SYMANTEC CORPORATION Patent applications |
Patent application number | Title | Published |
20150350195 | SEAMLESS AUTHENTICATION MECHANISM FOR USER PROCESSES AND WEB SERVICES RESIDING ON COMMON HOST - Techniques are presented herein for authenticating local process to a web service, both executing on a common host computer server. The local process may present a self-signed certificate to the web service. In response, the web service may identify a file system directory on the first computer server containing a file storing the self-signed certificate. If the subject information identifying the owner of the process matches file system metadata indicating an owner of the file, then the web service may consider the process as being authenticated to the web service. | 12-03-2015 |
20150341342 | AUTOMATED STEP-UP DIGITAL CERTIFICATE INSTALLATION PROCESS - Techniques are disclosed for rapidly securing a server in response to request for a high-assurance digital certificate. As described, a CA may issue a basic tier certificate after performing a verification process to confirm that a party requesting a certificate for a given network domain, in fact, has control of that domain. Once issued and provisioned on the server, the server can establish secure connections with clients. At the same time, the CA continues to perform progressive identity verification processes for progressively higher tiers of certificates. Once the identity verification process at each tier is complete, the CA issues a new certificate for the corresponding tier, which may then be provisioned on the server. After performing all of the identity verification processes, the server can issue the requested high-assurance certificate. | 11-26-2015 |
20150310215 | DISCOVERY AND CLASSIFICATION OF ENTERPRISE ASSETS VIA HOST CHARACTERISTICS - Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once classified, a monitoring system may use the assigned classifications to prioritize security incidents for review. | 10-29-2015 |
20150304309 | TRANSMITTING ENCODED DIGITAL CERTIFICATE DATA TO CERTIFICATE AUTHORITY USING MOBILE DEVICE - Techniques are disclosed for managing a digital certificate enrollment process. A certificate assistant on a server is configured to encode certificate enrollment data in a barcode graphic, such as a quick response (QR) code. A mobile phone application can then scan the barcode graphic using a camera to recover and transmit the enrollment data to a certificate authority. Doing so allows a system administrator (or other user) to complete the certificate enrollment process in cases where the server is blocked from connecting to a certificate authority (CA) directly, e.g., because the server is behind a firewall blocking any outbound network connections from being initiated. | 10-22-2015 |
20150281257 | SYSTEM TO IDENTIFY MACHINES INFECTED BY MALWARE APPLYING LINGUISTIC ANALYSIS TO NETWORK REQUESTS FROM ENDPOINTS - A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal resource locator being present in the first cache with a first indication of suspiciousness, the fully qualified domain name being present in the second cache with a second indication of suspiciousness, or the evaluating the parent hostname having a third indication of suspiciousness, wherein at least one method operation is performed by the processor. A system and computer readable media are provided. | 10-01-2015 |
20150278518 | SYSTEMS AND METHODS FOR IDENTIFYING A SOURCE OF A SUSPECT EVENT - A computer-implemented method for identifying a source of a suspect event is described. In one embodiment, system events may be registered in a database. A suspicious event associated with a first process may be detected and the first process may be identified as being one of a plurality of potential puppet processes. The registered system events in the database may be queried to identify a second process, where the second process is detected as launching the first process. | 10-01-2015 |
20150271207 | SYSTEMS AND METHODS FOR PROVIDING TARGETED DATA LOSS PREVENTION ON UNMANAGED COMPUTING DEVICES - A computer-implemented method for providing targeted data loss prevention on unmanaged computing devices may include (1) identifying a data loss prevention policy that defines permissible data handling within set bounds to prevent unauthorized data exfiltration from the set bounds, (2) identifying an application to install on at least one unmanaged endpoint device, where (i) the unmanaged endpoint device lacks a data loss prevention agent configured to apply the data loss prevention policy to the entire unmanaged endpoint device and (ii) the application is to be provided to the unmanaged endpoint device to operate on sensitive data from within the set bounds, and (3) wrapping the application in an application wrapper that intercepts system calls from the application and applies the data loss prevention policy to sensitive data implicated in the system calls. Various other methods, systems, and computer-readable media are also disclosed. | 09-24-2015 |
20150271171 | SYSTEMS AND METHODS FOR DISCOVERING WEBSITE CERTIFICATE INFORMATION - The disclosed computer-implemented method for discovering website certificate information may include (1) receiving, from a plurality of computing devices within a community of users, information that identifies the certificate statuses of websites visited by the computing devices, (2) identifying, by analyzing the information, at least one issue with the certificate status of at least one website visited by at least one of the computing devices, and (3) performing at least one remedial action in an attempt to correct the issue with the certificate status of the website. Various other methods, systems, and computer-readable media are also disclosed. | 09-24-2015 |
20150271145 | SYSTEMS AND METHODS FOR SMART CIPHER SELECTION - A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a common cipher, from the client list and the server list, for encrypted communication based on the measured resource load at the server and the measured risk factor indicating the degree of risk posed by the client. Various other methods, systems, and computer-readable media are also disclosed. | 09-24-2015 |
20150271122 | SYSTEMS AND METHODS FOR MANAGING SECURITY CERTIFICATES THROUGH EMAIL - The disclosed computer-implemented method for managing security certificates through email may include (1) receiving an encrypted email that contains both identifying information that identifies a security certificate for authenticating a website and a management command relating to the security certificate, (2) determining whether authentication of the encrypted email succeeded such that the management command is authorized, and (3) when a determination is made that authentication of the encrypted email succeeded, identifying the security certificate using the identifying information and executing the management command with respect to the identified security certificate. Various other methods, systems, and computer-readable media are also disclosed. | 09-24-2015 |
20150269386 | SYSTEMS AND METHODS FOR INCREASING COMPLIANCE WITH DATA LOSS PREVENTION POLICIES - A computer-implemented method for increasing compliance with data loss prevention policies may include (1) identifying a file that is subject to a data loss prevention policy, (2) determining a classification of the file according to the data loss prevention policy, (3) identifying a graphical user interface that is configured to display a representation of the file, and (4) enhancing the representation of the file within the graphical user interface with a visual indication of the classification of the file according to the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed. | 09-24-2015 |
