| Novell, Inc. Patent applications |
| Patent application number | Title | Published |
|---|
| 20150281222 | TIME-BASED ONE TIME PASSWORD (TOTP) FOR NETWORK AUTHENTICATION - A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource. | 10-01-2015 |
| 20150278500 | PERSONAL AUTHENTICATION AND ACCESS - A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources. | 10-01-2015 |
| 20150215775 | AUDIO PROXIMITY-BASED MOBILE DEVICE DATA SHARING - At least two mobile devices introduce one another and select data for transfer to and receipt by at least one receiving mobile device using audio communications. Each of the devices uses its speaker(s) and its microphone to introduce and select the data. Once secure audio communications are confirmed between the devices, the selected data is acquired by the at least one receiving mobile device using audio communications or a different out-of-band communication wired or wireless network. | 07-30-2015 |
| 20150215299 | PROXIMITY-BASED AUTHENTICATION - A first device requests a protected resource (managed by a second device). A first authentication is performed by the second device upon receipt of the request. The second device provides an audio message back to the first device, which plays the audio message over a speaker. A third device captures the audio message as audio and uses the audio message to request a second authentication from the second device. The second device provides an authenticated session handle back to the first device for accessing the protected resource when both the first and second authentications are successful. | 07-30-2015 |
| 20150178071 | RUNTIME PATCHING OF AN OPERATING SYSTEM (OS) WITHOUT STOPPING EXECUTION - Techniques for runtime patching of an OS without stopping execution of the OS are presented. When a patch function is needed, it is loaded into the OS code. Threads of the OS that are in kernel mode have a flag set and a jump is inserted at a location of an old function. When the old function is accessed, the jump uses a trampoline to check the flag, if the flag is set, processing returns to the old function; otherwise processing jumps to a given location of the patch. Flags are unset when exiting or entering the kernel mode. | 06-25-2015 |
| 20150149787 | CLIENT-BASED AUTHENTICATION - Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed. | 05-28-2015 |
| 20150052223 | SYSTEM AND METHOD FOR DETERMINING EFFECTIVE POLICY PROFILES IN A CLIENT-SERVER ARCHITECTURE - A system and method for determining effective policy profiles, is presented herein. The system includes one or more client devices configured to initiate a request for at least one effective policy profile, a server mechanism communicatively coupled to the one or more client devices and configured to receive the request for the at least one effective policy profile and determine the at least effective policy profiles for each of the requesting one or more client devices, and a policy data storage component communicatively coupled to the server mechanism and configured to store a plurality of policy profiles. The plurality of plurality of policy profiles includes an association between each of the one or more client devices and one or more of the plurality of policy profiles. | 02-19-2015 |
| 20140310411 | SYSTEM AND METHOD FOR MODELING INTERPENDENCIES IN A NETWORK DATACENTER - The system and method described herein may include a discovery engine that scans a network datacenter to inventory resources in the datacenter and populate a configuration management database with the resource inventory. One or more destination listeners created from the resource inventory may then selectively sample monitored flows in the datacenter to model interdependencies between the inventoried resources. For example, any monitored flows originating outside the datacenter or failing to correlate with the inventoried resources may be dropped, whereby the interdependencies may be modeled from a deliberately reduced sample of the monitored flows that have information relevant to modeling relationships between resources within the datacenter. Furthermore, directionalities for the monitored flows may be determined, wherein the directionalities provide further information relevant to modeling the relationships between the resources within the datacenter. | 10-16-2014 |
| 20140282547 | EXTENDING FUNCTIONALITY OF LEGACY SERVICES IN COMPUTING SYSTEM ENVIRONMENT - Methods and apparatus involve extending functionality of legacy services. A legacy application has functionality designed for use on an original computing device. In a modern environment, virtual machines (VMs) operate as independent guests on processors and memory by way of scheduling control from a virtualization layer (e.g., hypervisor). At least one VM is provisioned to modify standard entry points of the original legacy application for new accessing of various system functions of the hardware platform. Representative functions include network access, processors, and storage. Policy decision points variously located are further employed to ensure compliance with computing policies. Multiple platforms and computing clouds are contemplated as are VMs in support roles and dedicated software appliances. In this manner, continued use of legacy services in modern situations allows participation in more capable environments and application capabilities heretofore unimagined. Other embodiments contemplate computing systems and computer program products, to name a few. | 09-18-2014 |
| 20140281292 | REMOTE ENABLING OF STORAGE - Techniques for enabling storage remotely are presented. A REpresentational State Transfer (REST) front-end interface is interfaced to a legacy file system via a backend interface that directly interacts with the native storage and protocols of the legacy file system. The REST interface is presented as the frontend interface to the legacy file system making the storage of the legacy file system available to web or network-enabled devices. | 09-18-2014 |
| 20140280867 | ANALYTIC INJECTION - Techniques for inserting analytic logic into network requests are presented. In an embodiment, instructions are dynamically inserted into web pages as the pages are requested. The instructions enable analytics to be captured and/or tracked when the web pages are processed. In another embodiment, web requests are intercepted and processed to include analytic instructions. | 09-18-2014 |
| 20140244624 | STRUCTURED RELEVANCE-A MECHANISM TO REVEAL HOW DATA IS RELATED - A machine receives a description of the relationships among members of a data set. The machine constructs a graph that represents the relationships among the members of the data set, organizing the members of the data set into groups. The groups are analyzed to determine their relative strengths. Unbalanced groups can be balanced by splitting off heavy sub-trees that include too large a percentage of the nodes in the group. The machine can then use the graph to answer queries about members of the data set. | 08-28-2014 |
| 20140237550 | SYSTEM AND METHOD FOR INTELLIGENT WORKLOAD MANAGEMENT - The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources. Further, the authentication tokens may be embedded in the service distributions, whereby the embedded authentication tokens may control access to the resources in the information technology infrastructure. | 08-21-2014 |
| 20140237121 | CLUSTER-FREE TECHNIQUES FOR ENABLING A DIRECTORY PROTOCOL-BASED DOMAIN NAME SYSTEM (DNS) SERVICE FOR HIGH AVAILABILITY - Cluster-free techniques for enabling a directory protocol-based Domain Name System (DNS) service for high availability are presented. A DNS service monitors a node for wild-carded IP address that migrate to the node when a primary node fails to service DNS requests for a directory of the network. The DNS service forwards the wild-carded IP address to a distributed directory service for resolution and uses the distributed directory service to dynamically configure the DNS service for directly handling subsequent DNS requests made to the directory over the network while the primary node remains inoperable over the network. | 08-21-2014 |
| 20140236949 | USER INPUT AUTO-COMPLETION - Methods and computer program product relate to user input auto-completion. The methods and product are executable on a processing device in a computing system environment so as to provide an auto-completion scheme with enhanced capabilities that improve user efficiency when performing a task. | 08-21-2014 |
| 20140195292 | TECHNIQUES FOR INSTANTIATING AND CONFIGURING PROJECTS - Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives. | 07-10-2014 |
| 20140192644 | TECHNIQUES FOR PRIVILEGED NETWORK ROUTING - Techniques for privileged network routing are provided. As traffic is received at a gateway of a network backbone provider environment it is interrogated for predefined criteria. If the traffic satisfies the predefined criteria, then the information is routed within the network backbone provider environment to use a set of reserved and restricted resources to provide premium service for the traffic being routed through the network backbone provider environment. | 07-10-2014 |
| 20140189775 | TECHNIQUES FOR SECURE DEBUGGING AND MONITORING - Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token. | 07-03-2014 |
| 20140164791 | SECURE VIRTUAL MACHINE MEMORY - Apparatus, systems, and methods may operate to restore an operational state of an associated virtual machine (VM) using encrypted information stored in encrypted memory locations. A single hypervisor may be used to encrypt and decrypt the information. Access may be permitted to a designated number of the encrypted memory locations only to a single application executed by the associated VM subject to the hypervisor. Access may be denied to any other application executed by the associated VM, or any other VM. | 06-12-2014 |
| 20140164606 | TECHNIQUES FOR AUDITING AND CONTROLLING NETWORK SERVICES - Techniques for auditing and controlling network services are provided. A proxy is interposed between a principal and a network service. Interactions between the principal and the service pass through the proxy. The proxy selectively raises events and evaluates policy based on the interactions for purposes of auditing and controlling the network service. | 06-12-2014 |
| 20140156357 | TECHNIQUES FOR HELP DESK MANAGEMENT - Techniques for help desk management are provided. A user's experience with a resource is captured via a rating. The rating is recorded along with other metrics associated with a processing environment of the user and proactive action taken in response to configuration or performance problems with the user. | 06-05-2014 |
| 20140143862 | MECHANISMS TO SECURE DATA ON HARD RESET OF DEVICE - Mechanisms to secure data on a hard reset of a device are provided. A hard reset request is detected on a handheld device. Before the hard reset is permitted to process an additional security compliance check is made. Assuming, the additional security compliance check is successful and before the hard reset is processed, the data of the handheld device is backed up to a configurable location. | 05-22-2014 |
| 20140143602 | TECHNIQUES FOR EVALUATING AND MANAGING CLOUD NETWORKS - Techniques for evaluating and managing cloud networks are provided. Geographical locations for cloud processing environments are combined with attributes and usage metrics to form associations between each cloud processing environment's geographical location and that cloud's corresponding attributes and usage metrics. A map is organized for the associations to form a cloud network. The map is dynamically updated, supplied to services, and rendered for evaluation of the cloud network. | 05-22-2014 |
| 20140143200 | SYSTEM AND METHOD FOR DETERMINING FUZZY CAUSE AND EFFECT RELATIONSHIPS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified. As such, fuzzy logic may the be applied to any such patterns to determine possible relationships among the potential causes and the potential effects associated with the infrastructure operational state. | 05-22-2014 |
| 20140130005 | MECHANISMS TO PERSIST HIERARCHICAL OBJECT RELATIONS - Mechanisms to persist object relations are provided. A project is defined as a series of interrelated objects having dependencies and relationships with one another. The dependencies and relationships are maintained via a storage organization for files that define the objects within a project storage environment for the project. Thus, the dependencies and relationships are not maintained via hardcoded instructions or references that are included within the files. | 05-08-2014 |
| 20140122731 | TECHNIQUES FOR DESKTOP MIGRATION - Techniques for desktop migration are presented. A user authenticates to an original device and a token is generated for remoting to that device's desktop. A target device acquires the token while in proximity to the original device and uses the token to authenticate to a third-party service that provides a second token back to the target device. The second token permits the target device to authenticate and to directly connect via remoting software to the original device's desktop. | 05-01-2014 |
| 20140122730 | TECHNIQUES FOR DEVICE INDEPENDENT SESSION MIGRATION - Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration. | 05-01-2014 |
| 20140068094 | FEDERATED TIMEOUT - Techniques for workload federated timeout are presented, A federated service manages communications between service components of a system. Each component queries the federated service to determine a last activity time by the other components of the system before timing out during a session. Each component can update its last activity time based on the discovered last activity time of one of the components to prevent a premature time out from the session. | 03-06-2014 |
| 20140067985 | TECHNIQUES FOR MAPPING AND MANAGING RESOURCES - Techniques for mapping and managing resources are presented. Hardware capacity and information is collected over multiple processing environments for hardware resources. The information is mapped to logical business resources and resource pools. Capacity is rolled up and managed within logical groupings and the information gathering is managed via in-memory and on-file caching techniques. | 03-06-2014 |
| 20140032724 | TECHNIQUES FOR WORKLOAD COORDINATION - Techniques for workload coordination are provided. An automated discovery service identifies resources with hardware and software specific dependencies for a workload. The dependencies are made generic and the workload and its configuration with the generic dependencies are packaged. At a target location, the packaged workload is presented and the generic dependencies automatically resolved with new hardware and software dependencies of the target location. The workload is then automatically populated in the target location. | 01-30-2014 |
| 20140032174 | TECHNIQUES FOR DISTRIBUTED TESTING - Techniques for distributed testing are provided. Resources are identified for performing tests over a network. The tests and policies are sent to the resources and a proxy. The proxy delivers data for the tests to the resources and enforces the policies during the tests. The proxy also gathers statistics and results from the resources, which are executing the tests, and the proxy reports the statistics and results to one or more third-party services for subsequent manipulation and analysis. | 01-30-2014 |
| 20140019971 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 01-16-2014 |
