comprising:a first reception buffer;
a second reception buffer;
a first transmission buffer;
a second transmission buffer;
a first receiver that sequentially receives the first-type frames from the bus and stores data within the first-type frames in the first reception buffer;
a second receiver that sequentially receives the second-type frames from the second network and stores data within the second-type frames in the second reception buffer;
a processor that selects which of the first network and the second network is a destination for data that is a content of one of the first reception buffer and the second reception buffer, stores the data in the first transmission buffer in a case of selecting the first network, and stores the data in the second transmission buffer in a case of selecting the second network; and
a transmitter that transmits first yet-to-be-transmitted data in the first transmission buffer and second yet-to-be-transmitted data in the second transmission buffer,
wherein the transmitter performs priority transmission control, where priority yet-to-be-transmitted data in a priority transmission buffer that is one of the first transmission buffer and the second transmission buffer is transmitted with priority over non-priority yet-to-be-transmitted data in a non-priority transmission buffer that is another of the first transmission buffer and the second transmission buffer.

US Pat. No. 10,715,599

INTERNET OF THINGS (IOT) PLATFORM AND APPLICATION FRAMEWORK

Verizon Patent and Licens...

1. A method comprising:identifying, by one or more processors, a status of a first Internet of Things (IoT) device included in a local area cloud of a plurality of IoT devices that are connected in a geographic area via a wireless local area network (WLAN), wherein a second IoT device of the plurality of IoT devices, as a leader of the local area cloud, communicates to a plurality of server devices on behalf of the local area cloud via a base station of a radio access network serving the geographic area;
identifying, by the one or more processors, a server device associated with the first IoT device;
transmitting, by the one or more processors, via a first type of communication path, a first type of sensor data obtained from the first IoT device to the server device for selection of a first type of physical action to be performed by the first IoT device;
forwarding, by the one or more processors, information identifying the status to the server device via a wireless wide area network (WWAN);
determining, by the one or more processors, that the second IoT device is no longer included in the local area cloud;
forwarding, by the one or more processors, a set of rules that define leader selection as a function of a relative signal strength and a geographic distance with respect to the base station;
evaluating, by one or more of the plurality of IoT devices, the plurality of IoT devices against the set of rules to determine a third IoT device associated with a superior signal strength and a shortest geographic distance;
implementing, by the one or more of the plurality of IoT devices, a selection of the third IoT device as the leader of the local area cloud;
receiving, by the one or more processors, data identifying the first type of physical action; and
forwarding, by the one or more processors and via a second type of communication path, the data identifying the first type of physical action to the third IoT device for distribution to the first IoT device via the local area cloud, wherein, based on the first type of sensor data and a time-sensitivity of the first type of physical action, a first security protocol, a first level of reliability, a first transmission speed, a first bandwidth amount, a first number of trusted nodes, and a first level of priority path associated with the first type of communication path differ from a second security protocol, a second level of reliability, a second transmission speed, a second bandwidth amount, a second number of trusted nodes, and a second level of priority path associated with the second type of communication path.

US Pat. No. 10,715,598

IMPLEMENTATION OF A WEB-SCALE DATA FABRIC

STATE FARM MUTUAL AUTOMOB...

1. A system for processing business operations transactions and associated augmented customer data, the system comprising:a plurality of computer servers interconnected with a software defined network (SDN) via a plurality of network switches, controllers, and network interfaces, and configured to:
implement commodity hardware for economy measured by ownership cost, and
perform computation and store data within a computer grid;
direct attached storage (DAS) comprising just a bunch of disks (JBOD) configured for storage economy measured in total cost of ownership;
random access memory (RAM) coupled to the DAS to provide storage capacity for the plurality of computer servers;
a central processing unit (CPU);
a co-processor coupled to the CPU to provide computation capacity for the plurality of computer servers; and
a stream processor that comprises a plurality of message brokers (MB) hosted on a front office cluster and a back office cluster, and a plurality of complex event processors (CEP) configured for resilient high-throughput-low-latency data processing, the stream processor configured to:
ingest a first set of messages through a portion of the plurality of MBs hosted on the front office cluster,
process, with lower latency, the first set of messages using the RAM,
ingest a second set of messages through an additional portion of the plurality of MBs hosted on the back office cluster, and
process, with higher latency, the second set of messages using the DAS;
wherein the SDN is configured to connect to an external computer network (ECN) for external client input and output.

US Pat. No. 10,715,597

METHODS AND SYSTEMS TO CREATE A NETWORK-AGNOSTIC SDN-BASED CLOUD GATEWAY FOR CONNECTIVITY TO MULTIPLE CLOUD SERVICE PROVIDERS

1. A method of simultaneously connecting a customer data network to multiple cloud service providers via a data network based on predefined user-defined policies, said data network comprising a plurality of software defined network controllers control data flow over said data network, a customer software defined cloud gateway connects the customer data network to at least one of said plurality of software defined network controllers, and a plurality of cloud software defined cloud gateways connects each of said multiple cloud service providers to at least one of said plurality of software defined network controllers, the method comprising:receiving customer-selected policy and configuration data; and
providing said customer-selected policy and configuration data to said customer software defined cloud gateway, said cloud software defined cloud gateways, and said plurality of software defined network controllers to configure said customer software defined cloud gateway, said cloud software defined cloud gateways, and said plurality of software defined network controllers to create respective virtual networks controlled by the customer-selected policy data between said customer data network and at least two of the multiple cloud service providers, wherein said customer-selected policy is a time-based policy that dynamically allocates data traffic between said at least two of the multiple cloud service providers at one or more specified times.

US Pat. No. 10,715,596

SERVER SYSTEM AND CONTROL METHOD FOR STORAGE UNIT

Wiwynn Corporation, New ...

1. A server system, comprising:a plurality of modular devices, consisting of a plurality of storage units, a plurality of computing units or a combination thereof; and
a connection device, connecting the modular devices,
wherein the modular devices are connected in a sequence by the connection device,
a storage unit in the modular devices comprises a transmission interface expander,
the transmission interface expander detects whether the storage unit connects a modular device prior to the storage unit in the sequence, and sets the storage unit as a slave device of the modular device prior to the storage unit in the sequence when the transmission interface expander connects the modular device prior to the storage unit in the sequence, and
when the transmission interface expander does not connect any modular device prior to the storage unit in the sequence, the transmission interface expander is set as a storage node and communicates with an external server, and another storage unit connected behind the transmission interface expander in the sequence becomes a slave device of the transmission interface expander;
wherein when the transmission interface expander connects the modular device prior to the storage unit in the sequence, the transmission interface expander enters a cascade mode to turn down a connection with the external server via the transmission interface, and sets the storage unit as the slave device such that the storage unit is controlled by the other modular device connected thereto, and continually detects whether a connection between the transmission interface expander and the modular device prior to the storage unit in the sequence exists,
when the connection between the transmission interface expander and the modular device prior to the storage unit in the sequence does not exist, the transmission interface expander is set as the storage node and communicates with the external server.

US Pat. No. 10,715,595

REMOTES METADATA EXTRACTION AND TRANSCODING OF FILES TO BE STORED ON A NETWORK ATTACHED STORAGE (NAS)

Western Digital Technolog...

1. A method, comprising:monitoring, on a client computing device, transfer of files from the client computing device to a remote storage to identify files that belong to at least one selected file type;
automatically, in response to identifying a set of files to be sent to the remote storage that belong to the at least one selected file type during the monitoring:
extracting, on the client computing device, metadata from the identified set of files; and
transcoding, on the client computing device, the identified set of files to generate transcoded files by at least one of:
converting at least one file of the identified set of files from a first file format to a second file format; and
converting a size of at least one entire file of the identified set of files from a first size to a second size;
sending, to a datastore coupled to the remote storage, the identified set of files, at least identifiers of the transcoded files, and corresponding extracted metadata; and
at least one of:
sending transcoded files to be stored in the remote storage such that, upon receiving a file request and at least one criterion, the remote storage is configured to:
search the datastore to find at least one identifier of at least one transcoded file whose extracted metadata satisfies the at least one criterion; and
responsive to the received file request, make available, over a computer network, at least one stored transcoded file whose at least one identifier was found during the search of the datastore; and
sending, over the computer network, the transcoded files to be stored in a remote storage location coupled to the computer network, generating links corresponding to the stored transcoded files, and sending the generated links to the remote storage such that, upon receiving a file request and at least one criterion, the remote storage is configured to:
search the datastore to find identifiers of transcoded files whose extracted metadata satisfies the at least one criterion; and
responsive to the received file request, make available, over the computer network, at least one generated link to at least one transcoded file that corresponds to the at least one found identifier.

US Pat. No. 10,715,594

SYSTEMS AND METHODS FOR UPDATE PROPAGATION BETWEEN NODES IN A DISTRIBUTED SYSTEM

VMWARE, INC., Palo Alto,...

1. An apparatus comprising:a database storing information about a deployment of infrastructure as a service (IaaS) components; and
an update manager including a logic circuit to:
configure a first script to be executed upon boot of the apparatus, the first script to schedule execution of a second script;
in response to execution of the first script, schedule the second script for execution to update the IaaS components;
in response to execution of the second script:
retrieve information about the IaaS components from the database;
determine an order for upgrades of one or more of the IaaS components, and
trigger installation of an update for the one or more of the IaaS components.

US Pat. No. 10,715,593

METHOD AND APPARATUS FOR ESTABLISHING PEER-TO-PEER COMMUNICATION

InterDigital Patent Holdi...

1. A method implemented in a Wireless Transmit Receive Unit (WTRU) for peer-to-peer communications, the method comprising:receiving configuration information from a base station of a wireless network, the configuration information indicating a pattern of time resources for use in peer-to-peer communications;
transmitting to at least one peer WTRU control information in at least one of the time resources in the pattern of time resources, wherein the control information includes a group identifier indicating a peer group comprising the at least one peer WTRU intended for receiving the control information and an indication of resources for transmission of peer data; and
transmitting, to the at least one peer WTRU, peer data in the indicated resources for transmission of peer data.

US Pat. No. 10,715,591

METHOD FOR PEER-TO-PEER SYNCHRONIZATION USING VECTOR CLOCK AND SYSTEM USING THE SAME

PPLINK, INC., Seoul (KR)...

1. A method of synchronizing a plurality of user terminals based on peer-to-peer (P2P) communication, the method comprising:occurring a first state change in a first user terminal;
generating first action information corresponding to the first state change in the first user terminal;
allocating a version value to the first action information in the first user terminal;
transmitting the first action information from the first user terminal to a second user terminal;
receiving the first action information in the second user terminal;
adding the first action information to an application ready queue in the second user terminal;
detecting whether a divergence or a causality violation occurs in the second user terminal; and
applying a state change based on the first action information in the second user terminal,
wherein the first action information is generated based on a minimum unit of a user change operation in the first user terminal;
the detecting of whether a divergence or a causality violation occurs in the second user terminal comprises comparing a version of a current state of the second user terminal and a version of the received first action information;
in a case in which a version value of the current state of the second user terminal is greater than the version value of the received first action information and a distance between the version value of the current state and the version value of the first action information is 1, a version of a state is updated based on the first action information in the second user terminal, and the distance is a sum of absolute values of difference in all attribute values of two version values;
the comparing of the version of the current state of the second user terminal and the version of the first action information determines that the causality violation occurs in a case in which a version value of the current state of the second user terminal is greater than a version value of the received first action information and a distance between the version value of the current state and the version value of the first action information is greater than 2; and
the comparing of the version of the current state of the second user terminal and the version of the first action information determines that the divergence occurs in a case in which the version of the current state and the version of the first action information include at least two attribute values associated with each user terminal, one attribute value indicates that a version value of the current state is greater than a version value of the first action information, and another attribute value indicates that a version value of the current state is less than a version value of the first action information.

US Pat. No. 10,715,590

NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM, PROCESS DISTRIBUTION APPARATUS AND PROCESS DISTRIBUTION METHOD

FUJITSU LIMITED, Kawasak...

1. A non-transitory computer-readable storage medium storing a program that causes a computer to execute a process, the process comprising:acquiring, at a predetermined interval, for each of a plurality of applications executed on a plurality of virtual machines, an amount of traffic of packets transmitted to any of a plurality of central computing units (CPUs);
identifying, for each of the plurality of applications, a CPU to which packets are routed, the CPU to which packets are routed being determined in accordance with a hash value calculated based on a transmission source address and a transmission destination address of each of the packets, the transmission source address varying depending on a virtual machine, among the plurality of virtual machines, on which the application corresponding to each of the packets is executed;
calculating, for each of the plurality of CPUs, a total amount of traffic of packets that are received by the CPU by summing the amount of the traffic corresponding to one or more applications, among the plurality of applications, that are routed to each of the plurality of CPUs;
identifying, among the plurality of CPUs, a specific CPU for which the calculated total amount exceeds a predetermined threshold;
identifying, among applications that have packets routed to the specific CPU, a specific application;
identifying a specific virtual machine among the plurality of virtual machines for the specific application to change the hash value; and
moving the specific application to the specific virtual machine.

US Pat. No. 10,715,589

DATA STREAM DISTRIBUTION METHOD AND APPARATUS

Huawei Technologies Co., ...

1. A data stream distribution method carried out on a load balancer according to an interface protocol, the method comprising:receiving a data stream;
obtaining, by the load balancer, a stream characteristic information of the data stream;
determining, by the load balancer, a first distribution rule according to a correspondence between the stream characteristic information and the first distribution rule;
determining, according to the first distribution rule, an application server that processes the data stream, wherein the determining the application server comprises:
accessing, according to the instruction information in the first distribution rule, a first data in the data stream;
generating, after the accessing and according to the instruction information, a keyword according to the first data in the data stream;
determining a first distribution information according to the keyword;
determining, according to the first distribution information, an application server that processes the data stream; and
sending, according to the determining the application server that processes the data stream, the data stream to the application server,
wherein the first distribution rule and the first distribution information are:
received by the load balancer after being generated externally according to the interface protocol and sent to the load balancer, or
configured on the load balancer according to the interface protocol.

US Pat. No. 10,715,588

MULTIPLE HIT LOAD BALANCING

Verizon Digital Media Ser...

1. A method comprising:distributing a set of connection establishment requests from a network machine at a point of ingress of a point-of-presence (PoP) to a plurality of object distribution servers operating from the PoP;
establishing a connection between a particular client and a first object distribution server of the plurality of object distribution servers in response to the network machine distributing a connection establishment request from the set of connection establishment requests to the first object distribution server, wherein said establishing comprises terminating said connection at the particular client and the first object distribution server;
receiving a request for an object from the particular client over the connection at the first object distribution server;
obtaining a request count for said object at the first object distribution server;
determining, by the first object distribution server, a second object distribution server of the plurality of object distribution servers designated as a source host of said object within the PoP based on a hash of the request;
retrieving said object from the second object distribution server to the first object distribution in response to said determining and the request count being less than or equal to a hit threshold, wherein the hit threshold is a value greater than one;
caching said object in storage of the first object distribution server in response to the request being equal to the hit threshold;
responding to a subsequent set of requests for said object directly from the first object distribution server over a first set of connections established between the first object distribution server and a first set of clients, and directly from the second object distribution server over a second set of connections established between the second object distribution server and a second set of clients based on said distributing by the network machine.

US Pat. No. 10,715,587

SYSTEM AND METHOD FOR LOAD BALANCING COMPUTER RESOURCES

Maxeler Technologies Ltd....

1. A method of managing utilization of computational resources in a networked computer architecture comprising at least one client device, a plurality of server devices and a resource controller, each client device comprising at least one physical processor and being operable to run one or more client applications, and each server device comprising at least one physical processor having a local memory, wherein the method comprises:a) allocating, by said resource controller, the plurality of server devices to the client application for data processing;
b) assigning, by said resource controller, control information to said client application, said control information specifying a weighting for each of the plurality of server devices, the weighting determining proportion of a data processing workload to be assigned to the each of the plurality of server devices allocated to said client application;
c) sending the control information to the client application;
d) sending, directly from said client application to said plurality of server devices, said data processing workload, wherein the data processing workload is sent to the each of the plurality of server devices in accordance with said control information
e) monitoring, by said resource controller, relative utilization of the each of the plurality of server devices allocated to said client application; and, when said relative utilization is imbalanced:
f) assigning updated weightings for each of the same plurality of server devices allocated to said client application and sending the updated weightings to the client application; and
providing a virtual resource layer comprising an intra-server virtual resource layer and an inter-server virtual resource layer, wherein one or more physical processors of the each of the plurality of server devices can be allocated through said intra-server virtual resource layer to form one or more server device-specific virtual processing resources, and wherein said inter-server virtual resource layer is operable to enable one or more virtual processing resources to be accessible by the one or more client applications, and wherein determining that relative utilization of the virtual processing resources is imbalanced comprises determining rate of increase or decrease in length of a queue assigned to the virtual processing resource.

