Patent application number | Description | Published |
20080209153 | Page oriented memory management - A method and apparatus for managing memory allocation using memory pages. One or more arenas are designated within a memory page. Each of the arenas are divided into one or more memory blocks of the same size. Metadata is generated for the memory blocks at a location other than between the memory blocks, which is used when allocating memory to satisfy an allocation request of the size of the memory blocks. | 08-28-2008 |
20080209154 | Page oriented memory management - A method and apparatus for managing memory allocation using memory pages. An arena is designated within one or more memory pages. The arena is divided into one or more memory blocks of the same size. Metadata is generated for the memory blocks at a location other than between the memory blocks, which is used when allocating memory to satisfy an allocation request of approximately the size of the memory blocks. | 08-28-2008 |
20080292096 | Hybrid data encryption - A method and apparatus for encrypting and decrypting data. A first block cipher encrypts data to generate a first cipher output. A first double irregular columnar transposition cipher encrypts the first cipher output to generate a second cipher output. A second block cipher encrypts the second cipher output to generate a third cipher output. | 11-27-2008 |
20080294854 | Data management interface with plugins - A method and apparatus for managing data. A request to perform a data operation is received from an application, the request identifying data on which to perform the data operation. The request is delegated to one or more of a plurality of plugins based on the requested data operation, each of the plurality of plugins being associated with at least one distinct data operation. The one or more plugins perform the requested data operation. | 11-27-2008 |
20080295074 | Data management interface with configurable plugins - A method and apparatus for managing data. A data management interface that delegates data operations to one or more plugins is configured, each plugin being associated with a distinct data operation. A new plugin is identified. The data management interface is reconfigured to enable the new plugin, the reconfiguring being transparent to at least one application requesting a data operation. | 11-27-2008 |
20080301123 | Distributing data across different backing data stores - A method and apparatus for distributing data across multiple data stores are provided. In one embodiment, records are maintained for multiple data stores that associate primary key indicators and time intervals pertaining to data items with distinct data stores. When a request pertaining to at least one data item is received, a primary key indicator and the time of this data item are determined. Further, the records maintained for the multiple data stores are searched using the primary key indicator and the time of the data item to find one or more data stores for the data item. | 12-04-2008 |
20080301712 | Verification of loadable objects - A method and apparatus for verifying loadable objects. A request is received from an application to load a first loadable object into memory. A first signature value is calculated for the first loadable object. The first loadable object is loaded into memory if the first signature value matches one of a plurality of signature values, each of the plurality of signature values being associated with a distinct loadable object. | 12-04-2008 |
20090028266 | Compact encoding of arbitrary length binary objects - A method and apparatus for encoding data of arbitrary length. Data of arbitrary size is divided into one or more data blocks. One or more length blocks are generated that include length information identifying a quantity of the one or more data blocks into which the data is divided, wherein the length information can be determined by a number of reads of the length blocks and without examining the data blocks. The length blocks and the data blocks are transmitted. | 01-29-2009 |
20090031410 | Certificate generation for a network appliance - A method and system for generating identity certificates. The method may include receiving a user request to activate a network appliance, and causing a network appliance identifier and a transaction identifier of an activation transaction associated with the user request to be transmitted to the network appliance. A certificate signing request (CSR) and the transaction identifier may be received from the network appliance, the CSR including the network appliance identifier. A certificate may be generated for the network appliance if the activation transaction is valid. | 01-29-2009 |
20090045991 | ALTERNATIVE ENCODING FOR LZSS OUTPUT - A data processing method where a source bit stream is manipulated to produce four intermediate streams: flag bits, literals, offsets and lengths. Flag bits are grouped into multi-bit units, and an output stream containing flag units, literals, offsets and lengths is emitted. The output stream occupies fewer bits than the source bit stream, but encodes all the data of the source bit stream. | 02-19-2009 |
20090049271 | Consolidation of matching memory pages - A method and apparatus for managing memory allocation using memory pages. A first physical memory page is compared with a second physical memory page, wherein the first physical memory page is associated with a first page table and the second physical memory page is associated with a second page table. If the second physical memory page matches the first physical memory page, the second physical memory page is deallocated, and the second page table is associated with the first physical memory page. | 02-19-2009 |
20090049454 | Securing inter-process communication - A request to post a message to a destination is intercepted in an operating environment in which processes communicate via message queues. Message content and requester information associated with the request is evaluated to determine whether the message is to be posted. The message is posted to a message queue of the destination if the message is to be posted. | 02-19-2009 |
20090060047 | Data compression using an arbitrary-sized dictionary - A data compression method improves Lempel-Ziv (“LZ”) compression by encoding the offsets produced during LZ compression as variable-bit-length (“VBL”) encoded integers, and outputting the VBL integers as part of the compressed data. Other integers produced during LZ compression, as well as integers produced by other data compression algorithms, can also be encoded using a VBL scheme. | 03-05-2009 |
20090060175 | Embedding a secret in a bit string for safeguarding the secret - A method and system for embedding a secret in a bit string for safeguarding the secret. In one embodiment, the method comprises computing the length of the overall bit string as a function of q and t, where q and t are determined from the length of the secret. The method further comprises generating a plurality of information pieces based on q and t, the information pieces including a transformed secret and information for extracting the secret from the overall bit string. The method further comprises concatenating the plurality of information pieces to form the overall bit string. | 03-05-2009 |
20090060179 | Method and an apparatus to generate pseudo random bits from polynomials - Some embodiments of a method and an apparatus to generate pseudo random bits from polynomials have been presented. In one embodiment, a set of finite field polynomials is used to generate a series of pseudo random bits in one or more cycles. Then a cryptographic key is generated from the series of pseudo random bits. | 03-05-2009 |
20090064127 | Unattended upgrade for a network appliance - A method and apparatus for upgrading a network appliance. In one embodiment, the method includes determining that an upgrade of the network appliance is needed using versioning information of the network appliance and upgrade versioning information, and determining, based on upgrade criteria, whether the network appliance should be upgraded using a full install image. If the network appliance should be upgraded using the full install image, the full install image is downloaded to the network appliance. | 03-05-2009 |