| 20140019772 | TECHNIQUES FOR SECURE DATA MANAGEMENT IN A DISTRIBUTED ENVIRONMENT - Techniques for secure data management in a distributed environment are provided. A secure server includes a modified operating system that just allows a kernel application to access a secure hard drive of the secure server. The hard drive comes prepackaged with a service public and private key pair for encryption and decryption services with other secure servers of a network. The hard drive also comes prepackaged with trust certificates to authenticate the other secure servers for secure socket layer (SSL) communications with one another, and the hard drive comes with a data encryption key, which is used to encrypt storage of the secure server. The kernel application is used during data restores, data backups, and/or data versioning operations to ensure secure data management for a distributed network of users. | 01-16-2014 |
| 20130318515 | SYSTEM AND METHOD FOR UPGRADING KERNELS IN CLOUD COMPUTING ENVIRONMENTS - The system and method described herein may upgrade kernels in cloud images deployed in cloud computing environments without having to rebuild a machine image that contains a root file system for the cloud image. For example, the cloud image may include a ramdisk that compares the kernel booted in the cloud image to the root file system to verify whether the machine image contains a directory hierarchy matching an operating system release for the kernel. In response to the machine image containing the matching directory hierarchy, the root file system may be mounted for execution in the cloud computing environment. Alternatively, in response to the machine image lacking the matching directory hierarchy, the ramdisk may dynamically create the matching directory hierarchy and inject modules that support the kernel into the root file system prior to mounting and delivering control to the root file system. | 11-28-2013 |
| 20130297922 | SYSTEM AND METHOD FOR EFFICIENTLY BUILDING VIRTUAL APPLIANCES IN A HOSTED ENVIRONMENT - A system and method for efficiently building virtual appliances in a hosted environment is provided. In particular, a plurality of image archives may be stored in a build database, with each image archive including a file system having a directory structure and a plurality of files installed within the directory structure. In response to a build request containing an image description, a build engine may create a file system layout defining a directory structure for an image. The build engine may then copy the file system from one of the image archives to the file system layout of the image, wherein the copied file system may provide a subset of the file system for the image. The build engine may then build the image, which may include a file system having various files installed within various directories in accordance with the directory structure defined for the image. | 11-07-2013 |
| 20130283269 | SYSTEM AND METHOD FOR PROVIDING VIRTUAL DESKTOP EXTENSIONS ON A CLIENT DESKTOP - The system and method described herein may identify one or more virtual desktop extensions available in a cloud computing environment and launch virtual machine instances to host the available virtual desktop extensions in the cloud. For example, a virtual desktop extension manager may receive a virtual desktop extension request from a client desktop and determine whether authentication credentials for the client desktop indicate that the client desktop has access to the requested virtual desktop extension. In response to authenticating the client desktop, the virtual desktop extension manager may then launch a virtual machine instance to host the virtual desktop extension in the cloud and provide the client desktop with information for locally controlling the virtual desktop extension remotely hosted in the cloud. | 10-24-2013 |
| 20130263213 | TECHNIQUES FOR IDENTITY AND POLICY BASED ROUTING - Techniques for identity and policy based routing are presented. A resource is initiated on a device with a resource identity and role assignments along with policies are obtained for the resource. A customized network is created for the resource using a device address for the device, the resource identity, the role assignments, and the policies. | 10-03-2013 |
| 20130254768 | SYSTEM AND METHOD FOR PROVIDING ANNOTATED SERVICE BLUEPRINTS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for providing annotated service blueprints in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for creating annotated service blueprints to provision and manage tessellated services distributed within an information technology infrastructure. For example, in response to a request to provision a service, a service blueprint describing one or more virtual machines may be created. The service blueprint may then be annotated to apply various parameters to the virtual machines, and the annotated service blueprint may then be instantiated to orchestrate the virtual machines with the one or more parameters and deploy the orchestrated virtual machines on information technology resources allocated to host the requested service, thereby provisioning the requested service. | 09-26-2013 |
| 20130232266 | TECHNIQUES FOR GENERICALLY ACCESSING DATA - Techniques for generic data access are provided. A middle-tier server agent uses data providers that can communicate with backend resources. A request received in a first format is used to identify a specific data provider by the middle-tier server agent; the data provider uses the first format to communicate with a specific backend resource in a second format. Results from the specific backend resource are returned from the data provider in the first format and passed to a client that initially made the request. | 09-05-2013 |
| 20130232127 | META-DIRECTORY CONTROL AND EVALUATION OF EVENTS - Techniques for meta-directory control and evaluation of events are provided. Disparate events from heterogeneous processing environments are collected as the events are produced by resources within the processing environments. The events are filtered and organized into taxonomies. Next the filtered and organized events are assigned to nodes of a Meta directory, each node defining a relationship between two or more of the resources and policy is applied. Finally, additional policy is evaluated in view of the events and their node assignments with other events, and one or more automated actions are then taken. | 09-05-2013 |
| 20130145370 | TECHNIQUES TO AUTOMATICALLY CLASSIFY PROCESSES - Techniques for automatically classifying processes are presented. Processes executing on a multicore processor machine are evaluated to determine shared resources between the processes, excluding shared system resources. A determination is then made based on the evaluation to group the processes as a single managed resource within an operating system of the multicore processor machine. | 06-06-2013 |
| 20130091508 | SYSTEM AND METHOD FOR STRUCTURING SELF-PROVISIONING WORKLOADS DEPLOYED IN VIRTUALIZED DATA CENTERS - The system and method for structuring self-provisioning workloads deployed in virtualized data centers described herein may provide a scalable architecture that can inject intelligence and embed policies into managed workloads to provision and tune resources allocated to the managed workloads, thereby enhancing workload portability across various cloud and virtualized data centers. In particular, the self-provisioning workloads may have a packaged software stack that includes resource utilization instrumentation to collect utilization metrics from physical resources that a virtualization host allocates to the workload, a resource management policy engine to communicate with the virtualization host to effect tuning the physical resources allocated to the workload, and a mapping that the resource management policy engine references to request tuning the physical resources allocated to the workload from a management domain associated with the virtualization host. | 04-11-2013 |
| 20130073332 | TECHNIQUES FOR INSTANTIATING AND CONFIGURING PROJECTS - Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives. | 03-21-2013 |
| 20130060835 | TECHNIQUES FOR GAUGING PERFORMANCE OF SERVICES - Techniques for gauging performance of services are provided. A client agent is configured to process on a client and simulates operations of a transaction as instructed by a server agent. The client agent also gathers metrics for each of the operations as they process on the client and passes the metrics back to the server agent. The server agent analyzes the metrics in accordance with a policy and takes one or more actions in response thereto. | 03-07-2013 |
| 20120304046 | INTEGRATED MEDIA BROWSE AND INSERTION - An application can receive a request to insert one file into another file opened for editing within the application. The request can be either in-line or through a menu system of the application. The request can include a context for the file to be inserted. The system can then identify a set of files that can satisfy the context, from which a user can choose what file is to be inserted. The chosen file can then be inserted into the file opened for editing, all without leaving the application. | 11-29-2012 |
| 20120221520 | SOCIAL NETWORKING CONTENT MANAGEMENT - A machine-controlled method may include receiving a file in a designated shared folder on a local device, automatically providing access to the file to a social networking website or service, and directing the social networking website or service to make the file available to users that are allowed to access a particular user account at the social networking website. | 08-30-2012 |
| 20120215770 | STRUCTURED RELEVANCE - A MECHANISM TO REVEAL WHY DATA IS RELATED - A machine receives a group of members of a data set. The machine identifies key symbols from the members of the group or the data set. The machine then calculates, for each key symbol, a weighted magnitude for the key symbol in the group. The machine can then sort the key symbols according to their weighted magnitudes, and filter out common key symbols. The uncommon key symbols, as sorted according to their weighted magnitudes, can form a name for the group. | 08-23-2012 |
| 20120215769 | STRUCTURED RELEVANCE - A MECHANISM TO REVEAL HOW DATA IS RELATED - A machine receives a description of the relationships among members of a data set. The machine constructs a graph that represents the relationships among the members of the data set, organizing the members of the data set into groups. The groups are analyzed to determine their relative strengths. Unbalanced groups can be balanced by splitting off heavy sub-trees that include too large a percentage of the nodes in the group. The machine can then use the graph to answer queries about members of the data set. | 08-23-2012 |
| 20120134300 | SYSTEM AND METHOD FOR AUTOMATIC PROVISIONING OF ONSITE NETWORKING SERVICES - The system and method described herein may activate an automatic provisioning system within customer premise equipment via a digital subscriber line, cable modem, or other residential hub or gateway interface and access a remote directory service to locate appropriate addressing and other information to initialize the customer premise equipment. The gateway interface may automatically update a configuration, heal bugs, and perform other maintenance and tasks to manage the customer premise equipment. Multiple gateway interfaces or products or services associated therewith may be configured at one premise and version control may be maintained to ensure compatibility. | 05-31-2012 |
| 20120130936 | SYSTEM AND METHOD FOR DETERMINING FUZZY CAUSE AND EFFECT RELATIONSHIPS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified. As such, fuzzy logic may the be applied to any such patterns to determine possible relationships among the potential causes and the potential effects associated with the infrastructure operational state. | 05-24-2012 |
| 20120074221 | INFORMATION CARD OVERLAY - A computer implemented method may include identifying a base information card stored on a client, determining whether an overlay information card is to be applied to the identified base information card, and selecting the overlay information card. The method may also include generating a final information card by applying the selected overlay information card to the identified base information card. | 03-29-2012 |
| 20120066487 | SYSTEM AND METHOD FOR PROVIDING LOAD BALANCER VISIBILITY IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for providing load balancer visibility in an intelligent workload management system described herein may expand a role or function associated with a load balancer beyond handling incoming and outgoing data center traffic into supporting governance, risk, and compliance concerns that may be managed in an intelligent workload management system. In particular, the load balancer may establish external connections with destination resources in response to client devices establishing internal connections with the load balancer and then attach connection tracers to monitor the internal connections and the external connections. The connection tracers may then detect incoming traffic and outgoing traffic that the internal and external connections pass through the load balancer, and traffic tracers may collect data from the incoming traffic and the outgoing traffic, which the workload management system may use to manage the data center. | 03-15-2012 |
| 20110302652 | SYSTEM AND METHOD FOR DETECTING REAL-TIME SECURITY THREATS IN A NETWORK DATACENTER - The system and method described herein may include a configuration management database that describes every known service endpoint in a network datacenter to represent a steady state for the datacenter. One or more listeners may then observe traffic in the datacenter in real-time to detect network conversations initiating new activity in the datacenter, which may be correlated, in real-time, with the information in the configuration management database representing the steady state for the datacenter. Thus, in response to the new activity failing to correlate with the known service endpoints, a real-time security alert may be generated to indicate that any network conversations initiating such activity fall out-of-scope from the steady state for the information technology datacenter. | 12-08-2011 |
| 20110302295 | SYSTEM AND METHOD FOR MODELING INTERDEPENDENCIES IN A NETWORK DATACENTER - The system and method described herein may include a discovery engine that scans a network datacenter to inventory resources in the datacenter and populate a configuration management database with the resource inventory. One or more destination listeners created from the resource inventory may then selectively sample monitored flows in the datacenter to model interdependencies between the inventoried resources. For example, any monitored flows originating outside the datacenter or failing to correlate with the inventoried resources may be dropped, whereby the interdependencies may be modeled from a deliberately reduced sample of the monitored flows that have information relevant to modeling relationships between resources within the datacenter. Furthermore, directionalities for the monitored flows may be determined, wherein the directionalities provide further information relevant to modeling the relationships between the resources within the datacenter. | 12-08-2011 |