US Pat. No. 10,715,586

APPLICATION DEMONSTRATION SYSTEM

ADP, LLC, Roseland, NJ (...

1. A method for a standalone demonstration of an application, the method comprising:detecting, by a computer system, requests sent from the application running on a browser to a server data processing system;
generating tiers of keys from universal resource locators in the requests, wherein a tier of keys in the tiers of keys is based off of a universal resource locator in the universal resource locators in which all of the keys in the tier of keys point to a same response in the responses, and wherein each key in the tier of keys is generated using a different number of components from the universal resource locator;
detecting, by the computer system, responses received from the server data processing system for the requests sent from the application; and
storing, by the computer system, the requests and the responses for the application in a data structure, wherein keys are used to identify the responses in the data structure, wherein the requests and the responses enable simulating the server data processing system to perform the standalone demonstration of the application running on the browser on a client data processing system using the data structure without communicating with the server data processing system.

US Pat. No. 10,715,585

PACKET PROCESSOR IN VIRTUAL FILTERING PLATFORM

Microsoft Technology Lice...

1. A method for facilitation communication in a distributed computing system having hosts individually supporting a virtual switch and one or more virtual machines, comprising:receiving, at the virtual switch provided by a host, a packet having a header with multiple header fields and a payload; and
processing, at the virtual switch, the received packet based on multiple layer, group, and rule objects arranged in a hierarchy in which the multiple layer objects individually contain one or more group objects that individually contain one or more rule objects, each of the rule objects containing one or more conditions and a corresponding action performable by the virtual switch on the packet, wherein processing the received packet includes,
parsing one or more of the header fields of the packet;
matching the parsed one or more header fields with the conditions of one of the rule objects from the group objects of each of the layer objects;
generating a composite action having multiple actions each corresponding to a matched rule object from each of the layer objects without applying any of the multiple actions to the packet, the multiple actions being accumulative to one another; and
subsequently, applying the generated composite action to the packet.

US Pat. No. 10,715,584

MULTIUSER APPLICATION PLATFORM

Microsoft Technology Lice...

1. A system comprising:at least one processor; and
one or more computer-readable storage media including instructions stored thereon that are executable by the at least one processor to cause the system to:
receive, by a multiuser operating system, a request to launch a multiuser application on the system, the request to launch the multiuser application being associated with a user identity (ID);
determine, by the multiuser operating system, a context of the request to launch the multiuser application;
ascertain, by the multiuser operating system, whether to launch the multiuser application as a multiuser instance or a single user instance based on the context of the request; and
launch, by the multiuser operating system, the multiuser application as either the multiuser instance or the single user instance in response to said ascertaining, the launch of the multiuser application as the multiuser instance causing the multiuser instance of the multiuser application to execute according to a default system identity (ID) based on the request to launch the multiuser application being associated with the user identity (ID), the default system identity (ID) being different than the user identity (ID).

US Pat. No. 10,715,583

SECURE REMOTE COMPUTER NETWORK

Connectify, Inc., Philad...

1. A method of communicating with a remote server, said method comprising the steps of:establishing a VPN between a client and the remote server;
partitioning data into a plurality of packets;
encrypting said plurality of packets to form a plurality of encrypted packets;
scheduling each of said encrypted packets for transmission over a respective one and another of a cellular connection and a Wi-Fi connection, and dynamically adjusting said scheduling as said encrypted packets are transmitted;
translating addresses of the encrypted packets to match network addresses of respective physical interfaces for the cellular connection and the Wi-Fi connection;
transmitting ones of said encrypted packets via said VPN from said client towards said server along one of said cellular connection and said Wi-Fi connection;
transmitting others of said encrypted packets via said VPN from said client towards said server along another of said cellular connection and said Wi-Fi connection;
said another of said cellular connection and said Wi-Fi connection is a lower priority connection than said one of said cellular connection and said Wi-Fi connection based on a comparison of a) routing information associated with said cellular connection and b) routing information associated with said Wi-Fi connection;
wherein a lost one of said ones of said encrypted packets is not received by said server is retransmitted to said server on said another of said cellular connection and said Wi-Fi connection which is said lower priority connection.

US Pat. No. 10,715,582

METHOD FOR MANAGING COMMUNICATION IN MISSION CRITICAL DATA (MCDATA) COMMUNICATION SYSTEM

Samsung Electronics Co., ...

1. A method for managing communication by a mission critical data (MCData) server in a MCData communication system, the method comprising:receiving, from a first MCData user equipment (UE) among a plurality of MCData UEs, a MCData file distribution (FD) request message;
checking whether the first MCData UE is authorized to send the MCData FD request message;
in response to checking that the first MCData UE is authorized to send the MCData FD request message, transmitting, to a second MCData UE among the plurality of MCData UEs, the MCData FD request message;
receiving, from the second MCData UE, a MCData FD response message; and
transmitting, to the first MCData UE, the MCData FD response message.

US Pat. No. 10,715,581

SYSTEM AND METHOD TO DOWNLOAD FILE FROM COMMON RECIPIENT DEVICES IN PROXIMITY

International Business Ma...

1. A computer system for transferring a file from a device in proximity, comprising:one or more computer processors;
one or more non-transitory computer-readable storage media;
program instructions, stored on the one or more non-transitory computer-readable storage media, which when implemented by the one or more processors, cause the computer system to perform the steps of:
receiving at a first recipient device a message from a sender addressed to and received by a first recipient and at least one common recipient, the at least one common recipient being a recipient of the message other than the first recipient, the sender being other than the first recipient and the at least one common recipient, wherein the message, as received by the first recipient device and at least one common recipient includes information associated with a file;
requesting download at the first recipient device of the file using the information:
identifying the at least one common recipient of the message in addition to the first recipient from a recipient list of the message;
scanning by the first recipient device for at least one common recipient device in proximity to the first recipient device, the at least one common recipient device being a device that has received the message other than the first recipient device;
on a condition that no common recipient devices are found to be in proximity to the first recipient device in response to the scanning,
downloading the file at the first recipient device from a remote server;
automatically applying at the first recipient device file transfer permissions to the downloaded file for the at least one common recipient of the message to permit automatic transfer of the file from the first recipient device to the at least one common recipient device of the at least one common recipient having the file transfer permissions when the at least one common recipient device is in proximity to the first recipient device; and
transferring the file to the at least one common recipient device of the at least one common recipient having the file transfer permissions that has requested download of the file and is in proximity to the first recipient device; and
on conditions that the at least one common recipient device; is found to be in proximity to the first recipient device in response to the scanning, has downloaded the file and has applied file transfer permissions to the file for the first recipient device, transferring to the first recipient device the file from the at least one common recipient device.

US Pat. No. 10,715,580

GROUPING CONTENT BASED ON GEOGRAPHIC DATA

Facebook, Inc., Menlo Pa...

1. A method comprising, by one or more computing devices:detecting, on a client system associated with a first user, a plurality of content items stored locally on the client system, wherein each content item comprises a time stamp and geospatial metadata;
identifying a plurality of item sets of content items from the plurality of content items based on the time stamps and geospatial metadata of the content items, wherein each item set comprises two or more content items of the plurality of content items, and wherein each content item in each item set has a respective time stamp within a first predetermined time range of each other content item of the respective item set, and wherein each content item in each item set has a geographic location indicated by its geospatial metadata that is within a threshold geographic area of each other content item of the respective item set;
determining, for each identified item set, from among a plurality of geographic locations, a geographic location associated with the two or more content items of the respective item set based on the geospatial metadata of each content item of the item set, wherein the plurality of geographic locations are organized in a hierarchical set of overlapping geographic locations, wherein the determined geographic location of the respective item set is associated with a respective geographic subset of geographic locations of the hierarchical set of overlapping geographic locations, wherein the respective geographic subset comprises (1) the determined geographic location associated with the item set, (2) one parent geographic location of the determined geographic location, and (3) zero or more child geographic locations of the determined geographic location;
generating, from each identified item set, a plurality of item subsets of content items based on the geographic subsets associated with the determined geographic locations, wherein each generated item subset comprises content items from the respective identified item set having respective geographic locations indicated by their respective geospatial metadata that is within the respective geographic subset associated with the determined geographic location;
selecting, from among the plurality of item subsets, one or more of the item subsets based on determining that the time stamps associated with each content item of each of the one or more respective item subsets are within a second predetermined time range of each other content item of the respective item subset, the second predetermined time range being different from the first predetermined time range;
determining, from the selected one or more item subsets, that one or more of the selected item subsets are non-overlapping based on a parent geographic location associated with each of the selected one or more item subsets; and
sending, to the client system, instructions to automatically categorize the plurality of content items into one or more of the selected item subsets determined to be non-overlapping.

US Pat. No. 10,715,579

METHODS AND APPARATUS FOR DOWNLOADING DIGITAL CONTENT

NCR Corporation, Atlanta...

1. A system for high speed wireless downloading of pulled digital media content comprising:a media server storing a library of digital media content for selection;
a mechanism provided as a first kiosk to select particular digital media content by a user from the library of digital media content and to identify a mobile device by the mobile device scanning a Quick Response (QR) code presented on a touch panel causing the mobile device to after the mobile device scans the OR code to open a Uniform Resource Locator (URL) and to download an applet that supports downloading of the digital media content to the mobile device;
a mechanism provided as a content provider to deliver a decryption key for unlocking the particular digital media content over an Internet connection, wherein the content provider provides the decryption key when payment is received for the decryption key;
a high speed local communication network connection device;
a plurality of high speed wireless radios connected to the media server by the high speed local communication network connection device to receive the particular digital media content selected by the user from the media server; and
an application executing on the mobile device;
wherein each of the high speed wireless radios situated throughout a store of an enterprise, and a select one of the high speed wireless radios to transmit the particular digital media content to the mobile device of the user in a defined transmission zone covered by the select high speed wireless radio within the store, wherein the defined transmission zone is up to 10 meters from where the select high speed wireless radio is situated within the store, the mobile device identifies itself by the mobile device taking a picture of a displayed Quick Response (QR) code with a camera of the mobile device within the store, wherein the media device obtains the decryption key separately from the particular digital media content and the particular digital media content is playable on the mobile device with the decryption key, wherein the application determines whether the mobile device has a sufficient amount of space for receiving the particular digital media content and blocks download when there is an insufficient amount of space and instructs user to remove from the mobile device any previously downloaded digital media content before the particular digital media content can be stored on the mobile device.

US Pat. No. 10,715,578

PROJECTOR SYSTEM AND PROJECTOR SETTING METHOD

Coretronic Corporation, ...

1. A projector system, comprising a plurality of projectors, wherein:the projectors comprise a first projector, at least one second projector and a third projector, the first projector is connected to the at least one second projector and the third projector via a local area network, wherein
the first projector receives a plurality of set values and stores the set values as a configuration,
the first projector acquires an Internet Protocol address corresponding to the at least one second projector,
the first projector receives a copy command, and transmits the configuration to the at least one second projector according to the Internet Protocol address of the at least one second projector,
the at least one second projector performs a setting operation according to the configuration,
the third projector detects Internet Protocol addresses of the projectors in the local area network, and selects the Internet Protocol address of the first projector from the Internet Protocol addresses of the projectors, and
when the third projector receives input data corresponding to the Internet Protocol address of the first projector, the third projector transmits a setting request to the first projector, and the first projector transmits the configuration to the third projector according to the setting request.

US Pat. No. 10,715,577

VIRTUAL DESKTOP ENCODING BASED ON USER INPUT BEHAVIOR

VMware, Inc., Palo Alto,...

1. A method for transmitting a graphical user interface (GUI) of a virtual machine (VM) executing on a host device to a client device having remote access to the VM, comprising:encoding frame updates corresponding to the GUI using a first encoding method and transmitting the frame updates encoded using the first encoding method to the client device;
detecting at the host device a user interaction with the GUI on the client device;
identifying that a type of the user interaction is one of:
a zooming operation;
a window-scrolling operation;
a window-resizing operation; or
a drag operation that moves a user interface object to a new screen position;
identifying a second encoding method corresponding to the identified type of user interaction based on a rule library that specifies parameters for the second encoding method that produce a different image quality and a different frame rate than the first encoding method for the one of zooming operation, window-scrolling operation, window-resizing operation, or drag operation that moves a user interface object to a new screen position;
changing the first encoding method to the second encoding method and encoding subsequent frame updates corresponding to the GUI using the second encoding method, the second encoding method being different than the first encoding method; and
transmitting the subsequent frame updates encoded using the second encoding method to the client device.

US Pat. No. 10,715,576

METHODS AND SYSTEMS FOR ESTIMATING QUALITY OF EXPERIENCE (QOE) PARAMETERS OF SECURED TRANSACTIONS

Citrix Systems, Inc., Fo...

1. A method comprising:(a) detecting, by a device intermediary to a plurality of clients and one or more servers, a variation of a level of quality of content being transmitted by the one or more servers via one or more transactions to one or more clients of the plurality of clients based on at least a difference in a size of the content and an average size of content of the one or more transactions;
(b) determining, by the device, one or more parameters for quality of experience associated with a client of the plurality of clients based on at least the detected variation of the level of quality of content; and
(c) applying, by the device, one or more policies to transmission of content to the client based on the one or more parameters.

US Pat. No. 10,715,575

IN-SERVICE QUALITY MONITORING SYSTEM WITH INTELLIGENT RETRANSMISSION AND INTERPOLATION

Dolby Laboratories Licens...

1. A method performed by a server of communication services, comprising:receiving a service request, from a communication client, for one or more communication services for two or more communication clients;
in response to receiving the service request, setting up a communication service network to support the one or more communication services, the communication service network comprising uplinks from and downlinks to the two or more communication clients for transporting service signaling packets and service data packets;
generating routing metadata for each of the two or more communication clients, the routing metadata to be used by each of the two or more communication clients for sharing service quality information of the one or more communication services supported by the communication service network with a respective peer communication client over a light-weight peer-to-peer (P2P) network separate from the communication service network;
downloading the routing metadata to each of the two or more communication clients;
wherein a first communication client of the two or more communication clients shares one or more portions of the service quality information of the one or more communication services supported by the communication service network with a second communication client of the two or more communication clients over the P2P network while the two or more communication clients engage in at least audio communications using the one or more communication services over the communication service network.

US Pat. No. 10,715,574

SYSTEMS AND METHODS FOR FRAME DUPLICATION AND FRAME EXTENSION IN LIVE VIDEO ENCODING AND STREAMING

DIVX, LLC, San Diego, CA...

1. A method of encoding an encoded input stream into a plurality of adaptive bitrate streams using a live encoding system, the method comprising:receiving an encoded input stream using a live encoding system;
assessing encoding conditions using the live encoding system, wherein assessing encoding conditions using the live encoding system further comprises calculating an amount of load on the live encoding system using the live encoding system; and
re-encoding a given segment of the encoded input stream into a plurality of adaptive bitrate segments using the live encoding system based on the assessed encoding conditions, wherein each adaptive bitrate segment of the plurality of adaptive bitrate segments is encoded for a different bitrate, wherein re-encoding the given segment of the input stream into the plurality of adaptive bitrate segments comprises:
extending the time duration of at least one frame having a first duration from the given segment of the input stream in at least one of the plurality of adaptive bitrate segments by modifying a time stamp of a subsequent frame in the at least one adaptive bitrate segment such that the at least one frame has an extended second duration in the at least one adaptive bitrate segment when the assessed encoding conditions satisfy a first encoding load threshold;
replicating at least one frame from the given segment of the input stream and using the replicated at least one frame from the segment of the input stream in at least one of the plurality of adaptive bitrate segments when the assessed encoding conditions satisfy a second encoding load threshold; and
re-encoding at least one frame of the given segment of the input stream into the plurality of adaptive bitrate segments using the live encoding system when the assessed encoding conditions do not satisfy either the first or second encoding load thresholds.

US Pat. No. 10,715,573

MEDIA PLAYING METHOD, TERMINAL DEVICE, AND COMPUTER STORAGE MEDIUM BASED ON TWO PLAYERS

TENCENT TECHNOLOGY (SHENZ...

