US Pat. No. 10,341,510

IMAGE FORMING APPARATUS, IMAGE EDITING METHOD AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM FOR FORMING AN IMAGE ON A RECORDING MEDIUM BASED ON AN IMAGE DISPLAYED ON A DISPLAY SECTION

SHARP KABUSHIKI KAISHA, ...

1. An image processing method for processing a display image by using an image forming apparatus including a display screen, and a position detector that detects a position of contact with the display screen, and that forms an image on a recording medium based on the display image displayed on the display screen, the method comprising:displaying on the display screen an image including an object image indicative of an object for an image formation, and a medium image indicative of the recording medium;
changing to an edit mode in response to a contact with the display screen detected by the position detector;
while in the edit mode, modifying magnification of the object image with respect to the medium image, without modifying the medium image, based on contact positions of two points detected by the position detector;
displaying in the medium image on the display screen an area occupied by the object image modified by the modifying;
selecting one recording medium of a plurality of selectable recording mediums based on the contact positions detected by the position detector; and
finishing the edit mode in response to a predetermined operation.

US Pat. No. 10,341,508

INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM

Canon Kabushiki Kaisha, ...

1. An information processing apparatus which lays out a plurality of images, the apparatus comprising:a storage which stores images; and
a processor configured to:
receive a first instruction for creating a new album or a second instruction for re-editing images laid out on an existing album which has been created and ordered;
make a first selection of first images out of the images stored in the storage in a case where the first instruction is received;
make a second selection of second images out of the selected first images which are selected in the first selection;
lay out at least some of the selected second images which are selected in the second selection, on the new album;
delete, from candidates for re-editing the laid out images on the new album which has been ordered, at least some of the images that have not been selected in the first selection such that at least some of the first images that have been selected in the first selection and have not been selected in the second selection remain as the candidates in addition to the selected second images; and
re-edit the laid out images on the new album which has been ordered, by using the candidates from which the at least some of the images have been deleted in a case where the second instruction is received
wherein even if the images laid out on the new album which has been ordered are re-edited and the new album is re-ordered, deletion from the candidates for re-editing the laid out images on the new album is not executed.

US Pat. No. 10,341,506

CALIBRATED PRINT DATA GENERATION BASED ON COLOR CALIBRATION DATA ACCOUNTING FOR BACKLIGHT CHARACTERISTICS

Hewlett-Packard Developme...

1. A printing system comprising:a calibration mechanism to:
receive print data of an image that is to be backlight when the image is displayed;
receive color calibration data that accounts for characteristics of a backlight; and
generate calibrated print data from the print data of the image, based on the color calibration data; and
a printing engine to print the image on a substrate by printing the calibrated print data.

US Pat. No. 10,341,505

CONTROLLER, CALIBRATION CONTROL PROGRAM, AND CALIBRATION CONTROL METHOD

Konica Minolta, Inc., Ch...

1. A controller in a printing system that includes the controller equipped with an image processor that generates image data for printing by rasterizing a print job, and an image forming device equipped with an engine that performs a printing process in accordance with the image data for printing, the controller and the image forming device each performing calibration to adjust an output of the image forming device, the controller comprisinga hardware processor that:
associates first calibration data indicating a result of first calibration performed by the image forming device with second calibration data indicating a result of second calibration performed by the controller in accordance with the first calibration, and stores the first calibration data and the second calibration data into a storage;
when obtaining the first calibration data of the first calibration performed by the image forming device, compares the obtained first calibration data with the stored first calibration data, and determines whether the stored first calibration data includes data equal to the obtained first calibration data; and,
when there is no stored first calibration including data equal to the obtained first calibration data, creates the second calibration data to be associated with the obtained first calibration data by performing the second calibration using the controller and storing the second calibration data, and,
when there is stored first calibration including data equal to the obtained first calibration data, creates the second calibration data to be associated with the obtained first calibration data using the second calibration data stored and associated with the stored first calibration including the data equal to the obtained first calibration data.

US Pat. No. 10,341,504

PHOTO RESPONSE NON-UNIFORMITY SUPPRESSION

Hewlett-Packard Developme...

1. A method for photo response-non-uniformity (PRNU) suppression, comprising:performing a calibration surface PRNU characterization using a scanning system;
performing a document-based PRNU characterization using the scanning system;
determining a correction function for PRNU suppression for the scanning system based on the calibration surface PRNU characterization and the document-based PRNU characterization; and
suppress PRNU regions in an output of the scanning system by adjusting calibration surface PRNU targets according to the calibration surface PRNU characterization and the document based PRNU characterization.

US Pat. No. 10,341,503

REMOTE MAINTENANCE SYSTEM, IMAGE FORMING APPARATUS, EXTERNAL TERMINAL, METHODS OF CONTROLLING THESE, AND STORAGE MEDIUMS

Canon Kabushiki Kaisha, ...

1. A remote maintenance system including an image forming apparatus that executes an image formation, a print server that executes some image processing for the image formation, and an external terminal, whereinthe image forming apparatus comprises:
a memory device that stores a set of instructions;
at least one processor that executes the instructions to:
accept a start of a remote maintenance function for resolving a failure of the image forming apparatus in accordance with an instruction of an operator that uses the external terminal,
obtain, from the print server, device information of the print server which is information that is necessary when the operator analyzes the failure of the image forming apparatus, wherein the device information of the print server indicates setting information that has been set for the print server;
obtain device information of the image forming apparatus, which is information that is necessary when the operator analyzes the failure of the image forming apparatus, wherein the device information of the image forming apparatus indicates setting information that has been set for the image forming apparatus;
generate support data including information of the obtained device information of the print server and the device information of the image forming apparatus, wherein the device information included in the support data includes data for indicating which device information is related to the device information of the print server or the device information of the image forming apparatus; and
transmit the generated support data to the external terminal, and
the external terminal comprises:
a memory device that stores a set of instructions;
at least one processor that executes the instructions to
receive the support data transmitted by the image forming apparatus; and
display the support data received by the external terminal.

US Pat. No. 10,341,502

IMAGE FORMING APPARATUS THAT EXECUTES IMAGE PROCESSING CORRESPONDING TO RESOLUTION

Canon Kabushiki Kaisha, ...

1. An image forming apparatus comprising:a plurality of image forming units configured to form a plurality of images having different colors based on image data;
a first sensor configured to detect a color pattern formed on an intermediate transfer member, the color pattern being used for detecting a color misregistration;
a second sensor configured to measure a measuring image; and
a controller configured to control the plurality of image forming units to form a plurality of color patterns having different colors on the intermediate transfer member, control the first sensor to detect an amount of color misregistration related to a relative position of a color pattern having a reference color among the plurality of color patterns and a color pattern having another color among the plurality of color patterns, determine an offset value for adjusting an image writing start timing of the other color different from the reference color based on the amount of color misregistration detected by the first sensor, control the plurality of image forming units to form the measuring image on the intermediate transfer member, control the second sensor to measure the measuring image, and determine an image forming condition for adjusting densities of images to be formed by the plurality of image forming units based on a measurement result of the second sensor,
wherein:
the controller controls the image forming apparatus based on an image forming mode corresponding to the image data;
the controller controls the plurality of image forming units to form the plurality of color patterns in a case where a first condition is satisfied in a first image forming mode;
the controller controls the plurality of image forming units to form the measuring image in a case where a second condition is satisfied in the first image forming mode;
the controller controls the plurality of image forming units to form the measuring image and the plurality of color patterns in a case where both the first condition and the second condition are satisfied in a second image forming mode;
the controller skips the image formation of the measuring image when the first condition is not satisfied in the second image forming mode irrespective of a state of the second condition; and
the first condition is different from the second condition.

US Pat. No. 10,341,501

MONITORING APPARATUS, MONITORING METHOD, AND RECORDING MEDIUM

Seiko Epson Corporation, ...

13. A method for acquiring, at a monitoring timing, device information which is a target of collection from a device, the monitoring method comprising:acquiring from the device, status information that includes information representing a power supply state of the device; and
setting a monitoring interval which is an interval of the monitoring timing in accordance with the power supply state denoted by the status information which has been acquired,
wherein in the setting of the monitoring interval, a setting of the monitoring interval is made longer than a current setting when the power supply state denoted by the status information which has been acquired corresponds to a sleep mode, and
in the setting of the monitoring interval, the setting of the monitoring interval is not made longer than the current setting when the setting of the monitoring interval reaches an upper limit.

US Pat. No. 10,341,500

INFORMATION PROCESSING APPARATUS AND IMAGE READING APPARATUS

Canon Kabushiki Kaisha, ...

1. An information processing apparatus, comprising:a first processor;
a non-volatile memory configured to store control programs; and
a volatile memory having a faster read speed than a read speed of the non-volatile memory, and being configured to store a first program, a second program, and a third program,
wherein the first processor is configured to:
in a first activation processing mode,
transfer the first program from the non-volatile memory to the volatile memory;
transfer the second program from the non-volatile memory to the volatile memory based on the first program stored in the volatile memory; and
perform, in parallel, execution of first processing based on the second program stored in the volatile memory and transfer of the third program from the non-volatile memory to the volatile memory, and
in a second activation processing mode,
transfer the first program from the non-volatile memory to the volatile memory;
transfer the third program from the non-volatile memory to the volatile memory based on the first program stored in the volatile memory; and
perform, in parallel, execution of second processing based on the third program stored in the volatile memory and transfer of the second program from the non-volatile memory to the volatile memory,
wherein the first processor is configured to communicate to and from a controller,
wherein, in the first activation processing mode, the information processing apparatus is activated from a state in which power is being supplied to a second processor of the controller, and
wherein, in the second activation processing mode, the information processing apparatus is activated from a state in which power is not being supplied to the second processor of the controller.

US Pat. No. 10,341,499

COMMUNICATION TERMINAL DEVICE, INCOMING CALL CONTROL METHOD, AND PROGRAM

NTT DOCOMO, INC., Tokyo ...

1. A mobile communication terminal device comprising:a speaker;
a microphone;
an answering unit that responds to an incoming voice call;
a measurement unit that measures an orientation or a displacement of the communication terminal device;
a proximity detection unit that detects when a head area of a user is close to the communication terminal device; and
an operation detection unit that detects a predetermined operation being made by the user using the communication terminal device,
wherein the answering unit responds to the incoming call in the case where, after an orientation of the mobile communication terminal has changed from a first orientation occurring when the incoming call was received to a second orientation in which the speaker and the microphone are positioned corresponding to an ear and a mouth of the user, respectively, the head area is detected as being close to the communication device;
the mobile communication terminal device further comprising a call termination control unit that terminates the voice call in the case where the head area is no longer detected as being close to the communication terminal device and an orientation of the mobile communication terminal which is substantively same as the first orientation is again detected.

US Pat. No. 10,341,498

LATE STAGE CALL SETUP MANAGEMENT IN PREPAID TELEPHONY

1. A method, comprising:receiving, by a mobile switching center (MSC) of a telephone network, during an originating call setup phase of a call, a telephony call setup request from a first user device;
wherein the telephony call setup request identifies a telephone number associated with a second user device;
wherein the first user device is associated with a user account having an insufficient account credit value that is insufficient to complete a terminating call setup phase of the call;
initiating, by the MSC of the telephone network, a network dialog with a service control point (SCP) whereby, based on the insufficient account credit value, the SCP instructs the MSC to set a maximum call duration timer to a value that is less than or equal to 1 second;
setting, by the MSC of the telephone network, the maximum call duration timer to the value that is less than or equal to 1 second;
continuing, by the MSC of the telephone network, after the setting of the maximum call duration timer, to progress the call through the terminating call setup phase toward the second user device;
activating, by the MSC of the telephone network, the maximum call duration timer upon encountering a chargeable event during the terminating call setup phase of the call;
presenting, by the MSC of the telephone network, a Ring Back Tone to the first user device;
wherein the Ring Back Tone is presented to the first user device before the maximum call duration timer expires;
receiving, by the MSC of the telephone network, a confirmation that the second user device is ringing;
notifying, by the MSC of the telephone network, the SCP that the second user device is ringing; and
releasing, by the SCP, the call in response to being notified that the second user device is ringing and after the maximum call duration timer expires.

US Pat. No. 10,341,497

AUTOMATIC CONFIGURATION OF COMMUNICATION APP ON USER DEVICE UPON ARRIVAL AT HOSPITALITY ESTABLISHMENT

Bullhead Innovations Ltd....

1. An association server in a communication system, the association server comprising:a communication port;
a storage device storing a plurality of software instructions; and
one or more processors coupled to the communication port and the storage device;
wherein, by the one or more processors executing the software instructions loaded from the storage device, the one or more processors are thereby configured to:
receive a device identifier of a user device;
search a device-to-token database in order to determine whether the device identifier is currently associated with any device communication token; and
in response to determining that the device identifier is associated with a device communication token, create a communication account for the user device on a communication server, and send a login credential for the communication account to the user device in a message transmitted via a message server, the message being addressed by the device communication token to a predetermined application installed on the user device;
wherein the communication server is a session initiation protocol (SIP) server providing SIP phone services;
the predetermined application on the user device is a SIP client allowing a user of the user device to place phone calls via the communication server;
the predetermined application on the user device receives the message from the message server, and thereafter automatically logs in to the communication server according to the login credential included in the message;
when creating the communication account for the user device on the communication server, the one or more processors are further configured to associate a temporary phone extension with the communication account;
the communication server notifies the predetermined application on the user device when an incoming phone call is directed to the temporary phone extension; and
the predetermined application on the user device further allows the user to receive the incoming phone call directed to the temporary phone extension.

US Pat. No. 10,341,496

POLICY CONTROL METHOD AND SYSTEM, AND RELEVANT APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A method for implementing a service data flow control in a telecommunication system, comprisingreceiving, by a policy decision apparatus, a control policy request sent from a gateway device, wherein the control policy request carries a subscriber identifier;
sending, by the policy decision apparatus, a session request message to a charging system, wherein the session request message carries the subscriber identifier;
sending, by the charging system, according to the session request message, to the policy decision apparatus, a response message to the session request message to indicate that a session between the policy decision apparatus and the charging system has been established;
monitoring, by the charging system, occurrence of a non-subscribed charging relevant event, wherein the non-subscribed charging relevant event has not been subscribed to by the policy decision apparatus;
sending, by the charging system, a notification message to the policy decision apparatus through the established session in case of the occurrence of the non-subscribed charging relevant event, wherein the notification message carries information about the occurred non-subscribed charging relevant event;
generating, by the policy decision apparatus, a control policy according to the notification message from the charging system; and
sending, by the policy decision apparatus, the control policy to the gateway device in response to the control policy request.

US Pat. No. 10,341,495

METHOD, APPARATUS, AND COMPUTER-READABLE MEDIUM FOR AIDING EMERGENCY RESPONSE

Bryx, Inc., Rochester, N...

1. A method of aiding emergency response, the method comprising:(a) receiving, by a processor, a plurality of data corresponding to a geographic location from a plurality of data sources;
(b) aggregating, by the processor, the plurality of data;
(c) determining, by the processor, a first profile and a second profile based on the aggregated plurality of data; and
(d) transmitting, by the processor, the first profile to a plurality of user equipments and the second profile to at least one user equipment, wherein the at least one user equipment is different from the plurality of user equipments, wherein the second profile comprises availability information, ability information, and location information of each user of the plurality of user equipments and wherein the second profile further comprises traffic navigation information, medical information, predictive information, and geographic proximity information for an incident and the plurality of user equipments corresponding to the geographic location.

US Pat. No. 10,341,494

EMERGENCY RESPONSE DATA MANAGEMENT

RAVE WIRLESS, INC., Fram...

1. A method comprising, in advance of an emergency call being made by an individual call-source, receiving, from a facilities manager, a request to establish an account on a corporate 9-1-1 platform via a shared communications network, in advance of said emergency call, causing said corporate 9-1-1 platform to receive information from said facilities manager through said account, wherein said facilities manager differs from said individual call-source and has used said shared communications network to access said account, wherein said facilities manager has provided said information, which comprises emergency-response information concerning said facility, to said corporate 9-1-1 platform through said account, validating said information, maintaining said validated information at said corporate 9-1-1 platform, and in response to said emergency call being made, causing said corporate 9-1-1 platform to make said validated information available to at least one of an emergency operator and a first responder.

US Pat. No. 10,341,492

METHOD, DEVICE, AND SYSTEM TO NOTIFY A CALL TRANSFER EVENT FROM A FIRST DEVICE TO A SECOND DEVICE

APPLE INC., Cupertino, C...

1. A method, comprising:at a first station;
receiving a first call identification of a first communication session between the first station and a second station;
receiving a request, from a third station, to allow the first communication session to be transferred from the first station to the third station;
performing a proximity check between the first station and the third station;
when the proximity check indicates that the first station and the third station are outside of a predetermined proximity of each other, displaying a prompt on the first station for permission to allow the first communication session to be transferred to the third station; and
when the permission is received, transmitting a response, to the third station, granting permission to transfer the first communication session from the first station to the third station.

US Pat. No. 10,341,491

IDENTIFYING UNREPORTED ISSUES THROUGH CUSTOMER SERVICE INTERACTIONS AND WEBSITE ANALYTICS

CAPITAL ONE SERVICES, LLC...

1. An apparatus, comprising:a processor circuit; and
a memory storing instructions which when executed by the processor circuit, cause the processor circuit to:
receive communication data comprising recordings of communications between a customer service professional (CSP) and a user;
analyze the communication data using a natural language processing (NLP) algorithm to identify a plurality of concepts in the communication data;
identify, based at least in part on the plurality of concepts, a target application associated with the communications between the CSP and the user;
receive analytics data from a web server hosting the target application;
identify, based at least in part on the plurality of concepts and the received analytics data, a feature of the target application hosted by the web server that is not functioning;
determine a number of instances of the target application where the feature is not functioning based on the received analytics data;
assign a priority to the feature of the target application that is not functioning based at least in part on a type of the feature, the determined number of instances of the target application where the feature is not functioning, and the received analytics data, wherein the priority is a first priority value of a plurality of priority values; and
generate a service issue record specifying the feature of the target application that is not functioning and the assigned priority, the service issue record to facilitate an analysis of a source code of the target application.

US Pat. No. 10,341,490

REAL-TIME COMMUNICATIONS-BASED INTERNET ADVERTISING

Ooma, Inc., Sunnyvale, C...

1. A computer-implemented method for Internet advertising comprising:providing an advertisement of a plurality of advertisements including a first identifier to a website of a plurality of websites, the advertisement to be displayed on the website;
receiving a communications session initiated by an end customer using the first identifier, the communications session including a second identifier associated with the end customer;
retrieving a record associated with the end customer using the second identifier;
selecting a promotional offer using the record;
providing a customized message to the end customer using the communications session, the customized message including the promotional offer and a request for an indication of interest in the promotional offer;
storing data associated with communications session;
removing the advertisement from the website; and
re-assigning the first identifier to another advertisement of the plurality of advertisements when a number of calls received at the first identifier since the removing the advertisement is below a predetermined threshold.

US Pat. No. 10,341,489

AGENT APPLICATION AND INTEGRATED CALL PROCESSING PLATFORM

West Corporation, Omaha,...

1. A method comprising:receiving a plurality of calls, including a plurality of messages, for customer service support from a corresponding plurality of customer devices at a call server, wherein the plurality of messages comprise customer information and customer request information;
prioritizing an order of the plurality of calls based on a parsed content from the customer request information, wherein the prioritizing of the order comprises prioritizing according to an agent preference for certain terms in the plurality of messages;
assigning the plurality of calls to a corresponding plurality of agent devices; and
modifying the order of the plurality of calls based on changes to at least one of the customer status and agent availability.

US Pat. No. 10,341,487

SYSTEM AND METHOD TO AUTHENTICATE CONTACT CENTER AGENTS BY A REVERSE AUTHENTICATION PROCEDURE

Avaya Inc., Santa Clara,...

1. A computer-implemented method to verify authenticity of an agent placing a call from a contact center associated with an enterprise network to a registered user of the enterprise network, the method comprising:automatically fetching, by a server of the contact center, following receipt of the call by the registered user, a pre-recorded authentication message associated with the registered user;
playing, by a server of the contact center, the pre-recorded authentication message to the registered user;
receiving, by the server of the contact center, a verification from the registered user about authenticity of the pre-recorded authentication message; and
starting, by the server of the contact center, an authenticated communication session between the registered user and the agent from the contact center.

US Pat. No. 10,341,486

USER CONFIGURABLE SERVICES IN A WIRELESS COMMUNICATION NETWORK

T-Mobile USA, Inc., Bell...

1. A method comprising:receiving, by an Internet Protocol (IP) Multimedia Subsystem (IMS) node, a service profile associated with a telecommunication services subscriber responsive to IMS registration of the telecommunication services subscriber, the service profile including a preference for handling incoming calls received during a predetermined time of day and directed to the telecommunication services subscriber from a predetermined calling party;
receiving, by the IMS node, notification of an incoming call received during the predetermined time of day and directed to the telecommunication services subscriber from the predetermined calling party; and
responsive to the notification, utilizing, by the IMS node, service logic to perform an action with respect to the incoming call based on the preference,
wherein the action comprises sending a short message service (SMS) to the predetermined calling party associated with the incoming call and blocking the incoming call.

US Pat. No. 10,341,485

CALLER IDENTITY AND AUTHENTICATION SERVICE

FMR LLC, Boston, MA (US)...

1. A computerized method for authenticating the identity of a caller, the method comprising:receiving, by a mobile computing device, via a wireless communications network, an incoming call setup request initiated by a phone system of a caller; and
executing, by the mobile computing device, an identity service application upon receipt of the incoming call setup request, the call comprising a plurality of data packets, wherein the identity service application is configured to cause the mobile computing device to:
extract a caller identifier from the plurality of data packets, the caller identifier comprising one or more bits at a first predetermined position within the plurality of data packets;
forward the caller identifier to an identity service computing device via a data communications network, the identity service computing device configured to determine an identity status of the caller;
receive, from the identity service computing device, via the data communications network, an authentication token and the identity status of the caller;
inserting one or more bits at a second predetermined position within the plurality of data packets of the call with the authentication token upon acceptance of the incoming call setup request by a user of the mobile computing device;
display, on the display device of the mobile computing device a first key generated based on the authentication token, the first key comprising a plurality of alphanumeric characters;
prompt the user of the mobile computing device to request the caller to verify a second key displayed on a display device of the phone system of the caller, the second key generated based on the authentication token extracted by the phone system of the caller from the second predetermined position within the plurality of data packets of the call; and
display, on a display device of the mobile computing device, the identity status of the caller.

US Pat. No. 10,341,484

MULTIFUNCTION WIRELESS DEVICE

1. A controlled environment communications system for providing communication services to a plurality of users within a controlled environment facility, the controlled environment communications system comprising:an Internet server configured to operate a virtual Internet that is an abridged version of the Internet and that is constructed from Internet data, the Internet server having a device interface configured to receive an Internet request from a user device, and to provide Internet data to the user device in response to the Internet request, the user device being associated with a specific user from among the plurality of users;
a network interface configured to access the Internet to obtain the Internet data; and
one or more processors and/or circuits configured to filter the Internet data based on at least one of a first filter that is globally applied to all users and a second filter that is applicable to the specific user associated with the user device.

US Pat. No. 10,341,483

METHOD AND MOBILE TRANSCEIVER PROVIDING CONTAINER SECURITY

BlackBerry Limited, Wate...

1. A method of operating a mobile transceiver, the method comprising:providing a mobile transceiver mounted at least partially to an interior of a shipping container, the shipping container having two doors located at one end thereof in a side-by-side arrangement, wherein a radioactive emitter is located in a mating edge of one of the two doors and a radiation detector is located in a mating edge of the other of the two doors, wherein the radioactive emitter and radiation detector are aligned with each other in response to the doors of the shipping container being closed, wherein the mobile transceiver is located on the same door as the radiation detector, the mobile transceiver comprising a processor, a memory, a wireless transceiver, a satellite receiver, the radiation detector, and a non-rechargeable battery coupled to the processor, memory, wireless transceiver, satellite receiver and radiation detector for exclusively powering the processor, memory, wireless transceiver, satellite receiver and radiation detector, the radioactive emitter being provided by a fastener formed at least partially from a radioactive alloy;
detecting, by the radiation detector, radiation emitted from the radioactive emitter, wherein the radiation detector and the radioactive emitter are arranged such that a substantially constant rate of radiation from the radioactive emitter is detected in response to the doors of the shipping container being closed;
in response to the detected radiation being within a tolerance of the substantially constant rate in response to the doors being closed,
updating an asset tracking log stored in the memory by adding a record representing a door close event;
in response to the detected radiation being outside of the tolerance of the substantially constant rate in response to at least one of the door being at least partially open,
waking up the processor and satellite receiver from a low power mode,
determining, via the satellite receiver, a location of the mobile transceiver, and
at least one of updating the asset tracking log stored in the memory by adding a record, which record stores the determined location and a time associated with the determined location, representing a door open event, or sending, by the wireless transceiver, a notification message to an asset tracking service.

US Pat. No. 10,341,482

ATTACHMENT DEVICE AND METHOD FOR CONTROLLING ELECTRONIC DEVICE THEREOF

Samsung Electronics Co., ...

1. A method for controlling an electronic device in an attachment device, the method comprising:receiving and storing mapping information in which data configured in a first communication format in relation to one function of the electronic device to which the attachment device is attached and data configured in a second communication format in relation to the one function of the electronic device are mapped;
receiving the data configured in the first communication format from a user terminal or a hub which is communicably connected with the attachment device;
acquiring the data configured in the second communication format corresponding to the data configured in the first communication format based on the stored mapping information; and
transmitting the data configured in the second communication format to the electronic device to which the attachment device is attached to control the one function of the electronic device to be performed based on surrounding environment information of the attachment device,
wherein the transmitting of the data configured in the second communication format to the electronic device comprises:
identifying whether an operation state of the electronic device corresponds to the data configured in the second communication format, and
transmitting the data configured in the second communication format to the electronic device based on a result of the identification.

US Pat. No. 10,341,481

BLUETOOTH APPARATUS OF VEHICLE AND METHOD AND APPARATUS FOR MANAGING COMMUNICATION CONNECTION OF VEHICLE

HYUNDAI MOTOR COMPANY, S...

1. A Bluetooth apparatus for a vehicle, which is configured to control a connection between a plurality of Bluetooth profiles, which includes a first Bluetooth profile and a second Bluetooth profile, and a terminal of a user based on whether a driver's seat is occupied by the user or based on whether the driver's seat is occupied by the user and whether the terminal of the user is located in the vehicle,wherein, when the driver's seat is not occupied, the first Bluetooth profile or the second Bluetooth profile is connected to the terminal based on whether the terminal of the user is located in the vehicle, and
when the driver's seat is not occupied and the terminal is located in the vehicle, the first Bluetooth profile is not connected to the terminal while the second Bluetooth profile is connected to the terminal.