20150269067 | SYSTEMS AND METHODS FOR IDENTIFYING ACCESS RATE BOUNDARIES OF WORKLOADS - A computer-implemented method for identifying access rate boundaries of workloads may include (1) tracking the number of times each region of data within a plurality of regions of data is accessed during a period of time, (2) creating an ordered list of each region of data from the plurality of regions of data, (3) calculating one or more drops in access rates between two or more regions of data in the ordered list, (4) determining that a calculated access-rate drop from a first region of data to a second region of data exceeds a predefined threshold, and (5) calculating a boundary access rate for a workload of data. Various other methods, systems, and computer-readable media are also disclosed. | 09-24-2015 |
20150264084 | SYSTEMS AND METHODS FOR PROTECTING ORGANIZATIONS AGAINST SPEAR PHISHING ATTACKS - A computer-implemented method for protecting organizations against spear phishing attacks may include (1) searching a plurality of websites for user profiles belonging users who are affiliated with an organization and who have access to at least one privileged computing resource controlled by the organization, (2) retrieving, from the user profiles, personal information describing the users, (3) determining, based on the personal information, that a portion of the user profiles belongs to an individual user with access to the privileged computing resource, (4) identifying at least one phishing attack risk factor in the user profiles that belong to the individual user, and (5) assessing, based at least in part on the phishing attack risk factor, a risk of a phishing attack targeting the individual user to illegitimately gain access to the privileged computing resource. Various other methods, systems, and computer-readable media are also disclosed. | 09-17-2015 |
20150261954 | SYSTEMS AND METHODS FOR PRE-INSTALLATION DETECTION OF MALWARE ON MOBILE DEVICES - A computer-implemented method for pre-installation detection of malware on mobile devices may include intercepting one or more communications of an application installation agent that installs applications on a mobile computing device. The method may further include identifying, based on the one or more intercepted communications, an application that has been at least partially downloaded by the application installation agent. The method may also include, in response to identifying the application, and before the application is installed on the mobile computing device, scanning the application for malware. The method may additionally include determining, based on the scan, that the application contains malware. The method may finally include performing a security action in response to determining that the application contains malware. Various other methods, systems, and computer-readable media are also disclosed. | 09-17-2015 |
20150261940 | SYSTEMS AND METHODS FOR DETECTING INFORMATION LEAKAGE BY AN ORGANIZATIONAL INSIDER - A computer-implemented method for detecting information leakage by an organizational insider may include (1) identifying a set of organizational insiders of an organization, (2) identifying a set of public forums used by one or more organizational insiders, (3) identifying a set of messages posted to one or more public forums, (4) creating a message record corresponding to each message, with the record including a message summary, and a set of message metadata fields, (5) consolidating message records with common metadata fields into a message summary record, and (6) identifying, based on the message summary record, an information leakage threat. Various other methods, systems, and computer-readable media are also disclosed. | 09-17-2015 |
20150249645 | SYSTEMS AND METHODS FOR PROVIDING SECURE ACCESS TO LOCAL NETWORK DEVICES - A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the permission within the local area network, (4) receiving, via the Internet connectivity, a request by the guest user from outside the local area network to access the device, and (5) providing access to the device in response to validating the request based on the shared secret and the permission. Various other methods and systems are also disclosed. | 09-03-2015 |
20150244729 | SYSTEMS AND METHODS FOR OPTIMIZING SCANS OF PRE-INSTALLED APPLICATIONS - A computer-implemented method for optimizing scans of pre-installed applications may include (1) identifying, on a client device, a plurality of applications that are subject to scan-based assessments, (2) determining that the plurality of applications were pre-installed on the client device via a system image for the client device, (3) generating a fingerprint that represents the system image, and (4) fulfilling the scan-based assessments for the plurality of applications by transmitting the fingerprint that represents the system image to an assessment server and receiving, in response, an assessment of the system image. Various other methods, systems, and computer-readable media are also disclosed. | 08-27-2015 |
20150244533 | SPLITTING CERTIFICATE STATUS RESPONSES EVENLY ACROSS MULTIPLE DISTRIBUTED CERTIFICATE STATUS RESPONDERS - Techniques are disclosed for evenly distributing certificate status validity messages across multiple response servers. A certificate authority (CA) may partition subsets of online certificate status protocol (OCSP) responses to each be handled by OCSP response servers. The partitions are based on serial numbers of the underlying digital certificates of the OCSP responses. For example, to determine which OCSP response server is assigned to distribute a particular OCSP response, a modulo operation may be performed between the last octet value of the underlying certificate serial number and the total number of available OCSP response servers of the CA. The result yields a partition number that may be used to identify the corresponding OCSP response server. | 08-27-2015 |
20150237070 | SYSTEMS AND METHODS FOR APPLYING DATA LOSS PREVENTION POLICIES TO CLOSED-STORAGE PORTABLE DEVICES - A computer-implemented method for applying data loss prevention policies to closed-storage portable devices may include (1) injecting a data loss prevention component into at least one application process that is running on a computing device, (2) intercepting, via the data loss prevention component, an attempt by the application process to transfer a file to a closed-storage portable device that is connected to the computing device, (3) identifying a data loss prevention policy that applies to the attempt by the application process to transfer the file, (4) determining that the attempt by the application process to transfer the file violates the data loss prevention policy, and (5) performing a security action in response to determining that the attempt by the application process to transfer the file violates the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed. | 08-20-2015 |
20150235042 | SYSTEMS AND METHODS FOR AUTHENTICATING AN APPLICATION - A computer-implemented method for authenticating an application is described. In one embodiment, a software package is received and the software package may be authorized based at least in part on an evaluation of the software package. Upon authorizing the software package, a signature file is embedded in a directory of the software package. A request to use a privileged service provided by a service provider is received from a client. In some embodiments, the request includes a custom class loader, the custom class loader being configured to construct a proxy object as an interface to the privileged service. | 08-20-2015 |