6. A terminal device, comprising:a memory storing computer program instructions; and
a processor coupled to the memory and, when executing the computer program instructions, configured to perform:
dividing content of a target file in a time dimension to obtain N number of target sub-files, N being an integer greater than or equal to 2;
obtaining a first time point, and determining an nth target sub-file in the N number of target sub-files based on the first time point, n being an integer greater than or equal to 1 and less than or equal to N; and
setting a first player and a second player;
controlling the first player to obtain the nth target sub-file and output the nth target sub-file;
before outputting of the nth target sub-file on the first player is completed, controlling the second player to obtain an (n+1)th target sub-file neighboring to the nth target sub-file in a time dimension;
detecting a time difference between a current output time of the nth target sub-file of the first player and an end time of the nth target sub-file;
determining whether the time difference is less than a first preset threshold value and, when it is determined that the time difference is less than the first preset threshold value, controlling the second player to switch from a buffering state to an outputting state;
when detecting that outputting of the nth target sub-file on the first player reaches the end time, controlling the second player to output the (n+1)th target sub-file;
before outputting of the (n+1)th target sub-file on the second player is completed, controlling the first player to obtain an (n+2)th target sub-file neighboring to the (n+1)th target sub-file in the time dimension; and
repeatedly controlling the first player and the second player to alternatingly output any remaining target sub-files until outputting of the nth target sub-file and at least one target sub-file that is after the nth target sub-file is all completed.

US Pat. No. 10,715,572

ELECTRONIC DEVICES FOR CAPTURING MEDIA CONTENT AND TRANSMITTING THE MEDIA CONTENT TO A NETWORK ACCESSIBLE MEDIA REPOSITORY AND METHODS OF OPERATING THE SAME

1. A non-transitory, machine-readable storage medium, comprising executable instructions that, when executed by a processing system including a processor, facilitate performance of operations, comprising:designating a selected recipient as being authorized to retrieve transmitted media content from a media repository system from a list of contacts of authorized users of the media repository system responsive to a first input identifying the selected recipient; and
contemporaneously transmitting media content, as the transmitted media content, in combination with contact information of the selected recipient to the media repository system responsive to a second input that initiates the transmitting of the transmitted media content, to enable the media repository system to provide the transmitted media content to the selected recipient, wherein the media repository system compares an identification of user equipment requesting to retrieve the transmitted media content from the media repository system with the contact information of the selected recipient to enable the user equipment to retrieve the transmitted media content from the media repository system responsive to a determination that the contact information of the selected recipient matches the identification of the user equipment, and wherein the first input and the second input are obtained consecutively so that the user equipment is enabled to retrieve the transmitted media content from the media repository system in real time as the media repository system obtains the transmitted media content.

US Pat. No. 10,715,571

SELF-ADAPTIVE STREAMING MEDIUM PROCESSING METHOD AND APPARATUS

1. A media processing method for adaptive streaming, the method comprising:acquiring a Media Presentation (MP) timeline alignment event message carried in a media segment, wherein the MP timeline alignment event message comprises a presentation time delta (presentation_time_delta) field, configured to provide time for the MP timeline alignment event;
determining an aligned media segment according to the MP timeline alignment event message, wherein the aligned media segment is a media segment of which a Media Presentation Time (MPT) in an MP timeline is aligned to an external timeline, and determining the aligned media segment according to the MP timeline alignment event message comprises: if a value of the presentation_time_delta field in the MP timeline alignment event message is set to a predetermined value, determining the media segment to be aligned to the external timeline; and
calculating one or more MPTs of one or more media segments in an MP timeline alignment event after a mapping between the MP timeline and the external timeline has been established.

US Pat. No. 10,715,570

GENERIC EVENT STREAM PROCESSING FOR MACHINE LEARNING

Intuit Inc., Mountain Vi...

1. A method comprising:establishing a network connection with a source computing device and an application services computing device;
receiving, via the network connection, a source event stream at the application services computing device;
extracting a sample of the source event stream;
partitioning the sample of the source event stream into a plurality of fields;
identifying a field data type of a field of the plurality of fields in the sample;
identifying a distribution of a plurality of values of the field in the sample;
extrapolating, from the sample of the source event stream, a plurality of extrapolated functions for the plurality of fields, wherein extrapolating an extrapolated function in the plurality of extrapolated functions is dependent on the field data type and the distribution of the field;
transforming, based on the plurality of extrapolated functions in a configuration file, the source event stream to obtain a transformed event stream, wherein transforming comprises:
mapping, using the configuration file, at least a subset of fields in the source event stream to a field string defined by a corresponding extrapolated function of the plurality of extrapolated functions to obtain a plurality of field strings, wherein at least one field is an external identifier, and
using distributional semantics to convert at least one of the plurality of field strings to a numerical vector that becomes an input to a target machine learning model; and
analyzing, by the target machine learning model, the transformed event stream.

US Pat. No. 10,715,569

DELIVERY CONTROL DEVICE AND DELIVERY CONTROL METHOD FOR CONTENT DELIVERY ACCORDING TO ABR DELIVERY METHOD

NEC CORPORATION, Tokyo (...

1. A delivery control device, comprising:a delivery speed calculation part configured to calculate a real delivery speed for sequentially delivering divided files, which are produced by dividing file data representing contents to be delivered to a client device, in an order of reproducing the contents; and
a delivery speed determination part configured to determine a delivery speed for the divided files based on the real delivery speed calculated by the delivery speed calculation part, a presumed delivery speed determined in advance, and predetermined thresholds relating to intervals of receiving the divided files.

US Pat. No. 10,715,568

SYSTEMS AND METHODS FOR OPTIMIZING SIMULCAST STREAMS IN GROUP VIDEO CALLS

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:identifying, by a computing system, a set of participants in a group video call, wherein each participant is associated with an uplink capacity and a downlink capacity, and the set of participants includes a set of sender participants;
ranking, by the computing system, the set of sender participants based on uplink capacities for the set of sender participants; and
sequentially processing, by the computing system, the set of sender participants in an order based on the ranking to determine, for each sender participant of the set of sender participants, one or more video stream layers to be uploaded by the sender participant.

US Pat. No. 10,715,567

METHOD AND APPARATUS FOR PROVIDING STATE INFORMATION

Samsung Electronics Co., ...

1. A method of providing state information of an electronic device, the method comprising:displaying a first screen having pieces of user information, each of the pieces of user information corresponding to a respective one of a plurality of users in a contact list in response to a request for displaying the contact list;
receiving an input for selecting user information from the pieces of user information while displaying the first screen having the pieces of user information; and
displaying a second screen having pieces of detailed information of the selected user information, in response to the input for selecting the user information on the first screen having the pieces of user information,
wherein the pieces of detailed information comprise:
information for identification of a user, an image of the user, at least one communication address of the user, state information of the user that is received from a server and a plurality of available communication services,
wherein the plurality available communication services includes a Short Message Service application and an Instant Messaging (IM) application, and wherein the IM application is capable of a text message service as well as a video call.

US Pat. No. 10,715,566

SELECTIVELY PROVIDING CONTENT ON A SOCIAL NETWORKING SYSTEM

Facebook, Inc., Menlo Pa...

1. A method, comprising:providing a user interface for displaying a plurality of news feed stories on a user device associated with a user of a social networking system, where the plurality of news feed stories communicate a plurality of actions performed by other users on the social networking system connected to the user;
receiving an indication that a plurality of incoming news feed stories are available for display within the user interface from the social networking system;
providing for display the indication within the user interface as a selectable link, the selectable link displaying a count of the plurality of incoming news feed stories that are available for display within the user interface;
receiving a selection of the link from the user interface, the selection of the link comprising a confirmation that the plurality of incoming news feed stories are being requested by the user;
sending the confirmation to the social networking system;
receiving the plurality of incoming news feed stories from the social networking system; and
providing the plurality of incoming news feed stories for display within the user interface on the user device associated with the user.

US Pat. No. 10,715,565

SYSTEM AND METHOD FOR THIRD PARTY MONITORING OF VOICE AND VIDEO CALLS

1. A monitoring server for monitoring an inmate communication session, the monitoring server comprising:a memory that stores instructions; and
at least one processor configured to execute the instructions, the instructions, when executed by the at least one processor configuring the at least one processor to:
receive communication session data associated with the inmate communication session,
insert a plurality of timestamps at predetermined segment lengths of the communication session data,
transmit the communication session data to at least one monitoring station selected from among a plurality of monitoring stations to monitor the inmate communication session, and
match a timestamp of input data associated with the inmate communication session that is received from the at least one monitoring station with a corresponding timestamp from among the plurality of timestamps to synchronize the input data and the communication session data.

US Pat. No. 10,715,564

DYNAMIC CLIENT REGISTRATION FOR AN IDENTITY CLOUD SERVICE

Oracle International Corp...

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to dynamically register a client for a multi-tenant cloud based authentication system, the dynamically registering comprising:creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system;
creating a template client, based on a security blueprint, in a second tenancy;
creating a registration client in the first tenancy;
receiving a request for a registration access token from an installed client application over a network, the request including an ID of the template client;
authenticating, using the template client, a user of the installed client application;
sending the registration access token to the installed client application over the network;
receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token;
authenticating, using the template client, the registration access token; and
sending the client assertion token, bound to an identity of the registration client, to the installed client application over the network.

US Pat. No. 10,715,563

METHOD AND APPARATUS FOR SESSION SHARING SHARED WORKER MODULE

JPMORGAN CHASE BANK, N.A....

1. A method for implementing a session sharing shared worker module, the method comprising:executing, by a processor, a first web application and a second web application within a web browser, the first web application being associated with a first tab, and the second web application being associated with a second tab having different web content than the first tab;
determining, by the processor, whether a shared worker is available within the web browser, if no shared worker is available, initiating a new shared worker within the web browser;
registering, by the processor, each of said first tab and the second tab with the shared worker based on determining that the shared worker is available within the web browser;
receiving, by the processor, a first request from the first tab to connect to a server and a second request from the second tab to connect to the server;
combining, by the processor, the first request and the second request into one packaged request;
creating, by the processor, a single connection point within the shared worker for a plurality of tabs including the first tab and the second tab and combining the plurality of tabs to server connections from the same browser into a single connection per browser;
sending, by the processor, the one packaged request to the server via the single connection point,
storing, in response to the registering, within the shared worker a first reference identification associated with the first tab and a second reference identification associated with the second tab;
receiving, by the processor, a first response corresponding to the first request and a second response corresponding to the second request from the server as a packaged response via the single connection point; and
routing the first response to the first tab via a first path based on the first reference identification and the second response to the second tab via a second path different from the first path based on the second reference identification,
wherein the shared worker is an area of the web browser that is operating at a higher level than the first and second tabs and is configured to run programming in the same manner as the first and second tabs but without any visuals, and
wherein the shared worker is accessible from all tabs within the browser and is configured to allow one tab to communicate to other tabs via the higher level.

US Pat. No. 10,715,562

SYNCHRONIZATION BASED ON DEVICE PRESENCE

1. A user equipment device, comprising:a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
transmitting, to an access point device that provides access to a local area network that serves a defined area, a request to register with a network device of the local area network that is accessed via the access point device;
in response to the user equipment device registering with the local area network, activating a synchronization check procedure that determines whether to perform a synchronization procedure between the user equipment device and a synchronization device that is associated with a user entity that operates the user equipment device, wherein the synchronization check procedure comprises:
determining that the synchronization procedure is to be performed in response to a first determination that the synchronization device is in the defined area and a second determination that content data, representative of data that is identified to be synchronized between the user equipment device and the synchronization device, exists; and
performing the synchronization procedure comprising:
establishing a direct connection between the user equipment device and the synchronization device; and
exchanging the content data between the user equipment device and the synchronization device.

US Pat. No. 10,715,561

REANCHORING DEVICES ON SERVERS

Cisco Technology, Inc., ...

1. A system comprising:a processor;
a memory for storing data to be used by the processor;
a network interface operative to receive and send network communications, the network interface being operative to:
receive an initial request from a client device to establish a connection, the initial request comprising at least an initial connection Internet protocol (IP) address of the client device, wherein the initial connection IP address is recorded in a cookie to be sent by the network interface to the client device;
receive an additional request comprising an actual client IP address of the client device, and a request for streaming content, the actual client IP address being an IP address at a time when the client device sends the additional request; and
send a reply to the client device;
the processor being operative to:
record the initial connection IP address of the client device;
compare the initial connection IP address with the actual client IP address; and
perform one of:
provide the streaming content in response to the additional request if the initial connection IP address and the actual client IP address are the same; or
provide a response to the additional request to the client comprising a redirect instruction if the initial connection IP address and the actual client IP address are different.

US Pat. No. 10,715,559

MULTIMEDIA SESSION DOMAIN SELECTION

Nokia Technologies Oy, E...

1. A method, comprising:sending, by a user equipment towards a network element of a network, an attachment request comprising a first indication of support by the user equipment for an internet protocol multimedia subsystem voice over a packet switched session;
receiving, at the user equipment and from the network element, a response to the attachment request, the response comprising a second indication of whether the network can support internet protocol multimedia subsystem voice over the packet switched session for the user equipment;
establishing, at the user equipment and in response to the network supporting the internet protocol multimedia subsystem voice over the packet switched session, the packet switched session;
monitoring, by the user equipment, a change associated with the internet protocol multimedia subsystem voice over the packet switched session; and
providing, by the user equipment and to the network in response to the change, an update message comprising a third indication of whether the user equipment supports the internet protocol multimedia subsystem voice over the packet switched session or supports a circuit switch voice.

US Pat. No. 10,715,558

BOT PROFILE DISCOVERY

T-Mobile USA, Inc., Bell...

1. A method for a first user equipment (UE) to discover a bot functionality of a second UE, the method comprising:detecting, at a server of a communication network, a call destined to the first UE;
adding to the call, by the server, a bot information profile associated with the bot functionality of the second UE;
forwarding the call to the first UE; and
providing the bot information profile to the first UE,
wherein:
the second UE is configured to have an operator of the communication network add the bot information profile to the call, or
the first UE is configured to request the operator to add the bot information profile to the call, if the call is the response destined to the first UE from the second UE.

US Pat. No. 10,715,556

REAL-TIME POLICY DISTRIBUTION

McAfee, LLC, Santa Clara...

1. A domain master for a data exchange layer (DXL), comprising:a hardware platform configured to execute instructions; and
one or more memories having stored thereon instructions to instruct the hardware platform to:
communicatively couple to the DXL;
provide a DXL messaging service comprising native support for request-response (1:1) transactions via a publish-subscribe (1:N, N>1) fabric;
provide DXL domain master services for a DXL domain; and
provide DXL-based real-time policy and task distribution for DXL endpoints of the DXL domain.

US Pat. No. 10,715,555

HIERARCHICAL MULTI-TRANSACTION POLICY ORCHESTRATED AUTHENTICATION AND AUTHORIZATION

Acceptto Corporation, Po...

1. A server, comprising:a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;
at least one hardware processor of a plurality of hardware processors configured to: implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices;
obtain, from a client device via the network, a transaction request for a transaction;
determine an authorization requirement for the transaction request based on the authorization policies as follows:
a first policy of the authorization policies being configurable by the relying party policy engine;
a second policy of the authorization policies being configurable by the authorizing policy engine;
a third policy of the authorization policies being configurable by the relying party policy engine or authorizing policy engine and being based on availability of the network; and
a fourth policy of the authorization policies based on a location of at least one of the authorizing party user devices;
obtain for the relying party policy engine a status of the plurality of the authorizing party user devices;
provide a notification of the transaction and an associated transaction context to at least one of the authorizing party user devices;
divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices;
receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and
complete the transaction by approving the transaction based on the authorization requirement having been met.

US Pat. No. 10,715,554

TRANSLATING EXISTING SECURITY POLICIES ENFORCED IN UPPER LAYERS INTO NEW SECURITY POLICIES ENFORCED IN LOWER LAYERS

EMC IP Holding Company LL...

1. A system comprising: a processor; and memory configured to store one or more sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of:obtaining a plurality of existing policies that are enforced at or above an operating system (OS) layer of a device;
storing a plurality of translation rules comprising data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer;
parsing, using the data structure descriptions, the plurality of existing policies to identify the conditions, corresponding actions, and attributes specified in the existing policies;
generating a plurality of new policies consistent with the plurality of existing policies, the new policies comprising the identified attributes specified in the existing policies, and the attributes relevant to policy enforcement in the one or more layers below the OS layer; and
enforcing the new policies in the one or more layers below the OS layer of the device, wherein the OS layer is above an infrastructure-as-a-service (IaaS) layer, and the one or more layers below the OS layer are within the IaaS layer.

US Pat. No. 10,715,552

ENABLING USER DEFINITION OF ANOMALY ACTION RULES IN A NETWORK SECURITY SYSTEM

SPLUNK INC., San Francis...

