Abstract: Some embodiments provide a capacity exchange whereby capacity from different content delivery networks (CDNs) can be bought, sold, and traded. The capacity exchange is part of an “Open CDN” platform. The Open CDN platform federates the independent operation of CDNs and other operators of and service providers to distributed platforms participating in the Open CDN platform so that each participant can (1) dynamically scale its capacity without incurring additional infrastructure costs, (2) expand its service into previously untapped geographic regions without physically establishing points of presence (POPs) at those geographic regions, and (3) reduce sunk costs associated with unused capacity of already deployed infrastructure by selling that unused capacity to other participants that are in need of additional capacity.

Abstract: Disclosed are systems and methods for performing entry access over two or more networks. The two or more networks are leveraged to accelerate the entry access and provide redundancy. Performance over each of the two or more networks is tracked in order to allow a mobile device to exchange entry access messaging over the particular network providing fastest start-to-unlock time. The mobile device can alternatively exchange the entry access messaging simultaneously over the two or more networks to create a race condition whereby the fastest start-to-unlock time is obtained without monitoring network performance. Performing the entry access messaging exchange over the two or more networks also ensures reliability in the event a particular network is down or congested, an authorization device on a particular network is down or overloaded, a radio of a mobile device communicating over a particular network is disabled or slow performing.

Abstract: Some embodiments provide instantaneous and non-blocking content purging across storage servers of a distributed platform. When a server receives a purge operation, it extracts an identifier from the purge operation. The server then generates a content purge pattern from the identifier and injects the pattern to its configuration. Instantaneous purging is then realized as the server averts access to any cached content identified by the pattern. The purging also occurs in a non-blocking fashion as the physical purge of the content occurs in-line with the server's cache miss operation. The content purge pattern causes the server to respond to a subsequently received content request with a cache miss, whereby the server retrieves the requested content from an origin source, serves the retrieved content to the requesting user, and replaces a previously cached copy of the content that is to be purged with the newly retrieved copy.

Abstract: The solution is directed to access control systems and verifying proximity of a user to an access point that the user is wirelessly requesting access to. The proximity verification is based on placing proximity hubs adjacent to the different access points. Each proximity hub advertises a different unique identifier that changes periodically over a short-range wireless network and can be detected with a mobile device if the mobile device is physically within a short distance from the proximity hub. The unique identifier changes based on a rolling code. A user is permitted access to a restricted access point in response to the mobile device sending over a different long-range wireless network, the unique identifier advertised from a proximity hub adjacent to a desired access point and user access credentials authenticating access privileges of the user to the desired access point.

Abstract: Disclosed are systems and methods for performing entry access over two or more networks. The two or more networks are leveraged to accelerate the entry access and provide redundancy. Performance over each of the two or more networks is tracked in order to allow a mobile device to exchange entry access messaging over the particular network providing fastest start-to-unlock time. The mobile device can alternatively exchange the entry access messaging simultaneously over the two or more networks to create a race condition whereby the fastest start-to-unlock time is obtained without monitoring network performance. Performing the entry access messaging exchange over the two or more networks also ensures reliability in the event a particular network is down or congested, an authorization device on a particular network is down or overloaded, a radio of a mobile device communicating over a particular network is disabled or slow performing.

Abstract: Systems and methods for performing decoupled authorization, whereby authorizing access permissions of a user to a resource is performed separate and independent from authorizing intent of the user to access the resource. Once both authorizations are successfully completed within a specified timeout interval, the access state of the resource is changed, thereby granting the user access to the resource. The decoupled authorizations are independently performed over different networks, in response to different triggers, or by leveraging different hardware. Access to the resource can therefore be provided prior to the user arriving before the resource, with little to no action by the user, and without comprising security as the resources will remain restricted or locked if the either of the user's intent or access permissions cannot be verified.

Abstract: Some embodiments provide a capacity management agent that modifies bandwidth that is allocated between an end user and a carrier network by caching requested content that is streamed at a first rate and then providing the cached content to the end user through the carrier network at a second rate. The agent performs a process that includes receiving data intended for a service region of the carrier network from an external data network. The process identifies resource availability at the service region. Next, the process passes the data to the service region at the first rate when the resource availability at the service region is not less than a threshold amount and caches the data for passing to the service region at the second rate that consumes fewer carrier network resource than the first rate when the resource availability at the service region is less than the threshold amount.