20150229655 | SYSTEMS AND METHODS FOR INFORMING USERS ABOUT APPLICATIONS AVAILABLE FOR DOWNLOAD - A computer-implemented method for informing users about applications available for download may include (1) identifying, through sharing functionality provided by an operating system, shared content that identifies an application hosted by an application distribution platform, (2) in response to identifying the shared content, obtaining security information about the identified by the shared content, and (3) informing, prior to a user downloading the application, the user of the obtained security information about the application to enable the user to make an informed decision about whether to download the application. Various other methods, systems, and computer-readable media are also disclosed. | 08-13-2015 |
20150227742 | SYSTEMS AND METHODS FOR SCANNING PACKED PROGRAMS IN RESPONSE TO DETECTING SUSPICIOUS BEHAVIORS - A computer-implemented method for scanning packed programs in response to detecting suspicious behaviors may include (1) executing a packed program that may include (i) malicious code that has been obfuscated within the packed program and (ii) unpacking code that deobfuscates and executes the malicious code when the packed program is executed, (2) monitoring, while the packed program is executing, how the packed program behaves, (3) detecting, while monitoring how the packed program behaves, a suspicious behavior of the malicious code that indicates that the unpacking code has deobfuscated and executed the malicious code, and (4) performing a security operation on the packed program in response to detecting the suspicious behavior of the malicious code. Various other methods, systems, and computer-readable media are also disclosed. | 08-13-2015 |
20150215348 | VIRTUAL IDENTITY OF A USER BASED ON DISPARATE IDENTITY SERVICES - A virtual identity and context module may generate a virtual identity for a user. Virtual identities for different categories of users may be sourced from disparate identity services. For example, a first authentication of the user provided by a first identity service may be identified. A first virtual attribute field of the virtual identity may be populated or filled based on a first attribute field associated with the first identity service. A second identity service associated with the user may also be identified. A second virtual attribute field of the virtual identity may be populated or filled based on a second attribute field associated with the second identity service. Access to an application may be provided to a user based on the virtual attribute fields of the virtual identity that has been generated for the user. | 07-30-2015 |
20150215319 | AUTHENTICATION SEQUENCING BASED ON NORMALIZED LEVELS OF ASSURANCE OF IDENTITY SERVICES - An authentication sequencing and normalization module may receive a first authentication associated with a user and assign a level of assurance value to the user based on the first authentication from a first identity service of a specific type. If the user is associated with a second authentication, based on a second identity service of an alternate type, then the level of assurance value assigned to the user may be incremented. Furthermore, access to an application by the user may be allowed if the incremented level of assurance value assigned to the user meets or exceeds a second level of assurance value of a policy assigned to the application. Different users may be authenticated in the authentication sequencing and normalization module by disparate identity services. | 07-30-2015 |
20150188846 | TECHNIQUES FOR PROVIDING DYNAMIC ACCOUNT AND DEVICE MANAGEMENT - Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority to manage the user device. The one or more processors may be configured to receive delegate authority to manage the user device. The one or more processors may be configured to provide network access to the user device. The one or more processors may also be configured to manage the user device and monitor data communicated to and from the user device. | 07-02-2015 |
20150186114 | SYSTEMS AND METHODS FOR INJECTING CODE INTO AN APPLICATION - A computer-implemented method for injecting code into an application is described. In one embodiment, a metadata pointer is identified. The metadata pointer points to a first metadata section in an application startup file. The first metadata section includes application metadata. A second metadata section is created in the application startup file. The application metadata is copied to the second metadata section. The second metadata section includes copied application metadata. The copied application metadata in the second metadata section is modified. The metadata pointer is updated to point to the second metadata section. | 07-02-2015 |
20150186044 | SYSTEMS AND METHODS FOR IMPROVING SNAPSHOT PERFORMANCE - Techniques for improving snapshot performance are disclosed. In one embodiment, the techniques may be realized as a method for improving snapshot performance comprising initiating change block tracking for each unit of storage associated with each of a plurality of virtual machines, creating backup images of each unit of storage associated with each of the plurality of virtual machines, quiescing each of the plurality of virtual machines, and creating snapshots of each unit of storage associated with each of the plurality of virtual machines. The techniques may include identifying one or more changed blocks in at least one of the backup images using the change block tracking, editing the at least one of the backup images by replacing the identified one or more changed blocks using corresponding blocks from at least one snapshot of the snapshots, and releasing the at least one snapshot based upon a determination that editing has completed. | 07-02-2015 |
20150180860 | MULTI-ALGORITHM KEY GENERATION AND CERTIFICATE INSTALL - Techniques are disclosed for generating multiple key pairs using different algorithms and similarly installing certificates signed using the different algorithms. A customer server receives a selection of algorithms for generating a public/private key pair (e.g., RSA, ECC, DSA, etc.). The customer server generates key pairs for each selection and also generates corresponding certificate signing requests (CSR). The customer server sends the CSRs to a certificate authority (CA). The CA generates certificates associated with algorithm and sends the certificates to the customer server. The customer server may prompt a user to select one or more of the certificates to install, and upon receiving the selection, the customer installs the certificates. | 06-25-2015 |
20150180834 | SYSTEMS AND METHODS FOR INTRODUCING VARIATION IN SUB-SYSTEM OUTPUT SIGNALS TO PREVENT DEVICE FINGERPRINTING - A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed. | 06-25-2015 |
20150178515 | DEVICE-BASED PIN AUTHENTICATION PROCESS TO PROTECT ENCRYPTED DATA - Techniques are disclosed for providing a device-based PIN authentication process used to protect encrypted data stored on a computing system, such as a tablet or mobile device. A client component and a server component each store distinct cryptographic keys needed to access encrypted data on the client. The mobile device stores a vault encryption key used to decrypt encrypted sensitive data stored on the mobile device. The vault key is encrypted using a first encryption key and stored on the mobile device. The first encryption key is itself encrypted using a second encryption key. The second encryption key is derived from the PIN value. | 06-25-2015 |