1. A method, comprising:receiving user selection of an action for an anomaly action rule, the selected action to be performed on a matching anomaly that satisfies the anomaly action rule, the selected action being from a list including adding the matching anomaly to a watchlist, removing the matching anomaly from the watchlist, changing an anomaly score of the matching anomaly, or deleting the matching anomaly;
receiving user selection of a filter for the anomaly action rule from among a library of predefined filters, the selected filter defining an attribute of the matching anomaly, the matching anomaly being a detectable variation from an expected pattern of behavior by a computer network entity;
receiving user input customizing the attribute of the selected filter for the anomaly action rule to filter a particular anomaly;
configuring the anomaly action rule based on the selected action, the selected filter, and the input customizing the attribute of the selected filter; and
causing performance of the selected action on the particular anomaly on a computer network, the particular anomaly corresponding to the matching anomaly that matches the customized attribute of the selected filter for anomaly action rule, the computer network including the computer network entity.

US Pat. No. 10,715,551

SYSTEMS AND METHODS FOR SUBSCRIPTION MANAGEMENT OF SPECIFIC CLASSIFICATION GROUPS BASED ON USER'S ACTIONS

KnowBe4, Inc., Clearwate...

1. A method comprising:(a) receiving, by one or more processors coupled to memory, a first indication of a first user interaction associated with a simulated phishing communication to a user of a first user group of a plurality of user groups;
(b) identifying, by the one or more processors, a category from a plurality of categories for the first user interaction, each of the plurality of categories associated with one or more interactions with one or more simulated phishing communications and mapped to at least one of the plurality of user groups; and
(c) including, by the one or more processors, the user in a second user group of the plurality of user groups mapped to the category, and
(d) communicating, by the one or more processors, a second simulated phishing communication to the user of the second user group.

US Pat. No. 10,715,550

METHOD AND DEVICE FOR APPLICATION INFORMATION RISK MANAGEMENT

Alibaba Group Holding Lim...

1. A method for application information risk management on a network device side, the method comprising:receiving a user input selecting a target application information from a plurality of application information;
processing the target application information for a validation request;
transmitting the target application information to a system configured to validate the target application information and to determine a corresponding risk information;
receiving, from the system, a prompt information based on the corresponding risk information;
processing the prompt information to generate a risk warning information; and
displaying the risk warning information within a graphical user interface, wherein the target application information comprises an SMS message selected by a user, and wherein the risk warning information provides an indication of a risk the selected SMS message poses to the user.

US Pat. No. 10,715,549

SYSTEMS AND METHODS FOR AIDA BASED ROLE MODELS

KnowBe4, INC., Clearwate...

1. A method for using a model of a predetermined role for a simulated phishing campaign, the method comprising:(a) establishing in a database a plurality of models for communicating via a simulated phishing campaign, wherein each model of the plurality of models is established for a predetermined role of a plurality of predetermined roles of a company;
(b) identifying, by a campaign controller, one or more attributes of a user;
(c) selecting, by a campaign controller based at least on the one or more attributes independent of any user selecting a model, the model for the predetermined role from the plurality of models of predetermined roles for a simulated phishing communication to be communicated to one or more devices of the user, wherein each of the plurality of models is an artificial intelligence model configured to take as input information related to a simulated phishing campaign and provides as output information for performing a next action for the simulated phishing campaign; and
(d) communicating, by the campaign controller, to the one or more devices of the user the simulated phishing communication responsive to output information provided by the selected model for the predetermined role.

US Pat. No. 10,715,548

DETECTING DEVICE MASQUERADING IN APPLICATION PROGRAMMING INTERFACE (API) TRANSACTIONS

Akamai Technologies, Inc....

1. A method to mitigate automated attacks directed to a computing platform environment, comprising:responsive to receipt of a request associated with an automated interaction between a requesting client and a server, wherein the request has associated therewith a device type as represented to the server by the requesting client, returning to the requesting client information that manipulates the client to perform client-side computations;
responsive to receipt during the automated interaction of data collected by the requesting client as a result of performing the client-side computations, determining whether the device type of the requesting client as represented to the server is correct; and
based on a determination that the device type as represented by the requesting client is not correct, taking a blocking or mitigation action.

US Pat. No. 10,715,547

DETECTING “MAN-IN-THE-MIDDLE” ATTACKS

Wandera Limited, London ...

1. A method for detecting a man-in-the-middle attack, the method comprising:obtaining, by probe software of a client device, an identification of one or more applications installed on the client device;
obtaining, by the probe software of the client device, fingerprint data associated with the one or more applications, the fingerprint data corresponding to one or more prior requests sent by the one or more applications;
generating, by the probe software of the client device using fingerprint data of an application of the one or more applications, a connection initiation request that simulates a request from the application to initiate a network connection with a remote end point;
sending, by the probe software of the client device, the connection initiation request simulating the request from the application over a network, the connection initiation request being directed to the remote end point to at least partially initiate a secure network connection between the remote end point and the client device;
receiving, at the client device, encryption credentials sent to the client device in response to the connection initiation request;
comparing the received encryption credentials with expected encryption credentials for the remote end point;
determining that a man-in-the-middle attack is present if the received encryption credentials do not match the expected encryption credentials; and
generating a notification of the determined man-in-the-middle attack.

US Pat. No. 10,715,546

WEBSITE ATTACK DETECTION AND PROTECTION METHOD AND SYSTEM

TENCENT TECHNOLOGY (SHENZ...

1. A website attack detection method performed by a computing device having one or more processors and memory storing a plurality of programs to be executed by the computing device, the method comprising:detecting a request for accessing a website, the request for accessing the website including a header comprising a plurality of fields;
calculating a statistical average parameter value of an information entropy parameter corresponding to each of the plurality of fields; and
determining, in accordance with a determination that the statistical average parameter value of the information entropy parameter of the field is less than a corresponding first threshold or a ratio of the information entropy parameter of the field to a corresponding baseline value is less than a corresponding second threshold, that the website suffers a Challenge Collapsar attack.

US Pat. No. 10,715,545

DETECTION AND IDENTIFICATION OF TARGETED ATTACKS ON A COMPUTING SYSTEM

Microsoft Technology Lice...

1. A computing system, comprising:at least one processor; and
memory storing instructions executable by the at least one processor, wherein the instructions, when executed, cause the computing system to:
receive attack data indicative of malicious activity on a monitored computing system;
apply a target filter to the attack data to cluster the attack data based on attack targets;
identify the malicious activity as a targeted attack based on determining that the malicious activity has a higher frequency of attacks on a particular target cluster compared to other target clusters, and obtain an attack characteristic indicative of the targeted attack and an attacker characteristic indicative of an identity of an attacker corresponding to the targeted attack; and
control a user interface mechanism to generate an interactive indication of the targeted attack including the attack characteristic and the attacker characteristic.

US Pat. No. 10,715,544

METHOD, APPARATUS AND SYSTEM FOR CALCULATING A RISK SCORE OF A USER REQUEST BY A USER ON A WEB APPLICATION

SONY CORPORATION, Tokyo ...

1. A method comprising:storing, in a memory, a plurality of predefined rules to calculate an individual numerical risk score, wherein the plurality of predefined rules include at least a first rule and a second rule;
receiving user requests via an internet, the user requests being operations by users on a web application;
determining that the first rule of the plurality of predefined rules involves partitioning of the user requests into a plurality of subsets;
after it is determined that the first rule of the plurality of predefined rules involves partitioning of the user requests into the plurality of subsets, partitioning the user requests into the plurality of subsets according to at least one of a domain name of a respective user request, a country of origin of a respective user request, and a platform identifier of a respective user request; for each of the plurality of subsets after the partitioning, calculating frequency data representing a number of the user requests that has been counted within a specific time interval; and for each of the plurality of subsets after the partitioning, determining, using processing circuitry, the individual numerical risk score for a user request based on the calculated frequency data;
determining that the second rule of the plurality of predefined rules does not involve partitioning of the user requests into a plurality of subsets;
after it is determined that the second rule of the plurality of predefined rules does not involve partitioning of the user requests into the plurality of subsets, determining, using the processing circuitry, the individual numerical risk score for a user request without partitioning the user request;
combining each of the individual numerical risk scores determined for each of the plurality of predefined rules into a global numerical risk score; and
generating a notification when the global numerical risk score exceeds a predefined value,
wherein the user requests relate to account creation operations, and
the numerical risk score is used to detect fake account creations.

US Pat. No. 10,715,543

DETECTING COMPUTER SECURITY RISK BASED ON PREVIOUSLY OBSERVED COMMUNICATIONS

Agari Data, Inc., San Ma...

1. A method of detecting security risk, comprising:receiving information about an electronic message that is from a sender for an intended recipient;
determining whether the sender of the electronic message has an established relationship with the intended recipient, wherein the established relationship is based at least in part on previous email messages between the sender and the intended recipient;
in response to the determination that the sender of the electronic message has the established relationship with the intended recipient, using a processor to analyze the electronic message based at least in part on previously observed communications between the sender and the intended recipient to determine a security risk of the electronic message for the intended recipient using a statistically analyzed result identifying a likelihood of existence of a cluster of two or more email header items by tracking and matching combinations of corresponding email header items from email headers of previous email messages sent from the sender, wherein the cluster of the combination of two or more of the email header items include a mail user agent (MUA) metadata item, a time zone, an IP address, X-header metadata information, or an identification of a supported character set; and
based on the determined security risk of the electronic message, performing a security action, if applicable.

US Pat. No. 10,715,542

MOBILE APPLICATION RISK ANALYSIS

FireEye, Inc., Milpitas,...

1. An electronic device comprising: one or more processors;a non-transitory computer-readable storage medium communicatively coupled to the one or more processors, the non-transitory computer-readable storage medium having stored thereon logic that, upon execution by the one or more processors, performs operations comprising:
receiving, via a first electrical signal, application data from an agent installed on a network device, wherein the application data includes usage information of one or more applications installed on the network device and configuration information of the network device.
querying, via a second electrical signal, for a risk level of each of the one or more applications of the network device listed in the application data,
responsive to a risk level of a first application of the one or more applications being unknown, (i) determining whether the first application includes a first embedded web browser, (ii) instructing virtual processing to be performed on an executable of the first application in a virtual machine that includes emulation of functionality of the first embedded web browser included in the first application, and (iii) determining the risk level of the first application based at least in part on the virtual processing, and
determining a threat level for the network device based on one or more of: (i) the risk level of at least the first application, (ii) usage information of the at least the first application, or (iii) configuration information of the network device.

US Pat. No. 10,715,541

SYSTEMS AND METHODS FOR SECURITY MONITORING PROCESSING

cmdSecurity Inc., Winter...

14. A computer implemented method for security event monitoring, the method comprising:receiving, by one or more processors, data from a first operating system, wherein the data from the first operating system includes data from both trusted sources and untrusted sources;
filtering, by the one or more processors, the data from the trusted sources based on a verbosity level of an audit classes data filter, resulting in a trusted stream of data;
comparing, by the one or more processors the trusted stream of data with the data from the untrusted sources;
dropping, by the one or more processors, data from certain untrusted sources upon determining that the trusted stream of data does not verify the data from the certain untrusted sources, when there is no field, associated with the data from the certain untrusted sources, that confirms the data from the certain untrusted sources with the trusted stream of data, resulting in a validated data set excluding the data from the certain untrusted sources;
parsing, by the processor, the validated data set into a common structured format; and
outputting, by the one or more processors, the validated data set that is in the common structured format.

US Pat. No. 10,715,539

REQUEST HEADER ANOMALY DETECTION

United Services Automobil...

1. A method for detecting suspicious clients seeking access to a website comprising:providing a web server supporting the website electronically connected to the Internet for responding to incoming HTTP requests for webpages of the website from clients attempting to access the website;
receiving at the web server a plurality of incoming HTTP request headers from a browser of a client, the plurality of incoming HTTP request headers are in an order of appearance from top to bottom, at least one of the incoming HTTP request headers identify the client browser type and another identifying a q value;
searching the incoming HTTP request headers to determine the browser type used by the client;
determining an order of appearance of HTTP request headers from top to bottom of the client browser;
determining a q value identified in an HTTP request header of the client browser;
providing an example of a correct set of HTTP request headers for the client browser type having the HTTP request headers in a correct order of appearance from top to bottom and having an HTTP request header having a correct q type;
comparing the order of appearance of the incoming HTTP request headers of the client browser with the correct order of appearance and if in a different order of appearance an anomaly is detected in the client browser;
comparing the q value of the client browser type with the correct q type and if a difference is found an anomaly is detected in the client browser; and,
upon finding an anomaly, denying the client access to the website.

US Pat. No. 10,715,538

TRANSIENT TRANSACTION SERVER

Stratus Digital Systems, ...

1. A method performed by at least one computer processor executing computer program instructions tangibly stored on at least one non-transitory computer-readable medium, the method comprising:(A) receiving, over a network at a control server, from an initiator, a request to execute a transaction, wherein the request includes a list specifying at least one authorized participant;
(B) before receiving the request, creating a transaction server and updating at least one security policy of the transaction server to make the transaction server unaddressable, thereby prohibiting the control server and the initiator from seeing the transaction server on the network and from sending network traffic to the transaction server;
(C) in response to receiving the request, updating the at least one security policy of the transaction server to allow network traffic to be sent to and from the transaction server only by the at least one authorized participant;
(D) in response to receiving the request, providing the initiator with information about the transaction server, including an address of the transaction server;
(E) using the transaction server to execute the transaction, with the at least one authorized participant over the network, independently of the control server, comprising:
(E) (1) allowing only the at least one authorized participant to participate in the transaction; and
(F) in response to determining that the transaction satisfies a termination criterion, terminating the transaction server.

US Pat. No. 10,715,537

SYSTEMS AND METHODS FOR MATCHING AND SCORING SAMENESS

Mastercard Technologies C...

1. A computer-implemented method for analyzing a web site or mobile device app interaction, the method comprising acts of:identifying a plurality of first-degree anchor values from the web site or mobile device app interaction, wherein the plurality of first-degree anchor values comprise a first-degree anchor value X and a first degree anchor value Y;
analyzing an association between the first-degree anchor value X and the first-degree anchor value Y, comprising:
using information stored in a profile of the first-degree anchor value X to determine how frequently the first-degree anchor value Y was previously observed together with the first-degree anchor value X, relative to one or more second-degree anchor values in the profile of the first-degree anchor value X that are of a same anchor type as the first-degree anchor value Y; and
using information stored in a profile of the first-degree anchor value Y to determine how frequently the first-degree anchor value X was previously observed together with the first-degree anchor value Y, relative to one or more second-degree anchor values in the profile of the first-degree anchor value Y that are of a same anchor type as the first-degree anchor value X;
generating an association score indicative of an association among the plurality of first-degree anchor values identified from the web site or mobile device app interaction, based at least in part on the association between the first-degree anchor value X and the first-degree anchor value Y;
determining, based on the association score, whether to perform additional analysis; and
in response to determining that additional analysis is to be performed:
collecting additional data from the web site or mobile device app interaction, and
displaying, via a backend user interface, a risk assessment report to an operator of a web site or mobile device app via which the web site or mobile device app interaction is conducted, the risk assessment report based on the association score and a result of analyzing the additional data collected from the web site or mobile device app interaction.

US Pat. No. 10,715,536

LOGICAL VALIDATION OF DEVICES AGAINST FRAUD AND TAMPERING

Square, Inc., San Franci...

1. A computer-implemented method for detecting security threats on a payment terminal connected to a payment reader and a payment processing server, the method comprising:receiving, by the payment terminal, an indication that the payment reader is connected to the payment terminal through a Bluetooth or USB protocol and another indication that the payment terminal is connected to the payment processing server through an Internet connection;
sending, by the payment terminal and to the payment processing server, a request for detecting security threats on the payment terminal before processing payment transactions in an offline mode, wherein during the offline mode indicates a lack of connection between the payment terminal and the payment processing server;
in response to the request, obtaining, by the payment processing server, parameters identifying at least one of:
(a) the payment terminal;
(b) the payment reader; or
(c) an environment in which the payment terminal and the payment reader operate;
creating, by the payment processing server and based on the parameters, a set of instructions to scan at least one of a hardware or a software of the payment terminal for security threats, wherein the set of instructions is customized based on the payment terminal;
while the payment terminal is communicatively connected to the payment processing server and based on the parameters, porting the set of instructions from a software environment of the payment processing server to another software environment of the payment reader;
sending, from the payment processing server, the set of instructions, as ported, to the payment reader via the payment terminal;
receiving, by the payment reader, the set of instructions, as ported, from the payment processing server via the payment terminal; and
executing, by the payment reader, a set of instructions to scan the hardware or software of the payment terminal for security threats in the offline mode.

US Pat. No. 10,715,535

DISTRIBUTED DENIAL OF SERVICE ATTACK MITIGATION

Wells Fargo Bank, N.A., ...