Abstract: Provided is an office receptionist system formed from a distributed set of system valets and a system concierge. The system valets record and pass human inquiries at various points of ingress and egress to the system concierge. The system concierge parses each inquiry, determines the type of inquiry being made, and further determines whether the inquiry provides sufficient information for the determined inquiry type. The sufficiency of the inquiry is determined from a rule set that further defines different data sources from which the system concierge obtains data elements for generating a response to the inquiry as well as the actions to perform as part of responding to the inquiry. The response is returned to the system valet originating the inquiry for playback thereon.

Abstract: Some embodiments move the task of selecting between different transit provider paths from the network level to the application level. Some embodiments perform network level configurations involving a destination network router advertising over a first transit provider path, a unique first address identifying a destination network server as reachable via the first path and advertising over a second transit provider path, a unique second address identifying the destination network server as reachable via the second path. Some embodiments further perform application level configurations involving a source network server passing a first packet to the destination network server over the first path by addressing the first packet to the first address and passing a second packet to the destination network server over the second path by addressing the second packet to the second address. The path selection may be based on policies accounting for congestion, performance, and other metrics.

Abstract: Disclosed are systems and methods for updating a distributed system device with an update that a system controller fragments and propagates to the system device by way of two or more third party clients. The system controller manages client access rights to a service accessible at different distributed system devices. The system controller has first network connectivity with which to remotely distribute different fragments of an update to different clients. Each system device controls access to the service at different a site and has (i) second network connectivity with which the different clients propagate different fragments of the update to the system device upon entering communication range with the system device, (ii) memory storing different sets of fragments for the update based on different times at which the clients propagate the fragments, and (iii) a processor applying the update once all fragments of the update to the memory.

Abstract: The solution is directed to access control systems and verifying proximity of a user to an access point that the user is wirelessly requesting access to. The proximity verification is based on placing proximity hubs adjacent to the different access points. Each proximity hub advertises a different unique identifier that changes periodically over a short-range wireless network and can be detected with a mobile device if the mobile device is physically within a short distance from the proximity hub. The unique identifier changes based on a rolling code. A user is permitted access to a restricted access point in response to the mobile device sending over a different long-range wireless network, the unique identifier advertised from a proximity hub adjacent to a desired access point and user access credentials authenticating access privileges of the user to the desired access point.

Abstract: Disclosed are systems and methods for performing entry access over two or more networks. The two or more networks are leveraged to accelerate the entry access and provide redundancy. Performance over each of the two or more networks is tracked in order to allow a mobile device to exchange entry access messaging over the particular network providing fastest start-to-unlock time. The mobile device can alternatively exchange the entry access messaging simultaneously over the two or more networks to create a race condition whereby the fastest start-to-unlock time is obtained without monitoring network performance. Performing the entry access messaging exchange over the two or more networks also ensures reliability in the event a particular network is down or congested, an authorization device on a particular network is down or overloaded, a radio of a mobile device communicating over a particular network is disabled or slow performing.

Abstract: Some embodiments move the task of selecting between different transit provider paths from the network level to the application level. Some embodiments perform network level configurations involving a destination network router advertising over a first transit provider path, a unique first address identifying a destination network server as reachable via the first path and advertising over a second transit provider path, a unique second address identifying the destination network server as reachable via the second path. Some embodiments further perform application level configurations involving a source network server passing a first packet to the destination network server over the first path by addressing the first packet to the first address and passing a second packet to the destination network server over the second path by addressing the second packet to the second address. The path selection may be based on policies accounting for congestion, performance, and other metrics.

Abstract: Some embodiments provide systems and methods for determining a server of a distributed hosting system to optimally distribute content to an end user. The method includes identifying an IP address of the end user. Based on the IP address, a set of servers send packets to the end user to derive performance metrics. The performance metrics are used to determine a server from the set of servers that optimally distributes content to the end user. The method modifies a configuration for resolving end user requests such that the optimal server is identified to the end user when the end user requests content from the hosting system. Some embodiments determine the optimal server by providing downloadable content that is embedded with a monitoring tool. The monitoring tool causes the end user to derive performance metrics for the hosting system when downloading a particular object from a set of servers.