20150178167 | SYSTEMS AND METHODS FOR GENERATING CATALOGS FOR SNAPSHOTS - A computer-implemented method for generating catalogs for snapshots may include (1) identifying an initial snapshot and a subsequent snapshot for a protected volume, (2) providing identifiers of the initial snapshot and the subsequent snapshot to a storage vendor application programming interface (API), (3) receiving, from the storage vendor API, an indication of at least one difference between the initial snapshot and the subsequent snapshot, and (4) synthetically generating a catalog for the subsequent snapshot based on a preexisting catalog for the initial snapshot such that the synthetically generated catalog reflects the difference between the initial snapshot and the subsequent snapshot indicated by the storage vendor API. Various other methods, systems, and computer-readable media are also disclosed. | 06-25-2015 |
20150156194 | CERTIFICATE STATUS DELIVERY THROUGH A LOCAL ENDPOINT - Techniques are disclosed for locally distributing online certificate status protocol (OCSP) responses to a client computer. A certificate authority (CA) proactively sends OCSP responses to an agent application (e.g., an antivirus application configured to handle OCSP responses) residing in the client computer. The agent application stores the OCSP responses in a cache. Thereafter, when a browser application sends an OCSP request to the CA, the agent application intercepts the request and determines whether a corresponding OCSP response is locally cached. If so, the agent application sends the cached OCSP response to the browser application. If not, the agent application retrieves the corresponding OCSP response from the CA and sends the response to the browser application. | 06-04-2015 |
20150149768 | SYSTEM AND METHOD FOR AUTOMATED CUSTOMER VERIFICATION - Techniques are disclosed for identifying and authenticating prospective certificate authority customers of a secure socket layer (SSL) certificate prior to receiving an order from the customer. The CA generates a list of prospective customers of digital certificates (e.g., by scanning networked servers via the Internet for the presence of an installed digital certificate). The CA retrieves data for each customer on the list and determines, based on a set of approval criteria, which prospective customers to target in enrollment campaigns. For each approved customer, the CA initiates an enrollment process prior to receiving a request from the customer to provide a certificate. | 05-28-2015 |
20150100779 | REDUCING LATENCY FOR CERTIFICATE VALIDITY MESSAGES USING PRIVATE CONTENT DELIVERY NETWORKS - Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, serves requests for the OCSP responses using the cache keys. For new certificates, a private CDN is pre-populated with an OCSP response for a certificate concurrent with that certificate being issued. Doing so effectively uses the PCDN as an origin server for OCSP responses, reducing CA infrastructure needs. | 04-09-2015 |
20150100778 | ACCELERATING OCSP RESPONSES VIA CONTENT DELIVERY NETWORK COLLABORATION - Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys. | 04-09-2015 |
20150096021 | METHOD AND SYSTEM FOR METADATA DRIVEN TESTING OF MALWARE SIGNATURES - Techniques are disclosed for evaluating the effectiveness of a malware signature. A query tool translates a markup language malware signature definition into a database query. The query is then executed against a database of application features to identify software packages that the signature would identify as malware. The results of the query are compared with threat information stored in the database and classified as being true/false positives and true/false negatives. | 04-02-2015 |
20150095995 | DYNAMIC CERTIFICATE GENERATION ON A CERTIFICATE AUTHORITY CLOUD - Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key. | 04-02-2015 |
20150095596 | Techniques for Improving Performance of a Backup System - Techniques for improving performance of a backup system are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for improving performance of a backup system. The method may comprise performing a backup of a client device, tracking, using at least one computer processor, references to data segments that are located outside of a unit of storage associated with the backup, calculating utilization of the unit of storage associated with the backup based on the tracked references, determining if the calculated utilization meets a specified parameter, and determining one or more responsive actions in the event the calculated utilization meets the specified parameter. | 04-02-2015 |
20150074806 | SYSTEMS AND METHODS FOR USING EVENT-CORRELATION GRAPHS TO DETECT ATTACKS ON COMPUTING SYSTEMS - A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed. | 03-12-2015 |
20150074362 | SYSTEMS AND METHODS FOR PROTECTING VIRTUAL MACHINE DATA - A computer-implemented method for protecting virtual machine data may include (1) receiving a request to perform a granular backup operation on data stored by a guest system within a virtual machine, (2) identifying a storage container that comprises an agent that performs backup operations, (3) attaching the storage container to the virtual machine in response to the request, and (4) performing the granular backup operation by sending an instruction to the guest system within the virtual machine to execute the agent. Various other methods, systems, and computer-readable media are also disclosed. | 03-12-2015 |
20150067831 | SYSTEMS AND METHODS FOR IDENTIFYING PRIVATE KEYS THAT HAVE BEEN COMPROMISED - A computer-implemented method for identifying private keys that have been compromised may include (1) identifying a private key that enables a signatory to digitally sign applications, (2) collecting information about the private key from at least one public source, (3) determining, based on the information collected from the public source, that the private key has been compromised and is accessible to unauthorized signatories, and (4) performing a security action in response to determining that the private key has been compromised and is accessible to the unauthorized signatories. Various other methods, systems, and computer-readable media are also disclosed. | 03-05-2015 |
20140337591 | SYSTEMS AND METHODS FOR INCREASING RESTORE SPEEDS OF BACKUPS STORED IN DEDUPLICATED STORAGE SYSTEMS - A computer-implemented method for increasing restore speeds of backups stored in deduplicated storage systems may include (1) identifying a backup that includes data stored in at least one data container within a deduplicated storage system, (2) detecting a subsequent backup that includes additional data, (3) calculating an amount of duplication between the additional data included in the subsequent backup and the data stored in the data container, (4) determining that the amount of duplication between the additional data and the data stored in the data container is below a predetermined threshold, (5) identifying at least one additional data container to store the additional data instead of deduplicating the additional data with respect to the data container, and then (6) storing the additional data in the additional data container to facilitate increasing a restore speed of the subsequent backup. Various other methods, systems, and computer-readable media are also disclosed. | 11-13-2014 |
20140331320 | TECHNIQUES FOR DETECTING MALICIOUS ACTIVITY - Techniques for detecting malicious activity are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting malicious activity including receiving information indicating a first process being executed, the first process including a plurality of first process components, receiving information specific to at least one of the plurality of first process components, determining whether the first process exhibits malicious behavior; and identifying which of the plurality of first process components is responsible for the malicious behavior based on the received information. | 11-06-2014 |