| 20110302290 | SYSTEM AND METHOD FOR MANAGING CHANGES IN A NETWORK DATACENTER - The system and method described herein may include a configuration management database containing various configuration items describing every known resource in a datacenter. Upon receiving a request proposing changes to the datacenter, the proposed changes may be approved for automated execution (i.e., without human intervention) in response to analyzing relationships modeled in the configuration management database and determining that the proposed changes have no potential impacts on essential or critical resources. Otherwise, an impact workflow may be created to coordinate interaction between various human participants to resolve the potential impacts. Further, in contexts where multiple proposed changes have been approved, the multiple proposed changes may be analyzed to detect any potential conflicts. Thus, the multiple proposed changes may be approved for automated execution in response to detecting no potential conflicts, or a conflict workflow may be created to similarly coordinate human interaction to resolve the conflicts. | 12-08-2011 |
| 20110276600 | TECHNIQUES FOR EXTENDING AND CONTROLLING ACCESS TO A COMMON INFORMATION MODEL (CIM) - Systems and methods for extending and controlling access to a Common Information Model (CIM) are presented. According to an embodiment, access requests for a CIM object manager (CIMOM) pass through a CIM file system (CIMFS) where each access requested is authenticated. The CIMFS maintains and manages a hidden file system representing CIM classes and a CIM class hierarchy on a volume of storage. The structure, metadata, and values for the CIM classes, CIM object, and CIM providers are maintained in a hidden directory on the volume. This information is accessible via the CIMFS to use existing file system management operations. | 11-10-2011 |
| 20110271270 | SYSTEM AND METHOD FOR UPGRADING KERNELS IN CLOUD COMPUTING ENVIRONMENTS - The system and method described herein may upgrade kernels in cloud images deployed in cloud computing environments without having to rebuild a machine image that contains a root file system for the cloud image. For example, the cloud image may include a ramdisk that compares the kernel booted in the cloud image to the root file system to verify whether the machine image contains a directory hierarchy matching an operating system release for the kernel. In response to the machine image containing the matching directory hierarchy, the root file system may be mounted for execution in the cloud computing environment. Alternatively, in response to the machine image lacking the matching directory hierarchy, the ramdisk may dynamically create the matching directory hierarchy and inject modules that support the kernel into the root file system prior to mounting and delivering control to the root file system. | 11-03-2011 |
| 20110209064 | SYSTEM AND METHOD FOR PROVIDING VIRTUAL DESKTOP EXTENSIONS ON A CLIENT DESKTOP - The system and method described herein may identify one or more virtual desktop extensions available in a cloud computing environment and launch virtual machine instances to host the available virtual desktop extensions in the cloud. For example, a virtual desktop extension manager may receive a virtual desktop extension request from a client desktop and determine whether authentication credentials for the client desktop indicate that the client desktop has access to the requested virtual desktop extension. In response to authenticating the client desktop, the virtual desktop extension manager may then launch a virtual machine instance to host the virtual desktop extension in the cloud and provide the client desktop with information for locally controlling the virtual desktop extension remotely hosted in the cloud. | 08-25-2011 |
| 20110208778 | MANAGING DIGITAL IDENTITY INFORMATION - A basic architecture for managing digital identity information in a network such as the World Wide Web is provided. A user of the architecture can organize his or her information into one or more profiles which reflect the nature of different relationships between the user and other entities, and grant or deny each entity access to a given profile. Various enhancements which may be provided through the architecture are also described, including tools for filtering email, controlling access to user web pages, locating other users and making one's own location known, browsing or mailing anonymously, filling in web forms automatically with information already provided once by hand, logging in automatically, securely logging in to multiple sites with a single password and doing so from any machine on the network, and other enhancements. | 08-25-2011 |
| 20110191378 | METHOD AND APPARATUS FOR PRESENTING, SEARCHING, AND VIEWING DIRECTORIES - A directory shell references one or more directories. Each directory comprises a plurality of directory objects each having object attributes and attribute data. One or more categories in the directory shell is associated with one or more directory objects and at least a portion of the associated object attribute. A user interface is operable for a user to query the categories in the directory shell. A directory interface is operable to send a search request to the directories in accordance with the query and receive data from the directories that satisfy the search request. | 08-04-2011 |
| 20110191376 | TECHNIQUES FOR EXTENDING AND CONTROLLING ACCESS TO A COMMON INFORMATION MODEL (CIM) - Systems and methods for extending and controlling access to a Common Information Model (CIM) are presented. According to an embodiment, access requests for a CIM object manager (CIMOM) pass through a CIM file system (CIMFS) where each access requested is authenticated. The CIMFS maintains and manages a hidden file system representing CIM classes and a CIM class hierarchy on a volume of storage. The structure, metadata, and values for the CIM classes, CIM object, and CIM providers are maintained in a hidden directory on the volume. This information is accessible via the CIMFS to use existing file system management operations. | 08-04-2011 |
| 20110191294 | TECHNIQUES FOR VERSIONING FILE SYSTEMS - Techniques are presented for versioning file systems. Files and directories are versioned in a manner that permits the versions to be mounted on a device of a user. The original security restrictions that existed with the versions when they were versioned are retained with the mount. Moreover, the user can browse and access the versions via the mount using an existing file system of the user's device. Further, names for each of the versions include detailed information that reveals the relationship of each particular version to its parent version. | 08-04-2011 |
| 20110191291 | SESSION SENSITIVE DATA BACKUPS AND RESTORES - Techniques for the session sensitive data backups and restores are presented. Data having a plurality of hard linked file references are backed up and restored once during a backup operation. Any modifications to the backed up data are noted as session-specific versions and also backed up once. The hard linked file references are maintained in a data structure and managed during backups to define associations to the backed up data and to the session-specific versions of the data. The data structure is also used during restores to re-establish desired hard linked file reference associations to either the backed up data or to a particular session -specific versions of the data. | 08-04-2011 |
| 20110173359 | COMPUTER-IMPLEMENTED METHOD AND SYSTEM FOR SECURITY EVENT TRANSPORT USING A MESSAGE BUS - A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers. | 07-14-2011 |
| 20110153499 | PERFORMING A BUSINESS TRANSACTION WITHOUT DISCLOSING SENSITIVE IDENTITY INFORMATION TO A RELYING PARTY - A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction. | 06-23-2011 |
| 20110126275 | SYSTEM AND METHOD FOR DISCOVERY ENRICHMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for discovery enrichment in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for managing identities and access credentials, which may provide information that can enrich discovery of physical and virtual infrastructure resources. For example, a discovery engine may reference federated identity information stored in an identity vault and enrich a discovered infrastructure model with the federated identity information. Thus, the model may generally include information describing physical and virtualized resources in the infrastructure, applications and services running in the infrastructure, and information derived from the federated identity information that describes dependencies between the physical resources, the virtualized resources, the applications, and the services. | 05-26-2011 |
| 20110126207 | SYSTEM AND METHOD FOR PROVIDING ANNOTATED SERVICE BLUEPRINTS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for providing annotated service blueprints in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for creating annotated service blueprints to provision and manage tessellated services distributed within an information technology infrastructure. For example, in response to a request to provision a service, a service blueprint describing one or more virtual machines may be created. The service blueprint may then be annotated to apply various parameters to the virtual machines, and the annotated service blueprint may then be instantiated to orchestrate the virtual machines with the one or more parameters and deploy the orchestrated virtual machines on information technology resources allocated to host the requested service, thereby provisioning the requested service. | 05-26-2011 |
| 20110126197 | SYSTEM AND METHOD FOR CONTROLLING CLOUD AND VIRTUALIZED DATA CENTERS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for controlling cloud and virtualized data centers described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, and further to creating cloud images having embedded management agents and identity services for validating the cloud images prior to deployment into the cloud and virtualized data centers and controlling, monitoring, and auditing activity associated with the cloud images following deployment into the cloud and virtualized data centers. | 05-26-2011 |
| 20110126099 | SYSTEM AND METHOD FOR RECORDING COLLABORATIVE INFORMATION TECHNOLOGY PROCESSES IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for recording collaborative information technology processes in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may include one or more data structures that converge information describing interaction between managed entities and content that may relate to such interaction in time-ordered series of events. The time-ordered event stream may then be replayed in a real-time stream to remediate, roll back, or otherwise analyze the collaborative information technology processes. | 05-26-2011 |
| 20110126047 | SYSTEM AND METHOD FOR MANAGING INFORMATION TECHNOLOGY MODELS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for managing information technology models in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for managing planned changes and recovery processes for version-controlled snapshots of the information technology models. For example, a discovery engine may enrich models of an infrastructure with identity information obtained from an identity vault and the infrastructure itself, and a management infrastructure may then manage planned changes to the infrastructure model. In particular, the management infrastructure may construct implementation plans that coordinate interaction between managed entities to implement the planned changes, and may further detect drifts between operational states and planned states for the infrastructure models. | 05-26-2011 |
| 20110125895 | SYSTEM AND METHOD FOR PROVIDING SCORECARDS TO VISUALIZE SERVICES IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for providing scorecards to visualize services in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for describing services, applications, workloads, in an information technology infrastructure. For example, a discovery engine may reference an identity vault to capture enriched models of an infrastructure, and a management infrastructure may then generate one or more scorecards that can be used to manage the infrastructure. In particular, the scorecards may provide information for tuning or otherwise controlling risk, complexity, cost, availability, and agility versus rigidness in the infrastructure. | 05-26-2011 |
| 20110125894 | SYSTEM AND METHOD FOR INTELLIGENT WORKLOAD MANAGEMENT - The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources. Further, the authentication tokens may be embedded in the service distributions, whereby the embedded authentication tokens may control access to the resources in the information technology infrastructure. | 05-26-2011 |
| 20110119186 | SYSTEM AND METHOD FOR IMPLEMENTING A VIRTUAL AUTOMATED TELLER MACHINE - Method and system for implementing a virtual automated teller machine (“VATM”) system are described. In one embodiment, the system includes a VATM host connectable to each of a plurality of disbursement entities (“DEs”) via a secure connection. The system further includes an accessing computer connectable to the VATM host via a secure connection, the accessing computer comprising a device for acquiring user account information and having installed thereon VATM client software executable by the accessing computer to interact with the VATM host to validate the acquired user account information and an associated PIN provided by the user. Responsive to the validation, the user is presented with a list of DEs and prompted to select one DE from the list of DEs from which funds are to be disbursed to the user and specify an amount of funds to be disbursed. The VATM host sends a disbursement order to the selected DE indicating the specified amount of funds to be disbursed. | 05-19-2011 |
| 20110107411 | SYSTEM AND METHOD FOR IMPLEMENTING A SECURE WEB APPLICATION ENTITLEMENT SERVICE - System and method for implementing a secure web application entitlement service are described. One embodiment of the system comprises a plurality of entitlement point records each comprising a unique identifier associated therewith such that each of the enforcement point records can be associated with an enforcement point within an application; an identity service (“IS”) configured to provide a first token for enabling a user to access the application; an access gateway configured to provide a second token, the second token including a list of at least a portion of the unique identifiers; an entitlement server (“ES”) configured to receive an entitlement request from the application, the entitlement request including the second token, the ES further configured to associate the entitlement request with a user-authenticated session in the IS; and a policy decision point (“PDP”) configured to receive the list of at least a portion of the unique identifiers and to render a decision on the entitlement request based at least in part on policy information associated with ones of the enforcement point records identified by the unique identifiers of the list and attribute information from the IS; wherein subsequent to the rendering of a decision by the PDP, the decision is communicated to the application. | 05-05-2011 |
| 20110107398 | SYSTEM AND METHOD FOR TRANSPARENT ACCESS AND MANAGEMENT OF USER ACCESSIBLE CLOUD ASSETS - System and method for enabling user access of cloud assets are described. In one embodiment, a method comprises authenticating a user to a system comprising a cloud computing environment in which a plurality of cloud assets are hosted; assembling a deployment associated with the authenticated user in accordance with a policy, the deployment comprising designated ones of the cloud assets; and providing a secure mechanism by which the designated ones of the cloud assets comprising the deployment are accessible by the authenticated user. | 05-05-2011 |