US Pat. No. 10,341,478

HANDHELD WRITING IMPLEMENT FORM FACTOR MOBILE DEVICE

ESSENTIAL PRODUCTS, INC.,...

1. A method comprising:receiving a user input by a handheld device having a display, a non-display surface the handheld device formed in a shape of a handheld writing implement having an elongated dimension at least half of whose length is occupied by the display, a chassis of the handheld device opposite the display formed into a plurality of angled surfaces, the chassis of the handheld device to enable viewing of the display in an inclined position;
determining an environment cue proximate to the handheld device, and a physical property of the handheld device, the environment cue comprising an amount of ambient light proximate to the handheld device, and the physical property comprising a velocity of the handheld device and an acceleration of the handheld device; and
interpreting the user input based on the environment cue proximate to the handheld device and the physical property of the handheld device.

US Pat. No. 10,341,477

MOBILE TERMINAL

LG ELECTRONICS INC., Seo...

1. A mobile terminal comprising:a body;
a printed circuit board comprising a ground;
a port located at the body, wherein the port is configured to accommodate insertion of an external input terminal and is connected with the ground;
a metallic member disposed at an exterior of the body and comprising a slit;
a feeding portion electrically connected with a first point of the metallic member and configured to supply power to the metallic member;
a first ground line electrically connected with the ground and electrically connected with the metallic member at a second point of the metallic member, wherein the second point is located between the first point and the slit; and
a second ground line configured to be electrically connected with a third point of the metallic member or a fourth point of the first ground line,
wherein the second ground line contacts the external input terminal and is grounded via the port and the external input terminal when the external input terminal is inserted into the port, and
wherein the second ground line is not grounded when the external input terminal is not inserted into the port.

US Pat. No. 10,341,475

DISPLAY UNIT, METHOD OF MANUFACTURING THE SAME, AND ELECTRONIC APPARATUS

Sony Corporation, Tokyo ...

1. A display unit comprising:a display layer including a pixel electrode;
a semiconductor layer provided in a layer below the display layer, the semiconductor layer including a wiring layer; and
a terminal section configured to electrically connect the semiconductor layer to an external circuit, the terminal section including a first electrically-conductive layer and a protective layer,
wherein the wiring layer and the first electrically-conductive layer each have a laminated structure including a first Ti layer, an Al layer, and a second Ti layer in order,
wherein the pixel electrode has a configuration in which a first pixel electrode layer including indium tin oxide (ITO) and a second pixel electrode layer including aluminum (Al) or an aluminum alloy are laminated, the second pixel electrode layer contacting the wiring layer, and
wherein the protective layer, in a cross-sectional view, covers a part of a top surface and side surfaces of the first electrically-conductive layer without covering top surfaces or side surfaces of the wiring layer.

US Pat. No. 10,341,474

MOBILE DEVICE

KYOCERA Corporation, Kyo...

1. A mobile device, comprising:a display;
a battery disposed on a back side of the display;
a film speaker disposed on a back side of the battery;
a speaker holder that retains the film speaker on the back side of the battery,
wherein the speaker holder retains the film speaker inside the speaker holder and comprises a rib higher than a thickness of the film speaker, an upper end face of the rib facing the battery.

US Pat. No. 10,341,471

PACKET ANALYSIS APPARATUS, METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM THEREOF

ONWARD SECURITY CORPORATI...

1. A packet analysis apparatus, comprising:a storage unit, storing a plurality of packets, wherein a format of each of the packets is unknown; and
a processing unit, being electrically connected to the storage unit and configured to calculate a plurality of cross-correlation values of the packets and decide at least one group according to the cross-correlation values and at least one first threshold, each of the at least one group including a subset of the packets,
wherein the packets included in a specific group among the at least one group define a plurality of bit positions, each of the packets included in the specific group comprises a plurality of bits, and the processing unit calculates a variation degree of the bits corresponding to each of the bit positions and selects the at least one bit position whose corresponding variation degree(s) is/are smaller than a second threshold as at least one field boundary of the specific group,
wherein the processing unit further generates a first vector for a specific packet among the packets, the first vector comprises a plurality of bits, the processing unit further generates a plurality of second vectors by circularly shifting the first vector by a plurality of different shift bit numbers, the processing unit further generates a plurality of third vectors by performing the modulo 2 addition on the first vector and each of the second vectors, each of the third vectors comprises a plurality of bits, the processing unit further calculates an accumulated number of the bits whose value is equal to 1 for each of the third vectors, and the processing unit further selects the shift bit number whose corresponding accumulated number is the minimum among the accumulated numbers and is smaller than a count threshold as a periodical property of the specific packet.

US Pat. No. 10,341,470

MODIFIED ETHERNET PREAMBLE FOR INTER LINE CARD COMMUNICATIONS IN A MODULAR COMMUNICATION CHASSIS

Accedian Networks Inc., ...

13. A method for redefining a standard Ethernet preamble of Ethernet frame to create an inter-line-card header used for switching said Ethernet frame across an Ethernet backplane of a communication chassis, within an Ethernet preamble of the Ethernet frame, said method comprisingmodifying an Ethernet preamble comprised in the Ethernet frame to include an inter-line-card header that comprises at least one information element;
preserving said inter-line-card header, inside of said modified Ethernet preamble, in a Media Access Control (MAC) sub-layer in said Ethernet frame; and
wherein said inter-line-card header further includes an action and action parameters.

US Pat. No. 10,341,467

NETWORK UTILIZATION IMPROVEMENT BY DATA REDUCTION BASED MIGRATION PRIORITIZATION

INTERNATIONAL BUSINESS MA...

1. A method for data transfer, comprising:adding a plurality of data chunks to a priority queue in an order based on utilization priority;
determining a reducibility score for the plurality of data chunks;
performing a data reduction operation on a data chunk having a highest reducibility in the priority queue using a processor; and
moving the data chunk having the lowest reducibility score from the priority queue to a transfer queue for transmission.

US Pat. No. 10,341,466

EVOLVED DATA COMPRESSION SCHEME SIGNALING

Qualcomm Incorporated, S...

1. A method of communication at a wireless device, comprising:receiving, from a first device, a compression capability request requesting an indication of a capability of the wireless device for compressing a payload of a wireless data transmission;
identifying, by the wireless device, a compression capability parameter based on the compression capability request and the capability of the wireless device, wherein the compression capability parameter is one of uplink algorithm information, downlink algorithm information, a compression rate supported by the wireless device, a compressor context memory size, or a prefill configuration for a compressor context memory;
transmitting, to the first device and in response to the compression capability request, a compression capability response that includes a header that conveys the compression capability parameter, the compression capability response indicating one or more capabilities of the wireless device and allowing the first device to select a compression configuration based at least in part on the compression capability parameter; and
receiving, from the first device, a compression configuration request based at least in part on the compression capability response, the compression configuration request indicating a compression context identity (ID) that is saved across a plurality of radio resource control (RRC) connections.

US Pat. No. 10,341,465

POLICY DRIVEN FLIGHT MANAGEMENT

Microsoft Technology Lice...

1. A method to provide policy driven flight management, the method comprising:receiving a flight request associated with a feature of a hosted service; and
in response to receiving the flight request:
retrieving a policy associated with a rollout of the feature from a policy store, wherein the policy includes a rule associated with a property for the rollout that defines at least a current deployment environment and a next deployment environment for the rollout and criteria for when deployment of the feature is initiated in the next deployment environment;
determining a flight state;
determining a deployment state of the feature;
initiating or continuing a deployment of the feature in the current deployment environment based on the policy, the flight state, and the deployment state of the feature;
testing a success of the rollout of the feature in the current deployment environment, wherein the current deployment environment is a low risk environment consisting of fewer users relative to the next deployment environment;
based on the test, updating the feature to improve or resolve issues associated with the rollout of the feature prior to the feature being deployed in the next deployment environment;
in response to determining the criteria for when deployment of the feature is initiated in the next deployment environment is met, initiating deployment of the updated feature in the next deployment environment.

US Pat. No. 10,341,464

MOBILE TERMINAL AND CONTROL METHOD THEREFOR

LG ELECTRONICS INC., Seo...

1. A mobile terminal, comprising:a memory configured to store a plurality of applications performing synchronization by waking up in a predetermined alarm period; and
a controller operably coupled to the memory and comprising:
a data scheduler configured to control the predetermined alarm period by determining an alarm time for waking each application up according to a predetermined condition; and
an alarm service module configured to:
wake each application up at the alarm time determined by the data scheduler;
receive a first signal for requesting a specific alarm for wakeup from a first application among the plurality of the applications; and
transmit a second signal including information on the specific alarm to the data scheduler in response to the received first signal,
wherein the data scheduler is further configured to:
determine an alarm time for waking the first application up based on the information on the specific alarm when the specific alarm relates to data communication for transceiving a packet with a server; and
transmit the determined alarm time for waking the first application up to the alarm service module,
wherein:
the alarm service module is further configured to wake each of the plurality of the applications up at a period of an integer multiple of a predetermined base period (BP);
the data scheduler is further configured to classify each of the plurality of applications into an application belonging to a class among class N (N=0, 1, 2, . . . ) based on the predetermined base period and the predetermined alarm period of a respectively corresponding application; and
class (N) of each application is determined by the following equation 1:
(N?0.5)*BP

US Pat. No. 10,341,463

SYSTEM AND METHOD FOR MESSAGE QUEUE CONFIGURATION IN A NETWORK

International Business Ma...

1. A method for debugging and attending to a problem in a message queuing system in a computer network, the method comprising:creating, by a central server, a connection matrix of interconnected message queue managers within the message queuing system, each message queue manager managing one or more message queues, each message queue manager being connected to one or more different message queue managers in the matrix via respective connections, each connection being an interface that uses one or more channels for connecting between respective message queue managers;
storing into a database, by the central server of the network, message queuing system configuration data of objects including the message queue managers, the message queues, channels and interfaces;
determining, by the central server, a critical level of each connection, wherein a highest critical level designation is for a connection whose failure would shut down the message queuing system, and wherein a lowest critical level designation is for a connection whose failure would have a minimal or negligible effect on the message queuing system;
determining, by the central server, criticality levels of different combinations of message queuing system configuration data based upon business criteria;
periodically gathering, by the central server, information from the message queuing system, including current message queuing configuration data, current message queuing usage values and current server usage values, followed by storing, by the central server, the gathered information on the database of the central server;
periodically analyzing, by the central server, a current message queuing system configuration by comparing the current message queuing configuration data, current message queuing usage values and current server usage values with historical data from the database;
providing suggestions, by the central server, of different configurations for the current message queuing system based upon the analysis and comparison of configuration and usage data;
prioritizing, by the central server, the suggested different configurations of the current message queuing system based upon the criticality levels of the suggested different configurations;
updating, by the central server, the current message queuing system configuration from a prioritized list of the suggested different configurations with a highest criticality level at a top of the list, and applying the suggested configuration with the highest criticality level, wherein the highest criticality level signifies an object requiring first attention when a problem is identified in the message queuing system; and
debugging, by the central server, the problem according to the prioritized list and attending to the problem requiring first attention as identified by the highest criticality level.

US Pat. No. 10,341,462

BUILDING A MULTI-TENANT PORTAL APPLICATION

International Business Ma...

1. A method for providing software-as-a-service to a plurality of clients, the method comprisingselecting a first virtual portal;
determining a score for a first resource to generate a first scored resource;
determining a set of scored resources;
visually rendering the first virtual portal and a set of portal resources;
visually rendering the set of scored resources;
selecting the first scored resource from the set of scored resources to be associated with the first virtual portal by updating a resource association matrix with an identifier of the scored resource;
wherein:
the first resource is accessible via the first virtual portal from a portal server;
the set of portal resources are associated with the first virtual portal by the resource association matrix;
the score is selected to represent a usefulness factor of the first resource;
each scored resource of the set of scored resources is selected to be different than each portal resource of the set of portal resources associated with the first virtual portal by the resource association matrix; and
the score for the first resource is determined based on a function F, where: sry=F (svpx, srfbz, ury, rry), and wherein:
sry=the score of the first resource,
svpx=the portal score value for the first portal,
srfbz=the feedback score value for the first resource,
ury=the usage metric value for the first resource, and
rry=the reference metric value for the first resource.

US Pat. No. 10,341,461

SYSTEM AND METHOD FOR AUTOMATICALLY RECREATING PERSONAL MEDIA THROUGH FUSION OF MULTIMODAL FEATURES

Electronics and Telecommu...

1. A system for automatically recreating personal media through fusion of multimodal features, the system comprising:one or more processors that process computer executable program code embodied in non-transitory computer readable storage media, the computer executable program code comprising:
multimodal fusion analyzer program code that analyzes semantics of personal media having various forms based on a plurality of modalities, and divides the personal media into media fragments which are smallest units having semantics;
semantic-based intelligent retriever program code that stores and retrieves the divided media fragments by considering the semantics;
personal media recommender program code that learns and analyzes a profile of a user through modeling the user, and selects and recommends a plurality of media fragments wanted by the user among the media fragments retrieved by the semantic-based intelligent retriever; and
personal media creator program code that creates new personal media using the plurality of media fragments recommended by the personal media recommender according to a scenario input by the user,
wherein the personal media recommender program code further comprises program code that generates a preference model by considering relational features of media, a situation, space and time, an individual, and social network service and that performs media preference learning by multidimensionally analyzing multiple association rules and association intensities through an analysis of correlations between preferences based on the generated preference model.

US Pat. No. 10,341,460

METHODS AND SYSTEMS FOR FAST ACCOUNT SETUP

Apple Inc., Cupertino, C...

1. A non-transitory machine readable medium containing executable instructions which when executed by a data processing system cause the data processing system to perform a method for account setup, the method comprising:updating, on a server, a first account information associated with a first client device of a user in response to the first client device adding an account;
sending, in response to updating the first account information on the server, a push notification to a second client device of the user indicating that the account may be new to the second client device; and
providing to the second client device, in response to a query from the second client device responsive to the push notification, account proxy information to allow an account proxy to be set up on the second client device, wherein the account proxy can be enabled to add the account to the second client device.

US Pat. No. 10,341,459

PERSONALIZED CONTENT AND SERVICES BASED ON PROFILE INFORMATION

INTERNATIONAL BUSINESS MA...

1. A system implemented in a computer infrastructure including a processor configured to:receive, by the processor, dimensionally aware linkages in at least two dimensions including a time period and a location on a geospatial map;
retrieve, by the processor, aggregated data from a data set of mobile data, social media data, Internet data, private network data, and cloud computing data;
identify, by the processor, at least one affinity cluster related to the dimensionally aware linkages in the at least two dimensions and the retrieved aggregated data by performing at least one lookup linkage which matches at least one dimension of the at least two dimensions of the dimensionally aware linkages with the retrieved aggregated data; and
provide, by the processor, personalized content dynamically and in real-time with a high level of confidence to a user having same or similar user preferences as the received dimensionally aware linkages based on the identified at least one affinity cluster,
wherein the dimensionally aware linkages associate the time period and the location together to form linkages in the at least two dimensions,
the processor comprises a profile crawler which is configured to self-learn based on behavioral patterns, the received dimensionally aware linkages, and the at least one affinity cluster, and
the processor is further configured to:
increase a confidence level of the identified at least one affinity cluster for providing the personalized content in response to a number of matches of the at least one dimension of the dimensionally aware linkages exceeding a predetermined threshold,
decrease the confidence level of the identified at least one affinity cluster for providing the personalized content in response to the number of matches of the at least one dimension of the dimensionally aware linkages not exceeding the predetermined threshold,
broaden a first dimension of the dimensionally aware linkages in response to a number of matches of the first dimension of the dimensionally aware linkages not exceeding a first predetermined threshold and reevaluating the broader first dimension to identify a first affinity cluster, and
broaden a second dimension of the dimensionally aware linkages in response to a number of matches of the second dimension of the dimensionally aware linkages not exceeding a second predetermined threshold and reevaluating the broader second dimension to identify a second affinity cluster.

US Pat. No. 10,341,458

PREDICTING A SUB-SET OF RESOURCES TO BE MIGRATED TO A NEW LOCATION BASED ON A MOBILE DEVICE'S INTERACTIONS WITH RESOURCES AT A FIRST LOCATION AND A PREDICTED PERIOD OF TIME THE MOBILE DEVICE IS TO BE IN THE NEW LOCATION

EMC IP Holding Company LL...

1. A computer implemented method for use in migration of resources for a mobile device across a cloud, the method comprising:observing a mobile device's interaction, in a first location associated with a first data center, with a set of resources; wherein the set of resources include mobile data, data service, and processing capability;
recording the mobile device's interaction in a log on the user device;
creating a usage profile using the log for the set of resources based on the mobile device's interactions, in the first location, with the resources; wherein the resources are ranked by the type and frequency of interactions with the mobile device; wherein the usage profile includes a prediction of a sub-set of the set of resources will be used at a second location associated with a second data center; wherein the usage profile dictates that the sub-set of the set of resources are to be migrated to a new location when the mobile device moves to the second location; wherein the usage profile includes information about what resources may be left behind and not transferred to the second location; wherein the usage profile includes information about the time frames when a user accesses a specific location; wherein the usage profile includes information when the mobile device is predicted to be in a particular new location for a period of time where the user profile dictates that not all of the set of resources should be transferred to the particular new location based on the period of time; and
sharing the log between the mobile device and the first and second data centers in an eventually consistent manner.

US Pat. No. 10,341,457

CACHING SYSTEM

Google LLC, Mountain Vie...

1. A method, comprising:pre-loading, by a first application executing at a client device and from a remote system, a digital component;
requesting, by a second application executing at the client device, an online resource, wherein the second application prevents requested online resources from requesting content from other applications;
intercepting, by a request intercept module executing at the client device, a network call generated by execution of a digital component tag of the online resource that requests content from the remote system;
determining, by the request intercept module, that information in the network call matches a registered network reference scheme identifying the first application as an approved source of content;
routing, by the second application, the digital component tag to the first application rather than the remote system based on the determination that the information in the network call matches the registered network reference scheme;
providing, by the first application, the digital component to the second application in response to being routed the digital component tag; and
presenting, by the second application, the digital component pre-loaded by the first application.

US Pat. No. 10,341,456

CACHING STICKER PROFILES WITHIN A STICKER COMMUNICATION SYSTEM

Marc Berger, Rehovot (IL...

1. A sticker communication system with multi-level caching and multi-directional communication, comprising:a plurality of stickers, each sticker having a unique ID, each sticker attachable to an item of goods having a unique ID, and each sticker comprising:
a processor;
a cache communicatively coupled with said processor, caching sticker profiles for a plurality of stickers, wherein a sticker profile comprises a sticker ID, an ID for an item of goods to which the sticker is attached, and a history of data entities in the form of
[attribute name|attribute value|timestamp]; and
a wireless communicator coupled with said processor and said storage, wirelessly transmitting and receiving sticker profiles, wherein said processor is configured to transmit sticker profiles stored in said cache via said wireless communicator to currently nearby stickers that are within range of said wireless communicator, to receive sticker profiles from the nearby stickers, and to store the received sticker profiles in said cache, whereby the protocol for message communication between the sticker and other stickers is a protocol without awareness of locations of other stickers, and with random data message exchange.

US Pat. No. 10,341,455

SYSTEMS AND METHODS FOR CONTROLLING CACHEABILITY AND PRIVACY OF OBJECTS

Akamai Technologies, Inc....

1. A computer-implemented method performed by a server, comprising:receiving a first request from a client device, the first request including a first identifier and being directed to a URL, the first identifier corresponding to a first class of one or more users;
in response to the first request from the client device, generating a forward request to an origin server;
receiving a response to the forward request from the origin server, the response comprising a token that comprises a second identifier, the second identifier corresponding to a second class of one or more users;
upon receiving the response, storing a mapping of the first identifier to the second identifier in a local data structure;
receiving a second request from the client device, and in response to the second request:
(i) consulting the local data structure to obtain the mapping of the first identifier to the second identifier;
(ii) incorporating the second identifier into a cache-key computation to determine a cache-key;
(iii) retrieving content from a local cache, the content being stored under the cache-key calculated based on the second identifier;
(iv) serving the content to the client device.

US Pat. No. 10,341,454

VIDEO AND MEDIA CONTENT DELIVERY NETWORK STORAGE IN ELASTIC CLOUDS

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving, by a first proxy module, a first content object request from a first user device, the first content object request corresponding to a content object;
sending, by the first proxy module, the first content object request to a first cache module;
obtaining, by the first cache module, the content object corresponding to the first content object request from an object store, the object store being shared by a plurality of cache modules including the first cache module;
receiving, by the first proxy module from the first cache module, the obtained content object;
sending, by the first proxy module, the content object to the first user device;
receiving, by a second proxy module, a second content object request from a second user device, the second content object request corresponding to the content object:
sending, by the second proxy module, the second content object request to a second cache module wherein the first proxy module and the first cache module reside on a first edge node and the second proxy module and the second cache module reside on a second edge node;
obtaining, by the second cache module, the content object corresponding to the second content object request from the object store, the object store being shared by the plurality of cache modules including the second cache module;
receiving, by the second proxy module from the second cache module, the obtained content object; and
sending, by the second proxy module, the content object to the second user device.

US Pat. No. 10,341,453

FACILITATING IN-NETWORK CONTENT CACHING WITH A CENTRALLY COORDINATED DATA PLANE

Fortinet, Inc., Sunnyval...

1. A computer-implemented method in a software-defined networking (SDN) controller in a communication network for facilitating content caching in a local network by centrally coordinating layer 2 data plane behavior, the method comprising the steps of:centrally monitoring layer 2 data plane traffic flow at each of a plurality of network components distributed around the communication network;
receiving one or more packets forwarded from a component of the plurality of network components, wherein the component forwards the one or more packets to the SDN controller when no flow has been installed at the component to instruct on how to handle the one or more packets;
performing deep packet inspection on the one or more packets to identify a request for content, and to identify whether a request for content is being made by a specific application, and to identify a location of the one or more packets external to the local network;
responsive to identifying a request for external content for the specific external content for the specific application, querying a caching server on the local network to determine if the requested content is available locally;
receiving a response from the caching server that the requested content is not available;
responsive to the requested content not being available on the local network:
installing a first flow within the local network to route response packets associated with the requested content to a station corresponding to the component of the plurality of network components, and
installing a second flow within the local network to route copies of response packets associated with the requested content to the caching server;
receiving a response from the caching server that the requested content is available; and
responsive to the requested content being available on the local network, installing a third flow within the local network to route response packets associated with the requested content from the local cache server to the station and drop packets directed to the external content.

US Pat. No. 10,341,452

METHOD, APPARATUS AND NETWORK FOR MULTI-DOMAIN CONFERENCE MANAGEMENT

Tata Communications (Amer...

1. A conference management system in a first telecommunications network comprising:a transmitter that is configured to transmit a first message to a data-processing system, wherein the first message specifies a subscription to events that involve a predetermined set of entities;
a receiver that is configured to receive a second message from the data-processing system specifying that a first conference is starting, wherein the first conference involves the predetermined set of entities identified in the first message transmitted to the data-processing system;
the transmitter being further configured to transmit a third message to a third data processing system in a second telecommunications network upon the receipt of the second message by the receiver, wherein the third message specifies to the third data-processing system to monitor for activities related to the first conference, and wherein the first and second telecommunications networks are managed by different service providers; and
a processor that is configured to:
coordinate, based on a fourth message being received from the third data processing system subsequent to the transmitting of the third message and that specifies the first conference, the establishing of a communications link between a first bridging device in the first telecommunications network and a second bridging device in the second telecommunications network, wherein the first and second bridging devices are being used by the first conference, and
determine a second conference identification (ID) in response to the receiving of the second message, wherein the first conference is identified by a first conference ID in the second message, and wherein the second conference ID serves to identify the first conference to the third data-processing system.

US Pat. No. 10,341,451

CLOUD ORIENTED STREAM SCHEDULING METHOD BASED ON ANDROID PLATFORM

CENTRAL SOUTH UNIVERSITY,...