1. A system, comprising:a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
determining a presence of a code on a device accessing an online session of an identified website, wherein the code is a unique code and is linked to the identified website, and wherein the device is associated with a validated user; and
 based on a determination that the code is present on the device:
deactivating a deny access flag for the identified website; and
launching the identified website through a secure shell; or
 based on a determination that the code is not present on the device:
issuing a temporary token with a predefined validity time; and
launching the identified website through another secure shell during the predefined validity time.

US Pat. No. 10,715,533

REMEDIATION FOR RANSOMWARE ATTACKS ON CLOUD DRIVE FOLDERS

MICROSOFT TECHNOLOGY LICE...

1. A system, comprising:at least one processor and a memory;
wherein the at least one processor is configured to:
obtain a file event notification of a change made to a file of a client device;
use a support vector machine classifier to determine whether the change was malicious or legitimate, wherein the support vector machine classifier is trained with data of one or more users of the file, the data of the one or more users of the file including a frequency of changes made to the file, a number of changes made to the file, patterns in changes made to the file, and locations of the one or more users of the file;
upon the support vector machine classifier determining that the change was malicious, determine that a first type of a plurality of types of ransomware was used to make the change to the file; and
based on the determination that the first type of ransomware made the change, generate one or more instructions to suppress propagation of the file with a cloud service.

US Pat. No. 10,715,532

SELF-DEFENDING SMART FIELD DEVICE AND ARCHITECTURE

Siemens Aktiengesellschaf...

1. An automation system comprising:a plurality of field devices operating at a control layer of an automation plant, wherein each respective field device comprises:
a processor; and
a non-volatile memory having a self-defending security application stored thereon, wherein upon execution by the processor, performs steps comprising:
receiving an indication of a threat level for the automation plant, wherein the threat level is based on threat information from one or more external sources,
identifying one or more security operations corresponding to the threat level,
executing the one or more security operations, and
performing deep packet inspection on one or more received communication packets in response to the one or more security operations.

US Pat. No. 10,715,531

NETWORK TOPOLOGY

Visa International Servic...

9. A system comprising:a first data center computer comprising:
a first processor; and
a first computer readable medium, the first computer readable medium comprising first code, executable by the first processor, for implementing a first method comprising:
creating a first block for a first blockchain, the first block including a first block header and a first block body; and
sending a first message to a second data center computer indicating that the first block was created for the first blockchain, the first message including the first block header but not the first block body; and
the second data center computer comprising:
a second processor; and
a second computer readable medium, the second computer readable medium comprising second code, executable by the second processor, for implementing a second method comprising:
receiving the first message indicating that the first block was created for the first blockchain, the first message including the first block header but not the first block body;
creating a second block for a second blockchain, wherein the second block includes a second block header, wherein the second block header is the same as the first block header, and wherein the second block does not include the first block body,
wherein the second method executed by the second data center computer further comprises:
creating a third block for the second blockchain, the third block including a third block header and third block body;
sending a second message to the first data center computer indicating that the third block was created for the second blockchain, the second message including the third block header but not the third block body; and
wherein the first method executed by the first data center computer further comprises:
receiving the second message indicating that the third block was created for the second blockchain, the second message including the third block header but not the third block body; and
creating a fourth block for the first blockchain, wherein the fourth block includes a fourth block header, wherein the fourth block header is the same as the third block header.

US Pat. No. 10,715,530

SECURITY AND PERMISSION ARCHITECTURE

Microsoft Technology Lice...

1. A computing system comprising:a capacity machine configured to provide a computing service to a set of users that access the capacity machine;
a policy component configured to access local policy that corresponds to the capacity machine and maps one or more commands to a task-based execution level on the capacity machine; and
an authentication worker component configured to:
receive an indication of a workflow from a remote administrative client system associated with, a remote administrative user, the remote administrative client system being remote from the capacity machine;
based on the indication of the workflow, identify a requested command to be performed on the capacity machine by the remote user using the remote client system;
access the local policy to identify the task-based execution level that is mapped to the requested command; and
provide the remote administrative user with access to an execution environment on the capacity machine, wherein the execution environment is configured to perform the requested command, and access permissions of the remote administrative user to the execution environment are controlled based on the task-based execution level.

US Pat. No. 10,715,528

MULTI-FACTOR LOCATION-BASED AND VOICE-BASED USER LOCATION AUTHENTICATION

Amazon Technologies, Inc....

1. A system comprising:a microphone;
a beacon transmitter; and
one or more computer processors in communication with the beacon transmitter and the microphone, wherein the one or more computer processors are configured to at least:
transmit, via the beacon transmitter, a beacon signal comprising source identification data representing a first device identifier associated with the beacon transmitter;
receive, from a user device, user device data comprising:
detected beacon data representing the first device identifier; and
receiver identification data representing a second device identifier associated with the user device;
analyze the user device data to determine the first device identifier associated with the beacon transmitter;
determine a location of the beacon transmitter based on the first device identifier;
generate first location data, representing a location of the user device, based on the location of the beacon transmitter;
determine a user associated with the user device based on the second device identifier;
receive, via the microphone, audio data representing an utterance of the user;
calculate a first confidence score, representing a confidence that the utterance was made by the user, using the audio data and a voice model trained using a voice of the user;
determine that the utterance was likely made by the user based on the first confidence score;
generate second location data, representing a location at which the utterance was made, based on a location of the microphone;
calculate a second confidence score, representing a confidence that the user is at a particular location, using a model trained to calculate the second confidence score based on the first location data representing the location of the user device and the second location data representing the location at which the utterance was made;
determine that the user is at the particular location based on the second confidence score; and
execute a command in response to the utterance based on the determination that the user is at the particular location.

US Pat. No. 10,715,527

METHOD OF MANAGING PROFILES IN A SECURE ELEMENT

IDEMIA France, Colombes ...

1. A method of managing profiles in a secure element, wherein the secure element comprises a first profile associated with a first communication network, and a second profile associated with a second communication network, wherein the first profile is active, and the method comprises:deactivating said first profile; and
activating said second profile;
wherein the deactivation and the activation occur upon detection of a failure during a local verification pertaining to said first profile for the use of said first profile, said local verification being performed in the secure element, and said failure being relative to a security failure of the first profile or to an operating failure of the first profile.

US Pat. No. 10,715,526

MULTIPLE CORES WITH HIERARCHY OF TRUST

Microsoft Technology Lice...

1. An apparatus for defense-in-depth, comprising:an integrated circuit, including:
a set of independent execution environments including at least two independent execution environments, wherein at least two of the at least two independent execution environments are general purpose cores with differing capabilities, wherein the general purpose cores with differing capabilities include at least a first microcontroller and a first central processing unit (cpu), wherein the first microcontroller does not include a trusted execution environment (TEE), and wherein the independent execution environments in the set of independent execution environments are configured to have a defense-in-depth hierarchy.

US Pat. No. 10,715,525

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR PROVIDING ACCESS TO AN ONLINE SOCIAL NETWORK

salesforce.com, inc., Sa...

17. One or more computing devices for providing access to an online social network, the one or more computing devices comprising:one or more processors operable to execute one or more instructions to:
receive a request message from a requesting user to access social network data of the online social network, the online social network being specific to an organization having a group of a plurality of groups, the group including a plurality of internal users of the organization and at least one external users of the organization, the requested social network data being associated with the group and being fully accessible only to internal users of the organization that are members of the group and partially accessible to authorized external users of the organization that are members of the group;
determining that the requesting user is an external user of the organization;
determine that the requesting external user of the organization has an authorized status as an external member of the group in response to the determination that the requesting user is an external user of the organization;
identify a portion of the requested social network data flagged by one of the plurality of internal users as being available for the external member of the group, the requested social network data further comprising data that is not flagged by one of the plurality of internal users as being available for the external member of the group such that the requesting external member, in response to the request to access the social network data, can access social network data that is flagged and cannot access social network data that is not flagged; and
provide access to only the identified flagged portion of the requested social network data to the authorized requesting external member of the group and blocking access to the social network data that is not flagged;
provide a message received from the authorized external member as an information update for inclusion in an information feed; and
change the status of the requesting external member of the group from authorized to unauthorized after expiration of a time period or occurrence of an event.

US Pat. No. 10,715,524

EXTERNAL CREDENTIAL-LESS STAGES FOR DATA WAREHOUSE INTEGRATIONS

Snowflake Inc., San Mate...

1. A network-based data warehouse system comprising:at least one hardware processor; and
a memory storing instructions that cause the at least one hardware processor to perform operations comprising:
creating, in a database, a storage integration object identifying a cloud identity object and a storage location in a storage platform of a cloud storage provider system, the cloud identity object corresponding to a cloud identity that is associated, at the storage platform of the cloud storage provider, with a proxy identity object corresponding to a proxy identity granted permission to access the storage location;
creating, in the database, an external stage object based on the storage integration object, the external stage object identifying the storage location and including an association with the storage integration object;
receiving, from a computing device, a command to load or unload data at the storage location; and
in response to the command, loading or unloading, via the proxy identity object, the data at the storage location in the storage platform using the external stage object, the loading or unloading of the data comprising:
identifying the storage integration object based on the external stage object; and
accessing the storage location by causing the cloud identity to assume the proxy identity using security credentials obtained from the cloud storage provider system based on information included in the storage integration object.

US Pat. No. 10,715,523

DEFAULT TO SIGNED-IN STATE

Microsoft Technology Lice...

1. A method comprising:retrieving, from a first identity provider, first identity provider data for a service;
retrieving, from a second identity provider that is different from the first identity provider, second identity provider data for the service;
evaluating the first identity data and the second identity data for generation of a default signed-in state to the service, wherein the evaluating determines that the first identity data indicates that a user account is signed-in to the service using a first user account and the second identity data indicates that a second user account is signed-in to the service;
generating, based on a result of the evaluating, data representing the default signed-in state, wherein the data representing the default signed-in state is generated based on application of preference rules for the service that selects one of the first identity data and the second identity data as an identity for the default signed-in state; and
surfacing a representation of the service in the default signed-in state, wherein the service utilizes the data representing the default signed-in state to provide an authenticated user experience for the identity without requiring additional login to the service.

US Pat. No. 10,715,522

VOICEPRINT SECURITY WITH MESSAGING SERVICES

salesforce.com, San Fran...

1. A method comprising:receiving, from a client device, a request for a new communication session;
generating a random phrase for a user of the client device for the new communication session;
providing, to the client device, the generated random phrase;
receiving an audio recording of the random phrase from the client device;
extracting a first set of features and a second set of features from the audio recording, the first set of features defining a voice of the user, the second set of features defining the random phrase that is vocalized in the audio recording;
applying the first set of features and the second set of features to a trained voiceprint model previously generated for the user to obtain an authentication score generated by a first portion of the trained voiceprint model and a predicted phrase generated by a second portion of the trained voiceprint model, the authentication score representing a similarity between the audio recording from the client device and prior audio recordings of the user, the predicted phrase representing a prediction of the vocalized random phrase in the audio recording; and
authorizing the client device to access the new communication session based on the obtained authentication score and predicted phrase.

US Pat. No. 10,715,521

BIOMETRIC FACE RECOGNITION BASED CONTINUOUS AUTHENTICATION AND AUTHORIZATION SYSTEM

CREDEXT TECHNOLOGIES PVT....

1. A method of continuous authentication of a user over a network comprising;receiving, using a user interface at a user device, one or more user credentials for authenticating the user at a master login interface executing at the user device;
transmitting, from the user device to a server device, the one or more user credentials for the server device to authenticate the user at the user device by matching the one or more user credentials with one or more pre-stored user profiles in a server database, the user device and the server device communicating via a wired or a wireless communication link, over the network including the Internet, with each other;
matching, at the server device, the one or more user credentials with the one or more pre-stored user profiles in the server database for authenticating the user at the master login interface;
providing, to the user device by the server device, an access to work on server session, over the network, on a successful match of the one or more user credentials;
re-authenticating, by the server device, the user during the work on server session, over the network, wherein the re-authenticating comprises:
initiating, by the server device, a local device for continuously capturing user's biometric profile to continuously authenticate the user during the work on server session, the local device being in communication with the user device and the server device, and where the server device initiates the local device by invoking a security program to be executed at the user device;
capturing, by the local device, at least one biometric feature of the user;
sending, by the server device to the user device, biometric profile related to the user from the server database; and
matching, either by the local device or by the server device, the captured biometric feature with the biometric profile related to the user that is sent from the server database by the server device to the user device, and
wherein the matching of the captured biometric feature to authenticate the user, is completed by the local device either by acquiring, from the user device, the biometric profile related to the user sent to the user device by the server device or from the server database during the master login interface; and
wherein only by successfully authenticating and reauthenticating the user at the user device at the master login interface and during the work on server session, the server device allows access, of the work on server session over the network, to the user at the user device from any location.

US Pat. No. 10,715,520

SYSTEMS AND METHODS FOR DECENTRALIZED BIOMETRIC ENROLLMENT

MASTERCARD INTERNATIONAL ...

1. A method for decentralized biometric enrollment, comprising:receiving, within a server, a request to enroll a user for biometric authentication in association with a unique device identifier (ID) of a user device;
generating, within the server, an activation code corresponding to the unique device ID by encoding the activation code based upon one or both of an app running on the user device and the unique device ID;
sending the activation code to the user, the activation code enabling the user device to capture at least one biometric image;
receiving, from the user device, the at least one biometric image in response to the activation code;
extracting features from the at least one biometric image; and
generating a biometric template based upon the extracted features to enroll the user for biometric authentication without requiring the user to visit a central location to provide the at least one biometric image.

US Pat. No. 10,715,519

ADAPTIVE METHOD FOR BIOMETRICALLY CERTIFIED COMMUNICATION

Google Technology Holding...

1. A method for user authentication of a message being transmitted from a communication device, the method comprising:receiving content of a message provided for transmission from the communication device;
determining, by a message certification utility and based on the content of the message provided for transmission from the communication device, to authenticate a biometric input from a user of the communication device before allowing transmission of the message, wherein determining to authenticate the biometric input from the user of the communication device based on the content of the message comprises identifying a content-related trigger associated with a request to send money;
in response to the message certification utility determining to authenticate the biometric input from the user of the communication device based on the content of the message, triggering a biometric capturing component to capture the biometric input from the user of the communication device; and
transmitting the message when the biometric input is authenticated by the message certification utility as belonging to an authorized user of the communication device.

US Pat. No. 10,715,518

DETERMINATION OF DEVICE WITH WHICH TO ESTABLISH COMMUNICATION BASED ON BIOMETRIC INPUT

Lenovo (singapore) pte. l...

1. A first device, comprising:at least one processor;
a wireless transceiver accessible to the at least one processor;
at least one biometric sensor accessible to the at least one processor; and
storage accessible to the at least one processor and comprising instructions executable by the at least one processor to:
receive first input from the at least one biometric sensor;
based on first input from the at least one biometric sensor, identify a first user;
based at least in part on identification of the first user based on first input from the at least one biometric sensor, determine a second device with which the first device is to communicate using the wireless transceiver;
based on the determination of the second device with which the first device is to communicate using the wireless transceiver, communicate with the second device using the wireless transceiver and apply preferred call settings associated with the first user;
receive second input from the at least one biometric sensor;
based on second input from the at least one biometric sensor, identify a second user different from the first user;
based at least in part on identification of the second user based on second input from the at least one biometric sensor, determine a third device with which the first device is to communicate, the third device being different from the first device and the second device;
based on the determination of the third device with which the first device is to communicate using the wireless transceiver, communicate with the third device using the wireless transceiver and apply preferred call settings associated with the second user.

US Pat. No. 10,715,517

RETRIEVAL DEVICE FOR AUTHENTICATION INFORMATION, SYSTEM AND METHOD FOR SECURE AUTHENTICATION

SIEMENS AKTIENGESELLSCHAF...

1. A retrieval device for secure retrieval of optical information for a first device from a light source of a second device, the second device providing the optical information by the light source, the retrieval device comprising:a housing made from at least one material which is opaque for light emitted from the light source, wherein the housing is arranged to contain the light from at least a part of the light source;
an attachment arranged to detachably attach the housing to the second device, wherein the attachment comprises at least one of a suction, a magnet, a hook-and-loop fastener, an elastic element, a rubber band, a rubber element, a spring element, and a clamping element;
a light receiver arranged to receive the optical information from the light source, the light receiver located inside the housing; and
a connector arranged to transfer at least one of an optical signal and an electrical signal from the light receiver to the first device such that the first device is configured to authenticate a user based on the at least one of the optical signal and the electrical signal.

US Pat. No. 10,715,516

TIME-SERIES DATABASE USER AUTHENTICATION AND ACCESS CONTROL

FMR LLC, Boston, MA (US)...