Abstract: Provided is an access control electro-permanent magnetic lock for locking and unlocking physical barriers with electromagnetism, but without a continual power source. The lock comprises permanent magnets juxtaposed with electro-permanent magnets. The polarity of the permanent magnets is fixed and aligned. The polarity of the electro-permanent magnets can be switched by introducing a pulse of electric current for a fraction of a second at low voltage to the electro-permanent magnets. A strong magnetic field generating a locking or holding force is produced when the polarity of the electro-permanent magnets aligns with or is in the same direction as the polarity of the permanent magnets. The magnetic field is canceled such that there is no locking or holding force when the polarity of the electro-permanent magnets is opposite to the polarity of the permanent magnets. The lock can further provide fail-secure or fail-safe protections in the event of power loss.

Abstract: Some embodiments provide a content delivery network (CDN) solution that affords the CDN control over those elements of customer content that are delivered by third parties. The CDN integrates a distributed set of monitoring agents. Each monitoring agent monitors the delivery performance of third parties to the region in which the agent operates. The CDN uses the performance monitoring information to dynamically manage the content tags to the third-party delivered elements of CDN-customer content. Specifically, a CDN server retrieves the parent page for requested CDN-customer content. The CDN server identifies the region from where the request originates and retrieves the logs from the monitoring agents monitoring from that region. The CDN server then modifies the base page by dynamically removing the tags to the third-party delivered elements that are reported in the monitoring agent logs as being unavailable, inaccessible, or underperforming in the identified region.

Abstract: Some embodiments provide a multi-tenant over-the-top multicast solution that integrates the per user stream customizability of unicast with the large scale streaming efficiencies of multicast. The solution involves an application, different multicast groups streaming an event with different customizations, and a manifest file or metadata identifying the different groups and customizations. The solution leverages the different multicast groups in order to provide different time shifts in the event stream, different quality level encodings of the event stream, and different secondary content to be included with a primary content stream. The application configured with the manifest file or metadata dynamically switches between the groups in order to customize the experience for a user or user device on which the application executes. Switching from multicast to unicast is also supported to supplement available customizations and for failover.

Abstract: Some embodiments provide an end-to-end federated CDN solution that assimilates a transparent caching server that is operated by a transparent caching server operator into a CDN that independently operates CDN caching servers. Specifically, the logs from the transparent caching server are assimilated into the CDN by aggregating the logs from the transparent caching server and processing the transparent caching server logs to identify network usage for content of a CDN content provider customer that is delivered by the transparent caching server. The network usage is then combined with the network usage that tracked by the CDN caching servers in order to provide comprehensive report metrics for the content provider customer and to bill the content provider customer for all network usage related to delivering the content provider customer's content irrespective of whether the content was delivered by a transparent caching server or a CDN caching server.

Abstract: Some embodiments override network or router level path selection with application or server controlled path selection by repurposing the type-of-service (ToS) or differentiated services header field. A mapping table maps different ToS values to different available transit provider paths to a particular destination. A server generating a packet to the destination selects one of the available paths according to any of load balanced, failover, or performance optimization criteria. The server sets the packet header ToS field with the value assigned to the selected path. A router operating in the same network as the server is configured with policy based routing rules that similarly map the ToS values to different transit provider paths to the particular destination network. Upon receiving the server generated packet, the router routes the packet to the destination network through the transit provider path identified in the packet header by the server set ToS value.

Abstract: Disclosed are systems and methods for performing entry access over two or more networks. The two or more networks are leveraged to accelerate the entry access and provide redundancy. Performance over each of the two or more networks is tracked in order to allow a mobile device to exchange entry access messaging over the particular network providing fastest start-to-unlock time. The mobile device can alternatively exchange the entry access messaging simultaneously over the two or more networks to create a race condition whereby the fastest start-to-unlock time is obtained without monitoring network performance. Performing the entry access messaging exchange over the two or more networks also ensures reliability in the event a particular network is down or congested, an authorization device on a particular network is down or overloaded, a radio of a mobile device communicating over a particular network is disabled or slow performing.