| 20110107133 | SYSTEM AND METHOD FOR IMPLEMENTING A CLOUD COMPUTER - One embodiment is a clocking system for a computing environment. The system comprises a first set of processes executing in a first computing environment; a first local clock mechanism associated with the first set of processes; and a first communications channel for connecting the first local clock mechanism with the first set of processes. The first local clock mechanism stores clock rates of the first set of processes, wherein each clock rate is specified by function and source and destination combination, the first local clock mechanism further coordinating the clock speeds of the first set of processes as necessary. | 05-05-2011 |
| 20110106927 | SYSTEM AND METHOD FOR IMPLEMENTING CLOUD MITIGATION AND OPERATIONS CONTROLLERS - System and method for implementing cloud mitigation and operations controllers are described. One embodiment is a system for controlling operation of a cloud computing environment, wherein the system comprises a repository for storing data regarding characteristics of the cloud computing environment, wherein the stored data includes policy notations designating compliance or noncompliance of the data with policy; an analyst module for analyzing the stored data in combination with external report information regarding the cloud computing environment and for providing results of the analysis; and a controller for evaluating the analysis results and issuing instructions for controlling operation of the cloud computing environment based on the evaluating. | 05-05-2011 |
| 20110106926 | System and method for implementing a cloud workflow - System and method for implementing a workflow of a first domain, wherein the workflow is implemented as a series of steps to accomplish a workload and wherein at least one of the steps utilizes a process, are described. In one embodiment, the method comprises establishing a mutual trust relationship between the first domain and a second domain; wherein one of the steps is authored by the second domain, the method further comprising associating with the step authored by the second domain a digital attestation for enabling the first domain to verify authorship and non-modification thereof. | 05-05-2011 |
| 20110047405 | System and Method for Implementing an Intelligent Backup Technique for Cluster Resources - Method and system for implementing a backup in a cluster comprising a plurality of interconnected nodes, at least one of the nodes comprising a cluster resource manager (CRM), and at least one of the nodes comprising a policy engine (PE), the PE maintaining at least one dependency associated with at least a first resource executing on at least one of the nodes. For example, the method comprises, receiving by the CRM a backup request for the first resource from an administrator; responsive to the request, updating by the CRM the cluster configuration; communicating by the CRM to the PE a cluster status and the updated configuration; providing by the PE to the CRM an instruction sequence for carrying out the backup, the instruction sequence based on the dependency associated with the first resource; and responsive to the instruction sequence, carrying out by the CRM the backup of the first resource. | 02-24-2011 |
| 20110047194 | METHOD FOR COORDINATING RELATIONSHIPS BETWEEN MULTIPLE PHYSICAL ENTITIES - Two objects are identified. A relationship between the two objects is determined. A contract object is used to represent the relationship between the objects. The contract is useful in many applications: for example, file systems, relational databases, and spreadsheets. The contract can also have rules for processing events occurring to either of the objects related by the contract. | 02-24-2011 |
| 20110041165 | SYSTEM AND METHOD FOR IMPLEMENTING A PROXY AUTHENTICATION SERVER TO PROVIDE AUTHENTICATION FOR RESOURCES NOT LOCATED BEHIND THE PROXY AUTHENTICATION SERVER - Networked resources that are not located behind a proxy authentication server may be enabled to use the proxy authentication server for authentication. This may provide one or more of the features associated with a proxy authentication server (e.g., centralized administration of authentication and/or access information, enhancing software security, centralized administration of permission information, and/or other features) for the resources not located behind the proxy authentication server. These features may be provided without requiring substantial modification of the proxy authentication server. | 02-17-2011 |
| 20110029500 | SYSTEM AND METHOD FOR FLOATING INDEX NAVIGATION - System and method for implementing a floating index navigation tool are described. In one embodiment, the method includes, in response to a user's updating a search term, building first and second search queries; issuing the first and second search queries to at least one database comprising a searchable index of content; and responsive to receipt of search results from the first and second search queries, displaying the first query search results in a first manner and displaying the second query search results in a second manner different than the first manner. | 02-03-2011 |
| 20110029492 | System and Method for Implementing a Reliable Persistent Random Access Compressed Data Stream - System and method for implementing a reliable persistent random access compressed data stream is described. In one embodiment, the system comprises a computer-implemented journaled file system that includes a first file for storing a series of independently compressed blocks of a data stream; a second file for storing a series of indexes corresponding to the compressed blocks, wherein each one of the indexes comprises a byte offset into the first file of the corresponding compressed block; and a third file for storing a chunk of data from the data stream before it is compressed and written to the first file. The system further comprises a writer module for writing uncompressed data to the third file and writing indexes to the second file and a compressor module for compressing a chunk of data from the third file and writing it to the end of the first file. | 02-03-2011 |
| 20110010640 | INTELLIGENT CO-BROWSING AND CO-EDITING - A leader of a group can specify how content is to be displayed to a group of users. One of these users can specify different instructions regarding the display of the content. The system can then display the content to the user, using either (or both) of the leader's instructions and the user's specific instructions. Using these various independent instructions, the system can automatically change the way the content is displayed to a group of users. | 01-13-2011 |
| 20110010638 | PRESENCE-ENABLED INBOX - A system can include a number of personal and group presence indicators that each correspond to a user or group and a presence-enabled inbox that can display an itemized listing of contents. The presence-enabled inbox can also display personal and/or group presence indicators in connection with a certain content where the corresponding users or groups are currently interacting with the content. | 01-13-2011 |
| 20110010635 | UNIFIED EDITABLE INBOX - A system can include a content receiving module for receiving a static content such as a message or a document, a content promotion module for promoted the static content to a shared content format, and a shared content co-editing module for providing a number of users with co-editing access to the promoted content. The shared content co-editing module can also present editing of the content by certain users to other users in real-time. | 01-13-2011 |
| 20110010447 | AUTO GENERATED AND INFERRED GROUP CHAT PRESENCE - A system can include multiple individual status identifiers that correspond to multiple users and a group status identifier that corresponds to a group with which the users are associated. A status identifier update module can update the group status identifier based on a change to at least one of the individual status identifiers. | 01-13-2011 |
| 20110010424 | UNIFIED ADDRESSING, SENDING, AND RECEIVING COLLABORATION SERVICE - Collaboration information can be sent by a collaboration team member in accordance with a sending communication modality. Another team member's unified messaging inbox/outbox can receive the collaboration information and provide the collaboration information to the other team member in accordance with a receiving communication modality. A unified messaging configuration specification can be used to specify the receiving communication modality. | 01-13-2011 |
| 20110010335 | COLLABORATION SWARMING - A swarm can develop around a piece of content. The swarm can include the original content, changes to the original content, the persons contributing the changes, and metadata, such as comments contributed by members of the swarm. A swarm can also include statistics generated about the content, such as the size of the swarm, the growth and/or death rates of the swarm, the longevity of the swarm, the intensity of the swarm, the persistence of the swarm, and the direction of the swarm. Swarms and their behaviors can be used to validate or invalidate content. | 01-13-2011 |
| 20110007887 | CONTEXTUAL PHONE NUMBER VALIDATION - A validation service offers the ability to validate a telephone conference. The validation service can verify that a telephone number and a pass code can be used to access the telephone conference at the time the telephone conference is scheduled. The validation service can also inform users about changes to the scheduled telephone conference, and provide alternative telephone numbers that can be used to access the telephone conference. | 01-13-2011 |
| 20100332659 | System and Method for Implementing a Dead Man Dependency Technique for Cluster Resources - Method and system for implementing a dead man dependency technique in a cluster comprising a plurality of interconnected nodes, one of the nodes comprising a cluster resource manager (CRM), and one of the nodes comprising a policy engine (PE), the PE maintaining at least one dependency associated with a first resource executing on one of the nodes. In an embodiment, the method comprises, responsive to a status change of an attribute associated with the first resource, the PE receiving from the CRM an indication of the status change and information regarding a configuration of the cluster; responsive to receipt of the status change indication and the configuration information, identifying by the PE a manner of terminating and migrating the first resource to another one of the nodes; and providing by the PE to the CRM an instruction sequence for causing the identified manner of terminating and migrating the first resource. | 12-30-2010 |
| 20100325693 | REMOTE AUTHORIZATION FOR OPERATIONS - Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network. | 12-23-2010 |
| 20100293128 | SYSLOG MESSAGE ROUTING SYSTEMS AND METHODS - A syslog message routing system can include multiple syslog sources, a syslog message routing module, and multiple syslog parsers. The syslog message routing module can receive a syslog message from one of the syslog sources, identify a particular syslog parser to handle the syslog message, and send the syslog message to the selected syslog parser. The syslog message routing module can identify the syslog parser by applying at least one of an application ID-based policy, a unique pattern matching rule policy, and a universal syslog parser policy. | 11-18-2010 |
| 20100268824 | SYSTEM AND METHOD FOR CROSS-AUTHORITATIVE CONFIGURATION MANAGEMENT - A system and method for cross-authoritative, user-based network configuration management is provided. Users log-in to a network using any device coupled to the network, and an identity manager may provide the user with a custom computing environment by verifying the user's identity and identifying content, assignments, and other configuration information associated with the user. For instance, the identity manager may retrieve a unique identifier assigned to the user, query one or more authoritative source domains based on the unique identifier, and deliver a computing environment assigned to the user. By seamlessly integrating multiple authoritative sources, administrators can make assignments to users across multiple authoritative source domains, and queries to the sources will always be up-to-date without having to perform synchronization processes. | 10-21-2010 |
| 20100268772 | SYSTEM AND METHOD FOR DETERMINING EFFECTIVE POLICY PROFILES IN A CLIENT-SERVER ARCHITECTURE - A system and method for determining effective policy profiles, is presented herein. The system includes one or more client devices configured to initiate a request for at least one effective policy profile, a server mechanism communicatively coupled to the one or more client devices and configured to receive the request for the at least one effective policy profile and determine the at least effective policy profiles for each of the requesting one or more client devices, and a policy data storage component communicatively coupled to the server mechanism and configured to store a plurality of policy profiles. The plurality of plurality of policy profiles includes an association between each of the one or more client devices and one or more of the plurality of policy profiles. | 10-21-2010 |
| 20100251353 | USER-AUTHORIZED INFORMATION CARD DELEGATION - A system can include an authorization token provided by a user, the authorization token specifying user identification information to be made accessible by an information card host to a relying party, an information card stored at the information card host, and an identity token generated or requested by the information card host in response to a request for identity token from the relying party. | 09-30-2010 |
| 20100250759 | WORKSTATION VIRUS LOCKDOWN IN A DISTRIBUTED ENVIRONMENT - Systems and methods for insuring that a client computer has up-to-date virus protection are provided, and include initiating a boot sequence pursuant to a boot image on a client computer for accessing a network, accessing a remote management server according to a preliminary instruction from the boot image, determining whether the client includes a latest virus file and forwarding the latest virus file if the client does not include the latest virus file. | 09-30-2010 |
| 20100250479 | INTELLECTUAL PROPERTY DISCOVERY AND MAPPING SYSTEMS AND METHODS - An apparatus can include an information gathering module, a semantic abstract generation module, and an intellectual property space identification module. The information gathering module can retrieve information pertaining to intellectual property activities within a particular technical field. The semantic abstract generation module can generate semantic abstracts based on the information retrieved by the information gathering module. The intellectual property space identification module can perform an evaluation of the particular technical field based on the generated semantic abstracts. | 09-30-2010 |
| 20100242028 | SYSTEM AND METHOD FOR PERFORMING CODE PROVENANCE REVIEW IN A SOFTWARE DUE DILIGENCE SYSTEM - A system and method is provided for performing code provenance review in a software due diligence system. In particular, performing code provenance review may include sub-dividing source code under review and third-party source into logical fragments using a language-independent text fracturing algorithm. For example, the fracturing algorithm may include a set of heuristic rules that account for variations in coding style to create logical fragments that are as large as possible without being independently copyrightable. Unique fingerprints may then be generated for the logical fragments using a fingerprint algorithm that features arithmetic computation. As such, potentially related source code may be identified if sub-dividing the source code under review and the third-party source code produces one or more logical fragments that have identical fingerprints. | 09-23-2010 |