1. A system for time-series database user authentication and access control, the system comprising:a server computing device comprising a memory for storing computer-executable instructions and a processor that executes the computer-executable instructions to:
receive a request from a remote computing device to access a kdb+™ database coupled to the server computing device, wherein the request includes one or more authentication credentials associated with the remote computing device;
connect to an access control layer associated with the kdb+™ database;
override one or more functions on the kdb+™ database for interprocess communication calls that are included in the request;
validate, by the access control layer, the one or more authentication credentials associated with the remote computing device;
authorize, by the access control layer, the remote computing device to access data in the kdb+™ database based upon an access profile associated with the validated authentication credentials; and
retrieve data from the kdb+™ database in response to the request.

US Pat. No. 10,715,515

GENERATING CODE FOR A MULTIMEDIA ITEM

AMERICAN EXPRESS TRAVEL R...

1. A method comprising:receiving, by a processor, an input comprising rearranged locations of a plurality of multimedia items in a rearranged order on a user interface;
ordering, by the processor, a plurality of codes in a sequence based on the rearranged order of the plurality of multimedia items, wherein one or more of the plurality of codes correspond to one of the plurality of multimedia items; and
determining, by the processor, an authentication based on the sequence of the plurality of codes.

US Pat. No. 10,715,514

TOKEN-BASED CREDENTIAL RENEWAL SERVICE

Amazon Technologies, Inc....

5. A computer-implemented method, comprising:detecting an event in connection with a second role that results in generation of a first token that is associated with the second role, the second role being associated with a permission that is exercisable to access computing resources by providing the first token;
determining a principal from a plurality of principals that each have a permission to obtain the first token and that each have previously assumed the second role to obtain a previous token that had the permission that was exercisable to access the computing resources by providing the previous token, wherein the principal further lacks the permission that is exercisable to access the computing resources by providing the first token and the principal previously assumed the second role by at least:
submitting a request to a service to assume the second role, the request comprising a second token comprising an expiration time;
causing the service to verify, based at least in part on the second token, that the second token is not expired and the principal has assumed a first role, where assumption of the first role comprises a first permission that enables assumption of the second role and the assumption of the second role is contingent on the assumption of the first role; and
receiving, from the service, a third token comprising a second permission that enables the principal to access the computing resources, wherein the second token lacks the second permission and further wherein the principal uses a set of permissions sufficient to assume the first role and insufficient to assume the second role and the principal, as a result of assuming the first role, relinquishes the set of permissions;
determining satisfaction of a condition stored in association with the principal, wherein satisfaction of the condition indicates the first token should be made available to the principal;
obtaining the first token at least in part by assuming the second role on behalf of the principal, wherein assuming the second role results in relinquishing a first set of permissions associated with the principal and gaining a second set of permissions that comprises at least the permission that is exercisable to access the computing resources by providing the first token; and
making the first token available to the principal.

US Pat. No. 10,715,513

SINGLE SIGN-ON MECHANISM ON A RICH CLIENT

Microsoft Technology Lice...

1. A processor-implemented method of providing a single sign-on mechanism for embedded web assets, comprising:receiving, by a hosting application, a first identity cookie associated with a first user identity and a second identity cookie associated with a second user identity, wherein the hosting application hosts one or more hosting documents on a client device;
receiving first user credentials for accessing the hosting application, wherein the first user credentials are associated with the first user identity, and wherein the hosting application comprises a first-party web application;
storing the first identity cookie authenticated by the first user credentials at the client device;
receiving a first indication to access a first web asset embedded in a first hosting document of the one or more hosting documents, wherein the first embedded web asset is a resource accessed via a browser launched from within the first hosting document, and wherein the first embedded web asset is hosted by a third-party web application, the third-party web application executing on the client device;
based at least in part on the first identity cookie, automatically enabling access to the first embedded web asset without requiring re-entry of the first user credentials;
receiving second user credentials for accessing the hosting application, wherein the second user credentials are associated with the second user identity;
storing the second identity cookie authenticated by the second user credentials at the client device;
receiving a second indication to access a second web asset embedded in a second hosting document of the one or more hosting documents; and
based at least in part on the second identity cookie, automatically enabling access to the second embedded web asset without requiring re-entry of the second user credentials.

US Pat. No. 10,715,511

SYSTEMS AND METHODS FOR A SECURE SUBSCRIPTION BASED VEHICLE DATA SERVICE

Honeywell International I...

1. A vehicle communication manager device located onboard a vehicle, the device comprising:a memory comprising a non-volatile memory device storing a fixed embedded public key, wherein the embedded public key is a public key of a public-private key pair associated with a data service system not onboard the vehicle;
a processor in communication with a wireless datalink transceiver;
a vehicle data service protocol executed by the processor, wherein the vehicle data service protocol initiates a communication session for data service exchanges with the data service system via the wireless datalink transceiver;
wherein the vehicle data service protocol includes a session validation sequence that causes the processor to:
transmit a session request message to the data service system; and
validate an authenticity of a session reply request message received from the data service system using the embedded public key, wherein the session reply message includes a public operational authentication key, a public operational encryption key, and is signed with a subscriber validation private key associated with the embedded public key;
wherein the vehicle data service protocol includes a session initiation sequence that causes the processor to:
transmit an initiation request message to the data service system, the session request message including a key derivation key generated onboard the vehicle, wherein the key derivation key in the initiation request message is encrypted using the public operational encryption key;
validate an authenticity of an initiation response message received from the data service system using the public operational authentication key; and
in response to affirmatively validating the initiation response message, apply the key derivation key to a key derivation function to generate a message authentication key;
wherein the processor authenticates data service uplink messages received from received from the host data service during the communication session using the message authentication key.

US Pat. No. 10,715,510

SECURE DEVICE NOTIFICATIONS FROM REMOTE APPLICATIONS

Citrix Systems, Inc., Fo...

1. A method comprising:initiating a remote connection between a server and a client agent application running on a client device;
receiving, by the server, from the client device, and via the remote connection, an encryption key and a device token, wherein the device token uniquely identifies the client device;
receiving notification data from a remote application executing on the server, wherein the remote application is accessible by the client device via the client agent application;
selecting, by the server and based on an operating system of the client device, a notification service, from a plurality of notification services, for delivery of the notification data to the client device, wherein a first notification service of the plurality of notification services corresponds to a first operating system, and a second notification service of the plurality of notification services corresponds to a second operating system different from the first operating system;
encrypting, by the server and using the encryption key, at least a portion of the notification data received from the remote application to generate encrypted notification data;
determining, by the server, whether the client agent application is running as a foreground process on the client device; and
sending, to the selected notification service and based on a determination that the client agent application is not running as the foreground process on the client device, the encrypted notification data for delivery to the client device.

US Pat. No. 10,715,509

ENCRYPTION KEY SHREDDING TO PROTECT NON-PERSISTENT DATA

SEAGATE TECHNOLOGY LLC, ...

1. A storage system comprising:a storage drive; and
a controller to:
power on the storage drive;
identify an encryption key on the storage drive created upon powering on the storage drive;
encrypt data in a cache of the storage drive using the encryption key;
reset the storage drive; and
delete the encryption key upon resetting the storage drive.

US Pat. No. 10,715,508

SERVER-ASSISTED SECURE EXPONENTIATION

Cisco Technology, Inc., ...

1. An apparatus comprising:a communication interface, which is configured to receive, over a communication channel from a device external to the apparatus:
a request to perform a modular exponentiation operation in which an exponent of the modular exponentiation operation comprises a secret value, wherein the secret value is not provided to the apparatus;
at least two parameters that encode the secret value in accordance with a polynomial homomorphic encryption of the secret value computed by the device; and
a sum and a product of polynomial roots; and
a processor, which is configured to perform, in response to the request, a homomorphic exponentiation using the at least two parameters received from the device without decrypting the secret value in the apparatus, and to apply the sum and the product in computing the homomorphic exponentiation, so as to generate an output that is indicative of a result of the modular exponentiation operation, wherein the result of the modular exponentiation operation includes a session key used in encrypted communications between the device and a peer device.

US Pat. No. 10,715,507

PRIVILEGE REVOCATION FOR CLIENT DEVICES

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:determining, based at least in part on a desired privilege state for a client device, a desired privilege manifest that reflects the desired privilege state, the desired privilege manifest specifying a notification justifying implementation of the desired privilege state;
receiving, from the client device, a current privilege manifest, the current privilege manifest specifying a current privilege state of the client device;
processing the current privilege manifest and the desired privilege manifest to identify a set of differences;
providing the notification to the client device to cause the client device to present the notification in an interface; and
causing, based at least in part on the set of differences and the notification, the client device to update the current privilege state to the desired privilege state.

US Pat. No. 10,715,506

METHOD AND SYSTEM FOR MASTER PASSWORD RECOVERY IN A CREDENTIAL VAULT

BlackBerry Limited, Wate...

1. A method for enabling access to a credential vault, the method comprising:selecting at least one credential, for encrypting at least one of a master password or a vault key, from within the credential vault, the at least one credential being associated with an application or service other than the credential vault, the selection of the at least one credential being done via a selection of an entry from a list of entries within the credential vault;
encrypting one of the master password or the vault key for the credential vault with the selected at least one credential, thereby creating a recovery file; and
storing the recovery file,wherein the selected at least one credential can be used to decrypt the recovery file to enable access to the credential vault;wherein the selecting ensures an entropy for the at least one credential is at least the same or greater than an entropy of the master password.

US Pat. No. 10,715,505

END-TO-END ENCRYPTION IN A SOFTWARE DEFINED NETWORK

INTERNATIONAL BUSINESS MA...

1. A method for end-to-end securing of data communications in a Software Defined Network (SDN), the method comprising:receiving, at a controller of the SDN, first information from a first component of the SDN, the first information comprising an identification of an encryption algorithm from a set of encryption algorithms supported by the first component;
preventing, using a set of policies transmitted in encrypted form from the controller to the first component, the first component from using a first subset of the set of encryption algorithms on a path in the SDN between the first component and a second component of the SDN, even though the first subset of encryption algorithms is supported at the first component and the second component, wherein the set of policies comprises the first subset of the set of encryption algorithms; and
causing, using the set of policies transmitted in encrypted form from the controller to the first component, a selection at the first component of a cryptographic operation from a second subset of the set of encryption algorithms, the cryptographic operation being applicable to the path.

US Pat. No. 10,715,504

PROVISIONING EPHEMERAL KEY POOLS FOR SENDING AND RECEIVING SECURE COMMUNICATIONS

Wickr Inc., Pleasanton, ...

1. A method comprising:receiving, at a first device, an encrypted communication from a second device;
decrypting, at the first device, the encrypted communication received from the second device to obtain a plurality of ephemeral public keys, their unique identifiers, and a signature for each public key of the plurality of ephemeral public keys;
validating, by the first device, the signature of each public key in the plurality of the plurality ephemeral public keys;
storing, in a storage medium of the first device, the plurality of ephemeral public keys when the signature of each public key in the plurality of ephemeral public keys is valid;
transmitting, from the first device, a request for a user profile of the second device to a first server;
determining, at the first device, whether a response to the request has been received from the first server;
retrieving a first ephemeral public key and a key identifier from the storage medium when no response has been received from the first server;
generating, by the first device, a first encryption key;
deriving, by the first device, a key-encrypting key using at least the first ephemeral public key;
encrypting, by the first device, a first communication to the second device using the first encryption key;
encrypting, by the first device, the first encryption key using the key-encrypting key; and
transmitting, by the first device, the first encrypted communication, the key identifier, and the encrypted first encryption key to the second device.

US Pat. No. 10,715,503

METHOD AND APPARATUS FOR SECURING COMMUNICATIONS USING MULTIPLE ENCRYPTION KEYS

ALIBABA GROUP HOLDING LIM...

1. A method comprising:generating, at a terminal device, a first encryption key based on login information of a user and a first identifier corresponding to an information providing server that provides an electronic file;
sending, by the terminal device, a first request message to a platform server, wherein the first request message includes the first identifier, a second identifier of the electronic file, and a third identifier of a third-party user;
receiving, by the terminal device, a digital certificate of the third-party user that is returned by the platform server after the platform server confirms that the third identifier has the right to view the electronic file;
receiving, by the terminal device, the electronic file encrypted using a second encryption key, wherein the second encryption key is generated from the first encryption key, the first identifier, and the second identifier;
generating, by the terminal device, a first decryption key according to the first encryption key;
decrypting, by terminal device using the first decryption key, the electronic file encrypted using the second encryption key, and
receiving, by the terminal device, a notification message from the platform server confirming that third-party authorization is completed after the platform server finds the electronic file according to the second identifier.

US Pat. No. 10,715,502

SYSTEMS AND METHODS FOR AUTOMATING CLIENT-SIDE SYNCHRONIZATION OF PUBLIC KEYS OF EXTERNAL CONTACTS

VERISIGN, INC., Reston, ...

1. A client device for automating client-side public key synchronization, comprising:a key synchronizer that obtains cryptographic keys from at least one remote source;
a local key store that stores at least one cryptographic key; and
a memory storing instructions that, when executed by at least one processor of the key synchronizer, cause the key synchronizer to perform a method comprising:
obtaining, from a first application that applies the at least one cryptographic key stored in the local key store, an external contact associated with an external domain outside of a local domain of the client device, wherein the first application does not obtain a registry-supplied public key for the external contact;
querying a mapping service for an external key registry responsible for providing public cryptographic keys associated with the external domain;
receiving, from the mapping service, an identification of the external key registry, wherein the external key registry includes a key registry outside of the local domain that stores one or more public keys, and the external key registry implements an Internet security protocol that provides assertions for the legitimacy of the one or more public keys;
obtaining, from the external key registry, the registry-supplied public key for the external contact; and
causing the registry-supplied public key to be stored in the local key store as a locally-stored key,
wherein the first application secures an email, targeting the external contact as a recipient of the email, by retrieving the locally-stored key from the local key store, and applying the locally-stored key to the email.

US Pat. No. 10,715,501

PROVIDING SECURE DATA TRANSMISSION OVER A UNIVERSAL SERIAL BUS (USB) INTERFACE

Intel Corporation, Santa...

1. A computing device, comprising:a controller configured to communicably couple the computing device to a peripheral computing device, wherein the controller comprises:
an encryption unit on the computer device configured to encrypt input data received from the peripheral computing device before sending the input data to an application running on the computing device wherein the computing device runs the application in a higher virtual trust level than other software running on the computing device; and
a decryption unit on the computer device configured to decrypt output data received from the application running on the computing device before sending the output data to the peripheral computing device; and
a memory device comprising a data structure that directs a flow of the input data and the output data between the peripheral computing device and the application, wherein the data structure comprises an encryption enable field and an encryption key field for controlling the encryption unit and the decryption unit of the controller, wherein the encryption enable field of the data structure indicates whether the encryption unit is to be enabled for the input data, and wherein the encryption key field comprises an encryption key to be used to encrypt the input data in response to the encryption enable field indicating that the encryption unit is to be enabled for the input data.

US Pat. No. 10,715,500

SYSTEM AND METHOD FOR INFORMATION PROTECTION

ALIBABA GROUP HOLDING LIM...

1. A computer-implemented method for information protection, comprising:obtaining a transaction blinding factor rt, a transaction amount t of a transaction, and a transaction commitment value T from a sender node associated with a sender of a transaction, wherein:
the transaction amount t is committed with a first commitment scheme to obtain the transaction commitment value T, the first commitment scheme comprising the transaction blinding factor rt,
the transaction amount t is tapped from one or more assets A1, A2, . . . , Ak of the sender of the transaction,
each of the assets is associated with (1) a Pedersen commitment based at least on a blinding factor rak and a value of the each asset and (2) an encryption based at least on the blinding factor rak and the value of the each asset, and
a change y is a difference between the transaction amount t and the tapped assets;
verifying the transaction based on the obtained transaction blinding factor rt, the obtained transaction amount t of a transaction, and the obtained transaction commitment value T;
in response to successfully verifying the transaction, encrypting a second combination of the transaction blinding factor rt and the transaction amount t with a second key KB;
generating a signature SIGB associated with the encrypted second combination and the transaction commitment value T; and
transmitting the encrypted second combination and the signature SIGB to the sender node for the sender node to verify the signature SIGB and to, in response to the sender node successfully verifying the signature SIGB, generate a signature SIGA associated with the assets A1, A2, . . . , Ak, an encrypted first combination of a change blinding factor ry and the change y encrypted with a first key KA, the encrypted second combination, the transaction commitment value T, a change commitment value Y committing the change y with a second commitment scheme, and a difference between a sum of blinding factors corresponding to the assets A1, A2, . . . , Ak and a sum of the transaction blinding factor rt and the change blinding factor ry.