1. A cloud-oriented stream scheduling method based on an Android platform, comprising the following steps:a first step of building a cloud-oriented stream scheduling system based on an Android platform,
wherein the system comprises two layers, one of the two layers is a cloud management service subsystem operated on a cloud server, another of the two layers is a core scheduling routine and an application (App) management routine operated in a mobile terminal device; the cloud management service subsystem provides services of application download, scheduling strategy access, user configuration access, and user App status access for all mobile terminal devices connected to the cloud management service subsystem in a parallel manner, and a data center database is installed on the cloud management service subsystem; the cloud management service subsystem obtains access information needed in a mobile terminal device access operation by querying the data center database;
wherein the data center database further comprises four data tables corresponding to four services of the cloud management service subsystem, the four data tables includes: an application data table, wherein each table item of the application data table is entitled an App classification identifier, an App identifier, and an App installation package; a scheduling strategy data table, wherein each table item of the scheduling strategy data table is entitled a user type identifier, and a scheduling strategy information; a user configuration data table, wherein each table item of the user configuration data table is entitled a user identifier, and a user configuration information; an user App status data table, wherein each table item of the user App status data table is entitled the user identifier, the App identifier, and a user App status information;
wherein the App classification identifier indicates a class an App belongs to; the App identifier is a unique identifier to indicate a kind of the App; an App package file is stored in the App installation package; the user type identifier indicates a type of a user, wherein users of the same type have the same scheduling strategy; the user identifier is a unique identifier indicating the user of the mobile terminal device;
wherein the scheduling strategy information comprises a display strategy, a timed task strategy, an operation mode strategy, and a status saving strategy of the App; the display strategy is a list of N1 records, the content of each of the N1 records includes the App identifier, and a display manner; the display manner indicates an App display order corresponding to the App identifier and the display manner is one selected from the group consisting of “fixed”, “dynamically adjusted” and “preferential”; and N1 is equal to the number of applications controlled by the display strategy; the timed task strategy is a list of M records, the content of each of the M records includes the App identifier, and an operation time; the App corresponding to the App identifier will operate automatically within a time specified by the operation time, and M is equal to the number of applications controlled by the timed task strategy; the operation mode strategy is a list of K records, the contents of each of the K records include the App identifier, and an operation mode; the operation mode indicates that the App corresponding to the App identifier is one-off “stream execution”, “uninstallation prohibited” resident in system, or “dynamically uninstallation” determined by the core scheduling routine, and K is equal to the number of the applications controlled by the operation mode strategy; the status saving strategy is a list with L records, the content of each of the L records include the App identifier, and a whether to save indicator; the whether to save indicator indicates whether the status information of the App corresponding to the App identifier needs to be uploaded to the cloud management service subsystem before uninstallation and whether the status information of the App corresponding to the App identifier is needed to be downloaded and restored to a mobile smart terminal currently used by a user after installation, and L is equal to the number of the applications controlled by the status saving strategy;
wherein the user configuration information is a data list with N2 records, the content of each of the N2 records includes the App identifier, an application usage frequency, and an application display order; the application usage frequency records an average daily usage frequency of the application corresponding to the App identifier after the App is installed, and the application display order indicates the order and the location that the App is displayed in the display list, N2 is equal to the number of applications that have been installed in the mobile terminal device used by the user;
Wherein the user App status information is a file that stores the content related to status and configuration of the App corresponding to the App identifier used by the user corresponding to the user identifier;
wherein the core scheduling routine and the App management routine is running on each of the mobile terminal devices, wherein the core scheduling routine provides a plurality of functions including a scheduling strategy processing, a silent installation or an App uninstallation, and a dynamic App adjustment, and performs a specific scheduling task of stream computing; the App management routine provides a plurality of functions including a user configuration processing, an App integration and display, and an App pre-processing before the installation and the uninstallation, including a plurality of functions such as an apk installation file downloading, a user App status information downloading, and a user App status information uploading;
wherein an HTTP protocol is used between the cloud management service subsystem and each of the core scheduling routine and the App management routine for allowing a communication, and an Android internal broadcast mechanism is used between the core scheduling routine and the App management routine for allowing the communication to asynchronously implement a plurality of internal functions in a message-driven manner;
wherein the cloud management service subsystem further comprises a global application management module, a scheduling strategy management module, a user configuration management module, and a user App status management module; the core scheduling routine further comprises a terminal strategy processing module, an App silent operation module, and an application dynamic scheduling module; the App management routine further comprises a terminal configuration processing module, an application preprocessing module, and an App integration display module;
wherein, the global application management module is connected to the application preprocessing module, the App integration display module, and the data center database; the global application management module receives a request for downloading an application installation package with the App identifier as a parameter sent by the application preprocessing module, finds an App installation package URL corresponding to the App identifier from the Application data table, and sends an App installation package corresponding to the App installation package URL to the Application preprocessing module; the global application management module also receives the request for downloading an App list with the App classification identifier as a parameter sent by the App integration display module, and finds all Apps belonging to the App classification identifier from the application data table to form the App list, and sends the App list to the App integration display module, wherein the App list includes two pieces of information, the two pieces of information includes the App identifier in the application data table and the App classification identifier;
wherein the scheduling strategy management module is connected to the terminal strategy processing module and the data center database; the scheduling strategy management module receives are quest for downloading a scheduling strategy with the App type identifier as a parameter sent by the terminal strategy processing module, finds scheduling strategy information corresponding to the user type identifier from the scheduling strategy data table, and sends the scheduling strategy information corresponding to the user type identifier to the terminal strategy processing module;
wherein the user configuration management module is connected to the terminal configuration processing module and the data center database; the user configuration management module receives a request for downloading user configuration information with the user identifier as the parameter sent by the terminal configuration processing module, finds user configuration information corresponding to the user identifier from the user configuration data table, and sends the user configuration information corresponding to the user identifier to the terminal configuration processing module; the user configuration management module also receives a request for uploading user configuration information with the user identifier and the user configuration information corresponding to the user identifier as the parameters sent by the terminal configuration processing module, and saves the user configuration information corresponding to the user identifier into the a table item corresponding to the user identifier in the user configuration data table;
wherein the user App status management module is connected to the application preprocessing module and the data center database; the user App status management module receives a request for downloading user App status information with the user identifier and the App identifier as parameters sent by the application preprocessing module, finds the user App status information corresponding to the user identifier and the App identifier from the user App status data table, and sends the user App status information corresponding to the user identifier and the App identifier to the application preprocessing module; the user App status management module also receives a request for uploading the user App status information with the user identifier, the App identifier, and the user App status information corresponding to the user identifier and the App identifier as parameters sent by the application preprocessing module, and saves the user App status information corresponding to the user identifier and the App identifier into a table item corresponding to the user identifier and the App identifier in the user App status data table;
wherein the terminal strategy processing module is connected to the scheduling strategy management module, the application dynamic scheduling module and the terminal configuration processing module; the terminal strategy processing module sends a request for downloading a scheduling strategy with the user type identifier as a parameter to the scheduling strategy management module periodically or after receiving a request for downloading a scheduling strategy sent by the terminal configuration processing module, receives scheduling strategy information returned by the scheduling strategy management module, analyzes the scheduling strategy information returned by the scheduling strategy management module to obtain the display strategy, the timed task strategy, the operation mode strategy, and the status saving strategy of the App, and saves these strategies in the mobile terminal device to which the terminal strategy processing module belongs; the terminal strategy processing module also receives a request for querying an App status saving strategy with the App identifier as a parameter sent by the terminal configuration processing module, the terminal strategy processing module finds the App status saving strategy of an application corresponding to the App identifier from a status saving strategy of the scheduling strategy information, and sends the App status saving strategy to the terminal configuration processing module;
wherein the App silent operation module is connected to the application dynamic scheduling module and the terminal configuration processing module for completing an installation and uninstallation task of an application in a background without disturbing the user's use, the App silent operation module receives a request for installing the App silently with a local installation package path as a parameter sent by the application dynamic scheduling module or the terminal configuration processing module, and completes a silent installation task by obtaining an installation package file to be installed through the local installation package path; the App silent operation module also receives a request for uninstalling the App silently with a to-be-uninstalled App identifier as a parameter sent by the application dynamic scheduling module, and completes a silent uninstallation task according to an obtained to-be-uninstalled App identifier;
wherein the application dynamic scheduling module is connected to the terminal strategy processing module, the App silent operation module, the application preprocessing module, and the App integration display module; during an operating process of the mobile terminal device, the application dynamic scheduling module periodically completes an application dynamic scheduling task according to the display strategy, the timed task strategy, the operation mode strategy, and the status saving strategy of the App stored in the current mobile terminal device by the terminal strategy processing module with reference to a performance and security requirement of the mobile terminal device, the application dynamic scheduling module sends a request for installing the App silently with the local installation package path as a parameter to the App silent operation module to trigger the App silent operation module to complete an installation task; the application dynamic scheduling module sends a request for uninstalling the App silently with the to-be-uninstalled App identifier as a parameter to the App silent operation module to trigger the App silent operation module to complete an uninstallation task; the application dynamic scheduling module sends a request for obtaining the application installation package with the App identifier as a parameter to the application preprocessing module to obtain the application installation package returned by the application preprocessing module; the application dynamic scheduling module sends a request for saving the user App status information with the App identifier as a parameter to the application preprocessing module to trigger the application preprocessing module to save the user App status information of the application corresponding to the App identifier of the user using a current mobile terminal device; the application dynamic scheduling module sends a request for recovering the user App status information with the App identifier as a parameter to the application preprocessing module to trigger the application preprocessing module to recover the user App status information of the application corresponding to the App identifier of the user using the current mobile terminal device; the application dynamic scheduling module sends a request for updating the display list of the applications to the App integration display module to trigger the App integration display module to update the display list of the applications of the current mobile terminal device; the application dynamic scheduling module also sends a request for adjusting an App list order with the App identifier as a parameter to the App integration display module to trigger the App integration display module to adjust a display order of an application corresponding to the App identifier in the display list of the applications of the current mobile terminal device;
wherein the terminal configuration processing module is connected to the user configuration management module, the terminal strategy processing module, the App silent operation module, the application preprocessing module and the App integration display module; the terminal configuration processing module periodically sends a request for uploading the user configuration information with the user identifier and the user configuration information as parameters to the user configuration management module to send the user configuration information to the cloud server; when the user is binding with the mobile terminal device, the terminal configuration processing module sends a request for downloading the scheduling strategy to the terminal strategy processing module, sends a request for updating a global App list to the App integration display module, sends a request for downloading the user configuration information with the user identifier as a parameter to the user configuration management module, receives and analyzes the user configuration information returned by the user configuration management module to obtain a list of installed App on other mobile terminal devices having been used by the user, and then installs an application corresponding to each record in the list of installed App; the terminal configuration processing module sends a request for querying the App status saving strategy with the App identifier as a parameter to the terminal strategy processing module to obtain the App status saving strategy returned by the terminal strategy processing module; if the App status saving strategy requires recovering the user App status information, a request for recovering the user App status information is sent to the application preprocessing module; the terminal configuration processing module sends a request for obtaining the application installation package with the App identifier as a parameter to the application preprocessing module to obtain the installation package path returned by the application preprocessing module, and uses the installation package path as a parameter to send a request for App silent installation to the App silent operation module; the terminal configuration processing module sends a request for updating the display list of the applications to the App integration display module to trigger the App integration display module to update the display list of the applications;
wherein the application preprocessing module is connected to the global application management module, the user App status management module, the application dynamic scheduling module and the terminal configuration processing module; the application preprocessing module receives a request for obtaining the application installation package with the App identifier as a parameter sent by the application dynamic scheduling module and the terminal configuration processing module, uses the App identifier in the request for obtaining application installation package as the parameter to send a request for downloading the application installation package to the global application management module, and then saves the application installation package returned from the global application management module as a local application installation package and returns the local application installation package back to the application dynamic scheduling module and the terminal configuration processing module; the application preprocessing module receives a request for recovering the user App status information with the App identifier as a parameter sent by the application dynamic scheduling module and the terminal configuration processing module, uses the App identifier in the request for recovering the user App status information and the user identifier of the user using the current mobile terminal device as parameters to send the request for downloading the user App status information with the user identifier and the App identifier as the parameters to the user App status management module, and recovers the user App status information to the current mobile terminal device after receiving the user App status information returned from the user App status management module; the application preprocessing module also receives the request for saving the user App status information with the App identifier as a parameter sent by the application dynamic scheduling module and the terminal configuration processing module, obtains the App status information of a designated App identifier from the mobile terminal device, and sends the request for uploading the user App status information with the user identifier, the App identifier, and the user App status information as parameters to the user App status management module;
wherein the App integration display module is connected to the global application management module, the application dynamic scheduling module, and the terminal configuration processing module; the App integration display module is used for integrating and displaying the applications installed on the mobile terminal device and an available App list obtained from the global application management module on the same interface of the mobile terminal device and providing the user with a unified and consistent view and an operation entry for the application; the App integration display module sends a request for downloading the App list with the App classification identifier as a parameter to the global application management module periodically or after receiving the request for updating the global App list sent by the terminal configuration processing module, obtains the available App list from the global application management module saves the available App list in the mobile terminal device, and the App list and an installed App list of the mobile terminal device are combined to be displayed in the display list of the applications of the mobile terminal device to provide the user an interface for running the applications; the App integration display module also receives the request for updating the application display list sent by the application dynamic scheduling module and the terminal configuration processing module, and the installed App list of the mobile terminal device and the App list obtained from the global application management module and stored in the current mobile terminal device are combined to be displayed on the display list of the applications of the mobile terminal device; the App integration display module also receives the request for adjusting the App list order with the App identifier as a parameter sent by the application dynamic scheduling module, adjusts the application corresponding to the App identifier in the display list of the applications of the mobile terminal device is adjusted to display to a front end of the application display list of the mobile terminal device, and display the application;
a second step of activating the cloud management service subsystem and initializing the data center database;
wherein a system administrator adds application information to the application data table, adds the scheduling strategy information of different types of users to the scheduling strategy data table, and adds the user and default user configuration information to the user configuration data table through the global application management module, and initializes the user App status data table to be void to get a data support ready for all of the mobile terminal devices;
a third step of operating the mobile terminal devices in parallel under a support of the cloud-oriented stream scheduling system based on a customized Android platform, comprising the following steps:
3.1 the terminal configuration processing module authenticating a binding status of the mobile terminal device by local status information of the mobile terminal device; wherein the binding status of the mobile terminal device being “bound” means that a user has logged on to use the mobile terminal device, and the binding status being “unbound” means that the user has not logged on to use the mobile terminal device; the core scheduling routine and the App management routine operated on the mobile terminal device can obtain the user identifier and the user type identifier of a current user by the local status information of the mobile terminal device; if the current mobile terminal device is at an “unbound” status, going to 3.2, if the current mobile terminal device is in a “bound” status, going to 3.3 directly;
3.2 the terminal configuration processing module receiving user identifier information from a keyboard or a touch screen and binding with the mobile terminal device, wherein 3.2 further comprises the following steps:
3.2.1 the terminal configuration processing module sending the request for downloading the user configuration information with the user identifier as a parameter to the user configuration management module to obtain the user configuration information returned by the user configuration management module;
3.2.2 the terminal configuration processing module reading the to-be-installed App list from the user configuration information and successively processing, from the first App record in the to-be-installed App list, each record in the to-be-installed App list, namely, installing according to the to-be-installed App list;
3.2.3 the terminal configuration processing module sending the request for updating the global App list to the App integration display module; wherein the App integration display module sends the request for downloading the App list to the global application management module after receiving the request, obtains the App list returned from the global application management module, stores the App list in the mobile terminal device, and the obtained App list and the installed App list of the mobile terminal device are combined to be displayed in the display list of the applications of the mobile terminal device;
3.3 the terminal configuration processing module setting the local status information of the mobile terminal device to the “bound” status;
3.4 operating the terminal configuration processing module, the terminal strategy processing module, the App integration display module, and the application dynamic scheduling module in parallel; wherein the terminal configuration processing module periodically uploads the user configuration information to the cloud server according to the method described in 3.4.1, the terminal strategy processing module periodically downloads the scheduling strategy from the cloud server according to the method described in 3.4.2, the App integration display module periodically integrates the App list according to the method described in 3.4.3, the application dynamic scheduling module periodically carries out an application dynamic scheduling according to the method described in 3.4.4; when the App on the mobile terminal device is terminated, the application dynamic scheduling module carries out the application dynamic scheduling according to the method described in 3.4.5; when the mobile terminal device enters a working status of “bound”, the terminal configuration processing module waits for a reception of a user's operational instruction according to the method described in 3.4.6; wherein an operation of operating the terminal configuration processing module, the terminal strategy processing module, the App integration display module, and the application dynamic scheduling module in parallel is carried out according to a plurality of different instructions, and 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6 are conducted in parallel;
3.4.1 the terminal configuration processing module periodically sending the request for uploading the user configuration information with the user identifier and the user configuration information as parameters to the user configuration management module using a built-in timer of the Android system, and uploading the user configuration information to the cloud server;
3.4.2 the terminal strategy processing module periodically sending the request for downloading the scheduling strategy with the user type identifier as a parameter to the scheduling strategy management module using the built-in timer of the Android system, receiving the scheduling strategy information returned by the scheduling strategy management module, analyzing the scheduling strategy information to obtain the display strategy, the timed task strategy, the operation mode strategy, and the status saving strategy of the App, and saving these strategies in the current mobile terminal device;
3.4.3 the App integration display module periodically sending the request for downloading the App list to the global application management module using the built-in timer of the Android system, obtaining the App list from the global application management module, saving the App list in the mobile terminal device, combining the App list with the installed App list of the mobile terminal device, and displaying the combined App list in the application display list of the mobile terminal device;
3.4.4 the application dynamic scheduling module using the built-in timer of the Android system to periodically carry out the application dynamic scheduling according to the display strategy, the timed task strategy, the operation mode strategy, and the status saving strategy of the App stored in the current mobile terminal device by the terminal strategy processing module with reference to requirement on performance and safety of the mobile terminal device, 3.4.4 further comprises the following steps:
3.4.4.1 the application dynamic scheduling module obtaining the App needing to be periodically operated according to the timed task strategy; if the App has been installed, the App runs directly, then going to 3.4.4.2 to continue the scheduling task; if the App is not installed, going to 3.5 to conduct the installation operation;
3.4.4.2 the Application dynamic scheduling module reading the display strategy to determine whether there is a newly added App needing a “priority display” in the display strategy or not; if yes, going to 3.8 to adjust the display order of the applications in the display list of the applications; otherwise, going to 3.4.4.3 to continue the scheduling task;
3.4.4.3 the application dynamic scheduling module reading a memory usage and a system space usage of the mobile terminal device through an Application Programming Interface (API) of the system; if the memory usage is greater than a memory threshold or the system space usage is greater than a spatial threshold, searching the installed application list of the system to obtain the App that has an operation mode strategy of “dynamic uninstall”, is not running currently, and has the least daily using frequency, then going to 3.6 to conduct an uninstall operation; otherwise going to 3.4.4;
3.4.5 when the application dynamic scheduling module monitors a termination of an App of the mobile terminal device, the application dynamic scheduling module obtaining an operation mode of the App according to the operation mode strategy; if the operation mode of the App is a “stream execution”, going to 3.6 to perform the uninstall operation; otherwise, going to 3.4.5;
3.4.6 the terminal configuration processing module receiving the user's operation by the keyboard or the touch screen; if the user needs to remove the binding with the current mobile terminal device, going to 3.7; if the user wants to turn off a power, going to 3.9; if no operation is needed, going to 3.4.6;
3.5 the application dynamic scheduling module conducting the silent installation task, then going to 3.4.4;
3.6 the application dynamic scheduling module conducting the application silent uninstallation task, then going to 3.4.4;
3.7 the terminal configuration processing module conducting a task of removing the user from the binding with the current mobile terminal device, then going to 3.2;
3.8 the App integration display module adjusting the display order of the display list of the applications;
3.9 shutting down the mobile terminal device.

US Pat. No. 10,341,418

REDUCING NETWORK BANDWIDTH UTILIZATION DURING FILE TRANSFER

Microsoft Technology Lice...

1. A computer-implemented method for reducing an amount of network bandwidth utilized to transfer a file, the method comprising:receiving, at a computing device, a request to open the file;
responsive to receiving the request, identifying one or more embedded objects in the file;
removing the one or more embedded objects from the file;
prior to transmitting the file to the network service, inserting padding bytes into the file such that a size of the one or more placeholder objects is a same size as the corresponding embedded objects;
inserting one or more unique placeholder objects in the file to replace the one or more embodied objects, the placeholder objects being objects that are more highly compressible than the embedded objects;
compressing the file;
transmitting the file to a network service configured to generate a processed file based upon the file, the processed file containing the unique placeholder objects;
receiving, at the computing device, the processed file from the network service;
replacing the unique placeholder objects in the processed file with corresponding embedded objects; andopening the processed file.

US Pat. No. 10,341,417

TARGET WEBPAGE PERFORMANCE

Oath Inc., New York, NY ...

1. A method for generating a recommendation for increasing loading time performance of a target webpage, comprising:inserting a third party window into a webpage, the third party window specifying a target webpage as a source;
providing a browser of a client device with access to the webpage, wherein the target webpage is loaded into the third party window by the browser;
selectively retrieving resource timing data for the third party window, the resource timing data retrieved from the browser and associated with the target webpage;
measuring loading time performance of the target webpage based upon the resource timing data;
responsive to the loading time performance not exceeding a threshold, generating a recommendation for increasing the loading time performance of the target webpage;
controlling a system, based upon the recommendation, to perform one or more actions comprising at least one of adjusting a hardware resource allocation, adjusting an image compression setting, merging one or more files, or transitioning hosting of the target webpage to at least one of a content delivery network or cloud provider;
at least one of:
measuring new loading time performance of the target webpage based upon new resource timing data generated from the target webpage being loaded into a new instance of the third party window; or
measuring second loading time performance of a second target webpage based upon second resource timing data generated from the second target webpage being loaded into instances of a second third party window by client devices; and
generating a second recommendation based upon at least one of the new loading time performance or the second loading time performance.

US Pat. No. 10,341,416

CONTROL OF SMALL DATA TRANSMISSION IN A MOBILE RADIO COMMUNICATIONS NETWORK

NEC Corporation, Tokyo (...

1. A mobile radio communications network within which a mobile radio communications device is configured to operate with access to a Small Data Transmission feature, the mobile radio communications network comprising:a first network device configured to receive Small Data Transmission signalling initiated by the mobile radio communications device, and
a second network device configured to receive signalling from the first network device as part of an establishment procedure for attempted Small Data Transmission communications for the mobile radio communications device within the network,
wherein the first network device is further configured to
determine if Small Data Transmission should be prevented for the mobile radio communications device based on an authentication result of a Service Capability Server/Application Server (SCS/AS), and
initiate a Small Data Transmission rejection message for use in the control of the mobile radio communications device if Small Data Transmission is to be rejected.

US Pat. No. 10,341,415

ELECTRONIC INFORMATION TREE-BASED ROUTING

Slingshot Technologies, I...

1. A method for retrieving digital content, the method comprising:receiving, at a first electronic device, a message request for the digital content;
determining a tagged rule associated with the message request;
retrieving a tagged rule associated with the first electronic device;
comparing the tagged rule associated with the message request to the tagged rule associated with the first electronic device, wherein the comparing comprises comparing a hash value result for the tagged rule associated with the message request to a hash value result for the tagged rule associated with the first electronic device; and
sending a response associated with the digital content if the tagged rule associated with the message request and the tagged rule associated with the first electronic device are equivalent.

US Pat. No. 10,341,414

FILE SHARING USING REMOTE APPLICATIONS

VMware, Inc., Palo Alto,...

1. A method for sharing a file between first and second computing devices, the method comprising:receiving, at the second computing device:
a reference identifying the file and an application associated with the file, wherein the reference is generated by a first remote access client running on the first computing device in response to one or more predefined user interactions with the first remote access client during a first remote session with a virtualized workload container that is facilitated by the first remote access client, wherein the reference is generated by the first remote access client subsequent to determining that the application associated with the file is installed in the virtualized workload container, and wherein the first remote session includes the first computing device receiving and displaying video output generated at a host server hosting the virtualized workload container and routing user input received at the first computing device to the host server where the user input is injected into the virtualized workload container, and
a selection of the received reference;
in response to the selection of the received reference, requesting a connection to be established between a second remote access client running on the second computing device and the application identified in the reference, wherein in response to the connection request the host server launches and executes the application in the virtualized workload container to which the second remote access client is connected during a second remote session; and
requesting the host server open the file identified in the reference.

US Pat. No. 10,341,413

METHOD AND SYSTEM FOR SYNCHRONIZING ROBOT WITH SERVER

Hangzhou Yameilijia Techn...

1. A method for synchronizing a robot with a server, comprising:sending by the server a time service command to the robot, the time service command comprising a current time of the server;
receiving by the robot the time service command sent from the server;
sending by the robot a response message to the server based on the time service command;
receiving by the server the response message sent from the robot, and determining whether a time service for the robot is successful based on the response message;
sending by the server a time service success message to the robot, if the time service for the robot is successful;
synchronizing the robot with the server in terms of time, after the robot receives the time service success message sent from the server; and
resending by the server the time service command to the robot if the time service for the robot is unsuccessful.

US Pat. No. 10,341,412

MULTIPLE APPLICATION REMOTING

Amazon Technologies, Inc....

1. A system comprising:one or more computing devices operating a plurality of virtual computing nodes; and
one or more memories having stored thereon computer-executable instructions that, upon execution, cause the system at least to:
receive a first request to provide access to content of a first application, wherein the first request is associated with a first user of a plurality of users;
cause a virtualization process to execute on a virtual machine of a first virtual computing node, the first virtual computing node selected from the plurality of virtual computing nodes based at least in part on the first virtual computing node not being leased by any of the plurality of users;
associate the first virtual computing node with a lease held by the first user;
cause the first application to execute on the first virtual computing node as a first child process of the virtualization process;
receive a second request to provide access to content of a second application, wherein the second request is associated with the first user;
select the first virtual computing node from among the plurality of computing nodes for executing the second application based at least in part on the second request being associated with the first user and the lease being held by the first user; and
cause the second application to execute on the first virtual computing node as a second child process of the virtualization process.

US Pat. No. 10,341,411

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR PROVIDING MESSAGE ENCODE/DECODE AS A SERVICE

Oracle International Corp...

1. A method for providing message encoding or decoding as a service, the method comprising:at an encode/decode function (EDF) node:
receiving a message containing at least one type-length-value (TLV) element, wherein the at least one TLV element includes a protocol interface identifier, a related connection or path identifier, an application identifier, an origination realm, an origination address, a destination realm, a destination address, a priority related TLV element, or a next generation networks priority services (NGN-PS) TLV element;
decoding at least a portion of the message;
generating a message identifier for identifying the message or related message content;
receiving a message encode or decode operation request containing the message identifier and an operation identifier, wherein the message encode or decode operation request includes the message identifier in lieu of a message payload to be operated on, wherein the message encode or decode operation request is from a first node configured to perform a first function associated with a distributed network function (DNF);
querying, using the message identifier, a data structure to obtain decoded message content including the at least one TLV element;
performing, using the operation identifier, a message encode or decode operation involving modifying the at least one TLV element decoded from the message indicated by the message identifier; and
sending a response indicating whether the message encode or decode operation was successfully performed.

US Pat. No. 10,341,409

SOFTWARE VERSION CONTROL WITHOUT AFFECTING A DEPLOYED CONTAINER

International Business Ma...

1. A method for executing multiple versions of an application within a networked-computing environment, the method comprising:identifying, by one or more computer processors, a request to execute an instance of a first version of an application within a networked-computing environment;
determining, by one or more computer processors, that an instance of a second version of the application is active within a first container executing within the networked-computing environment;
accessing, by one or more computer processors, a data structure including information associated with the application to obtain a first set of data corresponding to the first version of the application;
determining, by one or more computer processors, whether the obtained first set of data indicates that the first version of the application is compiled;
in response to determining that the first version of the application is compiled, copying, by one or more computer processors, from a network accessible storage device, one or more executable objects associated with the first version of the application based, at least in part, on the first set of data, to the first container executing within the networked-computing environment;
identifying, by one or more computer processors, the first set of data that corresponds to the first version of the application, wherein the first set of data includes a first information associated with a first program loader and one or more executable objects that correspond to first version of the application;
responsive to identifying that the first data does not include an indication related to one or more executable objects stored on the network accessible storage device that are associated with the first version of the application, identifying, by one or more computer processor, a third information within the data structure that is associated with the first version of the application;
generating, by one or more computer processors, at least one executable object of the one or more executable objects associated with the first version of the application based on the first set of data, and a corresponding fourth information of the generated at least one executable object based, at least in part on the third information within the data structure that is associated with the first version of the application, wherein the at least one executable object is associated with compiled code of the first application;
storing, by one or more computer processors, the generated at least one executable object of the one or more executable objects associated with the first version of the application on the network accessible storage device;
updating, by one or more computer processors, the first set of data within data structure to include the fourth information corresponding to the generated at least one executable object that is associated with the first version of the application, wherein the fourth information includes an indication of a location within the network accessible storage device for the generated at least one executable object and an identifier of the generated at least on executable object; and
executing, by one or more computer processors, the copied one or more executable objects associated with the first version that comprise the requested instance of the first version of the application within the first container, executing within the networked-computing environment, in addition to the active instance of the second version of the application while maintaining environmental variables utilized by the active instance of the second version of the application within the executing first container.