20090100512 | Setting a preliminary time on a network appliance using a digital certificate - A method and system for setting a time on a network appliance. The method may include attempting to establish a secure connection with a server using a certificate issued for a network appliance, and determining that an attempt to establish a secure connection has failed. The method may further include determining that a possible cause of the failure to establish a secure connection is incorrect time data provided by the network appliance, and updating the time on the network appliance using time data contained in the certificate. | 04-16-2009 |
20090113559 | Stateless challenge-response protocol - A two-party stateless protocol by which a server receives a request from a client, transmits a tamper-resistant challenge to the client, receives a response to the challenge, and validates the response, where each of the challenge and the response contain a copy of the request. If the client responds correctly to the challenge and does not modify the request during the protocol, the server executes the request. | 04-30-2009 |
20090121906 | ALTERNATIVE ENCODING FOR LZSS OUTPUT - A data processing method where a source bit stream is manipulated to produce four intermediate streams: flag bits, literals, offsets and lengths. Flag bits are grouped into multi-bit units, and an output stream containing flag units, literals, offsets and lengths is emitted. The output stream occupies fewer bits than the source bit stream, but encodes all the data of the source bit stream. | 05-14-2009 |
20090132681 | Automatically providing identity information for a network appliance - A method and system for activating a network appliance. The method may include providing a user interface for a network appliance, and allowing a user to request an activation of the network appliance via the user interface, without requiring the user to specify the identity of the network appliance. The method may further include sending an activation request to a server, receiving a response triggering an activation process on the network appliance from the server, and performing the activation process on the network appliance. | 05-21-2009 |
20090133113 | ADDING CLIENT AUTHENTICATION TO NETWORKED COMMUNICATIONS - A pass-through agent receives a request from a client and authenticates the client before forwarding the request to a target server that lacks client authentication capability. The target server is configured to accept requests from the pass-through agent, and may be configured to reject requests that do not come from the pass-through agent. | 05-21-2009 |
20090136024 | Sharing a secret using polynomials - A method and system for distributing n shares of a secret to n computing systems, and a method and system for reconstructing the secret from k shares of the secret. In one embodiment, the method for distributing the secret comprises representing the secret as a first polynomial over GF(2). The method further comprises creating the n shares from the secret, each of the n shares including a polynomial over GF(2). The secret can be reconstructed, in one embodiment, by solving coefficients of an interpolating polynomial using k points in the k shares using modulo 2 arithmetic. | 05-28-2009 |
20090138703 | Disabling Remote Logins Without Passwords - A method and apparatus for disabling password-less remote logins. In one embodiment, the method comprises receiving a remote login request at a first computing system from a user of a second computing system. Both of the first computing system and the second computing system mount home directories from a file sever. The request includes a public key associated with the user. An authorized key file associated with the user is located in the home directories. The authorized key file has zero length and owned by a root user of the file server. The method further comprises prompting the user of the second computing system for a password in response to the request. | 05-28-2009 |
20090138894 | Automatic Object Instantiation - A method and apparatus for converting a function call to a method call. In one embodiment, the method comprises receiving a call on a method and determining whether the call is an object method call. In response to a determination that the call is not the object method call, the method comprises instantiating a new object to convert the call into the object method call. | 05-28-2009 |
20090138946 | Provisioning a network appliance - A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and requesting and receiving a unique identifier from a service provider, where the unique identifier is used for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR with the unique identifier to the service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate. | 05-28-2009 |
20090138947 | Provisioning a network appliance - A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and generating a provisionally unique identifier from the network appliance for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR, the provisionally unique identifier, and information about the user login to a service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate. | 05-28-2009 |
20090140893 | COMPRESSION RATIO OF ADAPTIVE COMPRESSION ALGORITHMS - The performance (compression ratio) of an entropy coding compressor can be improved by separating its output into two streams: encoded output symbols compressed according to a probability model, and literal symbols that were not present in the probability model when the corresponding input symbol was to be encoded. The literal symbols are collected into a group and compressed separately. The compressed literals are stored at a discernable place relative to the encoded output symbols (e.g., at the beginning or end of the sequence of encoded output symbols). | 06-04-2009 |
20090140894 | ADAPTIVE ENTROPY CODING COMPRESSION OUTPUT FORMATS - The performance (compression ratio) of an entropy coding compressor can be improved by separating its output into two streams: encoded output symbols compressed according to a probability model, and literal symbols that were not present in the probability model when the corresponding input symbol was to be encoded. The literal symbols are collected into a group and compressed separately. The compressed literals are stored at a discernable place relative to the encoded output symbols (e.g., at the beginning or end of the sequence of encoded output symbols). | 06-04-2009 |
20090144399 | Setting a preliminary time on a network appliance using a message received from a server - A method and system for setting a time on a network appliance. The method may include attempting to establish a secure connection with a backend server using a certificate issued for a network appliance, and determining that an attempt to establish a secure connection has failed. The method may further include soliciting a response from one or more predefined servers, extracting time data from one or more responses received from the predefined server, and updating the time on the network appliance using the time data extracted from the received responses. | 06-04-2009 |
20090144436 | REVERSE NETWORK AUTHENTICATION FOR NONSTANDARD THREAT PROFILES - A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed. | 06-04-2009 |
20090144613 | Overriding images in user interfaces - A method and apparatus for overriding images in user interfaces using web application styling sheets. In one embodiment, a method may include creating a first style sheet defining a first image. The first style sheet allows customization of the first image by referencing the first image using a background attribute and a first location. A second style sheet defines a second image using a background attribute and a second location. The method may further include creating a web page with a link to the first style sheet and a link to the second style sheet, and sending the web page to a client for presentation, where the second image overrides the first image when the web page is presented to a user. | 06-04-2009 |