| 20100241469 | SYSTEM AND METHOD FOR PERFORMING SOFTWARE DUE DILIGENCE USING A BINARY SCAN ENGINE AND PARALLEL PATTERN MATCHING - A system and method is provided for performing software due diligence review, which may include reviewing software for compliance and compatibility with software licenses, export regulations, or other compliance issues. In one implementation, the system may include a binary scan engine configured to analyze binary objects and extract dependency information identifying source code that may be associated with the binary objects. Upon identifying relevant source code, the system may use parallel pattern matching techniques to identify certain keywords in the source code and/or to match the keywords to text patterns that contain excerpts of language relevant to software due diligence. The system may then check for permissions and obligations associated with any matching relevant language to draw inferences regarding potential compliance problems. | 09-23-2010 |
| 20100235903 | SYSTEM AND METHOD FOR TRANSPARENT CLOUD ACCESS - System and method for transparent cloud access are described. In one embodiment, the system comprises an enterprise computing environment maintained by an enterprise and a cloud computing environment maintained by a cloud provider; and a secure bridge mechanism for interconnecting the enterprise computing environment and the cloud computing environment. The secure bridge mechanism comprises a first secure bridge portion associated with the enterprise and a second secure bridge portion associated with the cloud computing environment. The first and second secure bridge portions interoperate to provide transparent and secure access by resources of one of the computing environments to those of the other computing environment. | 09-16-2010 |
| 20100235887 | SYSTEM AND METHOD FOR QUEUING TO A CLOUD VIA A QUEUING PROXY - System and method for servicing queue requests via a proxy are described. In one embodiment, the system includes an enterprise queuing proxy (“EQP”) disposed within an enterprise computing environment and having an enterprise queue associated therewith; a cloud queuing proxy (“CQP”) disposed within a cloud computing environment, the CQP connected to a plurality of cloud queues each having associated therewith at least one queue service process listening on the cloud queue for queue requests to service; and a secure communications mechanism for interconnecting the EQP and the CQP. Upon receipt of a queue request from an enterprise service, the EQP evaluates the request against policy to determine whether to service it locally or remotely and, if the request is to be serviced remotely, forwards the request to the CQP via the secure communications mechanism. Upon receipt of the request, the CQP evaluates the queue request against policy to select one of the cloud queues to which to route the queue request for servicing. | 09-16-2010 |
| 20100235630 | SYSTEM AND METHOD FOR PROVIDING KEY-ENCRYPTED STORAGE IN A CLOUD COMPUTING ENVIRONMENT - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal cloud addresses of the cloud workloads. A designated one of the cloud workloads obtains one key of a first pair of cryptographic keys, the first pair of cryptographic keys for decrypting encrypted storage hosted within the cloud computing environment. | 09-16-2010 |
| 20100235539 | SYSTEM AND METHOD FOR REDUCED CLOUD IP ADDRESS UTILIZATION - System and method for providing cloud computing services is described. In one embodiment, the system includes a cloud computing environment, the cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal addresses of the cloud workloads. | 09-16-2010 |
| 20100235526 | SYSTEM AND METHOD FOR REDUCING CLOUD IP ADDRESS UTILIZATION USING A DISTRIBUTOR REGISTRY - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external cloud address to the internal cloud addresses of the cloud workloads. The routing system comprises a virtual router configured to function as a network address translator (“NAT”); a distributor connected between the virtual router and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, cloud address mappings, and cloud workload configuration information. | 09-16-2010 |
| 20100235355 | SYSTEM AND METHOD FOR UNIFIED CLOUD MANAGEMENT - Method and system for managing workloads in a cloud computing environment comprising cloud services providers is described. In one embodiment, the method comprises, for each of the cloud services providers, monitoring a situation of the cloud services provider to obtain situation information for the cloud services provider and evaluating the obtained situation information and then deploying an workload to a selected one of the cloud services providers based at least in part on results of the evaluating. | 09-16-2010 |
| 20100199324 | SYSTEM AND METHOD FOR POLICY-BASED REGISTRATION OF CLIENT DEVICES - A system and method for policy-based registration of client devices is provided. Policy-based registration may use registration keys to register devices on a network. For example, registration keys may include policy assignments, folder assignments, group assignments, or other assignments for registering, identifying, and managing the device on the network. Devices can register one or more times (e.g., using one or more registration keys), resulting in the device being added to any number of folders and groups. Further, the policies may be used to control a registration process or to enforce registration rules. As such, administrators can construct folders or groups of devices with a set of keys, providing a consistent mechanism to easily register and manage a device. | 08-05-2010 |
| 20100198636 | SYSTEM AND METHOD FOR AUDITING GOVERNANCE, RISK, AND COMPLIANCE USING A PLUGGABLE CORRELATION ARCHITECTURE - Described herein is a system and method for auditing governance, risk, and compliance using an event correlation architecture. In particular, the event correlation architecture may include a solution designer for defining a solution pack that enforces one or more specific governance, risk, or compliance controls, and a solution manager for deploying the solution pack within the event correlation architecture to configure the architecture for enforcement of the one or more controls. Thus, a collection of content defined in the solution pack may be used to enrich one or more events received at the event correlation architecture, and a correlation engine may then correlate the events using the content in the solution pack to enforce the one or more governance, risk, or compliance controls. | 08-05-2010 |
| 20100191904 | SYSTEM AND METHOD OF IMAGING A MEMORY MODULE WHILE IN FUNCTIONAL OPERATION - A memory module (e.g. a hard drive, an optical drive, a flash drive, etc.) associated with a computer system may be imaged without substantial interruption to the operation of the overall system. The imaging may include applying an image to the memory module while execution of one or more operations and/or algorithms that require at least intermittent access to information stored initially in the memory module is ongoing. This may enable a system associated with the memory module to continue with normal, or substantially normal, operation while the image is being applied to the memory module. The image applied to the memory module may, for example, update the system, restore the system to a previous state (e.g., to its state at a previous point in time), or otherwise modify the system with which it is associated. | 07-29-2010 |
| 20100191737 | SYSTEM AND METHOD OF SEARCHING FOR CLASSIFYING USER ACTIVITY PERFORMED ON A COMPUTER SYSTEM - The invention is directed to a system and method of managing information associated with user actions. A monitoring system may gather and store information associated with user actions. Relationships may be inferred between user actions based on time or other criteria. A user may define classifications of user actions. These classifications may be used to retrieve information associated with user actions. | 07-29-2010 |
| 20100187302 | MULTIPLE PERSONA INFORMATION CARDS - A computer-implemented method can include selecting an information card from a group of identified information cards, selecting a persona from a group of identified personae that are associated with the selected information card, and generating a Request for Security Token (RST) based on the selected information card and the selected persona. | 07-29-2010 |
| 20100176194 | INFORMATION CARD OVERLAY - An information card overlay system can include a base card having multiple claims, an overlay card storing an overlay claim, and an overlay module that can be used to apply the overlay card to the base card. A computer-implemented method can include selecting a base card having multiple claims, selecting an overlay card storing an overlay claim, and applying the overlay card to the base card. | 07-15-2010 |
| 20100169337 | IDENTITY ANALYSIS AND CORRELATION - An identity analysis and correlation service system can include a summary manager service for generating identity correlation summaries pertaining to a persona, wherein the generated identity correlation summaries are based on discovered content corresponding to the persona and analyzed content corresponding to the discovered content. The system can include a content search manager service for generating the discovered content based on search criteria and a semantic analysis service for generating the analyzed content. The system can also include a data store for storing the generated identity correlation summaries and a notification service for providing a notification based on the generated identity correlation summaries. | 07-01-2010 |
| 20100169315 | ATTRIBUTION ANALYSIS AND CORRELATION - An attribution analysis and correlation system can include a content manager and a semantic correlation module. The content manager can receive a list identifying at least one contributor to be evaluated. The content manager can also mine at least one community for content pertaining to the contributor(s). The semantic correlation module can generate correlation results by performing a semantic analysis and correlation on the persistent content and attributions corresponding to the contributor(s). | 07-01-2010 |
| 20100169314 | CONTENT ANALYSIS AND CORRELATION - A content analysis and correlation service system can include a summary manager service for generating content correlation summaries, wherein the generated content correlation summaries are based on discovered content and analyzed content based on the discovered content. The system can include a content search manager service for generating the discovered content based on search criteria and correlation criteria and a semantic analysis service for generating the analyzed content based on the discovered content. The system can also include a data store for storing the generated content correlation summaries and a notification service for providing notifications based on the generated content correlation summaries. | 07-01-2010 |
| 20100131714 | TECHNIQUES FOR CACHING IMAGES - Techniques for caching images are presented. A matrix of pixel values represents an image. A diagonal of the matrix is used as an array of numbers representing an index value. The index value is compared to existing index values housed in a cache. When no match is present, the index value is inserted into the cache and the corresponding image associated with the inserted index value acquired. When a match is present no action is taken on the index values of the cache. | 05-27-2010 |
| 20100131641 | SYSTEM AND METHOD FOR IMPLEMENTING A WIRELESS QUERY AND DISPLAY INTERFACE - System and method for implementing a wireless query and display interface are disclosed. In one embodiment, the system includes a machine to be monitored and an end-point associated with the machine and comprising an interface, the end-point for connecting to the machine to be monitored via the interface. The system further includes a consolidator comprising an identity service and a Global Device Identity Listing (“GDIL”), the GDIL for maintaining a list of machines to be monitored using the system and a wireless device for viewing the list maintained by the GDIL and for issuing commands and queries related to one or more of the machines on the list. The end-point, the consolidator, and the wireless device are capable of wirelessly communicating with one another. | 05-27-2010 |
| 20100122312 | PREDICTIVE SERVICE SYSTEMS - A predictive service system can include a gathering service to gather user information, a semantic service to generate a semantic abstract for the user information, a policy service to enforce a policy, and a predictive service to act on an actionable item that is created based on the user information, the semantic abstract, and the policy. The system can also include an analysis module to create the actionable item and send it to the predictive service. The system can also include an identity service to create a crafted identity for the user. | 05-13-2010 |
| 20100106557 | SYSTEM AND METHOD FOR MONITORING REPUTATION CHANGES - System and method for monitoring reputation changes via a reputation system are described. In one embodiment, the method comprises receiving updated reputation information regarding a reputation of interest from a reputation information provider; evaluating the received updated reputation information in accordance with evaluation rules established for the reputation of interest; and providing a notification of results of the evaluating in accordance with notification rules established for the reputation of interest. | 04-29-2010 |
| 20100098246 | SMART CARD BASED ENCRYPTION KEY AND PASSWORD GENERATION AND MANAGEMENT - An apparatus can include a smart card based encryption key management system used to generate an encryption key using encryption key seed material, and an encryption key data store to store the encryption key seed material. An apparatus can include a smart card based password management system used to generate a password using password seed material, and a password data store to store the password seed material. | 04-22-2010 |
| 20100095372 | TRUSTED RELYING PARTY PROXY FOR INFORMATION CARD TOKENS - An apparatus can include a secret mapping module running on a machine and configured to create a mapping that maps a secret to a claim stored in an information card, a receiver running on the machine and configured to receive a request for the secret from a remote application, a mapping query module running on the machine and configured to perform a search for the mapping, a credential provider application running on the machine and configured to retrieve the secret based at least in part on the claim, and a transmitter configured to transmit the secret to the remote application. | 04-15-2010 |
| 20100095268 | MANAGING COMPLEX DEPENDENCIES IN A FILE-BASED TEAM ENVIRONMENT - Techniques managing complex dependencies in a file-based team environment are provided. A software module is represented as an object. The object is defined via a file. The file includes relationships, and some of the relationships define dependencies to other objects. In some cases, attributes for the object are also included in the file and are defined via references to still other objects. The relationships and the attributes are carried with the object via the file. | 04-15-2010 |