20140325664 | SYSTEMS AND METHODS FOR REPLACING APPLICATION METHODS AT RUNTIME - A computer-implemented method for replacing application methods at runtime may include identifying an application at runtime that includes a target method to replace at runtime with a source method, locating a target address of a target method data structure (that includes a target code pointer to method code of the target method) within memory at runtime that is referenced by a target class, determining a source address of a source method data structure (that includes a source code pointer to method code of the source method) within memory at runtime that describes the source method, and modifying the application at runtime to have the target class reference the source method instead of the target method by copying the source method data structure from the source address to the target address and, thereby, replacing the target code pointer with the source code pointer. Various other methods and systems are also disclosed. | 10-30-2014 |
20140304786 | RESILIENT AND RESTORABLE DYNAMIC DEVICE IDENTIFICATION - A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user. | 10-09-2014 |
20140304764 | METHOD AND APPARATUS FOR INTEGRATING SECURITY CONTEXT IN NETWORK ROUTING DECISIONS - An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response. | 10-09-2014 |
20140301551 | Method and apparatus to provide authentication and privacy with low complexity devices - A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security. | 10-09-2014 |
20140283082 | SYSTEMS AND METHODS FOR DETERMINING POTENTIAL IMPACTS OF APPLICATIONS ON THE SECURITY OF COMPUTING SYSTEMS - A computer-implemented method for determining potential impacts of applications on the security of computing systems may include (1) identifying an application subject to a security vulnerability assessment, (2) requesting information that identifies a potential impact of the application on a vulnerability of at least one computing system to at least one exploit associated with the application, (3) receiving the information that identifies the potential impact of the application on the vulnerability of the computing system, wherein the information may be derived at least in part from data from at least one additional computing system on which the application has previously been installed and (4) directing a determination about an installation of the application on the computing system based at least in part on the information that identifies the potential impact of the application on the vulnerability of the computing system. Various other methods, systems, and computer-readable media are also disclosed. | 09-18-2014 |
20140283035 | TECHNIQUES FOR PREDICTING AND PROTECTING SPEARPHISHING TARGETS - Techniques for predicting and protecting spearphishing targets are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for predicting and protecting spearphishing targets. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify one or more potential spearphishing targets based on information from an organization, receive additional information associated with the one or more potential spearphishing targets and the organization from publicly available sources, determine a threat level of a spearphishing attack on the one or more potential spearphishing targets based on the information from the organization and the additional information, and generate a report of the one or more potential spearphishing targets and the threat level associated with the one or more potential spearphishing targets. | 09-18-2014 |
20140282821 | SYSTEMS AND METHODS FOR IDENTIFYING A SECURE APPLICATION WHEN CONNECTING TO A NETWORK - A computer system receives, from a user device, a request to access a resource within a network of an organization and receives access credentials associated with an application, a user and the user device. The computer system identifies an application identifier, a user identifier and a device identifier and determines whether the combination of these identifiers satisfies an access policy. If the combination of application identifier, user identifier and device identifier satisfies the access policy, then the computer system grants the application access to the resource within the network of the organization. | 09-18-2014 |
20140282518 | ENFORCING POLICY-BASED COMPLIANCE OF VIRTUAL MACHINE IMAGE CONFIGURATIONS - Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The policy may be based on user identities, virtual machine image attributes, data classifications, or other criteria. Upon determining whether the request conforms to policy, the policy management engine allows the request, blocks the request, or triggers a management approval workflow. | 09-18-2014 |
20140281273 | Providing Local Cache Coherency in a Shared Storage Environment - Multiple nodes of a cluster have associated non-shared, local caches, used to cache shared storage content. Each local cache is accessible only to the node with which it is associated, whereas the cluster-level shared storage is accessible by any of the nodes. Attempts to access the shared storage by the nodes of the cluster are monitored. Information is tracked concerning the current statuses of the local caches of the nodes of the cluster. Current tracked local cache status information is maintained, and stored such that it is accessible by the multiple nodes of the cluster. The current tracked local cache status information is used in conjunction with the caching functionality to determine whether specific nodes of the cluster are to access their local caches or the shared storage to obtain data corresponding to specific regions of the shared storage. | 09-18-2014 |
20140279884 | SYSTEMS AND METHODS FOR DISTRIBUTING REPLICATION TASKS WITHIN COMPUTING CLUSTERS - A computer-implemented method for distributing replication tasks within computing clusters may include (1) identifying a primary volume that is replicated to a secondary volume, (2) identifying a computing cluster with access to the primary volume that includes at least a first node and a second node, (3) receiving a request to write data to the primary volume, (4) logging, via the first node, the request to write the data to the primary volume to a replication log, and (5) using the replication log to replicate, via the second node, the data to the secondary volume. Various other methods, systems, and computer-readable media are also disclosed. | 09-18-2014 |
20140244599 | DEDUPLICATION STORAGE SYSTEM WITH EFFICIENT REFERENCE UPDATING AND SPACE RECLAMATION - A deduplication storage system and associated methods are described. The deduplication storage system may split data objects into segments and store the segments. A plurality of data segment containers may be maintained. Each of the containers may include two or more of the data segments. Maintaining the containers may include maintaining a respective logical size of each container. In response to detecting that the logical size of a particular container has fallen below a threshold level, the deduplication storage system may perform an operation to reclaim the storage space allocated to one or more of the data segments included in the particular container. | 08-28-2014 |
20140237537 | METHOD AND TECHNIQUE FOR APPLICATION AND DEVICE CONTROL IN A VIRTUALIZED ENVIRONMENT - A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a source associated with a file open or create event. The source is at least one of an application or a device being used by a guest virtual machine (GVM). The DLP manager enforces a first response rule associated with the GVM when the source is a non-approved source per a source control policy. The DLP manager enforces a second response rule when the file violates a DLP policy. | 08-21-2014 |