US Pat. No. 10,341,408

TRANSPORT PATH-AWARE QUALITY OF SERVICE FOR MOBILE COMMUNICATIONS

VIASAT, INC., Carlsbad, ...

1. A mobility management system comprising a hardware processor for managing streaming media service to a plurality of terminals via a multi-carrier communications system to provide quality of service for delivery of media content over capacity-constrained communications links to in-transport terminals by exploiting usage model and path awareness, the mobility management system comprising:a congestion modeler system to compute a congestion map to indicate congestion conditions at corresponding service timeframes for a plurality of carriers of the multi-carrier communications system along a predicted transport path of a transport craft vehicle traveling through the multi-carrier communications system, the transport craft vehicle having a plurality of user devices disposed therein,
wherein, in a first service timeframe of the service timeframes, during which the transport craft vehicle will be serviced by a first carrier of the plurality of carriers, the congestion map indicates the first carrier as uncongested with respect to servicing a first plurality of terminals comprising the transport craft vehicle, and
wherein, in a second service timeframe of the service timeframes, during which the transport craft vehicle will be serviced by a second carrier of the plurality of carriers, the congestion map indicates the second carrier as congested with respect to servicing a second plurality of terminals comprising the transport craft vehicle, the second service timeframe being subsequent to the first service timeframe;
a pre-positioning system to identify candidate media content portions predicted to be consumed by at least one of the second plurality of terminals during the second service timeframe; and
a mobility-aware scheduler system to schedule transmission, based on the congestion conditions indicated from the congestion map, of at least some of the candidate media content portions to the at least one of the second plurality of terminals during the first service timeframe for local storage by the at least one of the second plurality of terminals.

US Pat. No. 10,341,407

MAPPING A LOW QUALITY MEDIA FILE TO A SEGMENT OF A HIGH QUALITY MEDIA FILE

Gfycat, Inc., Palo Alto,...

1. A computer-implemented method for mapping a low quality media file to a segment of a high quality media file, the method comprising:receiving the low quality media file and the high quality media file, wherein the low quality media file corresponds to a segment of the high quality media file, the low quality media file having a duration;
generating a plurality of perceptual hashes for frames of the low quality media file;
comparing a portion of the plurality of perceptual hashes for frames of the low quality media file to perceptual hashes for frames of the high quality media file; and
determining a location within the high quality media file that comprises the segment corresponding to the low quality media file based on the comparing the portion of the plurality of perceptual hashes for frames of the low quality media file to perceptual hashes for frames of the high quality media file.

US Pat. No. 10,341,405

SOCIAL NETWORKING INTERACTIONS WITH PORTIONS OF DIGITAL VIDEOS

FACEBOOK, INC., Menlo Pa...

1. A method comprising:monitoring social networking system activity associated with a digital video comprising monitoring interactions with portions of the digital video;
identifying, based on the monitored social networking system activity, one or more viral portions of the digital video, wherein identifying the one or more viral portions of the digital video comprises:
determining a weight for each monitored interaction associated with each portion of the digital video, wherein the weight determined for a monitored interaction reflects how the monitored interaction affects the virality of an associated portion of the digital video,
generating a virality score, based on the determined weights, for each portion of the digital video,
identifying portions of the digital video with virality scores within a first predetermined threshold range, and
identifying portions of the digital video with virality scores within a second predetermined threshold range; and
in response to identifying portions of the digital video with virality scores within the first predetermined threshold range and identifying portions of the digital video with virality scores within the second predetermined threshold range, providing, during playback of the digital video to a social networking system user, first indicators of the portions of the digital video with virality scores within the first predetermined threshold range and second indicators of the portions of the digital video with virality scores within the second predetermined threshold range,
wherein providing first indicators of the portions of the digital video with virality scores within the first predetermined threshold range comprises highlighting a first group of portions of a playback timeline within a video application in a first color, wherein the first group of portions correspond to the portions of the digital video with virality scores within the first predetermined threshold range, and
wherein providing second indicators of the portions of the digital video with virality scores within the second predetermined threshold range comprises highlighting a second group of portions of the playback timeline within the video application in a second color, wherein the second group of portions correspond to the portions of the digital video with virality scores within the second predetermined threshold range.

US Pat. No. 10,341,404

DYNAMICALLY UPDATING MEDIA CONTENT FOR DISPLAY TO A USER OF A SOCIAL NETWORK ENVIRONMENT BASED ON USER INTERACTIONS

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:sending a newsfeed including a plurality of news stories to a viewing user of a social network system, the plurality of news stories selected based on preference settings of the viewing user and based on a relationship type between the viewing user and other users of the social network system, wherein at least one selected news story includes information associated with at least one of the other users;
monitoring one or more interactions between the viewing user of the social network system and the other users of the social network system with whom the viewing user has established a connection;
determining, from the one or more monitored interactions, a frequency of interactions of the viewing user associated with the other users with whom the viewing user has established a connection;
obtaining a filtered set of candidate additional news stories associated with at least one of the other users with whom the viewing user has established a connection, the filtered set of candidate additional news stories excluding one or more stories based on the preference settings of the viewing user;
determining a weight for media content included in each candidate additional news story of the filtered set of candidate additional news stories based on the frequency of interactions;
classifying each candidate additional news story of the filtered set of candidate additional news stories based on whether the candidate additional news story is of short-term interest to the viewing user or of long-term interest to the viewing user, the classification performed based at least in part on a frequency of interactions of the viewing user with topics associated with the candidate additional news story;
modifying the weight for the media content included in each candidate additional news story based on a function of time, wherein a weight for a media content included in a candidate additional news story is modified to decrease over time if the candidate additional news story is classified as of short-term interest to the viewing user and wherein the weight for the media content included in the candidate additional news story remains steadily high if the candidate additional news story is classified as of long-term interest to the viewing user;
selecting, from the filtered set of candidate additional news stories, one or more additional news stories for the viewing user based at least in part on the modified weight for the media content included in each candidate additional news story of the filtered set of candidate additional news stories and the preference settings of the viewing user;
updating the newsfeed to include the one or more selected additional news stories, at least one of the additional news stories describing an action taken by at least one of the other users of the social network system with whom the viewing user has established a connection; and
sending the updated newsfeed comprising the selected additional news stories to the user device for display to the viewing user.

US Pat. No. 10,341,403

SYSTEM TO COMMUNICATE MEDIA

Affinity Labs of Texas, L...

1. A media delivery method using specialized networking components operating in an unconventional manner to facilitate a delivery decision relationship between clients and servers in an effort to enhance and improve network functionality, comprising:maintaining an application for use by a wireless enabled device that comprises a non-volatile memory, a processing device operable to execute instructions stored in the non-volatile memory, a buffer, and at least one wireless transceiver, wherein the application can be communicated to the wireless enabled device and executed at the wireless enabled device to provide an application generated interface that facilitates receiving video content from a network based distribution system;
delivering a portion of a media to the wireless enabled device in response to a request from the wireless enabled device, wherein the delivery is a streaming delivery using a Hypertext Transfer Protocol, further wherein the portion has a format;
subsequently delivering another portion of the media, which has a different format than the format, to the wireless enabled device in response to a request for the another portion from the wireless enabled device using the Hypertext Transfer Protocol, wherein the different format is selected at least in part because of a buffer fill status of the buffer; and
communicating a playlist to the wireless enabled device to facilitate a periodic outputting of requests for media portions by the wireless enabled device.

US Pat. No. 10,341,402

CONNECTING CONSUMERS WITH PROVIDERS OF LIVE VIDEOS

1. A computer-implemented method comprises:receiving, by a brokerage service system, a request from a client system of a consumer for a provider having specified provider criteria to conduct a specific type of live performance, and with the request including specific performance attributes required in the specific type of live performance;
determining, by the brokerage service system, availability of providers associated with the brokerage service system having at least some of the specified provider criteria for conducting the specific type of live performance;
sending, by the brokerage service system, to the client system a response comprising a listing of live videos of available providers having at least some of the specified provider attributes to conduct the specific type of live performance, with the specific performance attributes; and
causing, by the brokerage service system, establishment of a communication channel for electronic transmission of a live, real-time video of the performance of the selected provider, with the communication channel being between the client system of the consumer and a system of the selected provider of the live, real-time video.

US Pat. No. 10,341,401

USING MESSAGING ASSOCIATED WITH ADAPTIVE BITRATE STREAMING TO PERFORM MEDIA MONITORING FOR MOBILE PLATFORMS

The Nielsen Company (US),...

1. A media monitoring apparatus comprising:a server querier to:
access a request received from a first server of an audience measurement entity (AME), the request being for network log information corresponding to a first adaptive bitrate streaming uniform resource locator (URL) included in a first message sent by a mobile platform to a second server to request delivery of first streaming media according to an adaptive bitrate streaming protocol; and
query a third server of a service provider providing network access for the mobile platform to retrieve the network log information corresponding to the first adaptive bitrate streaming URL from the third server; and
a provider data reporter to return the network log information to the first server of the AME in response to the request.

US Pat. No. 10,341,400

SYSTEM AND METHOD FOR SIGNAL AND DATA ROUTING

1. A system for signal or data routing, the system comprising:a client side graphical user interface GUI in communication with target side GUI over a network; wherein the client side GUI represents a first user and the target side GUI represents an organizational user;
a focus server communicatively coupled to the client side GUI and the target side GUI, wherein the focus server is configured to create a conference session between the client side GUI and the target side GUI,
a routing server comprising various routing logic, configured to direct the focus server to invite the organizational user to join the conference session at the target side GUI,
a data management server coupled to the routing server, configured to store, maintain various data records comprising a single individual profile and a plurality of individual context records for a user, and an organization profile record and organization context records for an organization,
wherein the routing server is configured to:
take data record results from the data management server, and select and execute an appropriate routing logic for a target organization;
query an authentication server for a list or a group of users who meet predetermined criteria, and pass the list or the group of users back to the routing server;
fetch a presence state for one of particular users of the group from the authentication server;
pass back the presence state to the routing server to direct the focus server to invite a user from the organization to join the conference session on a provisional basis, and
direct the focus server to finalize a provisionally invited user to join the conference session, or be rejected from the conference session or ejected if already joined.

US Pat. No. 10,341,398

APPLICATION PROGRAM AND RELATED TECHNIQUES FOR ORGANIZING A MEETING BETWEEN PEOPLE

1. A computer-implemented method of generating a meeting among people, comprising:selecting, with a graphical user interface on a computer display, a venue;
displaying a map of the venue on the computer display, the map of the venue showing a plurality of internal features inside of the venue;
selecting a location of the meeting at the venue by dragging and dropping an icon on the map on the displayed venue to a position indicative of a selected spot proximate to one of the plurality of internal features inside of the venue;
selecting, with a graphical user interface on the computer display, a time of the meeting;
selecting, with a graphical user interface on the computer display, one or more people to attend the meeting;
communicating, to the one or more people, information identifying: the map, the selected time, the selected location of the meeting, and the selected one or more people;
displaying, in accordance with the communicating, the map of the venue on one or more respective computer displays of the one or more people; and
displaying, in accordance with the communicating, the icon on the map of the venue on the one or more computer displays of the one or more people at the selected location of the meeting.

US Pat. No. 10,341,397

NON-TRANSITORY COMPUTER READABLE MEDIUM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING SYSTEM FOR RECORDING MINUTES INFORMATION

FUJI XEROX CO., LTD., To...

1. A non-transitory computer readable medium storing a program causing a computer to execute a process for causing at least portions of display screens of a plurality of terminals connected to each other through a network to display information in a synchronous manner, the process comprising:receiving material information indicating information regarding a material to be displayed;
receiving operation information indicating details of operations that at least one presenter and at least one participant perform on the respective terminals;
comparing priorities of the operation information with each other based on types of the operation information, the comparison based upon a predetermined ordering of types of operation information, the priorities including priorities of the at least one presenter and the at least one participant, the comparing of priorities comparing the priorities of the at least one presenter and the priorities of the at least one participant; and
recording minutes information in which the material information, the operation information, and time information indicating times at which the users perform the operations are associated with each other, the operation information and material information being recorded as different pieces of information rather than as integrated information;
wherein the recording records operation information having a high priority among the plural pieces of operation information, in association with the material information and the time information, and
wherein when a period of time for which operation information of the at least one presenter is received and a period of time for which operation information of the at least one participant is acquired overlap each other, the comparing of priorities of the operation information occurs.

US Pat. No. 10,341,396

METHOD AND DEVICE FOR TRANSMITTING A TEXT MESSAGE OVER A VOICE CALL

Wipro Limited, Bangalore...

1. A method of transmitting a text message over a voice call, the method comprising:initiating, by a calling communication device, a Session Initiation Protocol (SIP) session for the voice call with a called communication device, wherein the SIP session comprises a Session Initiation Protocol (SIP) INVITE request and a SIP INFO request;
inserting, by the calling communication device, a text message in the SIP INFO request during call ringing of the voice call, wherein the text message is inserted when a callee associated with the called communication device does not answer the voice call after a predefined number of call rings;
determining, by the calling communication device, whether the called communication device is capable of receiving and interpreting the text message inserted in the SIP INFO request; and
transmitting, by the communication device, the text message in the SIP INFO request over the SIP session based on the determined capability of the called communication device, wherein the text message is displayed on the called communication device along with a call ringing notification of the voice call.

US Pat. No. 10,341,394

METHOD AND SYSTEM FOR CALL SETUP

MEDIATEK INC., Hsinchu (...

1. A method for setting up a call for a user equipment, comprising:receiving, by the user equipment, a measurement configuration message that specifies a set of measurement events corresponding to poor signal quality between the user equipment and a packet-switched network;
initiating, by the user equipment, a first call setup process for setting up the call using the packet-switched network;
sending, by the user equipment, a measurement report when one of the set of measurement events occurs while performing the first call setup process;
receiving a termination message, the termination message indicating termination of the first call setup process without requesting the user equipment to perform retry attempts; and
sending, by the user equipment in response to receiving the termination message, a service request to begin a second call setup process for setting up the call for the user equipment using a circuit-switched network.

US Pat. No. 10,341,393

APPARATUS AND METHOD FOR COMMUNICATIONS INVOLVING A LEGACY DEVICE

1. A method of establishing a connection between a first communication terminal and a second communication terminal, the method comprising:in response to receiving a first message from the first communication terminal that is configured to seek to establish the connection between the first communication terminal and the second communication terminal, a first gateway modifying information included within the first message and sending a second message comprising the modified information toward the second communication terminal;
the first gateway receiving a fourth message from the second communication terminal that is addressed to the first communication terminal to accept the establishing of the connection;
in response to receiving the fourth message, the first gateway determining whether the second communication terminal has a communication protocol client based on the received fourth message;
upon a determination that the second communication terminal does not have the communication protocol client, the first gateway facilitating establishment of the connection without forwarding information about at least one first Interactive Connectivity Establishment Protocol (“ICE”) candidate for facilitating formation of the connection between the first and the second communication terminals sought to be established via the first message identified by the first communication terminal in at least one third message that is received by the first gateway after the first message is received by the first gateway;
upon a determination that the second communication terminal has the communication protocol client, the first gateway sending the fourth message to the first communication terminal and sending a fifth message that identifies the at least one first ICE candidate to the second communication terminal.

US Pat. No. 10,341,391

NETWORK SESSION BASED USER BEHAVIOR PATTERN ANALYSIS AND ASSOCIATED ANOMALY DETECTION AND VERIFICATION

EMC IP Holding Company LL...

1. A method comprising steps of:obtaining data characterizing a plurality of network sessions for a given user identifier wherein the network sessions are initiated from one or more user devices over at least one network;
extracting features from the obtained data;
detecting at least one potentially anomalous network session among the plurality of network sessions for the given user identifier by applying the extracted features to a support vector machine model for the given user identifier; and
applying a rules-based verification process to the detected potentially anomalous network session in order to verify that the detected potentially anomalous network session is an anomalous network session;
generating an alert based at least in part on one or more results of the rules-based verification process;
automatically taking one or more remedial actions over the at least one network relating to the anomalous network session based at least in part on at least one of the one or more results of the rules-based verification process; and
updating the support vector machine model for the given user identifier as part of an unsupervised learning process;
wherein updating the support vector machine model for the given user identifier comprises:
classifying a given one of the network sessions as a non-anomalous network session; and
incorporating the extracted features of the given network session and its classification as a non-anomalous network session into the support vector machine model as a new observation;
wherein the alert is transmitted over said at least one network to a security agent;
wherein the support vector machine model for the given user identifier utilizes a designated function to determine a decision boundary separating normal network sessions within a learned class defining a behavior pattern for the given user identifier from potentially anomalous network sessions not within the learned class, by projecting the data characterizing the plurality of network sessions for the given user identifier as respective data points plotted relative to an origin, the decision boundary separating the plotted data points into a first region comprising the origin and a first subset of the data points representing the potentially anomalous network sessions and a second region comprising a second subset of the data points representing the normal network sessions;
wherein the support vector machine model for the given user identifier is one of a plurality of distinct support vector machine models maintained for respective ones of a plurality of distinct user identifiers, with automated detection of anomalous network sessions for different ones of the distinct user identifiers being based at least in part on respective different ones of the distinct support vector machine models; and
wherein the steps are performed by at least one processing device comprising a processor coupled to a memory.

US Pat. No. 10,341,390

AGGREGATION OF ASYNCHRONOUS TRUST OUTCOMES IN A MOBILE DEVICE

Google LLC, Mountain Vie...

1. A computer-implemented method performed by a computing device, the method comprising:receiving one or more signals from one or more sensors, the one or more sensors comprising at least one hardware sensor of the computing device;
determining at least a first trust level and a second trust level from the one or more signals, wherein the first trust level is determined without using the second trust level, and wherein the second trust level is determined without using the first trust level;
determining a first granular aggregated trust outcome by aggregating at least the first trust level and the second trust level, wherein the first aggregated granular trust outcome is associated with a first security measure of the computing device;
determining a second granular aggregated trust outcome by aggregating at least the first trust level and the second trust level, wherein the second aggregated granular trust outcome is associated with a second security measure of the computing device that differs from the first security measure, wherein the first granular aggregated trust outcome is determined independently from the second granular aggregated trust outcome;
modifying the first security measure based on the first granular aggregated trust outcome, wherein the second granular aggregated trust outcome is not used to modify the first security measure; and
modifying the second security measure based on the second granular aggregated trust outcome, wherein the first granular aggregated trust outcome is not used to modify the second security measure.

US Pat. No. 10,341,389

POLICY BASED ON A REQUESTED BEHAVIOR

Hewlett Packard Enterpris...

14. A system comprising:a computer processor;
a non-transitory storage medium storing instructions executable on the computer processor to:
receive a service request for a service and an authentication from an application;
identify a party authorized to communicate with a destination associated with the service;
determine a context that includes an identity of the party and information regarding a behavior requested by the party;
identify a policy based on the context;
identify the behavior requested by the party; and
deploy the policy to a network device of a network based on the party and the behavior to restrict communication of a set of network traffic of the service, the policy deployed to the network device to cause the network device to route the set of network traffic based on applying the policy, the routing comprising forwarding the set of network traffic to the destination or denying transmission of the set of network traffic to the destination;
maintain a default rule to deny the set of network traffic;
maintain a set of permissible behaviors of the service to occur on the network based on the party and the service; and
provide the default rule to the network device after completion of the behavior requested by the party.

US Pat. No. 10,341,388

MODES OF POLICY PARTICIPATION FOR FEEDBACK INSTANCES

1. A system, comprising:a processing unit; and
a memory unit that stores instructions that, when executed by the processing unit, cause the processing unit to perform operations comprising
monitoring a plurality of events for anomalies, wherein each of the plurality of events can impact a policy participation level of an active feedback instance that is utilized to effect, at least in part, a policy in a cloud computing environment,
in response to detecting an anomaly within the plurality of events, receiving an event associated with the anomaly,
mapping the event to the policy, and
determining a new policy participation level for the active feedback instance according to the policy.

US Pat. No. 10,341,387

METHODS AND SYSTEMS FOR APPLYING SECURITY POLICIES IN A VIRTUALIZATION ENVIRONMENT USING A SECURITY INSTANCE

NEUVECTOR, INC., Milpita...

1. A method of applying security policies in a virtualization environment, comprising:at an electronic device of a plurality of electronic devices in a computing network, the electronic device having one or more processors and memory storing instructions for execution by the one or more processors:
instantiating a plurality of user-space instances, wherein:
each respective user-space instance of the plurality of user-space instances is instantiated within a respective operating system environment of a first virtual machine, has a distinct virtual address space in virtual memory of the respective operating system environment, and is for executing a respective application in user space of the distinct virtual address space; and
the respective virtual address spaces of the user-space instances are distinct from a kernel address space of the virtual memory;
instantiating a security instance distinct from the plurality of user-space instances, wherein the security instance is instantiated within the respective operating system environment of the first virtual machine, has a respective virtual address space in virtual memory of the respective operating system environment that is distinct from the virtual address spaces of the plurality of user-space instances instantiated within the respective operating system environment of the first virtual machine, and is executed in user space of the respective virtual address space;
using the security instance to monitor operations for the plurality of user-space instances, and data communications sent by and/or received by the plurality of user-space instances; and
for each respective user-space instance of the plurality of user-space instances, using the security instance to apply a respective set of security policies associated with the respective user-space instance to the monitored operations for the respective user-space instance and the monitored data communications sent by and/or received by the respective user-space instance, so as to detect and/or remediate violations of the respective set of security policies.

US Pat. No. 10,341,386

SECURITY INFORMATION UPDATE SYSTEM, INFORMATION PROCESSING APPARATUS, SECURITY INFORMATION UPDATE METHOD AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM ENCODED WITH SECURITY INFORMATION UPDATE PROGRAM

Konica Minolta, Inc., Ch...

1. A security information update system that includes a management server and a plurality of information processing apparatuses,the management server comprising:
a policy storage that stores a security policy defining at least one set of two or more pieces of device identification information respectively corresponding to two or more of the plurality of information processing apparatuses, identification information for identifying security information corresponding to the two or more of the plurality of information processing apparatuses, and a corresponding reference date and time for updating the identified security information corresponding to the two or more of the plurality of information processing apparatuses; and
a first hardware processor configured to output an update instruction to all of the two or more of the plurality of information processing apparatuses in response to reception of respective preparation completion notifications from all of the two or more of the information processing apparatuses, wherein the update instructions are sent after the corresponding date and time have passed and request all of the two or more of the information processing apparatuses to update a stored piece of security information corresponding to the identification information with new security information, such that all of the two or more of the information processing apparatuses are updated with the same new security information, and
each of the plurality of information processing apparatuses comprising:
a security information storage that stores two or more pieces of security information; and
a second hardware processor, wherein the second hardware processor is configured to:
execute a process using any of the stored pieces of security information,
acquire and store the new security information,
in response to the acquisition of the new security information, transmit a preparation completion notification corresponding to identification information of the new security information to the management server, and
in response to reception of the update instruction from the management server, update the security information specified by the identification information corresponding to the update instruction among the stored pieces of security information with the new security information.

US Pat. No. 10,341,385

FACILITATING SEPARATION-OF-DUTIES WHEN PROVISIONING ACCESS RIGHTS IN A COMPUTING SYSTEM

Bank of America Corporati...

1. A system for managing risk management rules comprising:at least one processor;
a rule configuration interface used to configure a risk management rule based on user input received, from a first user, at the rule configuration interface, wherein the rule configuration interface comprises a first list of access rights available for selection by the first user, and wherein a first plurality of access rights listed in the first list of access rights comprise at least one of (i) one or more roles, (ii) one or more tasks, or (iii) one or more permissions;
a role configuration interface used to configure a role based on user input received, from the first user, at the role configuration interface, wherein the role configuration interface comprises a second list of access rights available for selection by the first user, and wherein a second plurality of access rights listed in the second list of access rights comprise at least one of (i) one or more tasks, or (ii) one or more permissions; and
memory storing instructions that, when executed by the at least one processor, cause the system to:
facilitate configuration of the risk management rule by at least:
displaying the rule configuration interface wherein displaying the rule configuration interface comprises presenting, at a first portion of the rule configuration interface, the first list of access rights;
receiving, at the rule configuration interface, input selecting a first access right from the first list of access rights, the first access right selected corresponding to a base access right for the risk management rule,
receiving, at the rule configuration interface, input selecting a second access right from the first list of access rights, the second access right selected corresponding to a conflicting access right for the risk management rule,
displaying, in the rule configuration interface and in a list of conflicting access rights for the risk management rule, the conflicting access right;
facilitate configuration of the role by at least:
displaying the role configuration interface wherein displaying the role configuration interface comprises presenting, at a first portion of the role configuration interface, the second list of access rights,
receiving, at the role configuration interface, input selecting an access right from the second list of access rights for association with the role,
evaluating whether the access right selected for association with the role violates one or more risk management rules, and
based on determining that the access right selected for association with the role violates at least one risk management rule, displaying, in the role configuration interface, an indication that the access right selected violates at least one risk management rule; and
monitor access rights provisioned at a computing system to determine whether both the base access right and the conflicting access right are provisioned to a second user of the computing system.

US Pat. No. 10,341,382

SYSTEM AND METHOD FOR FILTERING ELECTRONIC MESSAGES

SISVEL TECHNOLOGY S.R.L.,...

1. A method for validating an electronic message received by a client machine, wherein the electronic message includes a header comprising identification data which identify a sender of the message, and a body suitable for containing digital images and one or more hyperlinks, the client machine comprising a processor, a first memory configured to store the electronic messages, a communication interface configured to receive the electronic message and a user input unit configured to receive requests for accessing the one or more hyperlinks comprised in the body from a user, wherein the processor is configured to implement the method by:processing at least one digital image found in the body for obtaining digital signatures which identify the at least one digital image,
finding and storing the one or more hyperlinks present in the body of the message in the first memory,
retrieving a set of trusted Internet domains by interrogating a database stored in a second memory using said digital signatures, wherein said database contains relations between groups of digital signatures and groups of Internet domains considered to be trusted when associated to images identified by said digital signatures,
verifying that the one or more hyperlinks present in the body of the message belong to said set of trusted Internet domains found in the database, and
allowing or denying, to the user input unit, access to at least part of the body of the message in which the one or more hyperlinks are present, based on whether said one or more hyperlinks pertain or not to said set of trusted Internet domains.