| 20100083282 | MULTI-EPOCH METHOD FOR SAVING AND EXPORTING FILE SYSTEM EVENTS - As things happen on a volume, the file system forwards events to an event list manager. The event list manager stores the events and associates them with epochs that were active at the time the event occurred. Event consumers can independently declare epochs at any time. When event consumers end an epoch, they can request events that occurred during the epoch, which are reported to the event consumer using the event list manager. | 04-01-2010 |
| 20100063897 | ANONYMOUS SHOPPING TRANSACTIONS ON A NETWORK THROUGH INFORMATION BROKER SERVICES - A system and method for enabling a user to transact an anonymous on-line transaction, wherein a form of on-line payment is requested at a transaction interface is disclosed. The method may include providing an anonymous user interface that enables a user to initiate an on-line payment, accessing a first profile comprising user data when the user activates the form of on-line payment, generating a second profile linked to the first profile wherein, the second profile comprises anonymous data, and communicating the anonymous data from the second profile to the transaction interface to enable completion of the transaction. | 03-11-2010 |
| 20100058435 | SYSTEM AND METHOD FOR VIRTUAL INFORMATION CARDS - A client includes a card selector, and receives a security policy from a relying party. If the client does not have an information card that can satisfy the security policy, the client can define a virtual information card, either from the security policy or by augmenting an existing information card. The client can also use a local security policy that controls how and when a virtual information card is defined. The virtual information card can then be used to generate a security token to satisfy the security policy. | 03-04-2010 |
| 20100043058 | SYSTEM AND METHOD FOR FACILITATING USER AUTHENTICATION OF WEB PAGE CONTENT - System and method for facilitating user authentication of web page content are described. In one embodiment, the method comprises receiving a request from a web browser for web page content; and responsive to receipt of the request, providing to the web browser the requested web page content and associated digitally signed content; wherein prior to display of the web page content by the web browser, the digitally signed content is evaluated by a plug-in portion of the web browser to determine whether the digitally signed content is verified, indicating that a provider of the web page content is trustworthy. | 02-18-2010 |
| 20100042673 | SYSTEM AND METHOD FOR DYNAMICALLY ENABLING AN APPLICATION FOR BUSINESS CONTINUITY - System and method for dynamically enabling an application for business continuity are described. In one embodiment, a business continuity engine (“BCE”) for managing and controlling a high-availability applications comprises a configuration management module for maintaining information regarding the current configuration of a BC application; a status monitor for monitoring a status of the BC application via a high-availability (“HA”) wrapper thereof and initiating a migration of the BC application from a first server of a primary cluster to a second location of a secondary cluster based on the determined status; and an application migration module for migrating the BC application to the second server responsive to the initiating. The BCE further comprises a storage area network (“SAN”) migration module for enabling storage media for use by the BC application; and a communications module for facilitating an exchange of data between the BC engine and the BC application. | 02-18-2010 |
| 20100031328 | SITE-SPECIFIC CREDENTIAL GENERATION USING INFORMATION CARDS - Systems and methods for generation of site-specific credentials using information cards are provided. An apparatus can include a machine, a browser on the machine configured to receive a request from a relying party site for a credential from a user, a receiver to receive one or more inputs, a site-specific credential generator to generate the credential based on the inputs, and a transmitter configured to transmit the generated credential to the relying party site. | 02-04-2010 |
| 20100027883 | ADAPTIVE METHOD AND SYSTEM FOR ENCODING DIGITAL IMAGES FOR THE INTERNET - A system and method comprise defining a current rectangular region of the image bitmap, quantifying spectral characteristics of the current rectangular region, dividing the current rectangular region into four rectangular sub-regions in response to the spectral characteristics being greater than a predetermined threshold value, tagging the current rectangular sub-region as a terminal rectangular region in response to the spectral characteristics being less than or equal to the predetermined threshold value, tagging each rectangular sub-region as a terminal rectangular region in response to a size of the rectangular sub-region being less than or equal to a predetermined threshold size, defining one of the non-terminal rectangular sub-regions as the current rectangular region and repeating the above until all rectangular regions are tagged terminal, and determining color characteristics for each of the terminal rectangular regions. | 02-04-2010 |
| 20100023557 | SYSTEM AND METHOD TO EXTEND A FILE MANAGER USER INTERFACE - Systems and methods are presented for extending a file manager user interface to create, edit and organize meta information for files. According to a method embodiment, a file manager is provided to manage files stored in a computer-readable medium. The file manager is adapted to provide a directory view of the files. A wiki engine is integrated with the file manager to provide a wiki view of the files from within the file manager. | 01-28-2010 |
| 20100011409 | NON-INTERACTIVE INFORMATION CARD TOKEN GENERATION - Systems and methods for automatic, non-interactive generation of information card tokens are provided. An apparatus can include a receiver, a transmitter, and an information card token generator, wherein the information card token generator is operable to generate an information card token in response to an information card token request received from a relying party site, the information card security token being based at least in part on a user-defined policy. | 01-14-2010 |
| 20100008584 | SYSTEM AND METHOD FOR DEVICE MAPPING BASED ON IMAGES AND REFERENCE POINTS - System and method for mapping a location of each of a plurality of devices in a data center. In one embodiment, the method comprises receiving image data comprising an image of at least a portion of the data center from a source; processing the image data to locate visual identifiers displayed in the image, wherein each of the visual identifiers is associated with one of the devices or with a spatial reference point; extracting the located visual identifiers and determining spatial coordinates for each of the identified visual identifiers from the image; and determining the spatial reference points from the image. The method further comprises developing groups based on extracted visual identifiers and spatial coordinates thereof and the spatial reference points, wherein allowances are made for an angle of the image, wherein each group comprises a subset of related ones of the devices; for each group, comparing each of the visual identifiers of the group with a key to determine information regarding the associated device to obtain processing results; and combining processing results corresponding to multiple images to remove redundant information and produce final results. | 01-14-2010 |
| 20090328166 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 12-31-2009 |
| 20090327632 | COPYING WORKLOAD FILES TO A VIRTUAL DISK - The present invention is directed to a system and method for transferring workload files on a host to a Virtual Machine (VM) destination disk without the need for the VM to be running. This accomplished by creating a VM disk device interface to move data from the workload files to the VM destination disk. The VM disk device interface comprises a device driver to interact with the VM destination disk and destination access software utilizing standard operating system procedures to access the VM destination disk. | 12-31-2009 |
| 20090320014 | SYSTEM AND METHOD FOR OFFLINE UPDATION OF SOFTWARE IN VIRTUAL MACHINE (VM) IMAGES - System and method for offline management of software in VM images are described. In one embodiment, the method includes obtaining updation-related information from the software application and an operating system in which the software application runs while the software application is in an online mode, writing the updation-related information to a first set of files of a virtual machine (VM) image while the software application is in the online mode, reading the updation-related information from the first set of files of the VM image while the software application is in an offline mode; using the read updation-related information to update the software application while the software application is in the offline mode; and writing post-updation files to a second set of files of the VM image using the updation-related information read from the first set of files while the software application is in the offline mode. | 12-24-2009 |
| 20090300641 | SYSTEM AND METHOD FOR SUPPORTING A VIRTUAL APPLIANCE - A system and method for supporting a virtual appliance is provided. In particular, a support engine may include an update server that can manage a workflow to update an appliance in response to detecting upstream updates to one or more software components that have been installed for the appliance. For example, the workflow may generally include managing a rebuild the appliance to install the upstream updates and further managing an integration test to verify that the rebuilt appliance behaves correctly with the upstream updates installed. In addition, the support engine may further include a support analysis manager that can analyze the software components that have been installed for the appliance in view of various heuristic rules to generate a support statement indicating whether support is available for the appliance. | 12-03-2009 |
| 20090300604 | SYSTEM AND METHOD FOR BUILDING VIRTUAL APPLIANCES USING A REPOSITORY METADATA SERVER AND A DEPENDENCY RESOLUTION SERVICE - A system and method for building virtual appliances using a repository metadata server and a dependency resolution service is provided. In particular, a hosted web service may provide a collaborative environment for managing origin repositories and software dependencies, whereby remote clients may follow a simple and repeatable process for creating virtual appliances. For example, the repository metadata server may cache and parse metadata associated with an origin repository, download software from the origin repository, and generate resolution data that can be used by the dependency resolution service. The dependency resolution service may then use the resolution data to resolve dependencies for a package selected for an appliance, wherein the dependencies may include packages that are required, recommended, suggested, banned, or otherwise a dependency for the selected package. | 12-03-2009 |
| 20090300495 | SYSTEM AND METHOD FOR AN ADAPTIVE WIZARD UTILITY FOR GRAPHICAL USER INTERFACES - System and method for implementing an adaptive wizard utility for a graphical user interface (“GUI”) are described. In one embodiment, the method comprises, responsive to presentation of a page of the wizard utility to a user, monitoring user activity in connection with the page; analyzing the user activity to determine a current performance designation of the user; and modifying at least one page of the wizard utility based on the current performance designation of the user. | 12-03-2009 |
| 20090300151 | SYSTEM AND METHOD FOR MANAGING A VIRTUAL APPLIANCE LIFECYCLE - A system and method for managing a virtual appliance lifecycle is provided. In particular, a hosted web service may provide a collaborative environment for and unified environment for developing, configuring, personalizing, building, testing, deploying, and otherwise managing a lifecycle for one or more virtual appliances, wherein the collaborative and unified environment may provide various features for-creating virtual appliances, monitoring upstream changes and modifications to the virtual appliances, and providing real-time analysis and feedback during various phases of the virtual appliance lifecycle, among other things. | 12-03-2009 |
| 20090300076 | SYSTEM AND METHOD FOR INSPECTING A VIRTUAL APPLIANCE RUNTIME ENVIRONMENT - A system and method for inspecting a virtual appliance runtime environment is provided. In particular, runtime activity within a virtual machine may be monitored and tracked to manage a file system associated with the runtime activity. For example, a new image having a pointer to a base image being executed may be created, wherein the new image may be empty when created, and wherein data may be written to the new image in response to any files being created, deleted, modified, or otherwise accessed during execution of the base image within the virtual machine. Thus, a file system for the new image may be compared to a file system for the base image to analyze the runtime activity for the base image, wherein the new image may preserve runtime changes to the file system and provide visibility into particular runtime modifications to the file system. | 12-03-2009 |
| 20090300057 | SYSTEM AND METHOD FOR EFFICIENTLY BUILDING VIRTUAL APPLIANCES IN A HOSTED ENVIRONMENT - A system and method for efficiently building virtual appliances in a hosted environment is provided. In particular, a plurality of image archives may be stored in a build database, with each image archive including a file system having a directory structure and a plurality of files installed within the directory structure. In response to a build request containing an image description, a build engine may create a file system layout defining a directory structure for an image. The build engine may then copy the file system for one of the image archives to the file system layout for the image, wherein the copied file system may provide a subset of the file system for the image. The build engine may then build the image, which may include a file system having various files installed within various directories in accordance with the directory structure defined for the image. | 12-03-2009 |
| 20090288082 | SYSTEM AND METHOD FOR PERFORMING DESIGNATED SERVICE IMAGE PROCESSING FUNCTIONS IN A SERVICE IMAGE WAREHOUSE - System and method for performing processing functions on a warehoused service image. In one embodiment, the system comprises a service image warehouse for storing at least one service image; means for modifying the at least one service image by performing at least one of a plurality of service image processing functions on a service image contemporaneously with a user's checking the at least one service image out of the service image warehouse; means for checking the modified service image back into the service image warehouse; and a plurality of compute nodes connected to the service image warehouse to which the at least one service image may be deployed. Each of the compute nodes comprises one of a physical machine and a virtual machine host. | 11-19-2009 |