20140208421 | SECURE AND SCALABLE DETECTION OF PRESELECTED DATA EMBEDDED IN ELECTRONICALLY TRANSMITTED MESSAGES - A method and apparatus for detecting preselected data embedded in electronically transmitted messages is described. In one embodiment, the method comprises monitoring messages electronically transmitted over a network for embedded preselected data and performing content searches on the messages to detect the presence of the embedded preselected data using an abstract data structure derived from the preselected data. | 07-24-2014 |
20140201824 | SYSTEMS AND METHODS FOR PROVIDING ACCESS TO DATA ACCOUNTS WITHIN USER PROFILES VIA CLOUD-BASED STORAGE SERVICES - A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed. | 07-17-2014 |
20140201208 | Classifying Samples Using Clustering - An unlabeled sample is classified using clustering. A set of samples containing labeled and unlabeled samples is established. Values of features are gathered from the samples contained in the datasets and a subset of features are selected. The labeled and unlabeled samples are clustered together based on similarity of the gathered values for the selected subset of features to produce a set of clusters, each cluster having a subset of samples from the set of samples. The selecting and clustering steps are recursively iterated on the subset of samples in each cluster in the set of clusters until at least one stopping condition is reached. The iterations produce a cluster having a labeled sample and an unlabeled sample. A label is propagated from the labeled sample in the cluster to the unlabeled sample in the cluster to classify the unlabeled sample. | 07-17-2014 |
20140189873 | SYSTEM AND METHOD FOR VULNERABILITY RISK ANALYSIS - Embodiments of the present invention are directed to a method and system for automated risk analysis. The method includes accessing host configuration information of a host and querying a vulnerability database based on the host configuration information. The method further includes receiving a list of vulnerabilities and accessing a plurality of vulnerability scores. The list of vulnerabilities corresponds to vulnerabilities of the host. Vulnerabilities can be removed from the list based on checking for installed fixes corresponding to vulnerability. A composite risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores. An aggregate risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores. | 07-03-2014 |
20140189784 | SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS - A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed. | 07-03-2014 |
20140173113 | Providing Optimized Quality of Service to Prioritized Virtual Machines and Applications Based on Quality of Shared Resources - Quality of service is provided to prioritized VMs and applications, based on the varied quality of different shared computing resources. Each VM or application has an associated priority. A quality rating is dynamically assigned to each shared computing resource. Requests for shared computing resources made by specific VMs or applications are received. For each specific received request, the current priority of the requesting VM or application is identified. In response to each received request, a specific shared computing resource is assigned to the specific requesting VM or application. This assignment is made based on the current priority of the requesting VM or application and the current quality rating of the shared computing resource, thereby providing quality of service to the requesting VM or application corresponding to its current priority. | 06-19-2014 |
20140172760 | USER INTERFACE AND WORKFLOW FOR PERFORMING MACHINE LEARNING - A computing device receives a training data set that includes a plurality of positive examples of sensitive data and a plurality of negative examples of sensitive data. The computing device analyzes the training data set using machine learning to generate a machine learning-based detection (MLD) profile that can be used to classify new data as sensitive data or as non-sensitive data. The computing device computes a quality metric for the MLD profile. | 06-19-2014 |
20140157363 | METHODS AND SYSTEMS FOR SECURE STORAGE SEGMENTATION BASED ON SECURITY CONTEXT IN A VIRTUAL ENVIRONMENT - A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host. | 06-05-2014 |
20140156588 | SYSTEMS AND METHODS FOR PERFORMING CUSTOMIZED LARGE-SCALE DATA ANALYTICS - A computer-implemented method for performing customized large-scale data analytics may include (1) providing a logical-data-model user interface to enable modifying a logical data model of a relational multi-dimensional analytic database, (2) receiving, via the logical-data-model user interface, user input to modify the logical data model of the relational multi-dimensional analytic database, (3) modifying the logical data model of the relational multi-dimensional analytic database based on the user input, (4) providing a visualization user interface, based on the logical data model, to enable performing online analytical processing operations, and (5) receiving, via the visualization user interface, a request to perform an online analytical processing operation that provides a view of data stored within the relational multi-dimensional analytic database in accordance with the logical data model. Various other methods, systems, and computer-readable media are also disclosed. | 06-05-2014 |
20140150081 | SYSTEMS AND METHODS FOR ELIMINATING REDUNDANT SECURITY ANALYSES ON NETWORK DATA PACKETS - A computer-implemented method for eliminating redundant security analyses on network data packets may include (1) intercepting, at a networking device, at least one network data packet destined for a target computing device, (2) identifying a security system installed on the target computing device, (3) determining that the security system installed on the target computing device does not satisfy a predefined security standard, and then (4) performing a security analysis that satisfies the predefined security standard on the network data packet at the networking device based at least in part on determining that the security system installed on the target computing device does not satisfy the predefined security standard. Various other methods, systems, and computer-readable media are also disclosed. | 05-29-2014 |
20140143869 | USING TELEMETRY TO REDUCE MALWARE DEFINITION PACKAGE SIZE - Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware definitions. The cloud server provides the set of local malware definitions to the clients as a local malware definition update, and replies to cloud definition lookup requests from clients with an indication of whether a file identified in a request contains malware. If the file is malicious, the client remediates the malware using local malware definition update. | 05-22-2014 |
20140143828 | METHODS AND SYSTEMS FOR ENABLING COMMUNITY-TESTED SECURITY FEATURES FOR LEGACY APPLICATIONS - A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed. | 05-22-2014 |
20140136484 | METHOD AND SYSTEM OF PERFORMING INCREMENTAL SQL SERVER DATABASE BACKUPS - A system, method, and medium for performing incremental backups of a Microsoft SQL server database. A snapshot of the database is created, and then a map identifying the changed extents is retrieved from the snapshot. The changed extents are then retrieved from the snapshot and stored in a backup storage device. For a restore operation, a full database backup file is written to a storage device and then the changed extents from a stored incremental backup file may be merged with the full backup file. Next, the database server is notified of the reconstructed file and then the reconstructed file is mounted by the database server as a live instance of the database. | 05-15-2014 |