20090144640 | Distributed hosting of web application styles - A method and apparatus for facilitating distributed hosting of web application styles. In one embodiment, a method may include storing original style sheets at a first location, where the original style sheets pertain to a user interface (UI) provided by the service provider, and allowing a third party to customize a subset of the original style sheets and to store the customized style sheets at a second location. The method may further include causing the customized style sheets to be combined with the original style sheets when the user interface is presented to a user associated with the third party. | 06-04-2009 |
20090144722 | Automatic full install upgrade of a network appliance - A method and apparatus for upgrading a network appliance. In one embodiment, a network appliance determines that it should be upgraded using a full install image. The network appliance then reserves an upgrade staging area in its memory device, downloads the full install image from a server to the upgrade staging area, and marks the upgrade staging area as bootable. Further, the network appliance reboots itself, and installs the full install image. | 06-04-2009 |
20090150474 | Efficient object distribution - A method and apparatus for distributing objects over a network. In one embodiment, the method comprises sending a request from a first network entity to a second network entity, the request including a compressed representation of deployed objects that are currently deployed at the first network entity. The method further comprises the first network entity receiving from the second network entity a difference between the deployed objects and objects to be deployed on the first network entity as indicated by the second network entity. | 06-11-2009 |
20090150522 | Transparent configuration of a network appliance - A method and apparatus for configuring a remotely available service. In one embodiment, the method includes downloading configuration data for the remotely available service while running a current instance of the service, and invoking a new instance of the service without causing a current instance of the service to terminate. The method may further include causing the current instance of the service to continue performing designated operations until the new instance completes initialization using the configuration data and is able to perform the designated operations. | 06-11-2009 |
20090187885 | CALLING FUNCTIONS AS METHODS - A method and apparatus for converting a method call to a function call. In one embodiment, the method comprises receiving an argument list from a function that has been called by a subroutine call. The method further comprises determining whether the subroutine call is a method call from the argument list. In response to a determination that the subroutine call is the method call, the method comprises converting the method call into a function call. | 07-23-2009 |
20090198760 | Validating service components through data mining - A method and apparatus for validating service components via data mining. In one embodiment, the method includes making service components to be available for use in a production environment of a service subscriber, receiving data produced by instances of the service components in the production environment, and storing the received data in at least one database. The method may further include identifying a service component that is being evaluated, retrieving, from the database, data produced by instances of the service component being evaluated, and providing the retrieved data to a recipient, where the retrieved data indicates effectiveness of the service component being evaluated. | 08-06-2009 |
20090199212 | CONFIGURATION INTERFACE MANAGER - A method and system for managing configuration interfaces. In one embodiment, a system includes a user interface for receiving a user login, causing a configuration process to be invoked, and receiving user input for managing the configuration process. A log file is used to store log file information in response to the received user input for managing the configuration process. The log file can be used by a process monitor to determine if there is any recent user activity. The process monitor can determine whether the log file has been changed in response to the received user input during a specific time interval. In response to a determination that the log file has not been changed in response to the received user input during the specific time interval, the process monitor can terminate the configuration process. | 08-06-2009 |
20090199276 | Proxy authentication - A first application that is hosted by a first machine receives a login request from a user. The first application requests authentication verification from a second application that is hosted by a second machine. The first application authenticates the user if the user was authenticated by the second application, wherein the user can be authenticated by both the first application and the second application after having provided authentication credentials to one of the first application or the second application. | 08-06-2009 |
20090199294 | Managing Password Expiry - A method and apparatus for managing the expiration of a password. In one embodiment, the method comprises determining whether a behavior anomaly associated with an account has occurred. In response to a determination that the behavior anomaly has occurred, the method expires a password associated with the account and forces the password be changed the next time the password is presented for accessing the account. | 08-06-2009 |
20090210484 | Peer-to-peer object distribution - Methods and systems for distributing objects over a network. In one embodiment, the system includes at least one primary network device, and multiple secondary network devices coupled to the primary network device via a network. The primary network device may receive, from a server, objects for the devices managed by the server. The secondary network devices may receive an identifier of the primary network device from the server and may request updates for objects deployed at individual secondary network devices from the primary network device. | 08-20-2009 |
20090212981 | Bidirectional context model for adaptive compression - Techniques for improving encoding and decoding data are described herein. According to one embodiment, in response to a symbol retrieved from an input stream having a sequence of symbols, it is determined whether a current context can encode the retrieved symbol. A code representing an escape down token in the current context is emitted to a code stream if the current context cannot encode the retrieved symbol. A code representing the retrieved symbol in the current context is emitted to the code stream if the current context can encode the retrieved symbol. Optionally, the current context is escaped to a context having a higher order by emitting a code representing an escape up token in the code stream, where a higher order context is a child context to a lower order context as a parent context. | 08-27-2009 |
20090212982 | Difference coding adaptive context model - Techniques for improving encoding and decoding data are described herein. According to one embodiment, in response to a symbol retrieved from an input stream having a sequence of symbols, it is determined whether a current context can encode the retrieved symbol. A code representing an escape token is emitted to a code stream if the current context cannot encode the retrieved symbol. The process is escaped from the current context to a parent context of the current context if the current context is not a root context. The retrieved symbol is emitted to a literal stream if the current context is a root context, where the code stream and the literal stream are to be compressed and decoded by a decoder. | 08-27-2009 |
20090214024 | Block cipher using multiplication over a finite field of even characteristic - An input block of data and a key that includes multiple sub-keys are received by a block cipher. A nonlinear substitution is performed on at least a portion of the data, wherein the nonlinear substitution is achieved by multiplying the portion of the data by one of the sub-keys over a finite field of even characteristic, modulo a fixed primitive polynomial. An output block of ciphertext is then generated. | 08-27-2009 |