| 20090281859 | SYSTEM AND METHOD FOR DISPLAYING MULTIPLE TIME ZONES IN AN ONLINE CALENDAR VIEW - Method and system for presenting a view of a calendar on an electronic display. In one embodiment, the method comprises presenting on the display an entry corresponding to a scheduled meeting having at least two participants; presenting on the display a first timeline associated with a first one of the participants, the first timeline comprising an incremental listing of time of day in accordance with a first time zone associated with the first one of the participants; presenting on the display a second timeline adjacent the first timeline, the second timeline associated with a second one of the participants and comprising an incremental listing of time of day in accordance with a second time zone associated with the second one of the participants; and wherein the entry is presented on the display relative to the first and second timelines so as to accurately reflect start and end times of the scheduled meeting relative to each of the first and second time zones. | 11-12-2009 |
| 20090265288 | System and method for correlating events in a pluggable correlation architecture - A system for pluggable event correlation may include an input manager that receives a plurality of events and converts the events into a format compatible with one or more of a plurality of correlation engines. The correlation engines may then evaluate the converted events using various rules and generate correlated events when the evaluated events trigger at least one of the rules. An action manager may execute remedial actions when the correlation engines generate the correlated events. Moreover, extensibility may be provided by enabling a user to define rules to be triggered when events occur in a predetermined pattern, and actions to be executed when a predetermined rule triggers a correlated event. Further, to plug a new correlation engine into the system, adapters may be deployed to handle input and output, while the user-defined rules may be validating according to semantic requirements of the new correlation engine. | 10-22-2009 |
| 20090259592 | SYSTEM AND METHOD FOR IMPLEMENTING A VIRTUAL AUTOMATED TELLER MACHINE - Method and system for implementing a virtual automated teller machine (“VATM”) system are described. In one embodiment, the system includes a VATM host connectable to each of a plurality of registered disbursement entities (“DEs”) via a secure connection, such as an SSL connection. The system further includes an accessing computer connectable to the VATM host via a secure connection, such as an SSL connection, the accessing computer comprising a card reader for reading user information from an ATM card and having installed thereon VATM client software executable by the accessing computer to interact with the VATM host to validate user information read from the ATM card and an associated PIN entered by a user and, responsive to the validation, present the user with a list of DEs comprising at least one of the registered DEs, prompt the user to select one DE from the list of DEs from which funds are to be disbursed to the user, and specify an amount of funds to be disbursed. The VATM host sends a disbursement order to the selected DE indicating the specified amount of funds to be disbursed. | 10-15-2009 |
| 20090249430 | CLAIM CATEGORY HANDLING - A relying party can have a security policy. The security policy can include claims that are categorized other than “required” and “optional”. The user can specify, in a user policy, whether or not to include in a request for a security token from an identity provider claims that are not “required”. | 10-01-2009 |
| 20090241178 | CARDSPACE HISTORY VALIDATOR - Before a relying party grants a client access to a resource, the last use of the security token by the client to access the resource of the relying party can be verified. Verification can be accomplished by comparing the last time the client sent the security token to the relying party with the last time the relying party received the security token from the client. If the last use of the security token is not verified, the possibility exists that the security token has been fraudulently used by a third party. | 09-24-2009 |
| 20090234718 | PREDICTIVE SERVICE SYSTEMS USING EMOTION DETECTION - A predictive service system can include a gathering service to gather user information, a semantic service to generate a semantic abstract for the user information, an emotion detection service to identify emotion-related information, and a predictive service to act on an actionable item that is created based on the user information, the semantic abstract, and the emotion-related information. | 09-17-2009 |
| 20090217368 | SYSTEM AND METHOD FOR SECURE ACCOUNT RESET UTILIZING INFORMATION CARDS - New claim identifiers allow account reset and supplemental authorizations to be performed utilizing information cards. The new claim identifiers include claims for simple challenge questions, simple challenge answers, generated-challenge answers, and challenge methods. Each of the new claims can include a tuple. Methods of utilizing the new claim identifiers for account reset and supplemental authorization are also provided. | 08-27-2009 |
| 20090205035 | INFO CARD SELECTOR RECEPTION OF IDENTITY PROVIDER BASED DATA PERTAINING TO INFO CARDS - A computer system accesses metadata about an information card. The metadata can be stored locally or remotely (for example, at an identity provider). A metadata engine can be used to generate data to be provided to the user from the metadata: this data can take any desired form, such as an advertisement, a state of the user's account, or a policy update, among other possibilities. | 08-13-2009 |
| 20090205014 | SYSTEM AND METHOD FOR APPLICATION-INTEGRATED INFORMATION CARD SELECTION - A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider. | 08-13-2009 |
| 20090204622 | VISUAL AND NON-VISUAL CUES FOR CONVEYING STATE OF INFORMATION CARDS, ELECTRONIC WALLETS, AND KEYRINGS - A user desires to select information about himself. The system uses policies applicable to the display of the user's information and metadata about the user and the information to determine modified presentations of the user's information. The modified information can include visual and non-visual cues (such as aural, olfactory, or tactile). The system then displays the modified information, presenting the user with the visual and non-visual cues about the information. | 08-13-2009 |
| 20090204542 | PRIVATELY SHARING RELYING PARTY REPUTATION WITH INFORMATION CARD SELECTORS - A computer system accesses reputation information about a relying party. The reputation information can be stored locally or remotely (for example, at an identity provider or reputation service). A reputation information engine can be used to provide the reputation information to the user. The user can then use the reputation information in performing a transaction with the relying party. | 08-13-2009 |
| 20090199284 | METHODS FOR SETTING AND CHANGING THE USER CREDENTIAL IN INFORMATION CARDS - An identity provider issues information cards in which the credential type and/or the credential data is not specified at the time of issuance. A card selector installs the information cards and either prompts a user for the credential at the time of installation or afterwards. The card selector updates the credential type, the credential data, and/or authentication materials associated with an information card after the information card has been installed, and informs the identity provider about the credential type, credential data, and authentication materials before the information card is used. | 08-06-2009 |
| 20090193520 | SYSTEM AND METHOD FOR PROVIDING REPUTATION RECIPROCITY WITH ANONYMOUS IDENTITIES - System and method for providing reciprocity in a reputation system are described. In one embodiment, the method comprises: responsive to receipt by a first entity of a Reputation Guarantee (“RG”) request from a second entity, creating a token in accordance with specifications set forth in the RG request and forwarding the token to the second entity, wherein the token may include reputation information developed using reputation forming information (“RFI”) of the second entity and policies concerning treatment of the RFI of the second entity; forwarding the token to a third entity by at least one of the first and second entities; responsive to the token received by the third entity not including the reputation information of the second entity: forwarding from the third entity to the first entity the token and an assertion request; and responsive to receipt of the token and the assertion request, forwarding by the first entity to the third entity an assertion including the reputation information in accordance with the policies concerning treatment of the RFI of the second entity. | 07-30-2009 |
| 20090193245 | PARALLELIZING MULTIPLE BOOT IMAGES WITH VIRTUAL MACHINES - A system and method are presented for converting a multi-boot computer to a virtual machine. Existing boot images on a multi-boot computer are identified and converted into virtual machine instances. Each virtual machine instance represents an operating system and is capable of running at the same time. Finally, a new hosting operating system is installed. The new hosting operating system launches and manages the converted virtual machine instances. | 07-30-2009 |
| 20090178112 | LEVEL OF SERVICE DESCRIPTORS - An apparatus can include a client having a card selector, a query generator, and a transmitter. The card selector can allow a user to select an information card based on a security policy. The card selector can also provide a security token in response to the selected information card. The query generator can generate a query based on the selected information card, wherein the query pertains to information about features that are available on a relying party based on the security token and independent of a user's identity. The transmitter can transmit the generated query and the security token to an endpoint on the relying party. | 07-09-2009 |
| 20090158270 | System and Method for Creating Platform-Specific Self-Extracting Client Packages Using a Production Server - System and method for creating platform-specific self-extracting client packages using a production server are described. In one embodiment, the method comprises compiling a source file on a first build server comprising a first computing platform to produce a first executable seed file for the first computing platform and compiling the source file on a second build server comprising a second computing platform to produce a second executable seed file for the second computing platform; and providing the first and second executable seed files to a production server comprising the first computing platform. The production server uses the first executable seed file to create a first client package and a second client package, wherein the first client package is designed to be installed and execute on a first workstation running on the first computing platform and the second client package is designed to be installed and execute on a second workstation running on the second computing platform. | 06-18-2009 |
| 20090119344 | METHOD AND APPARATUS FOR SPLITTING A REPLICATED VOLUME - At least two replicated instances of a source volume are split while allowing clients to access data moved during the split. Clients are redirected to the first replicated instance of the source volume. The first replicated instance is split by first moving files in a split path from the first replicated instance to the target volume. Then, after the files in the split path have been successfully moved to the target volume, a junction is inserted at the split directory to redirect clients to the target volume. After the first replicated instance is split, a second junction replaces the split path on the replicated instance of the first replicated instance. | 05-07-2009 |
| 20090100410 | System and method for tracking software changes - A system and method may be used to track software changes by analyzing intermediate language level representations of the software. For example, software changes may be tracked by analyzing object-oriented program code that includes one or more non-native binary executables based on an intermediate language. The program code may be associated with metadata describing content of the non-native binary executables. An object tree, which includes a plurality of nodes, may be constructed to represent the non-native binary executables and the metadata describing the content of the non-native binary executables. One or more of the plurality of nodes may be hashed to associate respective digest values with the hashed nodes, such that changes in the received program code can be tracked using the digest values associated with the hashed nodes. | 04-16-2009 |
| 20090094041 | SYSTEM AND METHOD FOR REPRESENTING AGREEMENTS AS REPUTATION - System and method for representing agreements as reputation are disclosed. In one embodiment, the method comprises, in response to a request to generate an assertion relating to a piece of content, regenerating a reputation statement concerning an agreement from reputation-forming information (RFI) associated with an agreement; and generating an assertion from the reputation statement and the piece of content, the generating comprising binding the piece of content to the reputation statement. | 04-09-2009 |
| 20090077655 | PROCESSING HTML EXTENSIONS TO ENABLE SUPPORT OF INFORMATION CARDS BY A RELYING PARTY - A user engages in a transaction with a relying party through a computer system. The relying party requests identity information from the user using HTML extensions. The computer system includes a web browser having browser extensions. The HTML extensions cause the web browser to call a card selector invoker. The card selector invoker invokes a card selector to provide a security token. The card selector invoker extracts identity information from the security token and provides the identity information to the web browser. The computer system then returns the identity information to the relying party. | 03-19-2009 |
| 20090077627 | INFORMATION CARD FEDERATION POINT TRACKING AND MANAGEMENT - A client can store information about federation points. A federation point is a combination of an identifier of an account on a relying party and an identifier of an information card. The client can track which information cards are included n various federation points, and can use this information to assist the user in performing a transaction with relying parties. | 03-19-2009 |
| 20090077551 | VIRTUAL MACHINE IMAGE BUILDER FOR AUTOMATED INSTALLATION OF FULLY-VIRTUALIZED OPERATING SYSTEM - A customized image can be generated from a specified generic image and modifications. The contents of the generic image can be extracted and modified according to the specified modifications. The modifications can include, among other possibilities, a response file used in automating the installation of the customized image. The customized image can then be generated from the modified contents, and then installed as a guest operating system in a fully-virtualized operating system. | 03-19-2009 |
| 20090077118 | INFORMATION CARD FEDERATION POINT TRACKING AND MANAGEMENT - A client can store information about federation points. A federation point is a combination of an identifier of an account on a relying party and an identifier of an information card. The client can track which information cards are included n various federation points, and can use this information to assist the user in performing a transaction with relying parties. | 03-19-2009 |