US Pat. No. 10,341,380

DETECTING MAN-IN-THE-BROWSER ATTACKS

1. A method, comprising:generating modified web page code for transmission to a client device by:
adding first code comprising decoy code to web page code, wherein the decoy code is designed to be recognized by malware as web code that is vulnerable to attack;
adding second code to the web page code, wherein the second code is configured to transmit data regarding the decoy code at the client device;
receiving one or more communications generated by the second code executing at the client device;
based on the one or more communications, determining that malicious code has interacted with the modified web page code at the client device;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,341,379

APPARATUS AND METHODS FOR MITIGATION OF NETWORK ATTACKS VIA DYNAMIC RE-ROUTING

Time Warner Cable Enterpr...

1. A method of operating a network so as to mitigate effects of malicious attacks on one or more computerized user devices in data communication with the network, the network comprising at least a computerized network controller apparatus, a plurality of processing entities, and a plurality of router devices, the method comprising:identifying, via said computerized network controller apparatus, traffic of said network, at least a portion of said identified traffic associated with data indicative of one or more malicious attacks, the identified traffic comprising at least destination data relating to a host entity within said network;
managing influx and processing of the identified traffic, the managing influx and processing comprising at least:
identifying, via said computerized network controller apparatus, an available capacity for each of the plurality of processing entities;
based at least in part on the identifying of the available capacity for each of the plurality of processing entities, selecting at least one of the plurality of processing entities so as to balance traffic influx across the plurality of processing entities;
based at least in part on said selecting of said at least one of said plurality of processing entities, enabling said at least one of said plurality of processing entities to transmit, to at least a portion of said plurality of router devices, alternate routing protocol data indicative of said at least one of said plurality of processing entities and configured to cause transmission of the identified traffic thereto;
based at least in part on said transmission of said alternate routing protocol data, enabling insertion of said alternate routing protocol data into said identified traffic, said inserted alternate routing protocol data causing switching of said identified traffic from one or more routers of said at least portion of said plurality of router devices to said at least one of said plurality of processing entities;
enabling processing of said switched identified traffic using said at least one of said plurality of processing entities so as to render said switched identified traffic non-harmful to said one or more computerized user devices; and
collecting one or more metrics related to the processing of the switched identified traffic, the one or more metrics for use in identification of a predicted amount of available capacity of the at least one of the plurality of processing entities for future management of influx and processing;
enabling removal of said inserted alternate routing protocol data from said identified and processed traffic; and
enabling routing of said identified and processed traffic to a destination associated with said destination data and said host entity.

US Pat. No. 10,341,378

METHODS, SYSTEMS, AND MEDIA FOR INHIBITING ATTACKS ON EMBEDDED DEVICES

The Trustees of Columbia ...

1. A system for inhibiting attacks on embedded devices, the system comprising a processor configured to:identify an embedded device that is configured to provide one or more services to one or more digital processing devices within a communications network;
receive a first firmware having binary executable code associated with the embedded device; and
generate a second firmware that is functionally equivalent to the first firmware for execution by the embedded device by:
determining unused binary executable code and data associated with the binary executable code within the first firmware;
removing the unused binary executable code and data to create free memory locations within the second firmware; and
using the free memory locations to restructure remaining binary executable code and data into memory positions and insert a plurality of payloads and at least one policy within the second firmware, wherein the plurality of payloads includes a first payload that includes program instructions for providing a first defensive capability to the embedded device and a second payload that includes program instructions for providing a second defensive capability to the embedded device and wherein the first defensive capability is a different type than the second defensive capability.

US Pat. No. 10,341,377

SYSTEMS AND METHODS FOR CATEGORIZING SECURITY INCIDENTS

Symantec Corporation, Mo...

1. A computer-implemented method for categorizing security incidents, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:detecting, by an endpoint computing security program, a threat signature alert triggered at a client machine associated with a client;
identifying historical data that records how the client responded to previous reports of security incidents that were categorized to describe the security incidents;
assigning a category for a new security incident that corresponds to the detected threat signature alert based on an analysis of the historical data indicating that the client responded more frequently to the category than the client responded to a different category;
notifying the client, through an electronically transmitted security incident report, of both the new security incident and the category assigned to the new security incident based on the analysis of the historical data to enable the client to perform a security action to protect itself from a corresponding security threat; and
performing the security action based on the electronically transmitted security incident report, the security action comprising at least one of:
enabling one or more security settings;
applying a patch that is designed to resolve the corresponding security threat;
disabling, powering down, throttling, quarantining, sandboxing, and/or
disconnecting one or more computing resources;
updating a signature threat alert set of definitions; or
upgrading the endpoint computing security program.

US Pat. No. 10,341,376

DIVERSITY ANALYSIS WITH ACTIONABLE FEEDBACK METHODOLOGIES

Guidewire Software, Inc.,...

1. A method, comprising:assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure;
based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity;
determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and
dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.

US Pat. No. 10,341,375

RESOLVING CUSTOMER COMMUNICATION SECURITY VULNERABILITIES

20. A computer apparatus, comprising:a memory that stores instructions, and
a processor that executes the instructions,
wherein, when executed by the processor, the instructions cause the processor to perform operations comprising:
storing, in a database, a plurality of existing reports, the plurality of existing reports being customer reports of issues and associated with classifications;
analyzing traffic data for reporting customers of the plurality of existing reports to identify risky behavior;
obtaining, via a communication network, a report of an issue of a first user device and a usage history for the first user device, the usage history including communications involving the first user device;
assigning a first classification to the report of the issue of the first user device;
searching for similarities between the usage history of the first user device and the risky behavior identified for the plurality of existing reports which matches the report of the issue of the first user device;
assigning the report of the issue of the first user device a second classification based on the similarities;
assigning a score to the report of the issue of the first user device based on matching between the first classification and the second classification;
remedying, via the communication network and by an automated remote action, a first vulnerability on the first user device when the score exceeds a predetermined threshold, the automated remote action including blocking the first user device from accessing a network location, accessing the network location being identified as the risky behavior;
searching data to identify a second user device that has performed a keyword search for the network location, the second user device being in a same account as the first user device; and
proactively remedying, by the automated remote action, a second vulnerability on the second user device to block the second user device from accessing the network location, and
the second vulnerability is proactively remedied on the second user device in response to the second user device being identified in the search of the data as being in the same account as the first user device and having performed the keyword search for the network location, and not when the second end user device performs the keyword search for the network location.

US Pat. No. 10,341,374

SYSTEMS AND METHODS DETECTING AND MITIGATING ANOMALOUS SHIFTS IN A MACHINE LEARNING MODEL

Sift Science, Inc., San ...

1. A machine learning system for deploying a machine learning model for predicting and/or classifying digital fraud or digital abuse, the system comprising:one or more computing server devices that implement a remote machine learning service that collects, via one or more networks, digital event data associated with one or more online services of a service provider, wherein the remote machine learning service implements:
a machine learning model validation system that:
collects incumbent digital threat scores generated by an incumbent machine learning model and successor digital threat scores generated by a successor digital threat machine learning (ML) model;
implements anomalous-shift-detection that detects whether the successor digital threat scores of the successor digital threat ML model produces an anomalous shift, wherein the anomalous shift relates to a measurable variance in values of the successor digital threat scores of the successor digital threat ML model relative to values of the incumbent digital threat scores of the incumbent digital threat ML model, and wherein the anomalous-shift detection includes:
building a successor threat score distribution based on the successor digital threat scores generated by the successor digital threat ML model;
building an incumbent threat score distribution based on the incumbent digital threat score generated by the incumbent digital threat ML model; and
identifying an overlapping coefficient between an area under a curve of the successor threat score distribution and an area under a curve of the incumbent threat score distribution;
if the anomalous shift is detected by the machine learning model validation system:
blocks a deployment of the successor digital threat model to a live ensemble of digital threat scoring models that generate digital threat scores based on the collected digital event data associated with the one or more online services of the service provider; or
if the anomalous shift is not detected by the machine learning model validation system, deploys the successor digital threat ML model by replacing the incumbent digital threat ML model in a live ensemble of digital threat scoring models with the successor digital threat ML model.

US Pat. No. 10,341,373

AUTOMATICALLY DETECTING INSIDER THREATS USING USER COLLABORATION PATTERNS

SYMANTEC CORPORATION, Mo...

1. A computer-implemented method for automatically detecting insider threats using user collaboration patterns, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying collaborative access of one or more network resources in a network between a target user using a target network device and other users using other network devices in the network during multiple prior time periods and during a current time period;
generating prior collaboration graphs for the prior time periods with nodes representing the target user and the other users and edges representing collaborative access of the one or more network resources during the prior time periods between the target user and the other users;
generating an average collaboration graph by combining the prior collaboration graphs, the average collaboration graph including an average number of nodes and an average number of edges from the prior collaboration graphs, with nodes and edges of the average collaboration graph being probabilistically chosen based on their frequency and recency of occurrence;
generating a current collaboration graph for the current time period with nodes representing the target user and the other users and edges representing collaborative access of the one or more network resources during the current time period between the target user and the other users;
generating an anomaly score by comparing the current collaboration graph to the average collaboration graph;
determining that the collaborative access of the one or more network resources during the current time period is anomalous by determining that the anomaly score exceeds a threshold based on the current collaboration graph being larger or smaller in size than, or having a different composition than, the average collaboration graph; and
in response to the anomaly score exceeding the threshold, performing a security action on the target network device.

US Pat. No. 10,341,372

CLUSTERING FOR DETECTION OF ANOMALOUS BEHAVIOR AND INSIDER THREAT

International Business Ma...

1. A computer-implemented method for detecting anomalous user behavior in a network, the computer-implemented method comprising:logging, by a computer, user activity of a set of users in the network;
dividing, by the computer, the user activity into distinct time intervals;
for each distinct time interval, transforming, by the computer, logged user activity data to a numerical representation of each user's activities for that distinct time interval;
using, by the computer, a clustering process on the numerical representations of user activities to determine which users have similar activity patterns in each distinct time interval;
generating, by the computer, a plurality of peer groups of clustered users based on determining the similar activity patterns in each distinct time interval;
generating, by the computer, a distance metric for each user in the plurality of peer groups of clustered users within a current time interval based on comparing a position of each user in the plurality of peer groups of clustered users in the current time interval with positions of each same user over a predetermined plurality of preceding time intervals;
determining, by the computer, whether a generated distance metric corresponding to one or more users within the current time interval is greater than or equal to a defined distance metric threshold value; and
responsive to the computer determining that the generated distance metric corresponding to one or more users within the current time interval is greater than or equal to the defined distance metric threshold value, detecting, by the computer, anomalous user behavior that indicates a security threat by the one or more users to one or more secure resources protected by the computer in the network within the current time interval and blocking, by the computer, access to the one or more secure resources by the one or more users.

US Pat. No. 10,341,371

IDENTIFYING AND HANDLING THREATS TO DATA COMPUTE NODES IN PUBLIC CLOUD

NICIRA, INC., Palo Alto,...

1. A method comprising:receiving a notification from a network controller that a data compute node, which operates on a host machine in a public datacenter and executes (i) a forwarding element managed by the network controller and (ii) a local control agent that receives configuration data from the network controller and configures the forwarding element, is compromised based on data about the forwarding element;
interacting with application programming interfaces (APIs) of the public datacenter to quarantine the data compute node.

US Pat. No. 10,341,370

HUMAN-ASSISTED ENTITY MAPPING

BitSight Technologies, In...

3. A method comprising:generating a map between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets, at least part of the generating of the map being done automatically;
enabling a user to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities; and
providing the map to an application for joining to event data or scoring a security state of the entities.

US Pat. No. 10,341,369

SECURITY SYSTEM MONITORING TECHNIQUES BY MAPPING RECEIVED SECURITY SCORE WITH NEWLY IDENTIFIED SECURITY SCORE

NCR Corporation, Atlanta...

1. A method, comprising:receiving, by executable instructions that execute on a hardware processor of a server from a non-transitory computer-readable storage medium over a network, a security score along with an alert rate for the security score, wherein receiving further includes identifying a particular security rule that relies on the security score and identifying an original scoring mechanism relied on by the particular security rule, wherein the alert rate is calculated as a total number of particular alerts generated for the particular security rule divided by a total number of transactions occurring over the network;
identifying, by the executable instructions, a new security score by matching the alert rate with the new security score;
mapping, by the executable instructions, the security score to the new security score in the original scoring mechanism;
triggering, by the executable instructions, over the network, a processing of an automated security action in response to the new security score;
processing, a transaction rule directed to a financial transaction with transaction information for the financial transaction and the new security rule as the automated security action; and
declining the financial transaction when the transaction rule evaluates to true.

US Pat. No. 10,341,368

SELECTIVE MODIFICATION OF DATA PACKETS FOR NETWORK TOOL VERIFICATION

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a data packet at a network port of a network appliance that is configured to forward data packets along a data path from an originating node to a destination node on a network;
identifying, by the network appliance, a flow map associated with the data packet, where the flow map represents a policy for how the data packet is to be handled by the network appliance;
determining, by the network appliance, whether a simulated error mode has been enabled for the flow map;
in response to determining that the simulated error mode has been enabled,
modifying, by the network appliance, the data packet to produce a modified data packet that mimics abnormal traffic;
injecting, by the network appliance, the modified data packet into an outgoing traffic flow to be forwarded to a tool port of the network appliance for transmission downstream to a network tool, where the outgoing traffic flow includes the modified data packet and at least one unmodified data packet;
monitoring, by the network appliance, whether the modified data packet is blocked by the network tool in accordance with a security protocol, by determining whether the modified data packet is included in an incoming traffic flow received from the network tool; and
based on a determination of whether the modified data packet was blocked by the network tool,
generating, by the network appliance, an indication of health of the network tool that is indicative of whether the network tool is operating properly.

US Pat. No. 10,341,367

SYSTEM AND METHOD FOR INQUIRING IOC INFORMATION BY P2P PROTOCOL

Saint Security Inc., Seo...

1. A method of inquiring and storing Indicator of Compromise (IoC) information by at least first user terminal among a plurality of user terminals in an environment including the plurality of user terminals, each of the plurality of user terminals having at least an event processing module, an IoC inquiry agent module, an encryption socket communication module, and a P2P socket communication module; and the environment further including an IoC information providing server, the method comprising:a first step of determining by the event processing module of the first user terminal a target IoC information to be identified when an event occurs based on the event;
a second step of requesting by the IoC inquiry agent module of the first user terminal that the encryption socket communication module and the P2P socket communication module of the first user terminal request the target IoC information;
a third step of requesting by the encription socket communication module of the first user terminal first a IoC information corresponding to the target IoC information from the IoC information providing server;
a fourth step of requesting by the P2P socket communication module of the first user terminal a second IoC information corresponding to the target IoC information from the P2P socket communication module of one or more of the plurality of user terminals other than the first user terminal;
a fifth step of storing by the first user terminal only one of the first IoC information or the second IoC information that is received first from either the IoC information providing server or the P2P socket communication module of one or more of the plurality of user terminal other than the first user terminal, and
a sixth step of a user accessing the first user terminal and responding to the event based on the first IoC information or the second IoC information stored on the first user terminal.

US Pat. No. 10,341,366

MANAGING SECURITY BREACHES IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A method of managing security breaches in a networked computing environment, comprising:detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment comprises both a decoy system and the production system;
receiving, by the at least one computer device, a communication after the detecting the breach;
determining, by the at least one computer device, whether the communication is associated with a valid user or a malicious user; and
in response to determining that the communication is associated with the valid user, routing the valid user to an element of the production system, and in response to determining that the communication is associated with the malicious user, routing the malicious user to a corresponding element of the decoy system,
wherein:
the decoy system is separate from the production system and comprises elements corresponding to elements of the production system;
the networked computing environment comprises layers, and further comprising determining one of the layers at which the breach occurred; and
the routing comprises permitting the malicious user to access at least one element of the production system in one or more first layers up to and including the determined one of the layers.

US Pat. No. 10,341,365

METHODS AND SYSTEM FOR HIDING TRANSITION EVENTS FOR MALWARE DETECTION

FireEye, Inc., Milpitas,...

1. A non-transitory storage medium having stored thereon logic, the logic being executable by one or more processors to perform operations including:processing of an object within a virtual machine;
intercepting an attempted execution of an instruction by the object, the instruction located on a page in memory associated with the virtual machine;
responsive to determining the page includes instructions corresponding to one of a set of function calls, (i) inserting a first transition event into the memory associated with the virtual machine at a location of a first instruction of the instructions corresponding to a function call of the set of function calls wherein the location is on the page in the memory, and (ii) setting a permission of the page to be execute only; and
responsive to further processing within the virtual machine causing an attempt to read from or write to the page including the first transition event, (i) halting at least a portion of the processing within the virtual machine, (ii) performing an analysis of at least one last branch record (LBR) of a virtual central processing unit (CPU) of the virtual machine, and (iii) based on the analysis of the at least one LBR, determining whether the processing displays characteristics of a return-oriented programming (ROP) attack.

US Pat. No. 10,341,364

SYSTEMS AND METHODS FOR MONITORING AND MITIGATING NETWORK ATTACKS

Corero Networks Security,...

1. A method for facilitating protection of a network system, the method comprising performing by at least one processor the steps of:in a first module receiving packets, for a signature, during a first observation window:
(a) computing a plurality of indices using a plurality of hash functions and the signature;
(b) for each non-colliding index from the plurality of indices, updating a respective signature rate, representing a frequency of occurrence of the signature in the first module during the first observation window;
(c) designating a maximum of the signature rates that correspond to the non-colliding indices and that are updated during the first observation window as a first local maximum signature rate for the first module for the first observation window; and
(d) setting a signature rate for the signature at a colliding index using the first local maximum signature rate for the first module for the first observation window.

US Pat. No. 10,341,363

DYNAMICALLY REMOTE TUNING OF A MALWARE CONTENT DETECTION SYSTEM

FireEye, Inc., Milpitas,...

1. An apparatus comprising:a processor; and
a memory communicatively coupled to the processor, the memory has stored thereon a first detection logic including software that is configurable to enable, disable or modify analysis capabilities of the first detection logic, wherein the first detection logic, when executed by the processor, conducts a first analysis of a received object to determine if the received object is associated with a malicious attack,
wherein the first detection logic receives a configuration file, the configuration file being automatically generated by a parameter generation logic including second software to automatically generate the configuration file based on a result of the first analysis,
wherein the capabilities of the first detection logic are altered based on the configuration file, the first detection logic, after alteration of the capabilities, performs a second analysis on the received object or a second received object, the second analysis being different than the first analysis and configured to detect characteristics or behaviors associated with the malicious attack that are used to classify the received object or the second received object as malware, wherein the configuration file modifies a weighting of at least one of a first analysis score being at least part as the result of the first analysis or a second analysis score being at least part of a result of the second analysis as used in classifying the received object or the second received object as malware.

US Pat. No. 10,341,362

APPARATUS AND METHOD FOR DETECTING A CLONED BASE STATION

Continental Automotive Sy...

1. A method, performed by a wireless mobile communications device, of detecting the presence of a cloned base station, the method comprising:determining whether a Neighbor Cell List, which lists channels of base stations of neighboring cells, has been received from the current serving cell at the wireless mobile communication device;
when it is determined that the Neighbor Cell List has not been received from the current serving cell at the wireless mobile communication device, sending from the wireless mobile communication device a warning to a user of the wireless mobile communications device that the base station for the current serving cell is a base-station clone;
when it is determined that the Neighbor Cell List has been received from the current serving cell at the wireless mobile communication device, sensing, by the wireless mobile communication device, respective power levels of each of the channels listed in the Neighbor Cell List;
determining whether at least a predetermined number of neighboring cells listed in the Neighbor Cell List have a power level of zero;
when it is determined that (1) the Neighbor Cell List has been received from the current serving cell at the wireless mobile communication device, and (2) at least the predetermined number of neighboring cells listed in the Neighbor Cell List have a power level of zero, sensing, by the wireless mobile communication device, a power level of the current serving cell;
determining whether the power level of the current serving cell is greater than a current-serving-cell threshold power level; and
when it is determined that (1) the Neighbor Cell List has been received from the current serving cell at the wireless mobile communication device, (2) at least the predetermined number of neighboring cells listed in the Neighbor Cell List have a power level of zero, and (3) the power level of the current serving cell is greater than a current-serving-cell threshold power level, sending from the wireless mobile communication device a warning to a user of the wireless mobile communication device that the base station for the current serving cell is a base-station clone.

US Pat. No. 10,341,361

TRANSMITTING SECURE INFORMATION

Hewlett Packard Enterpris...

1. A method comprising:establishing, by a boot environment, a secure connection on a special port, wherein an authentication key for the secure connection is preloaded into the boot environment;
verifying, by the admin node, that the new node is marked for installation;
in response to the verification that the new node is marked for installation:
transmitting, by the admin node, a secure key to the new node over the secure connection;
requesting, by the boot environment, a secure bundle from the admin node, the secure bundle corresponding to the new node;
decrypting, by the boot environment, the secure bundle using the secure key; and
requesting, by the boot environment, an installation image for the new node, wherein the secure bundle contains secure information that is not included in the installation image.

US Pat. No. 10,341,360

METHOD AND APPARATUS FOR USER AND ENTITY ACCESS MANAGEMENT FOR CODE SIGNING ONE OR MORE OF A PLURALITY OF DEVICES

ARRIS Enterprises LLC, S...

1. A method of managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, the method comprising:defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order:
an application platform entity that produces the plurality of devices, having a sole owner;
at least one project entity for each application platform entity, the project entity comprising the device family;
at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and
at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity;
managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising:
an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing:
sole eligibility to authorize access the application platform entity;
eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; and
eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
at least one participant account of the application platform entity or the at least one project entity, providing:
eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity,
wherein managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises:
creating the owner account associated with the application platform entity for the sole owner of the application platform entity, and
wherein creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises:
assigning the at least one manager of the at least one model entity hierarchically below the application platform entity;
assigning another manager of another model entity hierarchically below the platform entity;
the method further comprises:
creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity;
creating another participant account, wherein the another participant account is associated with another project entity;
authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity;
authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity;
wherein:
the sole owner of the owner account is a first business organization;
the at least one participant account is associated with a second business organization independent from the first business organization;
the another participant account is associated with a third business organization independent from the first business organization and the second business organization.

US Pat. No. 10,341,359

MULTI-USER SECRET DECAY

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network;
receiving, at the first device, a communication from the second device comprising a second version of the secret information;
detecting an allowable change in a count from at least one of independent counters of the first device and the second device;
determining, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information;
generating, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first version of secret information; and
storing, at the first device, the third version of the secret information.

US Pat. No. 10,341,358

AUTHENTICATION OF MANUAL METER READINGS

ITRON NETWORKED SOLUTIONS...

1. A method for authenticating a meter reading, comprising:obtaining a measurement from a sensor of a metering device, wherein the measurement represents an attribute of a user as measured by the sensor;
applying, by a computer processor of the metering device, a predetermined encoding algorithm to the measurement to generate an authentication code comprising a first subset values and a second subset of values by applying a first encoding scheme to generate the first subset of values and a second encoding scheme to generate the second subset of values, wherein the second encoding scheme is different from the first encoding scheme;
generating, by the computer processor of the metering device, the meter reading by combining the measurement with the authentication code;
presenting, by the metering device, the meter reading to the user;
receiving, at a meter reading analysis device, a reported meter reading from a user, wherein the reported meter reading comprises a different value than the meter reading presented to the user;
applying, by the meter reading analysis device, a pre-determined decoding algorithm associated with the pre-determined encoding algorithm to the reported meter reading to detect that the reported meter reading does not equal the meter reading; and
generating, by the meter reading analysis device and in response to the detecting, a dispatch request to dispatch a human inspector for validating the measurement.

US Pat. No. 10,341,357

SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION

iboss, Inc., San Diego, ...

1. A method performed by data processing apparatus, the method comprising:receiving, from a device within a network, a domain name service (DNS) request for an address of a first resource outside the network;
determining that the first resource is associated with a security policy of the network that specifies decrypting encrypted traffic between the device within the network and the first resource;
responsive to the determination that the first resource is associated with a security policy of the network that specifies decrypting encrypted traffic between the device within the network and the first resource, returning, to the device within the network in response the DNS request, a DNS response comprising an address of a gateway within the network, the gateway address having previously been associated with the first resource address;
establishing a first encrypted connection between the device and the gateway, and a second encrypted connection between the gateway and the first resource, to facilitate encrypted communication traffic between the device and the first resource;
decrypting, by the gateway, all of the encrypted communication traffic passing between the device and the first resource such that all of the encrypted communication traffic passing between the device and the first resource is available to the gateway for inspection; and
inspecting at least some of the encrypted communication traffic passing between the device and the first resource;
receiving, from a second device within the network, a second domain name service (DNS) request for an address of a second resource outside the network;
determining that the second resource is not associated with a security policy of the network that specifies decrypting encrypted traffic between the second device with the network and the second resource;
responsive to the determination that the second resource is not associated with a security policy of the network that specifies decrypting encrypted traffic between the second device and the second resource, sending, to the DNS, the second DNS request;
receiving, from the DNS, a DNS response;
returning, to the second device within the network and in response to receiving the second DNS request, the second DNS request; and
establishing a third encrypted connection between the second device and the second resource, to facilitate encrypted communication traffic between the second device and the second resource.

US Pat. No. 10,341,356

METHOD AND APPARATUS FOR PROVIDING AN ADAPTABLE SECURITY LEVEL IN AN ELECTRONIC COMMUNICATION

Certicom Corp., Mississa...

1. A method for providing security in an electronic communication system, comprising:preparing, by a communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;
for each individual frame:
determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;
based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and
encrypting the data according to the security level for the frame; and
transmitting the plurality of frames to a recipient device.

US Pat. No. 10,341,355

CONFIDENTIAL MALICIOUS BEHAVIOR ANALYSIS FOR VIRTUAL COMPUTING RESOURCES

Amazon Technologies, Inc....

1. A system, comprising:a plurality of computing nodes implemented by one or more hardware processors that host one or more virtual compute instances as part of a multi-tenant provider network for computing resources, wherein the virtual compute instances mount one or more block-based storage volumes, wherein access to data stored in the block-based storage volumes is restricted according to an access policy;
a network traffic metering service implemented by one or more hardware processors for the provider network configured to collect a stream of raw metering data for individual network communications sent to and from the virtual compute instances hosted at the plurality of computing nodes;
a network traffic monitoring service implemented by one or more hardware processors, configured to:
evaluate the stream of raw metering data for possible malicious behavior; and
identify, based at least in part on the evaluation of the raw metering data, different ones of the respective virtual compute instances for storage volume analysis in regard to possible malicious behavior; and
a confidential volume analysis service implemented by one or more hardware processors, configured to:
subsequent to identification of the different ones of the respective virtual compute instances for storage volume analysis, receive a request from a client to analyze one of the identified virtual compute instances, wherein the client is restricted from accessing the data stored in the one or more block-based storage volumes mounted to the one of the identified virtual compute instances according to the access policy;
in response to the receipt of the request:
perform a confidential analysis of the data stored in one or more of the block-based storage volumes mounted to the one of the identified virtual compute instances according to one or more tests for malicious software, wherein results generated for the one or more tests of the confidential analysis satisfy the access policy for the one or more block-based storage volumes; and
send the one or more results of the confidential analysis to the client.