20140122343 | MALWARE DETECTION DRIVEN USER AUTHENTICATION AND TRANSACTION AUTHORIZATION - Techniques are disclosed for detecting online fraud initiated by a host infected with a malicious software application that would otherwise remain undetected by many current fraud detection systems, e.g., for detecting man-in-the-browser Trojans. A fraud detection system operates in conjunction with an IPS system to identify online transactions that have a high probability of being fraudulent or initiated by a legitimate, but compromised host. | 05-01-2014 |
20140101113 | Locality Aware, Two-Level Fingerprint Caching - The present disclosure provides for implementing a two-level fingerprint caching scheme for a client cache and a server cache. The client cache hit ratio can be improved by pre-populating the client cache with fingerprints that are relevant to the client. Relevant fingerprints include fingerprints used during a recent time period (e.g., fingerprints of segments that are included in the last full backup image and any following incremental backup images created for the client after the last full backup image), and thus are referred to as fingerprints with good temporal locality. Relevant fingerprints also include fingerprints associated with a storage container that has good spatial locality, and thus are referred to as fingerprints with good spatial locality. A pre-set threshold established for the client cache (e.g., threshold Tc) is used to determine whether a storage container (and thus fingerprints associated with the storage container) has good spatial locality. | 04-10-2014 |
20140089279 | AUTOMATED SEPARATION OF CORPORATE AND PRIVATE DATA FOR BACKUP AND ARCHIVING - A computing device categorizes data items as a corporate data items when a first criterion is satisfied and as personal data items when a second criterion is satisfied. The computing device provides identified corporate data items to a first backup system that stores the corporate data items to a corporate data store. The computing device further provides identified personal data items to a second backup system that stores the personal data items to a personal data store. | 03-27-2014 |
20140075554 | SYSTEMS AND METHODS FOR PERFORMING SELECTIVE DEEP PACKET INSPECTION - A computer-implemented method for performing selective deep packet inspection may include 1) identify a traffic flow that includes a stream of data packets, 2) sample at least one packet from the stream of data packets, 3) analyze the sampled packet using a computing resource to determine whether the traffic flow is trustworthy, 4) determine that the traffic flow is trustworthy based on analyzing the sampled packet, and 5) divert the traffic flow to a hardware accelerator in response to determining that the traffic flow is trustworthy. Various other methods, systems, and computer-readable media are also disclosed. | 03-13-2014 |
20140068767 | SYSTEMS AND METHODS FOR DETECTING ILLEGITIMATE APPLICATIONS - A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed. | 03-06-2014 |
20140067763 | TECHNIQUES FOR RECOVERING A VIRTUAL MACHINE - Techniq ues for recovering a virtual machine are disclosed. In one particular embodiment, the techniques may be realized as a method for recovering a virtual machine comprising the steps of selecting a first backup copy of a virtual machine in a first data store, selecting a second data store; enabling use of the virtual machine by reading from the first data store and writing to the second data store, selecting a second backup copy of the virtual machine, and migrating the virtual machine from the second backup copy to the second data store. | 03-06-2014 |
20140059005 | GLOBAL INDEXING WITHIN AN ENTERPRISE OBJECT STORE FILE SYSTEM - A file system is disclosed that includes an application wide name space instantiated in a global index (Gindex) that is used for accessing objects related to an application. Using the Gindex, a method for cache coherency includes establishing one or more appliances, each defining a storage cluster; establishing one or more tenants spanning across appliances, wherein an application stores objects in file systems associated with the appliances and tenants; establishing a Gindex including metadata relating to objects stored in association with the application; replicating the Gindex to plurality of data centers supporting the tenants; storing an original object at a first data center; storing a cached copy of the object at a second data center; aligning the cached copy using metadata for the object from a local copy of the Gindex. | 02-27-2014 |
20140026199 | Using Metadata In Security Tokens to Prevent Coordinated Gaming In A Reputation System - To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client. | 01-23-2014 |
20140026129 | SYSTEMS AND METHODS FOR UPDATING A SOFTWARE PRODUCT - A method may include receiving a request to install a second version of a software product over a first version of the software product, installing the second version of the software product in a dormant state while the first version of the software product is running, and swapping the first and second versions of the software product by activating the second version of the software product and deactivating the first version of the software product. Various other methods, systems, and computer-readable media are also disclosed. | 01-23-2014 |
20130346724 | SEQUENTIAL BLOCK ALLOCATION IN A MEMORY - A region of memory is logically divided into a number of segments, each of which is logically divided into a number of blocks. Blocks are allocated sequentially. A head pointer and a tail pointer demarcate the section of allocated blocks. As allocated blocks are added, the tail pointer is moved so that it remains at the end of the section of allocated blocks. If the tail pointer is within a threshold distance of the head pointer, then the head pointer is moved from its current position to a new position, and the allocated blocks between the current and new positions are freed (deallocated and/or erased). Thus, writes to the memory can be performed sequentially, and blocks can be freed in advance of when they are actually needed. | 12-26-2013 |
20130339517 | TECHNIQUES FOR PROVIDING DYNAMIC ACCOUNT AND DEVICE MANAGEMENT - Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority to manage the user device. The one or more processors may be configured to receive delegate authority to manage the user device. The one or more processors may be configured to provide network access to the user device. The one or more processors may also be configured to manage the user device and monitor data communicated to and from the user device. | 12-19-2013 |
20130333003 | SYSTEMS AND METHODS FOR IMPLEMENTING MULTI-FACTOR AUTHENTICATION - A computer-implemented method for implementing multi-factor authentication may include 1) receiving, as part of a secondary authentication system, an authentication request from a client system, 2) redirecting the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request, 3) receiving an assertion of the first authentication from the client system that demonstrates that the first authentication was successful, and 4) performing a second authentication with the client system in response to receiving the assertion of the first authentication. Various other methods, systems, and computer-readable media are also disclosed. | 12-12-2013 |