| 20090070773 | METHOD FOR EFFICIENT THREAD USAGE FOR HIERARCHICALLY STRUCTURED TASKS - A system and method for dividing complex tasks into sub-tasks for the purpose of improving performance in completing the task. Sub-tasks are arranged hierarchically and if a sub-task is unable to obtain a thread for execution it is executed in the thread of the parent task. Should a thread become free it is returned to a thread pool for use by any task. Should a parent task be waiting on the completion of one or more sub-tasks, the thread it uses is returned to the thread pool for use by any other task as needed. | 03-12-2009 |
| 20090037994 | SYSTEM AND METHOD FOR ORDERED CREDENTIAL SELECTION - A system and method for assisting in ordered credential selection is disclosed. In one embodiment, the system enables ordered credential selection for credentials associated with one or more digital identities. The system comprises a plurality of security tokens, with each security token comprising a claim associated with a digital identity and where at least two of the security tokens are different from each other. The system also comprises an ordering module and manager module. The ordering module imposes a preferential ordering on the security tokens in accordance with an ordering policy to select a preferred security token. The manager module transmits at least one security token in response to a request, where at least one of the security tokens transmitted by the manager module is the preferred security token. | 02-05-2009 |
| 20090037920 | SYSTEM AND METHOD FOR INDICATING USAGE OF SYSTEM RESOURCES USING TASKBAR GRAPHICS - System and method for a method for indicating relative usage of a computer system resource by a plurality of applications each running in an active window, wherein each active window is represented on a taskbar element by a taskbar button, are described. In one embodiment, the method comprises, for each of the active windows, determining a resource usage rate for the application running in the active window, the resource usage rate comprising a percentage of a total system resource usage for which the application accounts; subsequent to the determining, ranking the applications in order of the determined resource usage rates thereof; and redisplaying the taskbar buttons to indicate, via at least one display characteristic, the relative system resource usage rates of the applications. | 02-05-2009 |
| 20090031026 | System and method for cross-authoritative configuration management - A system and method for cross-authoritative, user-based network configuration management is provided. Users log-in to a network using any device coupled to the network, and an identity manager may provide the user with a custom computing environment by verifying the user's identity and identifying content, assignments, and other configuration information associated with the user. For instance, the identity manager may retrieve a unique identifier assigned to the user, query one or more authoritative source domains based on the unique identifier, and deliver a computing environment assigned to the user. By seamlessly integrating multiple authoritative sources, administrators can make assignments to users across multiple authoritative source domains, and queries to the sources will always be up-to-date without having to perform synchronization processes. | 01-29-2009 |
| 20090019059 | MULTIPLE STORAGE CLASS DISTRIBUTED NAMETAGS FOR LOCATING ITEMS IN A DISTRIBUTED COMPUTING SYSTEM - Methods, signals, devices, and systems are provided for locating and retrieving files, objects, and other items in a network. Nametags are distributed through the network with the items. Each nametag may hold logical names identifying the item, names of the volatile copies of the item, and/or names of nonvolatile copies of the item. Thus, nametags may include names form multiple name spaces, and cached items can be identified expressly. | 01-15-2009 |
| 20090012951 | SYSTEM AND METHOD FOR EFFICIENT ISSUANCE OF QUERIES - System and method for efficient issuance of queries, such as DirXML script queries, by a policy for a value of an attribute of an object of the target system are described. In one embodiment, the method comprises, responsive to issuance by a policy of a query for a value of a designated attribute of a designated object of a target system, checking a result cache associated with the target system to determine whether the value for the designated attribute of the designated object is stored therein; responsive to a determination that the value for the designated attribute of the designated object is stored in the result cache, returning the value stored in the result cache to the policy; and responsive to a determination that the value for the designated attribute of the designated object is not stored in the result cache, querying the target system for the value of the designated attribute of the designated object. | 01-08-2009 |
| 20090007229 | TIME-BASED METHOD FOR AUTHORIZING ACCESS TO RESOURCES - Upon receiving a request for access to a resource, a current clock value is determined. Based on information including the resource, the identity of the user requesting the access, and the current clock value, the system identifies applicable access controls. If the applicable access controls indicate that the user can be granted access to the resource at the current time, the request is granted. Otherwise, the request is denied. | 01-01-2009 |
| 20090006636 | System & method for automatically registering a client device - A system and method for policy-based registration of client devices is provided. Policy-based registration may use registration keys to register devices on a network. For example, registration keys may include policy assignments, folder assignments, group assignments, or other assignments for registering, identifying, and managing the device on the network. Devices can register one or more times (e.g., using one or more registration keys), resulting in the device being added to any number of folders and groups. Further, the policies may be used to control a registration process or to enforce registration rules. As such, administrators can construct folders or groups of devices with a set of keys, providing a consistent mechanism to easily register and manage a device. | 01-01-2009 |
| 20090006592 | NETWORK EVALUATION GRID TECHNIQUES - Network evaluation grid techniques are presented. Local specifications for traffic patterns are evaluated for local traffic on local grids of a grid computing environment and reported out. The local traffic reported out is then evaluated in response to global traffic pattern specifications and a global traffic policy in order to identify one or more remedial actions to take or to recommend in response to that evaluation. | 01-01-2009 |
| 20090003368 | SYSTEM AND METHOD FOR GRAPHICALLY REPRESENTING AND MANAGING COMPUTER NETWORK CONNECTIONS - System and method for graphically representing and managing computer network connections are described. One embodiment is a method for providing an overlay filter in a computer capable of at least one secure network connection for use by at least one user application of the computer. The method comprises establishing a first secure network connection; launching a first application via the first secure network connection; and presenting on a display of the computer a visual representation, the visual representation illustrating that the first application is using the first secure network connection and comprising a first overlay area corresponding to the first secure network connection, wherein a first icon representing the first application is displayed within the first overlay area. | 01-01-2009 |
| 20080313567 | System and Method for Providing Dynamic Prioritization and Importance Filtering of Computer Desktop Icons and Program Menu Items - System and method for displaying an item on a display of a computer, wherein the item represents a file installed on the computer, are described. In one embodiment, the method comprises, responsive to a determination that a usage rate of the file exceeds a predetermined minimum rate, displaying the item representative of the file on the computer display; determining whether the usage rate of the file has changed; and responsive to a determination that the usage rate of the file has changed, updating at least one visual attribute of the item representative of the file to indicate the usage rate change. | 12-18-2008 |
| 20080294664 | MECHANISM FOR SUPPORTING INDEXED TAGGED CONTENT IN A GENERAL PURPOSE DATA STORE - A schema identifies a field in a document as a key field. Using an XML schema, the key field can be identified by attaching a property to the element or attribute to be used as a key field (if the XML schema standard is modified to support properties). Otherwise, attributes can be used to identify the element or attribute that is to be a key field. Fields can be primary keys, secondary keys, or foreign keys, as supported by data stores. The data store can analyze the schema to determine which fields are key fields. The key fields can be duplicated in the native format of the data store for use in indexing, searching, and other data store functions on the documents. The documents themselves can be stored as objects, into which the data store cannot reach, or can be stored in the native format of the data store, as desired. | 11-27-2008 |
| 20080288278 | System and Method for Expressing and Evaluating Signed Reputation Assertions - A method for expressing and evaluating signed reputation assertions is disclosed. In one embodiment, a first entity receives a request to generate a signed assertion relating to a piece of content. The first entity generates a reputation statement about a second entity from reputation-forming information (RFI) about the second entity available to the first entity. The first entity then generates a signed assertion from the reputation statement and the piece of content at least in part by binding the piece of content to the reputation statement and signing a portion encompassing at least one of the bound piece of content and the bound reputation statement. The signed assertion is then transmitted to a receiving entity. | 11-20-2008 |
| 20080246636 | OPTIMIZED DECOMPRESSION USING ANNOTATED BACK BUFFER - A system and method for decompression optimization employing a data input and a dedicated back buffer and data parser. The system and method also relate to accelerating the parsing process during decompression of a block of data by taking advantage of those naturally occurring redundancies within the block of data identified at compression time. The system of the invention includes a parser and an annotated back buffer which operate collectively to optimize the parsing process during decompression. | 10-09-2008 |
| 20080229411 | CHAINING INFORMATION CARD SELECTORS - A machine includes card stores to store information cards. For each card store, one or more card selectors can be provided. When performing a transaction involving information cards, a generic card selector, using a selector policy engine, can identify a card selector to use for the transaction. The identified card selector can be used to identify an information card in a card store to use in performing the transaction, which can be used to provide a security token to the relying party. | 09-18-2008 |
| 20080229410 | PERFORMING A BUSINESS TRANSACTION WITHOUT DISCLOSING SENSITIVE IDENTITY INFORMATION TO A RELYING PARTY - A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction. | 09-18-2008 |
| 20080229398 | FRAMEWORK AND TECHNOLOGY TO ENABLE THE PORTABILITY OF INFORMATION CARDS - When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction. | 09-18-2008 |
| 20080229384 | POLICY-BASED AUDITING OF IDENTITY CREDENTIAL DISCLOSURE BY A SECURE TOKEN SERVICE - A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit. | 09-18-2008 |
| 20080229383 | CREDENTIAL CATEGORIZATION - The user can associate metadata with information cards. The metadata can include, among other possibilities, string names, icons, user policies, containers, and hierarchies. The metadata is stored by the computer system. The metadata can then be used to filter the set of information cards that can satisfy a security policy from a relying party. | 09-18-2008 |
| 20080225837 | System and Method for Multi-Layer Distributed Switching - A system and method for multi-layer distributed switching is disclosed. In one embodiment, the distributed switching system comprises an external network connection connected to a plurality of computing nodes such that data signals can be sent to and from the computing nodes. An incoming director module is associated with a first computing node and associates a data signal with a second computing node. There is a request distribution network for distributing data signals among the nodes, a response generator module, and an outgoing director module associated with the second computing node. | 09-18-2008 |
| 20080225726 | System and Method for Selfish Child Clustering - A system and method for selfish child clustering are disclosed. In one embodiment, the system comprises a selfish node; and a plurality of servicing nodes each connected to the selfish node, wherein the selfish node selects a first one of the servicing nodes to service requests therefrom; and wherein the selfish node evaluates a responsiveness of the first one of the servicing nodes and, responsive to a determination that the responsiveness of the first one of the servicing nodes is unacceptable, the selfish node selects a second one of the servicing nodes to service requests therefrom. | 09-18-2008 |
| 20080222425 | System and Method for Expressing and Evaluating Signed Reputation Assertions - A method for expressing and evaluating signed reputation assertions is disclosed. In one embodiment, a first entity receives a request to generate a signed assertion relating to a piece of content. The first entity generates a reputation statement about a second entity from reputation-forming information (RFI) about the second entity available to the first entity. The first entity then generates a signed assertion from the reputation statement and the piece of content at least in part by binding the piece of content to the reputation statement and signing a portion encompassing at least one of the bound piece of content and the bound reputation statement. The signed assertion is then transmitted to a receiving entity. | 09-11-2008 |
| 20080201709 | System and method for automated provisioning of FMware image instances - A system and method for provisioning virtual machines for a demonstration are described. In one embodiment, the system comprises a scheduling server for enabling a user to schedule a demonstration by selecting a demonstration set and related details using a scheduling web page and a plurality of provisioning servers each connected to the scheduling server via an Internet connection, each of the provisioning servers having stored thereon a plurality of demonstration sets each comprising at least one VM. Responsive to selection of a demonstration set by the user, the scheduling server selects one of the provisioning servers to host the scheduled demonstration and notifies the selected provisioning server of details regarding the scheduled demonstration. The selected provisioning server executes a provisioning process for modifying a configuration file of each at least one VM such that a network number therein is set to a unique number associated with the user and the scheduled demonstration, and modifying a VM snapshot file associated with each at least one VM such that a network number therein is set to the unique number associated with the user and the scheduled demonstration. | 08-21-2008 |