20090220083 | Stream cipher using multiplication over a finite field of even characteristic - A first bit sequence is generated using a first pseudorandom bit source. A second bit sequence is generated using a second pseudorandom bit source. A third bit sequence is generated by multiplying the first bit sequence with the second bit sequence over a finite field of even characteristic, modulo a fixed primitive polynomial. A message is received. The third bit sequence is comingled with the message to conceal contents of the message. | 09-03-2009 |
20090222578 | Tunneling SSL over SSH - A system and method for enabling single-socket server applications to receive information via multiple ports. In one embodiment, a system includes a network tunnel configured to receive traffic at a first port of an application server and to communicate the received traffic to a second port of the application server. The system further includes a single-socket application, coupled to the second port of the application server, to monitor for incoming traffic at the second port, and to receive the traffic destined for the first port and communicated to the second port via the network tunnel. | 09-03-2009 |
20090222901 | Collecting Account Access Statistics from Information Provided by Presence of Client Certificates - A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present. | 09-03-2009 |
20090287705 | MANAGING WEBSITE BLACKLISTS - A method and system for managing website blacklists to control website access of a user. In one embodiment, a client queries a database regarding a location of a website before the client fetches a resource from the website. The database includes a list of websites based on which access by the client is controlled. If the location of the website in the query exists in the database, the client displays a warning dialog and receives a user input. The client determines whether to continue fetching the resource based on the user input to the warning dialog. | 11-19-2009 |
20090289820 | Mechanism for coding a non-increasing sequence of values - In one embodiment, a mechanism for coding a non-increasing sequence of values is disclosed. In one embodiment, a method includes receiving a sequence of values to encode, the sequence of values being non-increasing, encoding a first value of the sequence using a number of bits that are required for fully representing the first value in an encoded format, and for each subsequent value in the sequence, encoding the subsequent value using a number of bits required for a minimal bit encoding of a previous value in the sequence. | 11-26-2009 |
20090292752 | Mechanism for generating pseudorandom number sequences - In one embodiment, a mechanism for generating pseudo-random number sequences is disclosed. In one embodiment, a method includes receiving seed values for a pseudorandom number generator (PRNG) in a computing system, the seed values being polynomials. The method further includes running the PRNG using the seed values as initialization parameters, the running including performing operations of the PRNG over GF(2 | 11-26-2009 |
20090299938 | RULES ENGINE FOR ASPECT SERVICES - A service request is received from a client, the service request being directed to a web application, wherein a core concern of the web application is configured to perform a core operation upon receiving the service request. The service request is compared to a plurality of rules by a rules engine. If the service request satisfies a criterion specified in a first rule, an aspect service identified in the rule is initiated, wherein the aspect service performs an additional operation before or after the core operation is performed, and wherein the additional operation adds functionality to the core concern. | 12-03-2009 |
20090299966 | MANAGEMENT OF LARGE DYNAMIC TABLES - Managing a table as multiple ordered blocks of entries. Each block has a local index value for each entry, and each entry has an associated element value. The entries in the table are monotonically ordered, and the table is searchable by element value and entry index value. Each block has an offset based on the number of entries in the blocks preceding it in order. The global index of an entry in a block is the offset combined with the local offset value, such as by adding the two values together. | 12-03-2009 |
20090300024 | Provisioning network resources by environment and network address - A method and apparatus for facilitating provisioning of network appliances based on different environments. A mapping server is provided to communicate with networked devices from different environments. The mapping server receives a request for a network address of a corresponding configuration server from one of the networked devices, determines a network identifier of this networked devices based on the request, and searches a mapping table for the network address of the corresponding configuration server using the network identifier of the networked device. The mapping server then provides the network address of the corresponding configuration server to the networked device. | 12-03-2009 |
20090300099 | ASPECT SERVICES - An aspect request associated with a web application is received by an aspect server, the web application being hosted by a web application server that is remote from the aspect server. Operations are performed according to the aspect request, the operations being associated with a crosscutting concern. A result is returned, the result supplementing functionality of the web application. | 12-03-2009 |
20090300138 | Using Distributed Aspects to Reorder Online Application Workflows - One or more distributed aspect servers modify a sequence of online services provided by an application server that is remote from the aspect servers. A client sends a request to the application server. An aspect service is invoked if the request satisfies a criterion. The aspect service modifies the sequence of online services by performing at least one of adding a new online service, deleting one of the online services, or reordering the sequence of online services. The modified sequence of online services is provided to the client without incurring a change to the application server. | 12-03-2009 |
20090300267 | Systems and methods for facilitating profiling of applications for efficient loading - Systems and methods to facilitate profiling of applications for efficient loading are described. A method may include identifying a page fault during execution of an application being loaded into memory. The page fault indicates that an application part to be currently executed has not been loaded in the memory yet. The method may further include collecting page fault data associated with the page fault, and causing the page fault data to be stored in a data store for use by a profiler. | 12-03-2009 |
20090300603 | Image install of a network appliance - A method and apparatus for installing a network appliance. In one embodiment, the method includes copying an install image pertaining to the network appliance to an install staging area in a memory device of the network appliance, obtaining current installation object data from a server, and saving an up-to-date set of installation objects in the install staging area using the installation object data received from the server. The method may further include marking the install staging area as bootable, rebooting the network appliance, and installing from the install staging area onto the network appliance. | 12-03-2009 |
20090300721 | Reverse VPN over SSH - A system and method for enabling access to a computer server operating within a private network, in which the computer server is isolated by access restrictions that prevent incoming connections from a public network. In one embodiment, the method includes identifying a remote client operating in a public network outside the private network, initiating a secure communication channel with the remote client, and instructing the remote client to initiate a Point-to-Point Protocol (PPP) session with the computer server via the secure communication channel. | 12-03-2009 |