US Pat. No. 10,341,354

DISTRIBUTED HIGH AVAILABILITY AGENT ARCHITECTURE

Oracle International Corp...

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide an Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS), the providing comprising:establishing a connection to an AD, coupled to a first network, the AD including a plurality of organizational units (OUs), a plurality of groups and a plurality of users, each group being a member of an OU, and each user being a member of an OU and a group;
establishing a connection to an IDCS, coupled to a second network, the IDCS including a System for Cross-domain Identity Management (SCIM) directory having a plurality of user resource entries and a plurality of group resource entries;
displaying the plurality of OUs in a graphical user interface (GUI), each OU being selectable by a user;
receiving a selection of one or more OUs;
displaying each member group of the selected OUs in the GUI, each group being selectable by the user;
receiving a selection of one or more member groups of the selected OUs;
monitoring the users of the selected OUs to identify users that have been added, modified or deleted;
monitoring the selected member groups of the selected OUs to identify groups that have been added, modified or deleted;
synchronizing the identified users to the SCIM directory; and
synchronizing the identified groups to the SCIM directory.

US Pat. No. 10,341,353

SYSTEM AND METHOD FOR ISSUING, AUTHENTICATING, STORING, RETRIEVING, AND VERIFYING DOCUMENTS

Wymsical, Inc., Greenwic...

1. A computer-implemented method for authentication, validation, storage, and third party verification of a user's documents, the computer-implemented method comprising:authenticating, by a first computer, a user, wherein authentication requires the user to register with a document service using a computer network, and to provide to the document service personal information of the user, in exchange for which the user receives an unauthenticated code, which the user then presents in person with a photo identification to an ID station associated with the document service which uploads, by the first computer or a second computer, the unauthenticated code and photo identification at the document service and associates them with the user's personal information, the document service then generating a computerized validation code and sending, by the computer network, the validation code to the user for presentation to the ID station, whereby presentation of the validation code to the ID station causes the document service to generate an authenticated user code, the authenticated user code then being sent to the user;
associating a document with the authenticated user code;
transferring, by a third computer, a digital document associated with the authenticated user code from a document source to an electronic vault for the user when requested by the user, wherein the digital document comprises a digital version of the document associated with the authenticated user code;
verifying, by the second computer, the document by receipt of the authenticated user code with the document source, or by independent data;
encrypting and securely storing the digital document so that control of sending or viewing the digital document remains with the user;
storing metadata and encryption data associated with the document at the document service;
having the document service verify the authentication of the digital document in response to a request by a third party and confirm that the digital document is valid, by the user sending, by the network, the authenticated user code to the document service, the document service sending a computerized hyperlink to the third party, and upon the third party clicking on the computerized hyperlink permission is requested from the user for the document service to allow the digital document or metadata for the document to be viewed by the third party, and upon receiving, by the network, permission from the owner, the digital document or metadata is viewable by the third party.

US Pat. No. 10,341,351

DIFFERENTIATED CONTAINERIZATION AND EXECUTION OF WEB CONTENT BASED ON TRUST LEVEL AND OTHER ATTRIBUTES

Intel Corporation, Santa...

1. A computing system comprising:network circuitry;
a storage device including instructions; and
processor circuitry associated with a local execution environment, the processor circuitry to execute the instructions to:
store data of a first type in a first container associated with the local execution environment;
store data of a second type in a second container associated with the local execution environment, the second type different from the first type;
determine whether to provide content to a remote execution environment separate from the local execution environment based on whether the content is unverified; and
provide the content to the remote execution environment when the content is determined to be unverified.

US Pat. No. 10,341,349

SESSION SECURITY SPLITTING AND APPLICATION PROFILER

Cyemptive Technologies, I...

1. A computer implemented method to secure against unauthorized access to resources during application sessions, comprising:detecting a first application session established between a first client and a first application of a first host device, the first application associated with a first plurality of security time limits that divide security for the first application into a plurality of security tiers;
monitoring an active session duration of the first application session established between the first client and the first application;
executing one or more first security actions against the first application session responsive to the active session duration of the first application session reaching a security time limit of the first plurality of security time limits, wherein the one or more first security actions are specified in a first security tier of the plurality of security tiers, and wherein the one or more first security actions comprise one or more of Internet Protocol (IP) lookups, deep packet inspection, malformed packet detection, or enabling security sensors; and
executing one or more second security actions against the first application session responsive to the active session duration of the first application session reaching another security time limit of the first plurality of security time limits, wherein the one or more second security actions are specified in a second security tier of the plurality of security tiers, and wherein the one or more second security actions comprise one or more of IP lookups, deep packet inspection, malformed packet detection, or enabling security sensors.

US Pat. No. 10,341,348

ONBOARDING AND ACCOUNTING OF DEVICES INTO AN HPC FABRIC

Intel Corporation, Santa...

1. An article of manufacture that includes a storage device that includes information to cause an onboarding slave node to perform a method comprising:receiving a message that includes an address of a fabric switch master over an external network;
providing an identification message that provides an indication of a manufacturing source of an onboarding slave node, over the fabric switch network, to the fabric switch master;
receiving, the permission message, over the fabric switch network, from the fabric switch master;
receiving an accounting identifier over the fabric switch network, from the fabric switch master; and
sending the accounting identifier over the fabric switch network within a message to another node after onboarding is completed.

US Pat. No. 10,341,347

NON-RESPONSIVE NODE ACTIVITY AVOIDANCE IN A NETWORK STORAGE SYSTEM

Terdata US, Inc., Dayton...

1. A method of operating a data store system comprising:generating a registration key in response to identification of a non-responsive processing node in a plurality of processing nodes, wherein the identification of the non-responsive processing node is based on failure of the non-responsive processing node to properly respond to at least one of the other processing nodes in the plurality of processing nodes;
providing the registration key to the other processing nodes excluding the identified non-responsive node; and
providing the registration key to a plurality of storage cluster nodes in communication with the plurality of processing nodes over a network, wherein each storage cluster node is configured to manage access to a respective set of persistent storage devices, and wherein each processing node provided the registration key is authorized to access each of the persistent storage devices.

US Pat. No. 10,341,346

INFORMATION PROCESSING METHOD, INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. An information processing method executed by a computer, the processing method comprising:starting one or more network applications;
starting a security application that prevents accesses from the one or more network applications to one or more destinations, wherein the one or more destinations do not belong to a first network domain and do not have an address to which an access is allowed for the network application;
performing a detecting operation of one or more peripheral devices to be accessed by the one or more network applications;
comparing, based on the detecting operation, the detected one or more peripheral devices as a first group with one or more other peripheral devices which are detected in a previous detecting operation as a second group;
closing, when there are one or more peripheral devices which belong to only the second group, one or more second interfaces corresponding to the one or more peripheral devices which belong to only the second group; and
generating, when there are one or more peripheral devices which belong to only the first group, one or more first interfaces corresponding to the one or more peripheral devices which belong to only the first group, the one or more network applications being configured to access the one or more peripheral devices via the one or more first interfaces.

US Pat. No. 10,341,345

NETWORK BROWSER CONFIGURATION

Amazon Technologies, Inc....

1. A computer-implemented method for managing content comprising:receiving, at a trusted proxy server, a content request from a client computing device executing a programmatically configured browser application, wherein the trusted proxy server is configured to receive and respond to browser and proxy verification requests from an authenticating content server and wherein the content request corresponding to content served by the authenticating content server;
transmitting, by the trusted proxy server, a browser verification request to the client computing device;
receiving, by the trusted proxy server, information responsive to the browser verification request, the information responsive to the browser verification request including a verifiable representation of a browser application state associated with the programmatically configured browser application of the client computing device;
determining, by the trusted proxy server, based at least in part on the content request, a programmatic configuration of the programmatically configured browser application;
determining, by the trusted proxy server, based at least in part on a processing of the verifiable representation of the browser application state, that the programmatically configured browser application is operable to implement the programmatic configuration;
transmitting, by the trusted proxy server, the content request to the authenticating content server;
receiving, by the trusted proxy server, content responsive to the content request from the authenticating content server;
transmitting, by the trusted proxy server, data communications to the programmatically configured browsing application, the data communications causing an activation of the programmatic configuration; and
transmitting, by the trusted proxy server, the content responsive to the content request.

US Pat. No. 10,341,343

EFFICIENT AND SECURE CONNECTION OF DEVICES TO A NETWORK WITHOUT USER INTERFACES

INTERNATIONAL BUSINESS MA...

1. A method for connecting a device to a network, the method comprising:providing a device assigned with a device identifier and an asymmetric cryptographic key pair that includes a public key and a private key, wherein the device:
stores the private key on a memory thereof; and
is provided with information as to at least one of the assigned device identifier and the public key, said information detectable by a detector so as to be transmissible to a server for the server to identify the device identifier and the public key assigned to the device; and
wherein the method further comprises, at the device:
receiving, at the device, from the server a signal encrypted with the public key of the device, wherein the signal invites the device to connect to a network, said signal encoding both:
the device identifier as identified by the server based at least in part on information transmitted to the server; and
a network identifier of said network, the network identifier encrypted with the public key of the device as identified by the server based at least in part on information transmitted to the server;
decrypting, utilizing the private key of the device, the signal to obtain the network identifier of the network; and
based at least in part on the network identifier, initiating a network connection with said network.

US Pat. No. 10,341,342

CONFIGURATION DATA BASED FINGERPRINTING FOR ACCESS TO A RESOURCE

CARRIER CORPORATION, Far...

1. A method for providing access to a resource to a user system network, wherein the user system network includes a plurality of network devices, the method comprising:obtaining, by a system comprising one or more processors, configuration data that includes a device name, a device identifier, and a device address for each network device of the plurality of network devices of the user system network;
receiving, by the system, a request from the user system network for access to the resource;
generating, by the system, a single current fingerprint of the user system network by applying a hash function to a single combination, the single combination comprising all of the device names of the plurality of network devices, all of the device identifiers of the plurality of network devices, and all of the device addresses of the plurality of network devices;
comparing, by the system, the single current fingerprint of the user system network to a reference fingerprint of the user system network, wherein the reference fingerprint is associated with the resource;
determining, by the system, a degree of similarity between the single current fingerprint and the reference fingerprint;
granting, by the system, access to the resource to the user system network in response to the degree of similarity between the single current fingerprint and the reference fingerprint meeting or exceeding a predetermined similarity threshold; and
in a binding mode:
obtaining initial configuration data identifying the plurality of network devices installed at the user system network;
generating the reference fingerprint in response to the initial configuration data; and
binding the reference fingerprint to the resource.

US Pat. No. 10,341,341

RFID AUTHENTICATION ARCHITECTURE AND METHODS FOR RFID AUTHENTICATION

SMARTRAC TECHNOLOGY FLETC...

1. A method for mutual authentication in a radio frequency identification (RFID) system comprising an RFID reader and an RFID tag, the method comprising:receiving, at the RFID reader, an identifier from the RFID tag;
selecting a password based at least in part on the identifier;
selecting a first mathematical kernel having a first parameter set;
generating a first password key based on the first mathematical kernel;
encrypting the password as a first encrypted password based on the first password key; and
transmitting the first encrypted password to the RFID tag.

US Pat. No. 10,341,340

AUTHENTICATION SYSTEM FOR A MOBILE DATA TERMINAL

ASMAG-Holding GmbH, Grue...

1. An authentication system comprising:a data terminal with a data terminal device,
a communication network,
an authentication service, and
a point of sale, the point of sale comprising a remote station,
wherein the data terminal device comprises an image capturing device, an image preparing module, a wireless communication interface, and an interface for a body area network,
wherein the communication interface comprises a long-range interface and a close-range interface, the close-range interface being unidirectional,
wherein there is a first communication connection via the long-range interface of the communication network, between the communication interface of the data terminal device and the authentication service,
wherein an authentication request is triggered by the data terminal device on the point of sale via the close-range interface of the communication interface,
wherein a close-range data connection between the communication interface of the data terminal device and the corresponding remote station of the point of sale is produced via the close-range interface,
wherein the communication interface is configured to capture a unique identifier from the point of sale via the close-range data connection and is configured to transmit the unique identifier to the authentication service via the first communication connection of the communication network,
wherein the data terminal is in the form of a watch,
wherein the authentication service comprises a face detection and face recognition module, a 2D/3D image analysis module, and a database, the 2D/3D image analysis module being configured to receive at least one image, the at least one image being captured by the image capturing device and being transmitted from the data terminal to the authentication service via the first communication connection, the 2D/3D image analysis module being configured to recognize a real person as a 3D-object in the at least one image captured by the image capturing device and transmitted to the authentication service,
wherein the face detection and face recognition module is configured to perform image analysis on the at least one image,
wherein the face detection and face recognition module is configured to compare a result of the image analysis with user reference data saved in the database,
wherein the authentication service further comprises an authentication service interface,
wherein there is a second communication connection between the point of sale and the authentication service interface via the communication network, and
wherein the face detection and face recognition module is configured to transmit an authentication signal via the transmitted unique identifier directly to the point of sale via the second communication connection of the communication network.

US Pat. No. 10,341,339

TECHNIQUES FOR HEARABLE AUTHENTICATION

HARMAN INTERNATIONAL INDU...

1. An apparatus comprising:an earpiece;
a triggering device configured to generate an audio stimulus;
an electroencephalogram (EEG) sensor configured to measure an EEG signature of a user in response to the audio stimulus;
a wireless transceiver configured to communicate with a wireless access point of a wireless communication network, wherein the wireless communication network includes a device associated with a home network system of a home; and
a controller configured to establish authenticated access to the wireless communication network based on the EEG signature associated with the user;
wherein the device associated with the home network system is configured to, in response to the controller establishing authenticated access to the wireless communication network, perform one or more operations comprising at least one of deactivating a home security system of the home, powering one or more lights in the home on or off, and modifying at least one of a heating set point and a cooling set point in the home.

US Pat. No. 10,341,338

SMART CARD REDIRECTION

PARALLELS INTERNATIONAL G...

1. A method comprising:establishing, by a processing device of a server executing an application, a network connection to a client device having a smart card;
detecting a program call associated with an authentication of a user of the client device for accessing the application;
determining, based on the program call, whether the smart card is a remote smart card for the server;
responsive to determining that the smart card is the remote smart card, redirecting the program call to the client device via a communication channel of the network connection; and
authenticating, by the server using a local component, the user of the client device in view of data returned by the client device in response to the program call, the local component handling the remote smart card as local to the server.

US Pat. No. 10,341,337

SYSTEM AND METHOD FOR ISSUING OTP APPLICATION IN FACE-TO-FACE CONFIRMATION MANNER

SK PLANET CO., LTD., Seo...

1. A system for issuing an one time password (OTP) application in a face-to-face confirmation manner, the system comprising:at least one or more service provider devices configured to transmit OTP application issuance request information to an integrated service device, wherein the OTP application issuance request information includes recognition information on recognition of a terminal device tagged on a reader provided for each service provider or entering a previously set service area; and
the integrated service device configured to:
register secure storage medium identification information as medium identification information for OTP authentication; and
transmit an OTP installation guide to the terminal device when the recognition information is the secure storage medium identification information; and
transmit the OTP installation guide to the terminal device when the recognition information is terminal device identification information;
wherein the terminal device receiving the OTP installation guide is configured to determine whether the OTP application exists, and when the OTP application is determined not to exist, displays an OTP application installation guide and installs the OTP application according to selection of a user; and
wherein the service provider device is further configured to:
transmit an OTP serial number received from the service provider to the integrated service device;
wherein the service provider device includes an authentication request unit configured to, when the OTP application issuance request information is inputted, perform confirmation of a real name of a customer, request an authentication number from the integrated service device to confirm the terminal device identification information of the corresponding customer is normal, and receive the authentication number from the customer and verify the authentication number; and
wherein the integrated service device is further configured to receive and register the OTP serial number as medium identification information for OTP authentication.

US Pat. No. 10,341,336

ELECTRONIC DEVICE AND METHOD FOR GENERATING RANDOM AND UNIQUE CODE

INNOAUS KOREA INC., Seou...

1. A method comprising:obtaining, by a processor of a first electronic device, a first seed for generating a one-time password (OTP), a character set and a first unique code assigned to a first user, wherein the first unique code is generated by a server;
generating, by the processor, a first OTP using the first seed;
generating, by the processor, a numerical code that corresponds to the first unique code by forward-mapping characters in the first unique code to the character set;
summating, by the processor, the numerical code with the first OTP to obtain a summation result;
backward-mapping, by the processor, the summation result to the character set to obtain characters among the character set, each index thereof corresponding to each numeral value of the summation result;
generating, by the processor, a first sub code that corresponds to the backward-mapped summation result;
backward-mapping, by the processor, the first OTP to the character set to obtain characters among the character set, each index thereof corresponding to each numeral value of the first OTP;
generating, by the processor, a second sub code that corresponds to the backward-mapped first OTP; and
generating, by the processor, a first code using the first sub code and the second sub code, wherein the second sub code is different from the first code,
wherein a second electronic device is configured to perform authentication of the first electronic device based on a comparison between the first code generated by the first electronic device and a second code generated by the second electronic device.

US Pat. No. 10,341,335

LOCATION DETERMINATION FOR USER AUTHENTICATION

A10 Networks, Inc., San ...

1. A system for authentication of a client device, the system comprising:a processor, wherein the processor is a hardware processor configured to:
receive an authentication request from the client device;
establish a current geographical location of the client device;
establish a trusted tolerance geographical area associated with the client device, the trusted tolerance geographical area being circumscribed by a plurality of points, the plurality of points being at varying respective distances from the client device;
determine whether the current geographical location of the client device is within the trusted tolerance geographical area; and
authenticate the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area; and
a database configured to store at least data associated with the client device.

US Pat. No. 10,341,334

WEB BASED SYSTEM THAT ALLOWS USERS TO LOG INTO WEBSITES WITHOUT ENTERING USERNAME AND PASSWORD INFORMATION

Google LLC, Mountain Vie...

1. A computer-implemented method comprising:obtaining, by a client device and from user input, master credentials for a master account of a user, where website credentials for the user for multiple different websites are stored on a server in association with the master account and the master credentials controls access to the master account;
determining, by the client device, that the master credentials are valid;
obtaining, by the client device and from additional user input, particular website credentials for a particular website;
encrypting the particular website credentials with the master credentials;
providing the particular website credentials encrypted with the master credentials to the server;
removing the particular website credentials from the client device;
after providing the particular website credentials encrypted with the master credentials to the server, obtaining, by the client device, a request to access the particular website for which particular website credentials for the user are stored by the server;
in response to obtaining the request to access the particular website for which particular website credentials for the user are stored by the server and determining, by the client device, that the master credentials are valid, obtaining, with the master credentials by the client device and from the server, the particular website credentials for the user for the particular website in an encrypted form;
decrypting, by the client device, the particular website credentials for the user for the particular website with the master credentials; and
accessing, by the client device, the particular website using the particular website credentials.

US Pat. No. 10,341,333

SYSTEMS AND METHODS FOR GENERATING MULTI-DIMENSIONAL PASSWORD AND AUTHENTICATING THEREOF

Tata Consultancy Services...

1. A processor implemented method comprising:(a) processing, a selection by a user, a virtual reality (VR) environment from one or more virtual reality (VR) environments pre-stored in a database, by one or more hardware processors;
(b) presenting, by the one or more hardware processors, a graphical user interface comprising the selected VR environment on a display and dynamically rendering one or more interactive objects, wherein the one or more interactive objects are identified and positioned in the selected VR environments based on a type of the selected VR environment;
(c) tracking, by the one or more hardware processors, a first set of activities comprising (i) behavior of the user, (ii) interaction of the user with at least a subset of the one or more interactive objects, and (iii) one or more changes made to the one or more interactive objects in the selected VR environment, wherein the behavior comprises one or more of positions of the user, head rotation, time spent on a particular position, and one or more corresponding GPS coordinates, and wherein the one or more changes comprises at least one of (a) position, (b) shape, (c) color, and (d) rotation of the one or more interactive objects;
(d) generating, by the one or more hardware processors, a multi-dimensional password based on the first set of tracked activities; and
(e) communicating, by the one or more hardware processors, the multi-dimensional password and multi-media content including details of the multi-dimensional password to the user, and obtaining a confirmation from the user and storing the multi-dimensional password and the multi-media content with the first set of tracked activities in the database;
(f) processing, by the one or more hardware processors, a request for login by the user;
(g) automatically presenting, by the one or more hardware processors, the selected VR environment and rendering a set of interactive objects on a display to the user based on the request, wherein the set of interactive objects comprises at least a subset of interactive objects that are previously interacted by the user when the multi-dimensional password was generated;
(h) tracking, by the one or more hardware processors, a second set of activities comprising (i) behavior of the user, (ii) interaction of the user with the set of interactive objects, and (iii) one or more changes made to the set of interactive objects in the virtual reality (VR) environment, wherein the behavior comprises one or more of positions of the user, head rotation, time spent on a particular position, and one or more corresponding GPS coordinates, and wherein the one or more changes comprises at least one of (a) position, (b) shape, (c) color, and (d) rotation of one or more interactive objects;
(i) performing, by the one or more hardware processors, a first comparison of (i) the second set of tracked activities and (ii) the first set of tracked activities that are previously stored in the database; and
(j) authenticating, by the one or more hardware processors, the user based on the first comparison;
wherein when the first comparison of (i) the first set of tracked activities and (ii) the second set of tracked activities results in a mismatch, the method comprises:
determining, by the one or more hardware processors, number of attempts made by the user to perform the second set of activities; and
enabling, by the one or more hardware processors, based on the number of attempts, resetting of the multi-dimensional password by the user, wherein the step of resetting of the multi-dimensional password by the user comprises:
presenting, by the one or more hardware processors, an option to generate a one-time multi-dimensional image;
generating, by the one or more hardware processors, the one-time multi-dimensional image upon obtaining a confirmation from the user based on the option, wherein the one-time multi-dimensional image comprises at least a portion of sequence of the one or more interactive objects that are previously interacted by the user when the multi-dimensional password was generated;
tracking, by the one or more hardware processors, a third set of activities comprising at least one of (i) behavior of the user, (ii) interaction of the user with at least a subset of one or more interactive objects, and wherein the behavior comprises one or more of positions of the user, head rotation, time spent on a particular position, and one or more corresponding GPS coordinates; and
performing, by the one or more hardware processors, a second comparison of (i) the third set of tracked activities and (ii) the first set of tracked activities and performing, based on the second comparison, at least one of (i) the steps of (a) to (e), or (ii) the steps of (f) to (j).

US Pat. No. 10,341,332

SYSTEM AND METHOD FOR PROVIDING PERSISTENT USER IDENTIFICATION

International Business Ma...

1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for providing persistent user identification, the method comprising:validating, by an authentication server, a credential of a user agent through a communication channel;
sending, from the authentication server to the user agent, a security token;
generating, by the user agent, a keystream from the security token received from the authentication server;
generating, by the user agent, a plurality of security tags, wherein each security tag is a portion of the generated keystream in sequence;
tagging, by the user agent, each of one or more packets of information with one of the plurality of security tags;
pre-requesting, by an authenticator in a network protection system, the security token from the authentication server;
receiving, by the authenticator, one or more tagged packets forwarded by the user agent;
recreating, by the authenticator, one or more comparison security tags based on the keystream generated from the security token;
comparing, by the authenticator, each security tag of the tagged packets against each of the corresponding recreated comparison security tags; and
if each security tag of the tagged packets matches each recreated comparison security tag, forwarding, by the authenticator, the packet to a network destination.

US Pat. No. 10,341,331

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND FIRMWARE PROGRAM

BUFFALO INC., Nagoya-shi...

1. An information processing system, comprising:a first device, the first device being a USB host device; and
a second device, the second device being a USB device, wherein
the first device includes first circuitry configured to:
transmit a predetermined authentication command, including an instruction for issuing authentication information, to the second device, the predetermined authentication command being a command of a small computer system interface (SCSI) format that is unique to a vendor of the SCSI,
receive a response to the predetermined authentication command from the second device, and
determine whether firmware of the second device is falsified based on whether the response received from the second device is a predetermined response and output a determination result, the predetermined authentication command including encoded authentication information,
the second device includes second circuitry configured to:
retain firmware and perform processing based on the firmware,
receive a command from the first device,
determine whether the received command is the predetermined authentication command as a processing of the firmware and, in response to determining that the received command is the predetermined authentication command,
transmit the predetermined response to the first device as the processing of the firmware, and
transmit decoded authentication information, obtained by decoding the encoded authentication information, to the first device, as the processing of the firmware, wherein
in response to receiving the decoded authentication information from the second device, the first circuitry determines whether the firmware of the second device is falsified based on the received decoded authentication information and outputs the determination result.

US Pat. No. 10,341,330

2FA AUTHENTICATION WITH QR ON HMD

1. A method for displaying confidential information, having the following steps:supplying authentication information to a user by mail;
reading in the authentication information with a recording unit of a display device arranged on a head or a recording unit of a mobile radio device;
transmitting identification information associated with the display device arranged on the head or the mobile radio device and the read-in authentication information to a service facility via an over-the-air interface, with the identification information and the read-in authentication information being known to the service facility before the authentication information is supplied;
transmitting the confidential information to the display device arranged on the head or to the mobile radio device via the over-the-air interface if the identification information and the authentication information match the identification information stored at the service facility and the authentication information, and
displaying the confidential information on the display device arranged on the head or on the mobile radio device;wherein the identification information is information negotiated with the service facility and a mobile telephone number associated with the display device, in particular a Mobile Station International Directory Number (MSISDN); andwherein the confidential information is an access password, and/or a cash-card secret code, a debit-card secret code and/or a credit-card secret code.

US Pat. No. 10,341,329

METHOD FOR GENERATING A PUBLIC/PRIVATE KEY PAIR AND PUBLIC KEY CERTIFICATE FOR AN INTERNET OF THINGS DEVICE

NXP B.V., Eindhoven (NL)...