US Pat. No. 10,715,499

SYSTEM AND METHOD FOR ACCESSING AND MANAGING KEY-VALUE DATA OVER NETWORKS

Toshiba Memory Corporatio...

1. A device for storing key-value (KV) data, comprising:non-volatile memory; and
a controller that receives network data communicated over a network using a layer 2 protocol, the controller including:
a decapsulator configured to decapsulate a payload from the network data, the payload including a key-value pair and first information provides information on how to store KV data corresponding to the key-value pair in the payload, wherein the first information provides at least one or both of an access frequency of the key-value pair and a tag on the key-value pair, and
a KV mapper configured to receive the key-value pair and the first information decapsulated from the network data, and determine, based on the received key-value pair and first information, a first location of the non-volatile memory,
wherein the controller is further configured to store KV data corresponding to the key-value pair at the first location of the non-volatile memory based on the first information that was communicated over the network in the network data together with the KV data and decapsulated from the network data.

US Pat. No. 10,715,498

METHODS, SYSTEMS, AND MEDIA FOR PROTECTING AND VERIFYING VIDEO FILES

Google LLC, Mountain Vie...

1. A method for verifying video streams, the method comprising:receiving, at a user device, a request to present a video that is associated with a video archive, wherein the video archive includes a file list, a signature corresponding to the file list, video metadata, a signature corresponding to the video metadata, and at least one encrypted video stream corresponding to the video, and wherein the file list indicates a plurality of files that are to be included in the video archive;
verifying the signature corresponding to the file list;
in response to determining that the signature corresponding to the file list has been verified, determining whether the plurality of files indicated in the file list are included in the video archive;
in response to determining that the plurality of files indicated in the file list are included in the video archive, verifying the signature corresponding to the video metadata;
in response to determining that the signature corresponding to the video metadata has been verified and in response to determining that the plurality of files indicated in the file list are included in the video archive, requesting a decryption key for decrypting the encrypted video stream;
in response to receiving the decryption key, decrypting the encrypted video stream; and
causing the decrypted video stream to be displayed on the user device.

US Pat. No. 10,715,497

DIGITAL SAFETY BOX FOR SECURE COMMUNICATION BETWEEN COMPUTING DEVICES

Wells Fargo Bank, N.A., ...

1. A method for secure communication, the method comprising:receiving, by a receiver computing device and from a sender computing device, a request for a digital safety box;
generating, by the receiver computing device, the digital safety box for the sender computing device, wherein the digital safety box includes an encryption key and an executable code that defines a content holder as a content file structure, and wherein the executable code is configured to perform encryption of content held in the content holder with the encryption key upon execution;
sending, by the receiver computing device and to the sender computing device, the digital safety box;
receiving, by the receiver computing device and from the sender computing device, a sealed digital safety box including the content in the content holder encrypted with the encryption key; and
decrypting, by the receiver computing device, the content in the content holder of the sealed digital safety box.

US Pat. No. 10,715,495

CONGESTION CONTROL DURING COMMUNICATION WITH A PRIVATE NETWORK

NICIRA, INC., Palo Alto,...

1. A method for a first endpoint to perform congestion control during communication with a second endpoint over a public network, the second endpoint being in a private network, the method comprising:establishing a reliable transport protocol connection with a gateway associated with the private network;
setting a socket buffer size of a socket layer for the reliable transport protocol connection to zero;
generating a plurality of tunnel segments containing unreliable transport protocol data destined for the second endpoint, wherein the plurality of tunnel segments are for a tunnel connecting the first endpoint with the private network and supported by the reliable transport protocol connection;
determining whether congestion control is required prior to sending the plurality of tunnel segments through the tunnel by:
calculating an available data amount that can be sent via the tunnel based on comparing a congestion window and a flight size, wherein the congestion window sets a maximum data amount that can be sent via the tunnel, and the flight size represents an in flight data amount that has been sent via the tunnel but not yet acknowledged; and
in response to a data amount of the plurality of tunnel segments exceeding the available data amount, performing congestion control by dropping at least some of the plurality of tunnel segments without buffering the at least some of the plurality of tunnel segments for later transmission; otherwise, sending the plurality of tunnel segments through the tunnel supported by the reliable transport protocol connection.

US Pat. No. 10,715,494

ORCHESTRATING WORK ACROSS DOMAINS AND WORK STREAMS

Microsoft Technology Lice...

1. A system executing a general management layer comprising:at least one processing unit; and
at least one memory storing computer executable instructions that, when executed by the at least one processing unit, cause the system to perform a method, the method comprising:
receiving an indication to transfer first tenant data of a first tenant from a source domain to a target domain, wherein the first tenant data comprises a plurality of first data portions, wherein the source domain is managed by a source management layer associated with the first tenant and the target domain is managed by a target management layer associated with at least a second tenant, wherein the source domain hosts the first tenant data comprising the plurality of first data portions and the target domain hosts second tenant data comprising a plurality of second data portions, and wherein the source management layer and the target management layer are not in a trusted relationship;
in response to receiving the indication, establishing a secure communication session;
generating a key pair;
providing at least one key of the key pair to each of the source management layer and the target management layer;
monitoring a first message associated with the target management layer, wherein the first message comprises a first encrypted payload comprising a second data portion of the second tenant transferred from a first resource to a second resource on the target domain in a first transfer step, and wherein a first unencrypted message header indicates completion of the first transfer step;
in response to the indication of completion of the first transfer step, relaying a second message between the source management layer and the target management layer, wherein the second message comprises a second encrypted payload comprising a first data portion of the first tenant transferred from a third resource on the source domain to the first resource on the target domain in a second transfer step, wherein a second unencrypted message header indicates completion of the second transfer step, and wherein at least one of the first encrypted payload comprising the second data portion or the second encrypted payload comprising the first data portion is encrypted by at least one key of the key pair;
automatically orchestrating each of a plurality of transfer steps involved in transferring the first tenant data of the first tenant from the third resource on the source domain to the first resource on the target domain based on evaluating a plurality of unencrypted message headers; and
in response to detecting completion of the plurality of transfer steps, terminating the secure communication session.

US Pat. No. 10,715,493

METHODS AND SYSTEMS FOR EFFICIENT CYBER PROTECTIONS OF MOBILE DEVICES

Centripetal Networks, Inc...

1. A method for selectively filtering traffic on a mobile device, the method comprising:generating, by the mobile device, a plurality of packets to be output from the mobile device;
determining, for each packet of the plurality of packets, at least one packet matching criterion associated with each packet;
testing, for each packet of the plurality of packets, at least one policy probabilistic data structure for the determined at least one packet matching criterion, wherein the policy probabilistic data structure represents each of a plurality of packet filtering rules of a security policy;
based on a determination by the mobile device that a first packet matching criterion of a first packet of the plurality of packets is not represented in the at least one policy probabilistic data structure, forwarding the first packet towards its intended destination;
based on a determination by the mobile device that a second packet matching criterion of a second packet of the plurality of packets is represented in the at least one policy probabilistic data structure, transmitting the second packet to a packet gateway associated with the security policy; and
causing, based on the determination by the mobile device that the second packet matching criterion is represented in the at least one policy probabilistic data structure, the packet gateway to filter the second packet.

US Pat. No. 10,715,492

FLOW TABLE PROCESSING METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A method performed by a software-defined networking (SDN) comprising a controller and a switching device, comprising:generating, by the controller, a first matching flow table set of a security group that includes M virtual machine ports, the first matching flow table set comprises at least M port matching flow tables corresponding to the M virtual machine ports, each of the M port matching flow tables including port matching information and an identifier of the security group, and M is an integer greater than 0;
sending, by the controller, the first matching flow table set to the switching device;
generating, by the controller, a second matching flow table set that comprises N rules and at least N rule matching flow tables corresponding to the N rules, each of the N rule matching flow tables including rule matching information and the identifier of the security group, and N is an integer greater than 0;
sending, by the controller, the second matching flow table set to the switching device;
generating, by the controller, an action flow table of the security group, wherein the action flow table of the security group comprises the identifier of the security group and a packet action based on a packet matching any port matching flow table in the first matching flow table set, and matching any rule matching flow table in the second matching flow table set; and
sending, by the controller, the action flow table of the security group to the switching device;
wherein each port matching flow table further comprises a first connection identifier, the first connection identifier is used to indicate that security group matching of the packet comprises two parts, and a first part of security group matching of the packet is completed when the packet matches any port matching flow table in the first matching flow table set; and
each rule matching flow table further comprises a second connection identifier, the second connection identifier is used to indicate that security group matching of the packet comprises two parts, and a second part of security group matching of the packet is completed when the packet matches any rule matching flow table in the second matching flow table set;
receiving, by the switching device, packet for processing;
matching, by the switching device, the packet with a flow table in the first matching flow table set;
determining, by the switching device, that the packet successfully matches any port matching flow table in the first matching flow table set, and recording the first connection identifier;
matching, by the switching device, the packet with a flow table in the second matching flow table set;
determining, by the switching device, that the packet successfully matches any rule matching flow table in the second matching flow table set, and recording the second connection identifier; and
processing, by the switching device, the packet according to the packet action according to the recorded first connection identifier and second connection identifier.

US Pat. No. 10,715,491

DIAMETER SECURITY WITH NEXT GENERATION FIREWALL

Palo Alto Networks, Inc.,...

1. A system, comprising:a processor configured to:
monitor Diameter protocol traffic on a service provider network at a security platform;
filter the Diameter protocol traffic at the security platform based on a security policy, wherein a signaling transport protocol is a signaling transport (SIGTRAN) protocol; and
perform state and packet validation of the Diameter protocol per payload protocol identifier (PPID) and source/destination IP addresses while filtering SIGTRAN protocol messages; and
a memory coupled to the processor and configured to provide the processor with instructions.

US Pat. No. 10,715,490

FIREWALL CLUSTER

NEW H3C TECHNOLOGIES CO.,...

1. A method for implementing a firewall cluster, comprising:monitoring, by a Software Defined Network (SDN) controller, a load of one or more Virtual FireWall (vFW) nodes in the firewall cluster in real time;
when detecting that the load of one or more vFW nodes is higher than a predefined first threshold, creating, by the SDN controller, a new vFW node; and
selecting, by the SDN controller, a first flow, which is to be migrated, from flows passing through the monitored one or more vFW nodes, sending an identity of the first flow and an identity of the new vFW node to the monitored one or more vFW nodes, updating a first flow entry corresponding to the first flow after receiving a first notification message, and sending the updated first flow entry to a switch, wherein the first notification message indicates that the vFW node through which the first flow passes synchronizes session information corresponding to the first slow to the new vFW node, and the updated first flow entry indicates the switch to send the first flow to the new vFW node,
when detecting that the load of one or more vFW nodes is lower than a predefined second threshold, the method further comprising:
selecting, by the SDN controller, a to-be-removed vFW node from the one or more vFW nodes of which load is lower than the predefined second threshold, determining a second flow passing through the to-be-removed vFW node as a to-be-migrated flow, determining a destination vFW node to which the second flow is to be migrated, and sending an identity of the second flow and an identity of the destination vFW node to the to-be-removed vFW node; and
updating, by the SDN controller, a second flow entry corresponding to the second flow after receiving a second notification message, and sending the updated second flow entry to the switch, wherein the second notification message indicates that the to-be-removed vFW node synchronizes session information corresponding to the second flow to the destination vFW node, and the updated second flow entry indicates the switch to send the second flow to the destination vFW node.

US Pat. No. 10,715,488

AUTOMATED WEBSITE GENERATION VIA INTEGRATED DOMAIN REGISTRATION, HOSTING PROVISIONING, AND WEBSITE BUILDING

Go Daddy Operating Compan...

1. A system, comprising:a server communicatively coupled to a network, the server being configured to:
identify a domain name registered to a registrant, the domain name being associated with a pre-configured application, wherein the pre-configured application requires no additional setup by the registrant to implement a functionality of the pre-configured application in combination with the domain name; and
after the domain name is registered to the registrant, and without receiving further requests from the registrant, publish a website at the domain name, the website including the pre-configured application.

US Pat. No. 10,715,487

METHODS AND SYSTEMS FOR CREATING NEW DOMAINS

VERISIGN, INC., Reston, ...

1. A computer-implemented method of creating a top level domain, comprising:receiving, at a first system, a request to create a non-existing top level domain as a top level domain in a registry in a domain name system (DNS), the request including domain data, the domain data comprising a domain name for the non-existing top level domain and a data definition defining one or more features to be supported by the non-existing top level domain, wherein the one or more features comprise at least one of:
a thick indicator indicating that the non-existing top level domain is to be thick,
a thin indicator indicating that the non-existing top level domain is to be thin, or
an internationalized indicator indicating that the non-existing top level domain is to support internationalized domain names;
creating a data structure comprising the domain data including the data definition; and
transmitting a create domain request including the data structure to the registry in the DNS, wherein the registry creates, in response to the create domain request, the top level domain in the registry based on the data structure.

US Pat. No. 10,715,486

PORT ADDRESS TRANSLATION SCALABILITY IN STATEFUL NETWORK DEVICE CLUSTERING

Cisco Technology, Inc., ...

1. A method comprising:at a master network device among N network devices of a cluster:
receiving cluster configuration information including a set of Internet Protocol (IP) addresses and a pool of port blocks associated with the IP addresses, each port block including multiple ports, and the pool of the port blocks to be shared across the N network devices;
dividing the port blocks in the pool into N+1 buckets of the port blocks, each bucket including an initial number of the port blocks;
first allocating all but one bucket of the N+1 buckets to corresponding ones of the N network devices;
reserving as a reserved bucket the one bucket that is not allocated for allocation to a potential new network device;
when a new network device joins the cluster, second allocating to the new network device at least a portion of the port blocks from the reserved bucket; and
using the port blocks for port address translation operations for communications between a first network and a second network that traverse the cluster.

US Pat. No. 10,715,485

MANAGING DYNAMIC IP ADDRESS ASSIGNMENTS

Amazon Technologies, Inc....

5. A method, comprising:receiving, from a user, a specification of an identifier for a web service and an indication of one or more virtual machines of the user, the identifier associated with at least one network address for the web service;
generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier, the one or more network address lists including the at least one network address, determined by an address auditor performing an audit on IP address associated with the web service, for the web service capable of communicating with the one or more virtual machines; and
updating at least one security table for the one or more virtual machines with the one or more network address lists at a server computer hosting the one or more virtual machines based at least on part on one or more detected changes to the at least one network address for the web service, the at least one security table used by the server computer to at least determine whether to allow communication addressed to or from the at least one network address for the web service.

US Pat. No. 10,715,484

DOMAIN MANAGEMENT AND SYNCHRONIZATION SYSTEM

CALLFIRE, INC., Santa Mo...

1. A system comprising executable instructions and one or more computer processors configured by the executable instructions to at least:receive, from a first domain name system (“DNS”) server, a notification that a DNS record for a domain has changed, wherein the DNS record maps a resource associated with the domain to a network address of the resource;
retrieve, from the first DNS server, a first set of DNS records for the domain, wherein the first set of DNS records are retrieved in a first server-specific format associated with the first DNS server, and wherein the first set of DNS records comprises the DNS record that has been changed;
determine a first transformation set associated with the first DNS server, wherein the first transformation set comprises one or more transformations to be applied to the first set of DNS records to generate a second set of DNS records in a DNS server-independent format;
generate, based at least partly on the first transformation set, a DNS record of a first DNS record type using a DNS record of a second DNS record type from the first set of DNS records;
generate the second set of DNS records in the DNS server-independent format using the DNS record of the first DNS record type;
determine, based at least partly on (1) an association of the domain with a second DNS server and (2) a change to domain-specific data at the first DNS server, to synchronize the change to domain-specific data at the second DNS server;
determine a second transformation set associated with the second DNS server, wherein the second transformation set comprises one or more transformations to be applied to the second set of DNS records to generate a third set of DNS records in a second server-specific format associated with the second DNS server, wherein the second server-specific format is different than the first server-specific format;
generate the third set of DNS records using the second set of DNS records and the second transformation set; and
update the domain-specific data at the second DNS server using the third set of DNS records.

US Pat. No. 10,715,483

METHOD AND APPARATUS FOR PROVISIONING A SCALABLE COMMUNICATIONS NETWORK

1. A method, comprising:transmitting, by a first directory server of a first regional call processing system, a name authority pointer associated with a telephone number to a second directory server of a second regional call processing system, wherein the name authority pointer facilitates establishing communications with a communication device associated with the telephone number, wherein the transmitting is responsive to a first determination that the name authority pointer is not located within a first geographic region of the first regional call processing system, and wherein the second directory server is accessible by a first name server of the second regional call processing system for provisioning the name authority pointer to the first name server;
determining, responsive to a directory search by a master name server, whether the name authority pointer had been newly received by the first directory server; and
synchronizing, responsive to a second determination that the name authority pointer had been newly received by the first directory server, a replicate directory of a third directory server of the first regional call processing system.