20090322570 | Adaptive Entropy Coding Compression Output Formats - A system stores compressed literal symbols in a first data block and encoded literal symbols in a second data block. The compressed literal symbols correspond to a first group of literal symbols and the encoded literal symbols correspond to a second group of literal symbols. Each of the second group of literal symbols occurs subsequently in a symbol stream to a literal symbol with the same value in the first group of literal symbols. | 12-31-2009 |
20090323927 | Mechanism for chained output feedback encryption - In one embodiment, a mechanism for chained output feedback encryption is disclosed. In one embodiment, a method includes generating a keystream at a block cipher encryption module with inputs of a key and the result of an exclusive-or (XOR) operation on two or more previous keystream outputs, and producing ciphertext by combining the generated keystream with plaintext. | 12-31-2009 |
20090323938 | Mechanism for transport-safe codings for cryptographic use - In one embodiment, a mechanism for transport-safe codings for cryptographic use is disclosed. In one embodiment, a method for transport-safe coding for cryptographic use includes converting an input data stream into index values associated with “n” printable characters, wherein “n” is a radix associated with a base-“n” coding scheme and a prime power less than 94, performing a cryptographic operation on the index values to encrypt the index values, and translating the encrypted values directly into an output data stream of printable characters associated with the encrypted values in a base-“n” coding scheme. | 12-31-2009 |
20090323958 | EXTENDING A SECRET BIT STRING TO SAFEGUARD THE SECRET - A method and system extends a secret bit string to safeguard the secret. In one embodiment, the method comprises adding a secret bit string of length s to a product of two random bit strings using arithmetic defined for polynomials over GF(2) to produce an extended bit string. The extended bit string has a length m that is longer than s. A total of n shares are generated from the extended bit string, of which at least k shares are needed to reconstruct the secret bit string. The n shares are distributed to a plurality of cooperating computing entities for secret sharing. | 12-31-2009 |
20100046739 | SHARING A SECRET USING POLYNOMIAL DIVISION OVER GF(Q) - A method and system for distributing a secret are described. In one embodiment, the secret is represented by a secret polynomial of degree d over GF(q) constructed with a prime or a power of a prime. The secret polynomial is then embedded into an extension polynomial of degree m that is greater than d. The extension polynomial is divided by n coprime divisor polynomials over GF(q), using arithmetic defined for polynomials over GF(q), to generate n shares of the secret. Each share includes one of the divisor polynomials and a corresponding remainder. These n shares are distributed among a plurality of cooperating entities for secret sharing. | 02-25-2010 |
20100046740 | EMBEDDING A SECRET IN A LARGER POLYNOMIAL - A secret polynomial is embedded in a larger polynomial. In one embodiment, the secret is represented as a secret polynomial of degree d over GF(q), q being a prime or a power of a prime. The secret polynomial is added to a product of two random pairwise coprime polynomials, using arithmetic defined on GF(q), to produce an extension polynomial of degree m that is greater than d. From the extension polynomial, n shares of the secret is generated for distribution to a plurality of cooperating entities for secret sharing. | 02-25-2010 |
20100054457 | SHARING A SECRET USING HYPERPLANES OVER GF(q) - A method and system distributes N shares of a secret among cooperating entities using hyperplanes over GF(q), such that the secret can be reconstructed from K of the N shares (where K≦N). In one embodiment, the method constructs a K-tuple that contains the secret and elements of GF(q), where q is a power m of an odd prime p. The method further multiplies the K-tuple by a matrix of size (N×K) to produce an N-tuple using arithmetic defined on GF(q). Thus, N shares of the secret are generated, with each of the N shares including a component of the N-tuple. | 03-04-2010 |
20100054458 | SHARING A SECRET VIA LINEAR INTERPOLATION - A method and system distributes shares of a secret among cooperating entities using linear interpolation. In one embodiment, a linear equation is formed using the secret and random elements. The linear equation represents a K-dimensional secret hyperplane, where K is the number of shares to reconstruct the secret. Shares of the secrets are created, with each share containing a point on the secret hyperplane. The shares are then distributed to cooperating entities for secret sharing. | 03-04-2010 |
20100054470 | SHARING A SECRET VIA LINEAR INTERPOLATION - A method and system calculates shares and sub-shares of a secret for distribution among cooperating entities. In one embodiment, the method creates shares of the secret, with each share containing a point on a K-dimensional secret hyperplane that embeds the secret, where K is the number of shares to reconstruct the secret. The method further constructs sub-shares for the shares. The sub-shares of a share define a set of secondary K-dimensional hyperplanes that intersect at the point contained in the share. The sub-shares are distributed to a plurality of cooperating entities for secret sharing. | 03-04-2010 |
20100054474 | SHARING A SECRET USING HYPERPLANES OVER GF(2m) - A method and system distributes N shares of a secret among cooperating entities using hyperplanes over GF(2 | 03-04-2010 |
20100054480 | SHARING A SECRET USING POLYNOMIALS OVER POLYNOMIALS - A method and system distributes N shares of a secret among cooperating entities by representing the secret as a secret polynomial, and forming a splitting polynomial with the secret polynomial as one or more of the coefficients. In one embodiment, the method represents the secret as a secret polynomial over GF(q), where q is a prime number or a power of a prime number. A splitting polynomial of degree (K−1) over GF(q | 03-04-2010 |
20100057755 | FILE SYSTEM WITH FLEXIBLE INODE STRUCTURES - Techniques for managing inodes of a file system are described herein. According to one embodiment, in response to a request received at the file system for committing a file to a storage, an inode data structure from a first inode pool of the file system is assigned to be associated with the file, where the first inode pool includes multiple inode data structures. A block pointer as a data member of the inode data structure is configured to link with a first block map, where the first block map includes multiple entries having one or more pointers linked with one or more data blocks for storing content of the file. | 03-04-2010 |
20100057791 | METHODS FOR IMPROVING FILE SYSTEM PERFORMANCE - Techniques for managing inodes of a file system are described herein. According to one embodiment, in response to a request received at the file system for committing a file to a storage, a first indirect block having multiple entries is allocated. At least one entry stores a pointer linked with a data block, where the first indirect block is referenced by a pointer stored within an inode associated with the file. A first set of data blocks having a first predetermined number of data blocks is allocated, where each entry is referenced by a pointer stored in an entry of the first indirect block. The first indirect block and the first set of data blocks are contiguous blocks with respect to each other, such that content of the first indirect block and the first set of data blocks can be retrieved via a single storage access operation. | 03-04-2010 |
20100058338 | CALLBACKS IN VIRTUAL MACHINES - The use of callback functions when executing intermediate instructions in a virtual machine is described. The virtual machine receives and evaluates intermediate instructions. The virtual machine evaluates the instructions based a function table referencing definitions of the functions. A callback is loaded into the virtual machine platform, and a callback loader modifies the function table to cause a function in the table to point to the callback instead of the standard definition. Thus, when the intermediate code is evaluated, it is evaluated based on the modified functionality of the callback rather than the standard definition. | 03-04-2010 |