1. A method comprising:providing an integrated circuit (IC) with an IC specific initial public and private key pair and a public key certificate signed by a manufacturer of the IC, to a customer of the IC manufacturer; and
providing a smartcard to the customer, the smartcard having stored thereon customer unique configuration data related to the IC;
wherein the smartcard enables the customer to generate a customization value and a customized public key for an Internet of Things (IoT) device using the customer unique configuration data, and wherein in response to the customer receiving the public key certificate signed by the IC manufacturer from the IC, the customer is enabled to provide the customization value, the customized public key, and a public key certificate signed by the customer to the IC, and wherein the IC is enabled to generate a customized private key for the IoT device.

US Pat. No. 10,341,328

SECURE ON-LINE SIGN-UP AND PROVISIONING FOR WI-FI HOTSPOTS USING A DEVICE-MANAGEMENT PROTOCOL

Intel Corporation, Santa...

1. A device including one or more processors, the one or more processors including circuitry, the circuitry having logic to:associate with a Wi-Fi Alliance Hotspot 2.0 (HS2.0)-enabled Wi-Fi network; establish a transport-layer security (TLS) session with a sign-up server;
send a first OMA-DM package 3 message over a wireless link of the TLS session, the first OMA-DM package 3 message including a generic alert;
send a second OMA-DM package 3 message over the wireless link of the TLS session subsequent to successful certificate enrollment; and
receive a first OMA-DM package 4 message in response to the second OMA-DM package 3 message, the first OMA-DM package 4 message to comprise a command to add a subscription management object (MO) to an OMA-DM tree of the device, the OMA-DM tree having a hierarchical structure comprised of at least a root and nodes, and wherein the OMA-DM tree comprises a fully-qualified domain name (FQDN) for at least one service provider, and a subscription MO for the at least one service provider.

US Pat. No. 10,341,327

ENABLING SECURE CONNECTIONS BY MANAGING SIGNER CERTIFICATES

Bank of America Corporati...

1. A system for managing security certificates, the system comprising:a memory device;
a network communication interface; and
a processing device operatively coupled to the memory device and the network communication interface, wherein the processing device is configured to execute computer-readable program code to:
collect data;
in response to the collection, authenticate to a server comprising a keystore comprising a plurality of certificates and having a server configuration;
in response to the authentication, determine keystore characteristics from the server configuration;
using the determined keystore characteristics, verify certificate details;
based on the verified certificate details, determine that at least one certificate in the keystore has expired;
in response to the determining that the at least one certificate in the keystore has expired, remove the at least one expired certificate from the keystore of the server;
receive at least one serial number identifying each of the at least one expired certificate;
search for other remote servers storing copies of the at least one expired certificate based on the received at least one serial number;
based on the search, determine other remote servers storing copies of the at least one expired certificate;
select one or more of the determined servers storing copies of the at least one expired certificate; and
remove the at least one expired certificate from the selected one or more servers.

US Pat. No. 10,341,326

NETWORK SECURITY FOR ENCRYPTED CHANNEL BASED ON REPUTATION

Trend Micro Incorporated,...

1. A network security device comprising a processor and a machine-readable storage medium, the machine-readable storage medium storing instructions that when executed by the processor cause the network security device to:monitor an initial communication between two endpoint devices over a computer network;
recognize and parse the initial communication used to establish an encrypted channel between the two endpoint devices;
validate a certificate chain between the two endpoint devices;
determine a reputation for each of a plurality of certificates in the certificate chain;
determine a certificate reputation for the certificate chain, the certificate reputation being determined from and representative of reputations of the plurality of certificates; and
perform a security action to allow or block a communication via the encrypted channel based on the certificate reputation.

US Pat. No. 10,341,325

SYSTEM AND METHOD FOR TRANSFERRING DEVICE IDENTIFYING INFORMATION

VMWARE, INC., Palo Alto,...

1. A system for assessing compliance of a client device while authenticating a user account comprising:a data store comprising executable instructions; and
at least one computing device comprising at least one processor, wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least:
transmit, to the client device, instructions for certificate verification, the instructions comprising a command to transmit a certificate to a key distribution center, the certificate comprising a unique device identifier for the client device, wherein the unique device identifier is assigned by a management service during an enrollment of the client device;
receive, from the client device, a ticket obtained from the key distribution center, wherein the unique device identifier is embedded in the ticket by the key distribution center based on verification that the certificate is valid;
extract the unique device identifier from the ticket;
determine that credentials received from the client device authenticate against the user account;
transmit, to the management service, a request to verify compliance of the client device with at least one compliance rule, wherein the request comprises the unique device identifier; and
authenticate the user account for access through the client device.

US Pat. No. 10,341,324

SPONSORED TRUST RELATIONSHIP MANAGEMENT BETWEEN MULTIPLE RACKS

International Business Ma...

1. A computer-implemented method comprising:sending a request by a new management node associated with a new rack to a first management node associated with a first rack;
wherein the request includes a public key of the new management node;
wherein the first management node is associated with a plurality of autonomous management nodes such that a respective mutual trust relationship exists between at least a portion of management nodes of the plurality of autonomous management nodes;
receiving, by the new management node and from the first management node, a new access token and a set of respective public keys corresponding to a set of respective management nodes of the plurality of autonomous management nodes;
wherein the new management node issues a first access token to the first management node, and the new management node and the first management node establish a mutual trust relationship based on the first access token and the new access token;
sending, by the new management node and to another respective management node of the set of respective management nodes, the public key of the new management node and the new access token;
establishing, based on the sending, a respective mutual trust relationship between the new management node and the other respective management node receiving the public key of the new management node and the new access token;
receiving, by the new management node and in response to establishing a mutual trust relationship with the other respective management node, a request and a public key associated with a second new management node, wherein the second new management node is associated with a second new rack;
sending, in response to the receiving, a second new access token to the second new management node and a second set of public keys associated with a second set of management nodes of the plurality of autonomous management nodes to the second new management node; and
establishing a mutual trust relationship between the new management node and the second new management node based on the second new access token and a third access token issued by the second new management node to the new management node.

US Pat. No. 10,341,322

ON DEMAND MULTIFACTOR AUTHENTICATION

GO DADDY OPERATING COMPAN...

1. A method for protecting a first domain name registered to a user from an unauthorized first protected activity, comprising the steps of:receiving over a computer network by a domain name registrar from a client device operated by a user a selection of the first domain name registered to the user requiring a successful first multifactor authentication prior to performing a first protected activity;
receiving by the domain name registrar from the client device a selection of the first protected activity, wherein the first protected activity is selected from a group consisting of removing a first domain name from a current account, changing a domain name system record for the first domain name, editing a website pointed to by the first domain name and changing access to an email account based on the first domain name;
receiving by the domain name registrar from the client device a selection of a first plurality of authenticatees;
receiving by the domain name registrar from the client device a first minimum number of authenticatees in the first plurality of authenticatees that must be authenticated for a successful first multifactor authentication, wherein the first minimum number of authenticatees that must be authenticated for the successful first multifactor authentication is less than a number of the first plurality of authenticatees;
receiving by the domain name registrar for each selected authenticatee two authentication methods corresponding to two different members of the group consisting of what you know based authentication, what you are based authentication and what you have based authentication and two different correct responses corresponding to the two authentication methods;
receiving by the domain name registrar from the client device a contact method for each selected authenticatee in the plurality of authenticatees; and
upon receiving two correct responses from at least the first minimum number of authenticatees that must be authenticated for the successful first multifactor authentication, performing the first protected activity on the first domain name registered to the user.

US Pat. No. 10,341,321

SYSTEM AND METHOD FOR POLICY BASED ADAPTIVE APPLICATION CAPABILITY MANAGEMENT AND DEVICE ATTESTATION

MOCANA CORPORATION, Sunn...

1. A method of providing policy based adaptive application capability management during application programming interface invocations by an application executing on a device, the method comprising:sending, by a remote policy management service, the device policy to a local attestation agent on the device;
registering a security descriptor with the trusted services platform module, wherein the security descriptor includes at least authentication and authorization attributes;
negotiating protocol-based capabilities with a remote service to establish a session for secure communications;
sending an operation request through an application programming interface (“API”) to the trusted services platform module;
querying the interface access management module for action directives;
processing, by the interface handler, the received action directives to issue a function request to a security module to execute a trusted function in a trusted execution environment;
generating an operation response to the application, wherein the operation response indicates a denial or completion of the operation request; and
processing the operation response to determine whether to generate an alternative operation request.

US Pat. No. 10,341,320

BYOD CREDENTIAL MANAGEMENT

Aerohive Networks, Inc., ...

1. A method comprising:providing an identity platform system configured to authenticate a company-assigned device for accessing a first network using a first unique pre-shared key associated with the company-assigned device, a first media access control (MAC) address of the company-assigned device being bound to the first unique pre-shared key to associate the first unique pre-shared key with the company-assigned device, the first network comprising an enterprise network, the company-assigned device being assigned to a user by the company and being owned by the company;
providing a personal bring your own device (BYOD) credential management system configured to authenticate a personal BYOD for accessing a second network using a second unique pre-shared key associated with the personal BYOD, a second MAC address of the personal BYOD being bound to the second unique pre-shared key to associate the second unique pre-shared key with the personal BYOD, the second network comprising a guest network, the personal BYOD being owned by the user;
providing a network administrator interface configured to provide access to the identity platform system for a network administrator;
including a personal BYOD credential management system application program interface (API) as part of the identity platform system and configured to provide the identity platform system access to the personal BYOD credential management system as if the personal BYOD credential management system is embedded in the identity platform system;
allowing the network administrator to access the identity platform system through the network administrator interface and manage the personal BYOD credential management system through the personal BYOD credential management system API by accessing the identity platform system.

US Pat. No. 10,341,319

UTILIZING A CUSTOMIZED DIGITAL FONT TO IDENTIFY A COMPUTING DEVICE

ADOBE INC., San Jose, CA...

1. In a digital medium environment for managing digital assets, a method of utilizing electronic fonts to securely identify and authenticate computing devices seeking to access digital assets, comprising:generating, by at least one server device storing client information corresponding to a computing device, a customized digital font unique to the computing device for authenticating the computing device by changing a first character order of a base digital font to a second character order specific to the computing device;
sending the customized digital font from the at least one server device to the computing device;
upon receiving, by the at least one server device, a request for the client information from the computing device, authenticating the computing device based on the computing device utilizing the customized digital font by:
sending a second request to the computing device to render a textual element utilizing the customized digital font;
identifying the textual element by capturing an image of the textual element rendered by the computing device via a web browser; and
determining that the textual element rendered by the computing device via the web browser uses the customized digital font by applying an optical character recognition algorithm to the image of the textual element rendered by the computing device and comparing the textual element with a reference text generated utilizing the customized digital font; and
in response to authenticating the computing device based on the customized digital font, providing the client information corresponding to the computing device from the server device to the computing device.

US Pat. No. 10,341,318

SKILL-BASED SECURE DYNAMIC CONTACT CENTER AGENT ACCESS

Avaya Inc., Santa Clara,...

1. A method comprising:providing a virtualized network infrastructure, wherein the virtualized network infrastructure comprises a plurality of virtual service networks;
assigning a service instance identifier (ISID) to each of a plurality of skills, wherein each of the ISIDs corresponds to a respective one or more of the plurality of virtual service networks and effective to identify VLAN/VRF traffic across the virtualized network infrastructure;
obtaining, at a processor, configuration information of a call center, wherein the configuration information includes one or more service instance identifiers (ISIDs) each associated with a respective skill, wherein each ISID corresponds to a secure virtual service network associated with the respective skill;
detecting, at the processor, an authenticated agent logon of an agent from an agent device, wherein the authenticated agent logon is a logon to the call center;
retrieving, at the processor, agent skill information from skill group information, wherein the agent skill information corresponds to the agent;
determining, at the processor, based on the agent skill information, one or more secure virtual service networks to permit the agent device to access, wherein the one or more secure virtual service networks are associated with a respective customer identifier and one or more of the ISIDs, wherein the ISID associated with each of the one or more secure virtual service networks that the agent device is permitted to access corresponds to a skill that matches the agent skill information; and
connecting, at the processor, the agent device to access the one or more secure virtual service networks associated with the respective customer identifier using one or more of the ISIDs corresponding to one or more skills matching the agent skill information.

US Pat. No. 10,341,317

SYSTEMS AND METHODS FOR IMPLEMENTING A PERSONALIZED PROVIDER RECOMMENDATION ENGINE

1. A system for making personalized provider recommendations in related categories, the system comprising:a network attached hardware storage configured to store:
a plurality of entity categories, each entity category indicating at least one of a type of good and a type of service offered by a provider, and providers from different entity categories offer different types of goods or different types of services;
a plurality of provider specific profiles, each provider specific profile including an associated provider and at least one associated entity category from the plurality of entity categories;
a plurality of category relationships, each category relationship indicating that two or more entity categories from the plurality of entity categories are related; and
a plurality of user accounts, each user account including associated authentication data and associated user profile data;
a user interface configured to:
receive authentication information from a user;
transmit the authentication information to a computer server system;
receive context information indicating at least one of a current condition or an attribute of an environment of the user;
transmit the context information to the computer server system;
receive a plurality of providers from the computer server system; wherein the plurality of providers is personalized to the user; and
display the plurality of providers; and
the computer server system being communicatively coupled to the network attached storage and the user interface, the computer server system being configured to:
receive the authentication information from the user interface;
identify a first user account from the plurality of user accounts based on the authentication information;
compare the authentication information with a first authentication data that is associated with the first user account;
authenticate the user based on the comparison of the authentication information with the first authentication data;
receive the context information from the user interface, the context information comprises a determined geographic location, of the user, determined by a mobile device of the user;
identify a first entity category from the plurality of entity categories based on the context information;
identify a first category relationship from the plurality of category relationships based on the first entity category, the first category relationship indicating that the first entity category and a second entity category are related, wherein the second entity category is different from the first entity category;
select a first provider specific profile from the plurality of provider specific profiles based on first user profile data that is associated with the first user account, wherein the first provider specific profile is associated with the first entity category;
select a second provider specific profile from the plurality of provider specific profiles based on the first user profile data, wherein the second provider specific profile is associated with the second entity category;
transmit to the user interface, a first provider associated with the first provider specific profile and a second provider associated with the second provider specific profile, wherein the first provider and the second provider are different providers;
process a content provisioning management layer engine to provide an intermediary content interface for the first provider and the second provider to manage intermediary content transmitted by an intermediary system to the user interface on behalf of the first provider and the second provider where the content provisioning management layer engine analyzes the intermediary content transmitted and based on the analysis assigns the intermediary system to one or more of a specific category and a general category, to thereby provide a central management for intermediary content information transmitted between the first and second providers, the intermediary system and the user interface; and
in response to transmitting the first and second providers to the user interface, adjust the user interface to lower resolution of the user interface and computational resources required to display the transmitted providers on the mobile device of the user.

US Pat. No. 10,341,316

INJECTING CREDENTIALS INTO WEB BROWSER REQUESTS

AVAST SOFTWARE S.R.O., P...

1. A method comprising:determining that a form includes a password field for a server application, wherein the form is displayed within a tab or a window of a browser executing on a device;
requesting a password for the server application from a password manager, wherein the password manager is executed on the device and includes a request interceptor;
receiving data from the password manager responsive to the request, wherein the data is not the actual password for the server application, and wherein the password manager maintains an internal reference associating the data with the actual password for the server application;
creating a password proxy from the data;
filling in the password field with the password proxy;
issuing, by the browser, a login request containing the password proxy, wherein an intended address of the login request is a server hosting the server application;
intercepting, by the request interceptor on the device, the login request containing the password proxy that is intended for the server application;
determining, by the request interceptor on the device, the actual password for the server application by reversing the password proxy to obtain the data from which the password proxy was created and obtaining the actual password from the internal reference associating the data with the actual password;
replacing, by the request interceptor on the device, the password proxy with the actual password in the login request;
forwarding, by the request interceptor on the device, the login request including the actual password to the server application; and
deleting the data received from the password manager and the password proxy in response to determining that the tab or the window of the browser within which the form is displayed has closed.

US Pat. No. 10,341,315

MANAGEMENT OF ACCESS SESSIONS

AIRWATCH LLC, Atlanta, G...

1. A computer-implemented method for providing an access session for at least one application, the computer-implemented method comprising:generating a key for the access session based on a code obtained through a user interface, wherein the key decrypts data stored in a data store of a client device;
encrypting the key based on a boot time that represents a latest time the client device was booted, wherein the boot time and the key are applied as inputs to an encryption algorithm;
storing the key in secured storage of the client device, wherein the secured storage is accessible by the at least one application based on a developer certificate; and
accessing the data based on the key.

US Pat. No. 10,341,314

METHOD OF SECURITY AND VERIFIABILITY OF AN ELECTRONIC VOTE

ELECTION-EUROPE, Boulogn...

1. A method of securing and verifying an electronic vote, the method being implemented by at least one processing device, the method comprising the steps of:receiving a temporary voting ballot from a voting entity, the temporary voting ballot being encrypted by a public voting encryption key;
receiving one or more validation voting ballots from the voting entity for the temporary voting ballot, the one or more validation voting ballots each being encrypted by a public validation encryption key, of one or more public validation encryption keys, the one or more public validation encryption keys each being different from the public voting encryption key;
decrypting the one or more validation voting ballots using one or more respective private validation encryption keys corresponding to the one or more public validation encryption keys used to encrypt the one or more respective validation voting ballots; and
sending a validation request generated based on the one or more decrypted validation voting ballots to the voting entity,
wherein upon receiving, from the voting entity, a validation of the validation request, the encrypted temporary voting ballot is registered as a definitive voting ballot to be counted without having been decrypted and the one or more validation voting ballots are eliminated.

US Pat. No. 10,341,313

PERIPHERAL DEVICE, WIRELESS COMMUNICATION CHIP, COMPUTER-READABLE NON-TRANSITORY STORAGE MEDIUM HAVING APPLICATION PROGRAM STORED THEREIN, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD

Nintendo Co., Ltd., Kyot...

1. A peripheral device capable of performing data communication with an authentication service via a predetermined intermediary communication device, the peripheral device comprising a processor and a communications interface connected to the processor, the processor and communications interface configured to:transmit, to the authentication server, an encryption key for encrypted communication, identification information which is information capable of uniquely identifying the peripheral device, and signature information which is a digital signature of the identification information;
receive, from the authentication server, first data which is data based on a result of an authentication process executed in the authentication server on the basis of the identification information and the signature information transmitted by the first communication section, then, encrypt, with the encryption key, request information indicating a transmission request for second data, and transmit the encrypted request information to the authentication server;
receive the second data encrypted and transmitted from the authentication server in response to the request information transmitted by the second communication section, then, decrypt the encrypted second data by use of the encryption key, and transmit the decrypted second data to the authentication server; and
receive, from the authentication server, third data which is data based on a result indicating that authenticity of the second data transmitted by the third communication section has been confirmed in the authentication server, and then execute a communication process using fourth data encrypted with the encryption key, between the peripheral device and the predetermined communication device,
wherein the processor and communications interface are configured to use the same encryption key to (a) encrypt the request information indicating a transmission request for second data, (b) decrypt the encrypted second data and (c) use the encrypted fourth data.

US Pat. No. 10,341,312

CONTENT MANAGEMENT

Nokia Technologies Oy, E...

1. An apparatus comprising:at least one secure integrated component configured to store at least two credentials, each of the at least two credentials comprising a cryptographic key which enables decryption of content, and
at least one processing core configured to cause a first one of the at least two credentials to be employed to decrypt a first encrypted media stream to produce a first decrypted media stream, to cause a second one of the at least two credentials to be employed to decrypt a second encrypted media stream to produce a second decrypted media stream, and to cause the first decrypted media stream be provided to a first rendering device over a first secured tunnel connection, wherein an endpoint of the first secured tunnel connection resides in the apparatus, and to cause the second decrypted media stream to be provided to a rendering device over a second secured tunnel connection.

US Pat. No. 10,341,311

COMMUNICATION DEVICE FOR IMPLEMENTING SELECTIVE ENCRYPTION IN A SOFTWARE DEFINED NETWORK

Schweitzer Engineering La...

1. A communication device configured to selectively encrypt data in a software defined network (SDN), the communication device comprising:a data bus;
a communication interface in communication with the data bus, the communication interface configured to receive a plurality of unencrypted data packets originating from a data producing device in an electric power system;
an SDN controller communication subsystem in communication with the data bus and configured to:
receive from an SDN controller a first criterion used to identify a subset of the plurality of unencrypted data packets to be encrypted;
an encryption subsystem configured to generate an encrypted data payload from an unencrypted data payload based on an encryption key;
a packet processing subsystem configured to:
identify unencrypted data packets to be encrypted based on the first criterion and comprising unencrypted routing information and an unencrypted payload;
selectively parse each identified data packet to extract the unencrypted routing information and the unencrypted data payload;
pass the unencrypted data payload to the encryption subsystem;
generate an encrypted data payload using the encryption key;
receive the encrypted data payload from the encryption subsystem;
generate a substitute packet comprising the unencrypted routing information and the encrypted data payload; and
transmit the substitute packet to a data consuming device in the electric power system using the unencrypted routing information via the communication interface;
wherein the first criterion comprises a determination that a first physical location at which the data consuming device identified by the routing information is separated from a second physical location at which the communication device is located;
wherein the encryption subsystem is further configured to generate a hash message authentication code (HMAC) and to append the HMAC code to the substitute packet; and
wherein the communication device is configured for use in a network that provides end-to-end encryption between the data producing device and the data consuming device that each lack encryption capabilities.

US Pat. No. 10,341,309

CRYPTOGRAPHICALLY PROTECTING DATA TRANSFERRED BETWEEN SPATIALLY DISTRIBUTED COMPUTING DEVICES USING AN INTERMEDIARY DATABASE

Allstate Insurance Compan...

1. A method comprising:receiving, at a first computing device and from a plurality of sensors, sensor data;
processing, by the first computing device, the sensor data to generate processed data;
encrypting, by the first computing device and using a first encryption key associated with the first computing device, the processed data to generate first encrypted data;
transmitting, by the first computing device and to an intermediary database, the first encrypted data encrypted using the first encryption key;
after receiving a selection, by a second computing device, of the first encrypted data, receiving, by the first computing device and from the second computing device, a second encryption key associated with the second computing device, wherein the receiving the selection of the first encrypted data comprises:
transmitting, by the first computing device and to the second computing device, a third encryption key, wherein the third encryption key comprises a public key associated with the first computing device, and
receiving, by the first computing device, an encrypted incentive encrypted using the third encryption key, wherein the incentive comprises data exchanging for the sensor data;
responsive to the selection of the first encrypted data, receiving, at the first computing device and from the intermediary database, the first encrypted data;
decrypting, by the first computing device and using the first encryption key, the first encrypted data received from the intermediary database to generate decrypted data;
decrypting, by the first computing device and using a private key corresponding to the public key associated with the first computing device, the encrypted incentive;
encrypting, by the first computing device and using the second encryption key, the decrypted data to generate second encrypted data, wherein the incentive is associated with the second encrypted data encrypted using the second encryption key; and
transmitting, by the first computing device, via the intermediary database, and to the second computing device, the second encrypted data for the second computing device to decrypt and use.

US Pat. No. 10,341,308

METHOD FOR TRANSMITTING INFORMATION FROM A FIRST INFORMATION PROVIDER TO A SECOND INFORMATION PROVIDER VIA AN INFORMATION INTERMEDIARY

Proximic, LLC., Reston, ...

1. A method for transmitting information from a first information provider to a second information provider via an information intermediary, the method comprising:receiving, at a first point in time and at the information intermediary, first information from the first information provider;
generating a plurality of different types of data regarding the first information, wherein the plurality of different types of data regarding the first information are two or more of an extract of the first information, a summary of the first information, one or more keywords, one or more categories, other meta data about or from the first information, and a compression of the first information;
associating and storing the plurality of different types of data regarding the first information with a unique identifier of the first information;
receiving, at a second point in time that is after the first point in time and at the information intermediary, a token comprising the unique identifier of the first information and an identifier of the type of data regarding the first information;
retrieving, based on the unique identifier of the first information and the identifier of the type of data regarding the first information, the data regarding the first information of the type indicated in the token; and
transmitting, from the information intermediary, at least part of the data regarding the first information of the type indicated in the token to the second information provider.

US Pat. No. 10,341,307

METHOD AND SYSTEM FOR SECURE DOCUMENT EXCHANGE

International Business Ma...

1. A method of protecting a document at a first computing machine, comprising:instrumenting an application of the first computing machine by hooking a document protection mechanism directly to the application independent of an operating system layer, the document protection mechanism having a document protection mechanism interface, wherein the application has at least one native function to which the document protection mechanism interface is coupled to instrument the application, thereby transforming the application to provide a secure document exchange function between the first computing machine and a second computing machine located remote from the first computing machine; and
upon a given occurrence that executes the native function and, using the document protection mechanism interface, invoking an encryption utility to encrypt the document prior to its transfer to and receipt at the second computing machine, the encryption utility located in a processing environment distinct from the first computing machine and configured to encrypt the document according to a policy;
wherein the application is a document management application.

US Pat. No. 10,341,304

DEVICE INDEPENDENT ENCRYPTED CONTENT ACCESS SYSTEM

Snap Inc., Santa Monica,...

1. A method, comprising:receiving a first authentication credential at a user device, the first authentication credential being associated with a user;
based on the first authentication credential, accessing, by one or more processors of the user device, a second authentication credential stored on a key server;
generating, by the one or more processors, an authentication token and an encryption token;
based on the authentication token, accessing, by the one or more processors, a plurality of encrypted content elements, an encrypted master key, and a plurality of encrypted content keys, each content element of the plurality of content elements associated with a separate encrypted content key of the plurality of encrypted content keys;
in response to accessing the encrypted master key, decrypting the master key to generate a master key using the encryption token;
in response to generating the master key, decrypting the plurality of encrypted content keys to generate a plurality of content keys using the master key;
decrypting one or more encrypted content elements of the plurality of encrypted content elements using one or more content keys of the plurality of content keys associated with the one or more encrypted content elements to generate a plurality of content elements;
causing presentation of at least a portion of the plurality of content elements on a display device of the user device.

US Pat. No. 10,341,303

AUTOMATING THE CREATION AND MAINTENANCE OF POLICY COMPLIANT ENVIRONMENTS

STEELCLOUD, LLC, Ashburn...

1. A method for creating a policy compliant computing environment for a target computing device, comprising:receiving, from an electronic device, a customized file incorporating a published policy standard modified for a set of operational requirements defined for the target computing device;
loading the customized file into a memory of the target computing device;
validating the customized file subsequent to loading the customized file into the memory of the target computing device;
parsing the customized file to determine one or more requirements for the target computing device dictated by the published policy standard and the one or more modifications for the set of operational requirements, wherein the one or more requirements include an operating system security policy and a local security policy;
comparing current settings of the target computing device to the one or more requirements defined in the customized file, where a difference between the current settings and the one or more requirements indicates the target computing device is out of compliance;
updating the current settings of the target computing device to satisfy the one or more requirements dictated by the published policy standard and the one or more modifications for the set of operational requirements defined in the customized file, thereby ensuring the target computing device maintains compliance; and
creating a log that records details of the updating the current settings of the target computing device.

