Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identify. A server is described that receives a service request to access a secure service provided by another service provider. The server may determine whether an additional secure service is required from a third-party server, and if so, generate a recursive authentication token for delivery to the third-party server. The recursive authentication token is intended to authenticate an identity of the server to the third-party server.

Abstract: A method comprises receiving an add instruction to add a new account to a subscriber database at the system, wherein the add instruction indicates a line identifier and a first source identifier, wherein the line identifier identifies a line activated by the new account, wherein a first source identifier identifies a first carrier billing system from which the request to add the new account is received, when an existing account indexed by the line identifier is present at the subscriber database, deleting, by the provisioning application, the existing account from the subscriber database, and adding, by the provisioning application, the new account associated with the line identifier at the subscriber database, wherein the new account indicates the first source identifier.

Abstract: A method comprises extracting, by an authentication application of an identity and access management system, an Internet Protocol address of a carrier hotspot device from a data packet received from an access device, wherein the access device is connected to the carrier network using the carrier hotspot device, wherein the Internet Protocol address is assigned to the carrier hotspot device when the carrier hotspot device attaches to the carrier network, transmitting, by the authentication application to an identification application in a core network of the carrier network, the Internet Protocol address of the carrier hotspot device, and receiving, by the authentication application from the identification application, an identifier of the carrier hotspot device associated with the Internet Protocol address.

Abstract: A server application may request an authentication token from an authentication token provider on behalf of a client application instance. An application instance public key of a client application instance may be received at the server application, in which the application instance public key belongs to an application instance public-private key pair of the client application instance. An authentication token request is generated at the server application, in which the request includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application. The authentication token request is sent by the server application to an authentication token provider to request an authentication token for use by the client application instance.

Abstract: An adaptive greylist may be used to reject authentication requests that originate from a source network address that has been taken over by a malicious actor. A percentage of successful authentications for a predetermined number of authentication requests that last originated from a source network address may be calculated. Accordingly, the source network address may be added to a greylist of suspended network addresses when the percentage of successful authentications is less than a predetermined percentage threshold. On the other hand, the source network address is kept off the greylist of suspended network addresses when the percentage of successful authentications is equal to or greater than the predetermined percentage threshold.

Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identify. A server is described that receives a service request to access a secure service provided by another service provider. The server may determine whether an additional secure service is required from a third-party server, and if so, generate a recursive authentication token for delivery to the third-party server. The recursive authentication token is intended to authenticate an identity of the server to the third-party server.

Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identity. Rather than facilitating the issuance of authentication tokens as bearer tokens, whereby any user may present an authentication token to a secure service provider for access to secure service, this disclosure describes techniques for generating recursive authentication tokens that are digitally signed by an Identity Service Provider (IDP) and the entity that purports to present the authentication token to the service provider. Additionally, a recursive token application is described that is configured to nest preceding authentication tokens that trace back to an initial secure service request. For example, a recursive authentication token received by a second service provider may include, nested therein, the first service provider recursive authentication token and a preceding client recursive authentication token that is associated with the initial secure service request.

Abstract: An adaptive greylist may be used to reject authentication requests that originate from a source network address that has been taken over by a malicious actor. A percentage of successful authentications for a predetermined number of authentication requests that last originated from a source network address may be calculated. Accordingly, the source network address may be added to a greylist of suspended network addresses when the percentage of successful authentications is less than a predetermined percentage threshold. On the other hand, the source network address is kept off the greylist of suspended network addresses when the percentage of successful authentications is equal to or greater than the predetermined percentage threshold.

Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identity. Rather than facilitating the issuance of authentication tokens as bearer tokens, whereby any user may present an authentication token to a secure service provider for access to secure service, this disclosure describes techniques for generating recursive authentication tokens that are digitally signed by an Identity Service Provider (IDP) and the entity that purports to present the authentication token to the service provider. Additionally, a recursive token application is described that is configured to nest preceding authentication tokens that trace back to an initial secure service request. For example, a recursive authentication token received by a second service provider may include, nested therein, the first service provider recursive authentication token and a preceding client recursive authentication token that is associated with the initial secure service request.