US Pat. No. 10,715,482

WIDE AREA SERVICE DISCOVERY FOR INTERNET OF THINGS

Convida Wireless, LLC, W...

1. An apparatus comprising:a processor; and
a memory coupled with the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising:
receiving a first message from a first device on a first local area network, the first message comprising a domain name system-service discovery (DNS-SD) query for a service;
determining that the service is not located on the first local area network;
responsive to determining that the service is not located on the first local area network, providing a second message to a server, the second message comprising a DNS-SD query for the service;
receiving, from the DNS-SD server, a third message, the third message comprising a DNS-SD response to the second message; and
forwarding the third message to the first device, the third message being generated by the server and comprising information associated with the requested service indicating that the requested service is discovered elsewhere in a virtual discovery zone,
wherein the third message comprises a DNS resource record that provides sleep characteristics of a device that hosts the requested service, the sleep characteristics comprising a current sleep state, sleep duration, and sleep periodicity, and
wherein the virtual discovery zone is a logical grouping of local area networks with a common DNS-SD service discovery zone that enables service discoveries over services in the logical grouping of local area networks.

US Pat. No. 10,715,481

NETWORK ADDRESS RESOLUTION

Level 3 Communications, L...

1. A content delivery method comprising:receiving a uniform resource locator resolution request at a name server for a domain, the uniform resource locator resolution request received based, at least in part, on a host name of the uniform resource locator resolution request, the host name related to a resource associated with the uniform resource resolution request;
tracking, at the name server, a popularity of the resource by determining a number of times the host name related to the resource is requested, wherein the host name includes a checksum uniquely related to a path indicative of the resource; and
providing a node within a network capable of delivering the resource, the provided node based on the popularity of the resource.

US Pat. No. 10,715,479

CONNECTION REDISTRIBUTION IN LOAD-BALANCED SYSTEMS

Amazon Technologies, Inc....

1. A network-based system, comprising:a plurality of computing devices implementing a plurality of nodes each configured to provide one or more functionalities of the network-based system, wherein the plurality of nodes are grouped into a plurality of node groups each comprising two or more of the nodes; and
a plurality of load balancers each fronting at least one of the plurality of node groups, each individual one of the plurality of load balancers configured to:
receive client requests from a plurality of client devices via connections over a network between the client devices and the individual load balancer, wherein the connections are terminated at the individual load balancer; and
distribute the received client requests among the nodes in a respective node group corresponding to the individual load balancer according to a load balancing technique, such that the client devices do not communicate over direct connections with respective nodes in the node group;
wherein a node of the plurality of nodes is configured to:
generate a message to one of the plurality of load balancers, wherein the node is in a node group corresponding to the load balancer, and the message indicates to close one or more connections terminated at the load balancer; and
send the message to the load balancer;
wherein the load balancer is configured to close the one or more connections indicated by the message received from the node.

US Pat. No. 10,715,478

EVENT-BASED COMMENT GROUPING FOR CONTENT ITEMS

GOOGLE LLC, Mountain Vie...

1. A method comprising:identifying, by a processing device, user comments corresponding to a content item, the user comments comprising playback timestamps having selectable links to access a portion of the content item that is associated with a respective time interval;
dividing the content item into a plurality of content item segments that are associated with respective time intervals;
grouping the user comments to associate with respective content item segments based on the playback timestamps of the user comments;
selecting a content item segment of the content item segments based on interactions with the user comments; and
providing a subset of the grouped user comments associated with the selected content item segment for display during playback of the content item.

US Pat. No. 10,715,477

COMMUNICATION PLATFORM FOR MINORS

Facebook, Inc., Menlo Pa...

1. A method comprising, by a computing system:receiving a messaging request to participate in a group messaging thread, the messaging request identifying a first user, a second user, and a third user, wherein the first user, the second user, and the third user are associated with a first account, a second account, and a third account, respectively;
in response to the messaging request, determining that the first account is of a minor-account type and that at least the first user and the second user are not directly connected within a social graph;
in response to the determination that the first account is of the minor-account type and that the first user and the second user are not directly connected within the social graph:
sending first instructions to messaging applications of the first user, the second user, and the third user, wherein the first instructions are configured to cause the messaging applications to place the group messaging thread in a pending state;
identifying, based on the first account associated with the first user, an approver who has authority to approve connections made with the first user in the social graph; and
sending, to the approver, an approval request for connecting the first user and the second user within the social graph;
receiving, from the approver in response to the approval request, an approval to connect the first user and the second user within the social graph;
in response to at least the approval, establishing a connection between the first user and the second user in the social graph;
determining that the first user is directly connected to both the second user and the third user in the social graph; and
in response to the determination that the first user is directly connected to both the second user and the third user in the social graph, sending second instructions to the messaging applications of the first user, the second user, and the third user, wherein the second instructions are configured to cause the messaging applications to place the group messaging thread in an enabled state.

US Pat. No. 10,715,476

MANAGING DATA ON COMPUTER AND TELECOMMUNICATIONS NETWORKS

Privowny, Inc., Palo Alt...

1. An email management server system for supporting multiple users of multiple client devices, the email management server system being remote from the multiple client devices, the email management server system comprising:an alias data store operative to store a key email address for each of a plurality of different users, the alias data store further operative to store one or more alias email addresses in association with each of the key email addresses, the alias data store further operative to store user forwarding preferences for each of the plurality of different users, the alias data store further operative to store a particular key email address associated with a particular user, to store a particular alias email address in association with the particular key email address, and to store particular user forwarding preferences for the particular user, the particular alias email address being provided to a particular entity;
an alias generation engine, coupled to the alias data store, operative to:
generate each alias email address of the one or more alias email addresses, including the particular alias email address associated with the particular user, each alias email address having a domain associated with the email management server system; and
store in the alias data store the particular alias email address in association with the particular key email address; and
an alias agent engine, coupled to the alias data store, operative to:
receive an email message from a third party, the email message having a message source associated with the third party and having a first message destination that includes the particular alias email address;
retrieve the particular user forwarding preferences;
determine whether the particular user forwarding preferences indicate to forward the email message; and
when the particular user forwarding preferences indicate to forward the email message, address the email message to a second message destination of the particular key email address stored in the alias data store in association with the particular alias email address, and send the email message to the second message destination.

US Pat. No. 10,715,475

DYNAMIC ELECTRONIC MAIL ADDRESSING

Enveloperty LLC, Colorad...

9. A method for dynamic email addressing, the method comprising one or more processors within a proprietary email processing environment, wherein the one or more processors execute instructions to perform the method, the method comprising:receiving an email message;
determining whether a domain of the email message is managed by the environment;
if the email message is managed by the environment, determining whether a sending mailbox associated with the email message is blacklisted, and if the sending mailbox is not blacklisted, persisting the email message for retrieval;
retrieving a list of messages from an email transfer agent of the environment (EMTA);
for each message in the list of messages, retrieving a hash from the EMTA, downloading a message from the EMTA, and calculating a message hash; and
if the hashes match, persisting the message in the data store, and determining a persona.

US Pat. No. 10,715,474

STORAGE AND PROCESSING OF EPHEMERAL MESSAGES

Snap Inc., Santa Monica,...

1. A system comprising:hardware processing circuitry configured to perform operations comprising:
determine that a message is part of a conversation that includes a previous message that was stored for less than a specified time period;
store the message in a volatile memory based on the determination; and
copy the message from the volatile memory to a non-volatile memory based on not detecting a specified triggering event prior to a storage time of the message in the volatile memory exceeding the specified time period.

US Pat. No. 10,715,473

OPTIMIZED MESSAGE EXCHANGE

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for optimized processing of message responses from multiple email recipients, the method comprising:receiving, by a message exchange system comprising one or more processors, an email message from a sender that is to be transmitted to a plurality of recipients, wherein the email message includes one or more sender selected options, wherein the one or more sender selected options includes a response deadline and a requested number of responses, wherein the requested number of responses is less than or equal to a number of recipients in the plurality of recipients;
transmitting, by the message exchange system, the email message to the plurality of recipients;
subsequent to transmitting the email message to the plurality of recipients, receiving, by the message exchange system, a number of commitment messages from one or more recipients of the plurality of recipients, wherein each of the commitment messages is received from a different recipient of the plurality of recipients and includes an indication that the recipient intends to transmit an email response to the sender prior to the response deadline; and
in response to detecting that the number of received commitment messages is equal to the requested number of responses, transmitting, by the message exchange system, a first alert to a subset of recipients of the plurality of recipients indicating that the subset of recipients do not need to respond to the email message, wherein the subset of recipients comprises recipients of the plurality of recipients who did not transmit a commitment message to the message exchange system.

US Pat. No. 10,715,472

SYSTEM AND METHOD FOR UNIT-OF-ORDER ROUTING

ORACLE INTERNATIONAL CORP...

1. A system for supporting unit-of-order (UOO) messaging in an application server environment, comprising:a cluster having a first member count of cluster members, wherein the cluster is scaled to have a second member count of cluster members;
wherein each cluster member comprises an application server operating on a computer comprising a processor and memory, and wherein each cluster member is connected to each other cluster member by a network;
a path service in the cluster;
wherein the path service creates a first routing table for the cluster which includes routes for UOO which correspond to a value calculated by a modulo operation applied to a hash of a UOO string over the first member count;
wherein the path service creates a second routing table for the scaled cluster which includes routes for UOO which correspond to a value calculated by a modulo operation applied to a hash of a UOO string over the second member count;
wherein when messages in a particular UOO are routed to different members by the path service using the first routing table and the second routing table, the path service operates to pause message consumption at a member of the different members.

US Pat. No. 10,715,471

SYSTEM AND METHOD FOR PROOF-OF-WORK BASED ON HASH MINING FOR REDUCING SPAM ATTACKS

Synchronoss Technologies,...

1. A server providing a proof-of-work challenge based on hash mining for reducing spam attacks comprising:a) at least one processor;
b) at least one input device; and
c) at least one storage device storing processor-executable instructions which, when executed by the at least one processor, perform a method comprising:
receiving an email message from a client device, the email message directed to an email recipient;
determining a level of trustworthiness of the client device;
generating a proof of work challenge message based on the determined trustworthiness of the client device, wherein generating the challenge message comprises:
generating a random token based on the determined trustworthiness of the client device;
generating a signature by performing a hash algorithm on a combination of the random token and a plain text string; and
assembling the challenge message to include an instruction to perform a hash algorithm, the plain text string, the signature, and the hash algorithm to be used to perform the hash;
transmitting the challenge message to the client device;
receiving a response to the challenge message from the client device, the response from the client device comprising a value, and wherein in a correct response, the value is equal to the value of the random token; and
forwarding the email to one or more recipients when the response to the challenge message is correct.

US Pat. No. 10,715,470

COMMUNICATION ACCOUNT CONTACT INGESTION AND AGGREGATION

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:receiving, from a device during a profile setup process, first data representing a first telephone number blocked by a user of the device;
determining the first telephone number is included in at least a threshold number of blocked call lists, each blocked call list of the blocked call lists being associated with at least one respective user profile; and
identifying the first telephone number as a first spam telephone number.

US Pat. No. 10,715,468

FACILITATING TRACKING OF TARGETS AND GENERATING AND COMMUNICATING OF MESSAGES AT COMPUTING DEVICES

INTEL CORPORATION, Santa...

1. An apparatus comprising a processing device to:facilitate seeking of another apparatus, wherein the apparatus is associated with a first user and the other apparatus is associated with a second user;
recognize the other apparatus and select, for engaging in communication, the other apparatus from data obtained by one or more capturing/sensing components;
analyze a command received at the apparatus from the first user to send a message to the other apparatus after recognizing and selecting the other apparatus for engaging in communication;
determine context-related data associated with the second user, wherein the context-related data comprises communication preferences associated with the second user;
generate the message based on the analysis of the command and the context-related data; and
communicate the message from the apparatus to the other apparatus.

US Pat. No. 10,715,467

SUPPORT CHAT PROFILES USING AI

American Express Travel R...

1. A method, comprising:processing, by a chat system, a user chat input;
selecting, by the chat system, a current version of a support chat profile based on the processed user chat input;
generating, by the chat system, an AI chat response based on the processed user chat input and the current version of the support chat profile;
determining, by the chat system, a confidence level of the AI chat response;
generating, by the chat system, a support response, based on the confidence level of the AI chat response being greater than a predetermined level, wherein the support response to comprises the AI chat response;
receiving, by the chat system, an indication of a chat error while providing the support response; and
rolling back, by the chat system, the current version of the support chat profile to a previous version of the support chat profile.

US Pat. No. 10,715,466

SYSTEMS AND METHODS FOR LOCATING APPLICATION-SPECIFIC DATA ON A REMOTE ENDPOINT COMPUTER

MAGNET FORENSICS INC., W...

1. A method for dispatching a message from a local computer system to locate application-specific data on a remote computer system, comprising:(a) receiving a message from a first remote computer system, the message addressed using a name of a second remote computer system;
(b) storing the message in a buffer on the local computer system for subsequent retrieval by the second remote computer system;
(c) receiving a request from the second computer to send a message addressed using the name of the second remote computer system;
(d) sending a corresponding message in the buffer addressed with the name of the second remote computer system to the second remote computer system, the corresponding message corresponding to the request.

US Pat. No. 10,715,464

SYSTEM AND METHOD FOR MONITORING TOOLING ACTIVITIES

PROGRESSIVE COMPONENTS IN...

1. A system for displaying processed data from molds of an owner in presses of a molder, the system comprising:a plurality of monitors controlled by the owner, each of the plurality of monitors configured to mount to a corresponding mold, the each of the plurality of monitors including a processor and an internal memory connected to the processor, wherein the each of the plurality of monitors records data from the corresponding mold and the processor converts the data from input data to output data comprising at least one of operating information of the mold, maintenance information of the mold, performance of the mold, and/or activity of the mold;
the each of the plurality of monitors comprising a transmitter, wherein the transmitter communicates the output data via a wireless transmission by the transmitter; and
a base station in combination with the plurality of monitors, wherein the transmitter of the each of the plurality of monitors communicates the output data via a wireless transmission to the base station, and the base station communicates over a network to a data processor remotely located with respect to the base station and the plurality of monitors, wherein the owner has access to the output data via the data processor.

US Pat. No. 10,715,463

SYSTEM AND METHOD FOR CONTROLLING ACCESS TO RESOURCES IN A MULTICOMPUTER NETWORK

Robert Gelfond, New York...

1. A computer-based network resource manager configured to carry out the steps:a) read in, at a current time, from one or more computer-based instances, one or more requests to transfer program data and/or execution instructions to one or more current physical or virtual computer-based resources for execution during a time step wherein:
i) said time step has a duration of a unit time period;
ii) at least one of said computer-based instances is a deferrable instance;
iii) said deferrable instance is assigned to a first user;
iv) said deferrable instance comprises:
1) a technical specification and performance metric that substantially matches a technical specification and performance metric of an original physical or virtual computer-based resource that was selected by said first user when said deferrable instance was established; and
2) a term equal to said unit time period; and
v) said deferrable instance is configured to:
1) receive from said resource manager a query comprising:
a) a deferral period relative to said current time; and
b) an assignment of an additional deferrable instance to said first user wherein said additional deferrable instance:
 i) has substantially the same technical specification, performance metric and term as said deferrable instance; and
 ii) may only be initiated after said deferral period;
2) accept or reject said query based on said deferral period relative to a deferral threshold; and
3) upon acceptance of said query, defer said request by said deferrable instance to transfer said program data and/or execution instructions to said one or more current physical or virtual computer-based resources until after said deferral period;
b) determine a total relative load of said requests on said one or more current physical or virtual computer-based resources for said time step;
c) when said total relative load is greater than a load threshold, execute the steps:
i) transmit said query to said deferrable instance;
ii) receive from said deferrable instance an acceptance or rejection of said query;
iii) upon receipt of an acceptance of said query, execute the steps:
1) allocate to said first user, said additional deferrable instance; and
2) defer said transfer of said program data and/or execution instructions from said deferrable instance to said one or more current physical or virtual computer-based resources until after said deferral period; or
iv) upon receipt of a rejection of said query, execute the step:
1) transfer said program data and/or execution instructions from said deferrable instance to said one or more current physical or virtual computer-based resources for execution during said time step; and
d) when said total relative load is less than or equal to said load threshold, execute the step:
i) transfer said program data and/or execution instructions from said deferrable instance to said one or more current physical or virtual computer-based resources for execution during said time step.