20100058348 | MEMORY MANAGEMENT FOR PREDICTION BY PARTIAL MATCHING CONTEXT MODELS - Techniques for resource management of a PPM context model are described herein. According to one embodiment, in response to a sequence of symbols to be coded, contexts are allocated, each having multiple entries and each entry representing a symbol that the current context is able to encode, including a counter value representing a frequency of each entry being used. For each symbol coded by a context, a local counter value and a global counter value are maintained. The global counter value represents a total number of symbols that have been coded by the context model and the local counter value represents a number symbols that have been coded by the respective context. Thereafter, a resource management operation is performed for system resources associated with the plurality of contexts based on a global counter value and a local counter value associated with each of the plurality of contexts. | 03-04-2010 |
20100124328 | EXTENSIVE CIPHERTEXT FEEDBACK - Some embodiments of a method and apparatus for encrypting and decrypting data have been presented. In one embodiment, a stream cipher is run in parallel with a block cipher to output a stream of bits with a length equal to a number of ciphertext blocks in an output stream of the block cipher. The method may further include pre-processing a current plaintext block based on the stream of bits and the number of ciphertext blocks in the output stream of the block cipher. Then the block cipher may encipher the pre-processed block to generate a current ciphertext block. | 05-20-2010 |
20100125840 | AUTOMATION OF APPLICATION DEPLOYMENT - Some embodiments of automating application deployment have been presented. In one embodiment, a production repository is created in a federated source code management system to accept software from only a single committer. The production repository is coupled to a set of repositories. Platform management infrastructure monitors the production repository for changes to the software. Further, the platform management infrastructure may automatically push the changes to one or more repositories affected. | 05-20-2010 |
20100127900 | TABLE MANAGEMENT FOR LZW WITH FIXED-SIZE TABLES - Managing a string translation table, where a compressor includes information in the table entries to distinguish strings as more or less important. More particularly, the compressor can identify a string in an input stream, determine an age indicator for the string, and record the age indicator in the table. When the string is encountered or identified, a use indicator or counter may be adjusted to indicate use of the entry and timing information related to encountering the entry. Instead of discarding all entries in the string translation table, a portion of the table can be discarded that has less important entries. The determination of whether to discard an entry as being less important can be based on the age indicator and the use indicator. | 05-27-2010 |
20100127901 | DATA STRUCTURE MANAGEMENT FOR LOSSLESS DATA COMPRESSION - An input stream of characters is received. A new string entry is added to a data structure based on a current portion of the input stream if the current portion fails to match any of a plurality of existing string entries in the data structure. An additional string entry is added to the data structure based on a combination of the current portion and a previous portion of the input stream, wherein the additional string entry corresponds to a subset of the combination that fails to match any of the plurality of existing string entries in the data structure. An output stream is generated that includes literal values of the characters and index values corresponding to string entries in the data structure that match portions of the input stream. | 05-27-2010 |
20100127902 | LOSSLESS DATA COMPRESSION WITH SEPARATED INDEX VALUES AND LITERAL VALUES IN OUTPUT STREAM - An input stream of characters is received. The input stream is parsed into a plurality of strings each of which include one or more of the characters, wherein each parsed string is a longest match to a string entry in a data structure. An output stream is generated that includes a first portion having literal values of the characters and a separate and distinct second portion having index values corresponding to string entries in the data structure that match parsed strings from the input stream. | 05-27-2010 |
20100135486 | Nonlinear feedback mode for block ciphers - Plain text, a secret key and a primitive polynomial that defines a finite field of even characteristic are received. The plain text is divided into a plurality of plain text blocks. For each plain text block of the plurality of plain text blocks other than a first plain text block, the plain text block is multiplied by a preceding cipher text block over the finite field of even characteristic, modulo the primitive polynomial, to generate an intermediate block, wherein the preceding cipher text block was generated from a preceding plain text block. Each intermediate block is processed by a block cipher using the secret key to generate a subsequent cipher text block. The block cipher operates in a nonlinear feedback mode of operation. | 06-03-2010 |
20100138815 | IMPLEMENTING ASPECTS WITH CALLBACKS IN VIRTUAL MACHINES - Implementing aspects via callback in a virtual machine, where an aspect weaver weaves the aspect with a module to provide primary and crosscutting functionality in the runtime execution of the module. The virtual machine has multiple modules that are part of an application implementing separation of concerns. Each of the multiple modules has a distinct functionality portion and a common functionality portion, common to all modules. The common functionality is referenced by the virtual machine via callback for the multiple modules. Aspect code is loaded as a callback that is applied to the multiple modules by the virtual machine. Loading the aspect code as a callback can implement the aspect at any point in the modules, including conditional statements, calls to methods of objects or classes, loops, any point in an exception handler, or to monitor changes in variables. | 06-03-2010 |
20100215172 | SHARING A SECRET WITH MODULAR INVERSES - A method and system distributes N shares of a secret among cooperating entities by calculating the multiplicative inverses of the secret. In one embodiment, a distributor selects N distinct prime numbers and forms unique subsets of the prime numbers, with each subset containing K of the N prime numbers (N>=K), where K is a threshold number of shares necessary to reconstruct the secret. The distributor calculates a product of the prime numbers in each subset, and, for each subset, calculates the multiplicative inverse of the secret modulo the product. A total of N shares are generated, with each share containing the multiplicative inverses and one of the prime numbers. The N shares are distributed to the cooperating entities for secret sharing. | 08-26-2010 |
20100217841 | PROVISIONING NETWORK RESOURCES BASED ON ENVIRONMENT - A network appliance sends a configuration request to multiple different servers, each of which is associated with a different environment. A response is received from at least one server. Each received response includes configuration data that pertains to an environment associated with the server from which the response is received. The network appliance is then configured based on the configuration data included in the response to enable the network appliance to operate in the environment associated with the server from which the response originated. | 08-26-2010 |