US Pat. No. 10,341,302

OPTIMIZED TRANSPORT LAYER SECURITY

Massachusetts Institute o...

3. A method for establishing a secure communication session over a communication path between a client device and a server device according to a communication protocol, the method comprising:storing session initiation information associated with the server device at a second communication interface located on the communication path between the client device and the server device;
sending, in a session initiation phase, a first message from the server device for establishing the secure communication session between the client device and the server device, the first message including session initiation information;
receiving and processing, in the session initiation phase, the first message at a first communication interface implemented on an intermediate device located on the communication path, the processing including forming a second message for establishing the secure communication session including replacing the session initiation information with a reference to the session initiation information;
sending, in the session initiation phase, the second message from the first communication interface over the communication path;
receiving and processing, in the session initiation phase, the second message at a second communication interface on the communication path between the client device and the server device, the processing including forming a third message for establishing the secure communication session including replacing the reference to the session initiation information with the session initiation information stored at the second communication interface such that the third message conforms to the communication protocol;
sending, in the session initiation phase, the third message from the second communication interface to the client device over the communication path;
establishing, in the session initiation phase, the secure communication session using the third message received at the client device; and
passing, in a data communication phase following the session initiation phase, data messages between the client device and the server device in the secure communication session, wherein the intermediate device and the second communication interface do not have access to the content of the data messages,
wherein a first portion of the communication path between the intermediate device and the client device is associated with a high latency and/or a low bandwidth relative to a second portion of the communication path between the intermediate device and the server device.

US Pat. No. 10,341,301

METHOD FOR TRANSMITTING ENCRYPTED DATA, METHOD FOR RECEIVING, CORRESPONDING DEVICES AND COMPUTER PROGRAMS

Ingenico Group, Paris (F...

1. A method of transmitting data from a first terminal, called a sender terminal, to a second terminal, called a receiver terminal, wherein the method comprises:obtaining a piece of current time data;
determining a piece of transmission time data as a function of the piece of current time data and at least one predetermined parameter comprising a duration to be added to the piece of current time data to obtain the piece of transmission time data;
obtaining a piece of data to be encrypted from a concatenation of at least one piece of data to be transmitted and at least one piece of transmission time data;
encrypting, by means of an encryption key, said preliminarily obtained piece of data to be encrypted to generate a piece of encrypted data;
transmitting said piece of encrypted data at a point in time defined by said piece of transmission time data.

US Pat. No. 10,341,300

SYSTEM, METHOD, APPARATUS AND MACHINE-READABLE MEDIA FOR ENTERPRISE WIRELESS CALLING

Cisco Technology, Inc., ...

1. A method, comprising:receiving one or more packets via a secure tunnel from a user device, wherein the user device is connected to a source network via a Wi-Fi access point;
identifying control plane data associated with an ongoing Wi-Fi calling session;
determining that a first packet of the one or more packets is associated with the Wi-Fi calling session by comparing information in the first packet with the control plane data, and in response to determining that the first packet is associated with the Wi-Fi calling session, analyzing the first packet to identify an anomaly in the first packet;
determining that the established Wi-Fi calling session is a threat based, at least in part, on the identified anomaly of the first packet;
taking a mitigating action in response to determining that the Wi-Fi calling session is a threat;
receiving a second one or more packets via a second secure tunnel from a second user device, wherein the second user device is connected to the source network via a second Wi-Fi access point;
identifying second control plane data associated with a second ongoing Wi-Fi calling session;
determining that a second packet of the second one or more packets is associated with the second Wi-Fi calling session by comparing information in the second packet with the second control plane data, and in response analyzing the second packet to identify a potential anomaly in the second packet;
determining that the second Wi-Fi calling session is not a threat based, at least in part, on the analyzing of the second packet;
establishing a signaling link to the source network in response to determining that the second Wi-Fi calling session is not a threat; and
sending a message to the source network over the signaling link to instruct the source network to prioritize network traffic associated with the second Wi-Fi calling session.

US Pat. No. 10,341,298

SECURITY RULES FOR APPLICATION FIREWALLS

Amazon Technologies, Inc....

1. A system for applying an encrypted customer security rule set to an application firewall, comprising:at least one processor;
a memory device including instructions that, when executed by the at least one processor, cause the system to:
receive an automated notification from a shared data store that an encrypted customer security rule set is available for use by the application firewall operating on a server at an entry point to a computing service environment, wherein the application firewall is a managed service provided by a computing service provider for use with an application hosted in the computing service environment and the application firewall utilizes customer security rules to monitor, filter, and manipulate network traffic associated with the application;
obtain the encrypted customer security rule set from the shared data store accessible to a computing service customer and the computing service environment, wherein the encrypted customer security rule set is owned by the computing service customer and the encrypted customer security rule set is encrypted using a customer encryption key owned by the computing service customer;
obtain the customer encryption key from a key management system using a cross-account security role that provides access to the customer encryption key, wherein the computing service customer creates the cross-account security role granting access to the customer encryption key;
decrypt the encrypted customer security rule set in volatile computer memory of the application firewall forming a corresponding unencrypted customer security rule set in the volatile computer memory; and
register the unencrypted customer security rule set located in the volatile computer memory with the application firewall, wherein the application firewall is configured to apply the unencrypted customer security rule set to network traffic received at the application firewall.

US Pat. No. 10,341,297

DATAPATH PROCESSING OF SERVICE RULES WITH QUALIFIERS DEFINED IN TERMS OF TEMPLATE IDENTIFIERS AND/OR TEMPLATE MATCHING CRITERIA

NICIRA, INC., Palo Alto,...

1. A method of performing a service on a data message having a set of attributes, the method comprising:selecting a service rule comprising (i) a rule identifier for matching against the set of attributes of the data message, the rule identifier defined by reference to a first template identifier that identifies a template for instantiating a multi-tier application deployment in a network, and (ii) a service parameter for performing a service on data messages, wherein an instantiation of the template comprises instantiating multiple data compute nodes (DCNs) with different DCNs implementing different applications in the multi-tier application deployment;
determining that the selected service rule is applicable to the data message, said determining comprising determining that (i) at least a second template identifier associated with the data message is associated with a particular DCN, (ii) the first template identifier and second template identifiers match, and (iii) the particular DCN was deployed by using the template; and
in response to the determination, performing the service on the data message based on the service parameter.

US Pat. No. 10,341,296

FIREWALL CONFIGURED WITH DYNAMIC COLLABORATION FROM NETWORK SERVICES IN A VIRTUAL NETWORK ENVIRONMENT

VMWARE, INC., Palo Alto,...

1. A method for automatic firewall configuration in a virtual computing network environment, the method comprising:mapping virtual machine (VM) inventory objects to Internet protocol (IP) addresses of VMs running on a plurality of host computing systems on one or more computing networks, wherein the VM inventory objects are VMs and associated virtual network interface cards (vNICs);
configuring firewall rules using VM inventory objects based on the mapping, wherein the VM inventory objects are specified in a source and/or destination of the configured firewall rules;
transforming the firewall rules by replacing the VM inventory objects that are specified in the source and/or destination of the configured firewall rules with network interface card (NIC) assigned IP addresses using an IP address management table (IPAM) table and network address translation (NAT) IP addresses using a NAT table;
sending the transformed firewall rules to a firewall engine for filtering communication from and to VMs running on a first host computing system on the one or more computing networks and communication from and to VMs running on a second host computing system on the one or more computing networks at a firewall according to the transformed firewall rules;
determining whether there are any updates made to the configured firewall rules, the IPAM table, the NAT table and/or the VM inventory objects; and
automatically updating the transformed firewall rules sent to the firewall engine by repeating the steps of configuring, transforming and/or sending when there are updates made to the configured firewall rules, the IPAM table, the NAT table and/or the VM inventory objects.

US Pat. No. 10,341,295

SECURITY AND ACCESS CONTROL

Trend Micro Incorporated,...

1. A non-transitory computer readable medium having stored thereon machine readable instructions to provide security and access control, the machine readable instructions, when executed by at least one processor of a computer, cause the computer to: receive traffic that is related to a first application tier of an application, the application comprising a plurality of application tiers that includes the first application tier and a second application tier, the traffic to be routed to the second application tier;analyze attributes of the traffic;
determine the application based on the attribute analysis;
determine a policy related to the application from a plurality of policies respectively directed to each application tier of the plurality of application tiers of the application;
determine a type of the traffic based on the attribute analysis, the type of the traffic indicating whether the traffic is writing data to or reading data from the second application tier;
compare the type of the traffic to the policy to determine whether the traffic is valid traffic or invalid traffic;
based on a determination that the traffic is valid traffic, forward the valid traffic to an intended destination of the valid traffic;
based on a determination that the traffic is invalid traffic, one of forward the invalid traffic to a predetermined destination and block the invalid traffic; and
implement the plurality of application tiers using components implemented in a virtual environment.

US Pat. No. 10,341,294

UNAUTHORIZED COMMUNICATION DETECTION SYSTEM AND UNAUTHORIZED COMMUNICATION DETECTION METHOD

HITACHI, LTD., Tokyo (JP...

1. An unauthorized communication detection system that improves security and performance of a communication network, the system comprising:a communication interface that is communicatively coupled to a plurality of sensors via the communication network;
a memory that stores a determination list for determining whether there is unauthorized communication, wherein the determination list includes a packet pattern and determination pattern that specifies a variation amount and a frequency for each of the plurality of sensors; and
a processor that is communicatively coupled to the communication interface and the memory, wherein the processor:
receives, using the communication interface, a communication packet that from a particular sensor from the plurality of sensors,
extracts a measurement from the communication packet based on the packet pattern of the particular sensor,
retrieves, from the memory, a particular determination pattern for the particular sensor,
determines whether the frequency of the measurement is higher than the frequency of the particular determination pattern, and
on a condition that the frequency of the measurement is higher than the frequency of the particular determination pattern, deletes the communication packet from the communication network.

US Pat. No. 10,341,293

TRANSPARENT FIREWALL FOR PROTECTING FIELD DEVICES

HONEYWELL INTERNATIONAL I...

1. A method of cyber protecting a field device in a process control system including a process controller for controlling said field device which utilizes a communications network using a process communication protocol, comprising:positioning a field device firewall in said communications network between a field network communication interface and said process controller, wherein said field device firewall has a stored list of known device types, types of requests and types of commands, does not support any native communications with said field device, and lacks an IP address on said communications network, said field device firewall including a processor that runs a cyber-protection algorithm implementing:
comparing information including a device type and a type of request or a type of command in a received packet to said known device types, said types of requests or said types of commands in said stored list;
allowing transmission of said received packet to said field device if said comparing determines said information is all on said stored list, and
blocking transmission of said received packet to said field device if said comparing determines said information is not all on said stored list.

US Pat. No. 10,341,292

INCREASED PORT ADDRESS SPACE

Avi Networks, Santa Clar...

1. A method for managing network ports, comprising:receiving network session identification information associated with a destination IP address and a destination network port; and
using a processor to determine for a new session to be established for a source IP address, an available source network port based on the destination IP address and the destination network port, wherein the available source network port is identified as available to be assigned to the new session for the source IP address including by determining that for at least a combination of the destination IP address and the destination network port, the available source network port has not been already assigned for the source IP address;
wherein a same port number of the determined to be available source network port for the new session to be established for the source IP address is concurrently assigned to a different network session for the same source IP address but for a different destination IP address or a different destination network port.

US Pat. No. 10,341,291

METHOD, EQUIPMENT, SYSTEM AND COMPUTER STORAGE MEDIUM FOR IMPLEMENTING NUMBER PORTABILITY ANNOUNCEMENT

ZTE CORPORATION, Guangdo...

1. Method for implementing Number Portability Announcement NPA, comprising:receiving a calling request;
triggering Telephone Number Mapping ENUM to execute an ENUM query and acquiring a query result;
judging whether a callee number generates Number Portability NP according to the query result and acquiring a judgment result; and
sending an announcement instruction to an Media Resource Function Processor MRFP when the judgment result is that the callee number generates the NP, so as to enable the MRFP to announce an NP prompt tone to a caller according to the announcement instruction.

US Pat. No. 10,341,290

METHOD AND SYSTEM FOR PRESENTING RECOMMENDATION INFORMATION

Tencent Technology (Shenz...

1. A method for presenting recommendation information, comprising:receiving, by an information issue server, a data obtaining request from a client terminal, recording an address of the client terminal at this time as a first address, and presenting recommendation information corresponding to a region where the first address belongs for the client terminal;
receiving, by a data collection server, a response message sent from the client terminal after the client terminal has played the recommendation information, recording an address of the client terminal at this time as a second address, and storing a corresponding relationship between the first address and the second address into an address data file, wherein after the client terminal has played the recommendation information, the client terminal sends a feedback message containing a recommendation information identifier to a third-party monitoring system, and the third-party monitoring system calculates a number of times of presenting the recommendation information corresponding to the recommendation information identifier according to the feedback message;
reading, by an address analysis server, a specified address from a region address database which is corresponding to a specified region, and obtaining corresponding relationships each with the first address being the specified address from the address data file; wherein each region corresponds to its own region address database which contains all addresses assigned to the corresponding region; and
when determining, by the address analysis server, via the obtained corresponding relationships that the specified address has been converted by intelligent routing, not presenting, by the information issue server, recommendation information corresponding to the specified region to the specified address when requesting data.

US Pat. No. 10,341,289

SYSTEMS AND METHODS OF CALCULATING COMMUNICATIONS STRENGTHS

FACEBOOK, INC., Menlo Pa...

1. A method comprising:providing, within a graphical user interface on a client device associated with a user, a list of co-users associated with the user within a communications system;
determining a number of a first type of electronic messages exchanged between a user and a first co-user of the communications system;
determining a number of a second type of electronic messages exchanged between the user and the first co-user;
determining a frequency of electronic messages exchanged between the user and the first co-user;
calculating, using at least one processor, a communications strength between the user and the first co-user using:
the number of the first type of electronic messages exchanged between the user and the first co-user,
the number of the second type of electronic messages exchanged between the user and the first co-user, and
the frequency of electronic messages exchanged between the user and the first co-user;
determining the communications strength between the user and the first co-user is greater than a communications strength between the user and a second co-user included on the list of co-users within the graphical user interface;
based on the communications strength between the user and the first co-user being greater than the communications strength between the user and the second co-user, updating the list of co-users within the graphical user interface by automatically adding a first identifier corresponding to the first co-user to the list of co-users and automatically removing a second identifier corresponding to the second co-user from the list of co-users; and
in response to detecting a selection of the first identifier of the first co-user from the list of co-users within the graphical user interface, automatically generating an electronic message to send to the first co-user.

US Pat. No. 10,341,288

METHODS CIRCUITS DEVICES SYSTEMS AND ASSOCIATED COMPUTER EXECUTABLE CODE FOR PROVIDING CONDITIONAL DOMAIN NAME RESOLUTION

SAGUNA NETWORKS LTD., Yo...

1. A conditional domain name system (CDNS) associated with an access point of a data communication network, said system comprising:a DNS query detector to detect a DNS query generated by a data client device communicatively coupled to the access point, wherein the DNS query is addressed to an external DNS and requests a network address of a given networked data resource and continues towards the external DNS;
control logic circuitry to search a functionally associated data repository or cache for a conditional DNS record relating to the given networked data resource, wherein the conditional DNS record includes or links with: (a) an identifier or designator of the given networked data resource, (b) a given network address for the given networked data resource, and (c) a definition of a condition under which said CDNS will provide the given network address as a response to the DNS query for the given networked data resource.

US Pat. No. 10,341,287

DIRECT TRANSMISSION OF DATA BETWEEN APPLICATIONS IN A MULTI-TENANT ENVIRONMENT

International Business Ma...

1. A method for direct transmission of data between applications in a multi-tenant environment, the method comprising:responsive to determining a first tenant and a second tenant exist within a same runtime and a transmission method having a high overhead, establishing a mechanism for transmitting data between the first tenant and the second tenant, wherein the mechanism for transmitting data between the first tenant and the second tenant has a low overhead for transmitting data; and
responsive to a connection being made between the first tenant and the second tenant and a opening of the server socket of the first tenant, establishing the mechanism for transmitting data between the first tenant and the second tenant.

US Pat. No. 10,341,286

METHODS AND SYSTEMS FOR UPDATING DOMAIN NAME SERVICE (DNS) RESOURCE RECORDS

PISMO LABS TECHNOLOGY LIM...

1. A method for updating domain name service (DNS) resource records at a first system, comprising:(a) receiving an update message from a network node periodically and upon occurrence of a first predefined event;
(b) updating a corresponding DNS resource record substantially based on the update message;
wherein the update message comprises an Internet Protocol (IP) address field, a unique identifier field and a network interface identifier field;
wherein the network node comprises a plurality of network interfaces; and
wherein the first predefined event is selected from a group consisting of change of IP address of at least one of the plurality of network interfaces, assignment of IP address of at least one of the plurality of network interfaces, change of DNS resource recorded in at least one of the plurality of network interfaces, change of performance observed in at least one of the plurality of network interfaces connected to the Internet, detection of new Dynamic Host Configuration Protocol (DHCP) server, expiration of DHCP IP address lease, status check, and health check.

US Pat. No. 10,341,285

SYSTEMS, METHODS AND DEVICES FOR INTEGRATING END-HOST AND NETWORK RESOURCES IN DISTRIBUTED MEMORY

OPEN INVENTION NETWORK LL...

23. A method for storing data across distributed digital data storage devices over a digital network, the method comprising:generating for a portion of data a data address from a range of addresses associated with the distributed digital memory resources, the data address comprising therein embedded information that identifies one or more characteristics of said portion;
sending data requests relating to the portion of data over the digital network to a digital network switching interface using said data address, said digital network switching interface comprising a physical mapping database and plurality of network interface ports, said physical mapping database comprising access to a forwarding table stored on accessible physical memory, wherein the digital network switching interface employs congestion monitoring methodology, by having the switching interface monitor latency statistics of the network interface ports, and invalidates forwarding table entries that point to congested ports and adds new forwarding table entries further associating of the data address with the digital data storage device;
receiving the data request at the digital network switching interface and checking to see if the data address has been associated in the forwarding table with information relating to a storage location in the distributed digital data storage devices communicatively coupled to the digital network switching interface;
forwarding the data request to the storage location associated with the data address in the forwarding table, if the data address is associated with information relating to a storage location in the forwarding table, else forwarding the data request to the distributed digital data storage devices in accordance with a data routing methodology; and
remapping the association between a given data address and the corresponding information relating to a given storage location in the forwarding table based on said one or more characteristics.

US Pat. No. 10,341,284

METHODS AND SYSTEMS FOR RECIPIENT MANAGEMENT WITH ELECTRONIC MESSAGES

Pecan Technologies Inc, ...

1. A method of recipient management with electronic messages having time defined actions comprising:using a processor of a message server for:
receiving data inputted by a user, and an electronic address of the recipient at a user client terminal;
creating an electronic message and defining for the electronic message at least one non-message action for the recipient associated with the electronic address inputted by the user, to perform at a location within a defined time frame, said at least one non-message action and said time frame are defined in a metadata included in said electronic message;
sending the electronic message to the electronic address of the recipient for access by a recipient client terminal of the recipient;
triggering an external data source to monitor performance of the at least one non-message action by the recipient associated with the electronic address inputted by the user during the defined time frame according to said metadata, said monitoring detects the recipient being at the location at the defined time frame and performing the at least one non-message action at the location and at the defined time frame; wherein the external data source is in electrical communication with said message server and is independent of actions performed on the electronic message by the recipient client terminal;
receiving via a network an indication of the performance of the at least one non-message action based on the monitoring from the external data source; and
sending instructions to present on the user client terminal a notification in response to the indication.

US Pat. No. 10,341,283

SYSTEMS AND METHODS FOR PROVIDING DATA ANALYTICS FOR VIDEOS BASED ON A TIERED ARCHITECTURE

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:acquiring, by a computing system, a video resource at a first level of a tiered architecture;
generating, by the computing system, based on the video resource, a first video representation at a second level of the tiered architecture, the first video representation being associated with a first publisher;
detecting, by the computing system, that at least a first post posted to a social networking system by a first user and a second post posted to the social networking system by a second user are utilizing the first video representation, the first post and the second post being representable at a third level of the tiered architecture; and
aggregating, by the computing system, data analytics for the first video representation based on the detecting that the first post posted by the first user and the second post posted by the second user are utilizing the first video representation, wherein
the data analytics are associated with social engagement information,
the social engagement information includes at least a first quantity of social engagement with the first post and a second quantity of social engagement with the second post, and
the aggregating the data analytics for the first video representation includes aggregating the first quantity of social engagement and the second quantity of social engagement.

US Pat. No. 10,341,282

IDENTIFYING DIGITAL MAGAZINE SERVER USERS BASED ON ACTIONS BY THE USERS WITH CONTENT ITEMS PRESENTED BY THE DIGITAL MAGAZINE SERVER

Flipboard, Inc., Palo Al...

1. A computer-implemented method comprising:presenting a content item to a plurality of users of a digital magazine server;
receiving information identifying actions performed by a set of users involving the content item, each of the set of users presented with the content item;
storing information identifying each user in the set of users in association with the content item;
receiving a request from a user to provide a comment in association with the content item including data that identifies an additional user, the request including data comprising the comment;
retrieving the information identifying each user in the set of users presented with the content item;
identifying candidate users of the set of users presented with the content item based on the information identifying each user in the set of users presented with the content item and information included in the comment, each candidate user associated with information identifying the candidate user that at least partially matches the data included in the comment identifying the additional user;
determining an order of information identifying each candidate user based on a frequency with which each candidate user performed actions involving the content item presented to each of the candidate users by the digital magazine server; and
presenting information identifying the one or more candidate users to the user in the determined order.

US Pat. No. 10,341,281

ACCESS CONTROL POLICIES ASSOCIATED WITH FREEFORM METADATA

AMAZON TECHNOLOGIES, INC....

1. A computer implemented method for using tags to control access to resources, comprising:associating both a first access control policy and a second access control policy with a single metadata tag, the metadata tag including a freeform character string specifying a key and a key value,
wherein the first access control policy identifies principals that are allowed to assign the metadata tag to the at least one computing resource and
wherein the second access control policy identifies operations that are allowed or not allowed to be performed on resources associated with the key and the key value of the metadata tag;
receiving, from a user using an application programming interface (API), a request to assign the metadata tag to the at least one computing resource;
evaluating the first access control policy based at least in part on a combination of the key and the key value of the metadata tag;
assigning the metadata tag to the at least one computing resource in response to determining that the first access control policy allows the user to assign the metadata tag;
receiving a request to perform an operation on the at least one computing resource;
evaluating, based at least in part on both of the key and the key value of the metadata tag, the second access control policy associated with the metadata tag via an identity management service that retrieves the second access control policy in addition to one or more other access control policies that are related to the request to perform the operation on the computing resource; and
authorizing the request to perform the operation on the at least one computing resource based at least in part on the evaluation of the second access control policy.

US Pat. No. 10,341,280

METHOD, SYSTEM, AND RECORDING MEDIUM FOR PROVIDING MESSAGE BASED ON GROUP UNIT

NAVER Corporation, Seong...

1. A method implemented in a computer for providing text messages in a text message box of a user terminal for receiving the text messages sent through a communication network, the method comprising:classifying, by a processor, a plurality of text messages received at the user terminal into a predefined group based on message content parsed from the received text messages without the received text messages being indicated to be classified into the predefined group by senders of the plurality of text messages, the plurality of text messages including at least two text messages sent to the user terminal from at least two separate senders;
creating, by the processor, a representative item of the predefined group using a select text message included in the predefined group; and
providing, by a processor, message items through a message list displayed in the text message box that includes the representative item as an item associated with the predefined group and a plurality of individual text messages received at the user terminal and not included in the predefined group,
wherein the plurality of text messages classified into the predefined group are provided in the message list as a bundle item, the bundle item being ranked in the message list, and
wherein the representative item of the group is displayed in the bundle item.

US Pat. No. 10,341,278

ADAPTIVE PRESENTATION OF COMMENTS BASED ON SENTIMENT

Flipboard, Inc., Palo Al...

1. A method for ranking comments associated with a content item in a digital magazine, the method comprising:determining, by a processor, a topic of the content item selected by a user of the digital magazine maintained by a digital magazine server;
obtaining emotion scores of comments associated with the content item by the processor, an emotion score of a comment representative of sentiments of a plurality of users toward the comment and determined from emoticons attached to response comments to the comment;
obtaining, by the processor, prior response comments received from the user for comments for content items having the topic;
determining, by the processor, a user propensity of responding to previous comments for content items having the topic by applying a model to the prior response comments received from the user for comments for content items having the topic and emotion scores for previous comments for content items having the topic for which the user provided one or more response comments;
determining, by the processor, response likelihood scores of the comments associated with the content item, a response likelihood score of the comment representing a likelihood of the user responding to the comment and determined based on an emotion score for the comment and the user propensity of responding to previous comments for content items having the topic;
determining a ranking of the comments associated with the content item based on the determined response likelihood scores by the processor; and
displaying the comments associated with the content item in locations of a display area of a client device of the user based on the ranking.

US Pat. No. 10,341,277

PROVIDING VIDEO TO SUBSCRIBERS OF A MESSAGING SYSTEM

1. A method, comprising:obtaining a first live video stream generated by a video source; and
publishing, by one or more computer processors, one or more messages comprising one or more frames of the first live video stream to a first channel of a plurality of channels of a publish-subscribe system, wherein the video source is associated with the first channel.

US Pat. No. 10,341,276

SYSTEMS AND METHODS FOR PROVIDING COMMUNICATIONS WITH OBSCURED MEDIA CONTENT BACKGROUNDS

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:receiving, by a computing system, a communication thread comprising a plurality of responses wherein at least one of the plurality of responses comprises a media content item;
obscuring, by the computing system, the media content item to produce an obscured media content item;
presenting, by the computing system, the communication thread wherein the plurality of responses and the obscured media content item are overlaid in an order based on time data associated with each response and the obscured media content item;
removing, by the computing system, while a first touch gesture is detected, each response and the obscured media content item from presentation of the communication thread in reverse of the order based on time data, wherein removing the obscured media content item comprises:
presenting the media content item while the first touch gesture is detected, wherein the presenting the media content item comprises presenting an unobscure animation to show the media content item; and
ending, by the computing system, the communication thread when a second touch gesture is detected.