Abstract: A server application may request an authentication token from an authentication token provider on behalf of a client application instance. An application instance public key of a client application instance may be received at the server application, in which the application instance public key belongs to an application instance public-private key pair of the client application instance. An authentication token request is generated at the server application, in which the request includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application. The authentication token request is sent by the server application to an authentication token provider to request an authentication token for use by the client application instance.

Abstract: A method for determining paths from a first vertex and a second vertex in an acyclic directed graph comprises determining a plurality of paths from one or more root vertices in the graph to one or more leaf vertices in the graph, storing each of the plurality of paths as a respective array in a computer database, each respective array comprising a respective root, a respective leaf, and up to a plurality of intermediate vertices, and determining whether the first vertex and the second vertex are both represented in one or more of the arrays.

Abstract: The treatment of an agricultural setting may be implemented by applying an adhesive using a pump sprayer. The agricultural setting may include mulch, pine straw, wood chips, and other materials used in landscaping. The adhesive may be used to keep the agricultural setting in place. For example, the adhesive may keep mulch from moving in heavy winds or during a storm.

Abstract: The thermal interface structure of the present invention is suited for use in a non-referenced die system between a heat source and heat sink spaced up to 300 mils apart and comprises a plurality of layers including a core body of high conductivity metal or metal alloy having opposite sides, a soft thermal interface layer disposed on one side of the core body for mounting against the heat sink and a thin layer of a phase change material disposed on the opposite side of the core body for mounting against the heat source wherein the surface area dimension (footprint) of the core body is substantially larger than the surface area of the heat source upon which the phase change material is mounted to minimize the thermal resistance between the heat source and the heat sink and wherein said soft thermal interface layer is of a thickness sufficient to accommodate a variable spacing between the heat source and the heat sink of up to 300 mils.

Abstract: The thermal interface structure of the present invention is suited for use in a non-referenced die system between a heat source and heat sink spaced up to 300 mils apart and comprises a plurality of layers including a core body of high conductivity metal or metal alloy having opposite sides, a soft thermal interface layer disposed on one side of the core body for mounting against the heat sink and a thin layer of a phase change material disposed on the opposite side of the core body for mounting against the heat source wherein the surface area dimension (footprint) of the core body is substantially larger than the surface area of the heat source upon which the phase change material is mounted to minimize the thermal resistance between the heat source and the heat sink and wherein said soft thermal interface layer is of a thickness sufficient to accommodate a variable spacing between the heat source and the heat sink of up to 300 mils.

Abstract: Method and apparatus of converting between digital and analogue signal formats, wherein dither signals are combined with information signals to be converted, the dither signals being as a predetermined plurality of particular discrete frequencies that are outside desired information signal bandwidth and have orderly relation including to signal conversion sampling rate, which orderly relation aids looping of sequences of patterns in a related data stream having pattern-to-pattern transitions similar to within-pattern transitions. Specifically, discrete dither signal frequencies have integral relation with their minimum separation or spacing and with said sampling rate, the lowest frequency and the minimum frequency separation each being whole number divisors or submultiples of higher dither frequencies andor of the signal conversion rate.

Abstract: When running in a hydrocarbon well with a large diameter pipe, such as a liner or wash pipe, on the bottom of smaller diameter drill pipe, a safety sub is screwed into the box of a drill pipe stand by the derrickman. Any low pressure mud flowing upwardly in the drill pipe is diverted by the sub to a standpipe and then to the mud system of the drilling rig. In the event high pressure mud starts flowing in the drill pipe, the safety sub is tightened with a wrench and a valve is manipulated to stop upward flow in the drill pipe. The safety sub is partially dismantled, leaving the valve closed and suitable pressure lines are connected to the sub to kill the well. The valve includes a ball check which is normally held open and a mechanism manipulated to allow the ball check to close against a seat. After closing the valve, the ball check may be pumped downwardly into the well to allow a wire line tool to be run into the hole.