20100217938 | METHOD AND AN APPARATUS TO IMPROVE LOCALITY OF REFERENCES FOR OBJECTS - Some embodiments of a method and an apparatus to improve locality of references for objects have been presented. In one embodiment, an access counter is provided to each of a set of objects in a computing system. The access counter is incremented each time a respective object is accessed. In response to a request to organize the objects, the objects are sorted by their respective counts of access in the access counters. | 08-26-2010 |
20100217947 | DISCONTIGUOUS OBJECT ADDRESSING - Some embodiments of discontiguous object addressing have been presented. In one embodiment, a set of objects, each having one or more properties, are stored in a memory of a computer system. The memory is divided into chunks. The properties of at least one of the objects are stored in discontiguous chunks of the memory. Furthermore, a processor in the computer system may independently access the individual properties in the discontiguous chunks of memory. | 08-26-2010 |
20100217978 | Method for sharing secret information among cooperating parties - A method and system for distributing a secret to a plurality of computing systems. In one embodiment, the method determines the number (n) of shares to generate and a threshold number (k) of the shares from which the secret can be reconstructed. The method further chooses n coprime random bit strings in any one of general rings as moduli, the general rings including one or more non-integer rings. The secret is then embedded in a bit string which is at least one bit longer than the product of any k−1 moduli and at least one bit shorter than the product of any k moduli. The method further computes shares of the bit string for distribution to n computing systems, each share including one of the moduli and a corresponding remainder. | 08-26-2010 |
20100217986 | AUTHENTICATED SECRET SHARING - A method and system distributes N shares of a secret among cooperating entities by forming a mathematical construct that has an embedded internal structure to allow authentication of a reconstructed secret. The mathematical construct can be a splitting polynomial constructed using the secret, a key and a message authentication code (MAC) as coefficients. The splitting polynomial is evaluated at N random evaluation points to obtain N result values. N shares of the secret are generated and distributed among the cooperating entities for storage. A reconstructed secret can be authenticated by computing the MAC of the reconstructed secret and verifying a relationship among the coefficients of a reconstructed splitting polynomial using the MAC. If the coefficients do not satisfy the relationship, one or more additional shares of the secret can be used to reconstruct the splitting polynomial and the secret. | 08-26-2010 |
20100218174 | DYNAMIC COMPILING AND LOADING AT RUNTIME - A compiler is loaded by a computing device using an evaluation function that is included in a program in a compiled form. The evaluation function causes the compiler to compile source code for the program, wherein the source code includes new instructions that are uncompiled, and wherein compiling the source code generates compiled code that includes the new instructions. The evaluation function loads the compiled code into memory, retrieves the new instructions, and executes the new instructions. The evaluation function may perform these operations during runtime of the program that includes the evaluation function. | 08-26-2010 |
20100218201 | METHOD AND AN APPARATUS TO IMPLEMENT SECURE SYSTEM CALL WRAPPERS - Some embodiments of a method and an apparatus to a method and an apparatus to implement secure system call wrapper have been presented. In one embodiment, a system call wrapper is used to validate parameters of a system call directed to a kernel from a user-space process. The user-space process supplies the parameters of the system call. The parameters are protected from being accessed by processes in the user-space after the parameters have been validated. | 08-26-2010 |
20100218261 | ISOLATING PROCESSES USING ASPECTS - A system and method for receiving a request to load a computer application into a memory for execution, analyzing the computer application to identify one or more join points, injecting aspect computer code into the computer application at the one or more join points, wherein the aspect computer code to regulate the execution of restricted operations initiated by the computer application based on a restricted operations profile associated with the aspect computer code, and executing the computer application having the aspect computer code injected therein. | 08-26-2010 |
20100219993 | EFFICIENT CODING OF INTEGERS IN NON-POWER-OF-TWO RANGES - Coding efficiently in non-power-of-two ranges. Coding is performed in an N-bit system, where certain codes are represented with N bits and other codes are represented with (N+1) bits. An example is where the other codes may have an N-bit representation used to represent multiple values, with the additional bit being disambiguation information provided to distinguish the codes having multiple values. Thus, N bits are used to represent most codes, and an extra bit is used to represent other codes. The number of bits per element used for representing a sequence is, on average, close to a theoretical minimum for N-bits. | 09-02-2010 |
20100220855 | STRENGTHENED KEY SCHEDULE FOR ARCFOUR - Some embodiments of a method and an apparatus to strengthen key schedule for arcfour have been presented. In one embodiment, an S array of a predetermined size is initialized. The S array is usable in a key generating process of arcfour encryption. The key generation process is extended to generate keys, which are substantially random and substantially unbiased. Using the keys generated, a stream cipher performs arcfour encryption on plaintext data to output ciphertext data. | 09-02-2010 |
20100223358 | METHOD AND APPARATUS FOR THWARTING KEYLOGGERS USING PROXIES - Techniques for thwarting keylogger using a proxy are described herein. According to one embodiment, in response to a request received from a client for accessing a Web page provided from a remote Web server over a network, a proxy server retrieves the Web page from the remote Web server and presents the Web page to the client. The proxy server further presents a virtual keyboard to the client to allow a user of the client to enter one or more keys in an input field of the Web page without having to type at the client for the purposes of logging into the Web site. Thereafter, the proxy server directs traffic between the client and the remote Web server over the network. Other methods and apparatuses are also described. | 09-02-2010 |
20100223456 | SECURITY IMPLEMENTATION WITHIN A BROWSER - Techniques for implementing security within a browser of a data processing system are described herein. According to one embodiment, first data representing a user interaction with a Web page presented by a browser application is encrypted at an application level by a cipher module communicatively coupled to the browser application running at a local client. A JavaScript module embedded within the browser application is configured to transmit the encrypted first data over a network to a remote server for updating the Web page. In response to second data received from the remote server, the cipher module is configured to decrypt the second data at the application level and the decrypted second data is then rendered by the browser application to update the Web page without having to reload the entire Web page. Other methods and apparatuses are also described. | 09-02-2010 |
20100223613 | PER PROCESS VIRTUAL MACHINES - A system and method for isolating processes executing within a computing device. A process is loaded into a virtual machine operating under the control of a hypervisor communicatively interfaced with an operating system kernel. A subset of an application programming interface (API) is exposed to the virtual machine enabling the process to interface with the operating system kernel via the subset of the API. The process is then executed in the virtual machine. | 09-02-2010 |
20100228703 | REDUCING MEMORY REQUIRED FOR PREDICTION BY PARTIAL MATCHING MODELS - Some embodiments of a method and an apparatus to reduce memory required for prediction by partial matching (PPM) models usable in data compression have been presented. In one embodiment, statistics of received data are accumulated in a tree of dynamic tree-type data structures. The data is compressed based on the statistics. The tree of dynamic tree-type data structures may be stored in a computer-readable storage medium. | 09-09-2010 |
20100287171 | Federated Indexing from Hashed Primary Key Slices - A method and system stores and retrieves data items associated with a primary key, using search indices at multiple storage locations. A server receives a primary key, identifies one or more segments of the primary key, and hashes each segment with one or more hash functions to obtain a sequence of hash values. The hash values are used as keys to index a chain of search indices that are stored in multiple storage locations. One or more of the hash values in the sequence are used to form a host name, and the host name is mapped to an address of a server that stores a first search index in the chain. The last search index in the chain contains the data items associated with the primary key, or provides a reference to one or more locations at which the data items can be found. | 11-11-2010 |
20100287172 | Federated Document Search by Keywords - A method and system stores search indices across multiple storage locations, and uses the search indices to conduct a document search. In one embodiment, a server receives a search request that includes a keyword. The server hashes the keyword with multiple hash functions to obtain a sequence of hash values, which are used to index a chain of search indices. Each hash value points to an entry of a corresponding search index in the chain. If a search index is not the last index in the chain, the entry provides a reference to the location at which a next search index in the chain can be found. If a search index is the last index in the chain, the entry includes or points to identifiers of documents that contain the keyword in the search request. The documents can be retrieved from document repositories using the identifiers. | 11-11-2010 |
20100287173 | Searching Documents for Successive Hashed Keywords - A method and system searches documents that contain an ordered pair of keywords using search indices stored in multiple storage locations. In one embodiment, a server receives the search request that includes an ordered pair of keywords. The server hashes each keyword with multiple hash functions to obtain a hash vector pair, which are used to index a chain of search indices. Hash values in the hash vector pair are used to locate the chain of search indices that are stored across multiple storage locations. The last search index in the chain provides identifiers of documents containing the ordered pair of keywords, with a distance between the keywords in the documents below a predetermined limit. The documents can be retrieved from document repositories using the identifiers. | 11-11-2010 |
20100306217 | Mechanism for Separating Content from Noisy Context in Template-Based Documents for Search Indexing - In one embodiment, a mechanism for separating content from noisy context in template-based documents for search indexing is disclosed. In one embodiment, a method includes selecting a plurality of documents for index comparison, identifying one or more identical elements found in each of the plurality of documents, and removing the one or more identical elements from consideration in an indexing process of the plurality of documents. | 12-02-2010 |
20100306294 | Mechanism for String Hashing Using a Random Number Generator - In one embodiment, a mechanism for string hashing using a random number generator is disclosed. In one embodiment, a method includes dividing an input stream provided to a hashing module into a plurality of subsets of ‘n’ bits, entangling, by a mixer of the hashing module, one of the subsets of ‘n’ bits by a next sequential output of a pseudo-random number generator (PRNG), adding a product of the entangling to an accumulator of the hashing module, repeating the entangling and adding until all subsets of the plurality of subsets have been processed, and returning a value in the accumulator as a hash result value. | 12-02-2010 |
20100306769 | METHOD AND AN APPARATUS TO MIGRATE FUNCTIONALITIES ACROSS SYSTEMS - Some embodiments of a method and an apparatus to migrate functionalities across systems have been presented. In one embodiment, a system call from an application running on a first system is detected. The first system has a first version of an operating system, but the system call requires a functionality that is not available in the first version of the operating system. The functionality is available in a second version of the operating system running on a second system. Therefore, the system call is reflected from the first system to the second system. | 12-02-2010 |
20110087801 | TUNNELING SSL OVER SSH - A system and method for enabling single-socket server applications to receive information via multiple ports. In one embodiment, a system includes a network tunnel configured to receive traffic at a first port of an application server and to communicate the received traffic to a second port of the application server. The system further includes a single-socket application, coupled to the second port of the application server, to monitor for incoming traffic at the second port, and to receive the traffic destined for the first port and communicated to the second port via the network tunnel. | 04-14-2011 |
20120158963 | TUNNELING SSL OVER SSH - A system and method for enabling single-socket server applications to receive information via multiple ports. In one embodiment, a system includes a network tunnel configured to receive traffic at a first port of an application server and to communicate the received traffic to a second port of the application server. The system further includes a single-socket application, coupled to the second port of the application server, to monitor for incoming traffic at the second port, and to receive the traffic destined for the first port and communicated to the second port via the network tunnel. | 06-21-2012 |
20130014098 | IMAGE INSTALL OF A NETWORK APPLIANCE - A method and apparatus for installing a network appliance. In one embodiment, the method includes copying an install image pertaining to the network appliance to an install staging area in a memory device of the network appliance, obtaining current installation object data from a server, and saving an up-to-date set of installation objects in the install staging area using the installation object data received from the server. The method may further include marking the install staging area as bootable, rebooting the network appliance, and installing from the install staging area onto the network appliance. | 01-10-2013 |
20140198911 | SHARING A SECRET VIA LINEAR INTERPOLATION - A method and system distributes shares of a secret among cooperating entities using linear interpolation. In one embodiment, a linear equation is formed using the secret and random elements. The linear equation represents a K-dimensional hyperplane, where K is the number of shares to reconstruct the secret. Shares of the secrets are created, with each share corresponding to a point on the secret hyperplane. The shares are then distributed to cooperating entities for secret sharing. | 07-17-2014 |
20140344285 | String Hashing Using a Random Number Generator - String hashing using a random number generator is disclosed. A method of implementations includes dividing an input stream provided to a hashing module into a plurality of subsets of bits, wherein each subset comprises a same number of bits and wherein each of the subsets of bits comprises an overlapping subset, augmenting a subset of the subsets of bits with a constant, entangling, by a mixer of the hashing module, the subset by an output of a number generator, adding a result of the entangling to an accumulator of the hashing module, repeating the augmenting, the entangling, and the adding on at least a portion of a next sequential subset of the subset of bits, and when all of the subsets of bits have been processed, returning a value in the accumulator as a hash result value. | 11-20-2014 |