20130326265 | SYSTEMS AND METHODS FOR DISASTER RECOVERY OF MULTI-TIER APPLICATIONS - A computer-implemented method for disaster recovery of multi-tier applications may include 1) identifying a multi-tier application that is provisioned with a plurality of production clusters at a production site, 2) identifying a disaster recovery site including a plurality of recovery clusters, 3) identifying, at the disaster recovery site, a failure of the multi-tier application at the production site, and 4) initiating, from the disaster recovery site, a migration of the multi-tier application from the production site to the disaster recovery site. Various other methods, systems, and computer-readable media are also disclosed. | 12-05-2013 |
20130275653 | MULTI-TIER STORAGE USING MULTIPLE FILE SETS - Storage locations in a first tier of a multi-tier storage system are allocated to a first set of data structures (e.g., inodes) in a first file set. A file that is stored in the first tier is associated with a first data structure of the first set. In response to determining that data in the file should be moved to a second tier of the multi-tier storage system, the file is associated with a second data structure in a second file set. The second data structure is allocated a storage location in the second tier. Consequently, two data structures are associated with the file. The data is copied from the first tier to the storage location in the second tier, and can be subsequently accessed using the second data structure. | 10-17-2013 |
20130268800 | METHOD AND SYSTEM FOR CO-EXISTENCE OF LIVE MIGRATION PROTOCOLS AND CLUSTER SERVER FAILOVER PROTOCOLS - A method and system for LPAR migration including creating a profile for a logical partition on a host system comprising one or more LPARs, wherein the profile is associated with a first name. Also, within the profile, a port of a client virtual small computer system interface (SCSI) adapter of the LPAR is mapped to a port of a server virtual SCSI adapter of a virtual input/output server (VIOS) of the host system. The server port of the VIOS is set to accept any port of virtual client SCSI adapters of the one or more LPARS of the host system. Within the VIOS, the server port of the VIOS is mapped to a device name (i.e., LPAR) and to a target device (i.e., a disk of shared storage), for purposes of proper failover implementation of the LPAR, wherein the target device comprises an operating system for the LPAR. | 10-10-2013 |
20130263265 | SYSTEMS AND METHODS FOR USING PROPERTY TABLES TO PERFORM NON-ITERATIVE MALWARE SCANS - A computer-implemented method for using property tables to perform non-iterative malware scans may include (1) obtaining at least one malware signature from a security software provider that identifies at least one property value for an item of malware, (2) accessing a property table for a computing device that identifies property values shared by one or more application packages installed on the computing device and, for each property value, each application package that shares the property value in question, and (3) determining, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without having to iterate through the individual property values of each application package. Various other methods, systems, and computer-readable media are also disclosed. | 10-03-2013 |
20130254558 | SYSTEMS AND METHODS FOR SECURE THIRD-PARTY DATA STORAGE - A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed. | 09-26-2013 |
20130254537 | SYSTEMS AND METHODS FOR SECURE THIRD-PARTY DATA STORAGE - A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed. | 09-26-2013 |
20130246666 | SHARED STORAGE ACCESS MANAGEMENT SYSTEMS AND METHODS - Shared storage access management systems and methods are presented. A method can comprise: performing an endpoint I/O source authority tracking process in which permission of an endpoint I/O source to perform an I/O with at least a portion of an endpoint storage target is tracked at least in part based on a corresponding endpoint I/O source ID value, and performing an I/O operation based upon results of the endpoint I/O source authority tracking process. In one embodiment, the endpoint I/O source ID value is associated with an endpoint I/O source that is a virtual machine. The endpoint I/O source ID value can be unique and can be bound to an endpoint I/O source. In one exemplary implementation, the endpoint I/O source ID value does not depend upon intermediate communication channel characteristics between a corresponding endpoint I/O source and endpoint storage target. | 09-19-2013 |
20130246362 | METHOD AND SYSTEM FOR IMPLEMENTING FAST INCREMENTAL BACKUPS - A method for fast incremental replication of a file system. The method includes, at a data storage level, tracking file system status for a plurality of files by using a data structure inside respective inodes for the plurality of files, and at a file system level, tracking file system status for a plurality of files by using a file system mask structure. For all files present in a backup, a catalogue of the file path name and inode number is maintained on a source file system. During incremental backup, a source file system data structure enumerating a plurality of modified inodes is consulted. For inodes that have not been marked as removed or created, the file system mask structure that tracks modified portions is consulted to obtain a file incremental change and inodes. The method further includes performing incremental backup using the inodes that have been modified and appended. | 09-19-2013 |
20130239104 | SYSTEMS AND METHODS FOR USING QUICK RESPONSE CODES TO ACTIVATE SOFTWARE APPLICATIONS - A computer-implemented method for facilitating access to shared resources within computer clusters may include (1) identifying a quick response code captured by at least one computing system, (2) identifying information encoded in the quick response code captured by the computing system, (3) determining that the information encoded in the quick response code contains an activation key that facilitates activation of a software application, then (4) applying, in response to this determination, the activation key to the software application in order to activate the software application without requiring a user of the software application to manually enter the activation key. Various other methods, systems, and computer-readable media are also disclosed. | 09-12-2013 |
20130238894 | Managing Credentials - In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code. | 09-12-2013 |
20130226864 | SYSTEMS AND METHODS FOR MAINTAINING GROUP MEMBERSHIP RECORDS - A method for maintaining group membership records includes 1) maintaining a record of group memberships for a membership hierarchy, the membership record identifying a direct relationship between a first object and a second object in the membership hierarchy, 2) receiving a membership update indicating that, as of a first point in time, a direct relationship between the second object and a third object changed, 3) updating the record of group memberships to reflect the change in the relationship between the second object and the third object, 4) deducing, based on the membership update and the record of group memberships, a change in an indirect relationship between the first object and the third object as of the first point in time, and 5) providing a view of object relationships within the membership hierarchy as the object relationships exist at the first point in time and a historical record of object relationships. | 08-29-2013 |
20130205006 | INTELLIGENT FAILOVER OR SHUTDOWN OF AN APPLICATION USING INPUT/OUTPUT SHIPPING IN RESPONSE TO LOSS OF CONNECTIVITY TO DATA STORAGE IN A CLUSTER - When a loss of connectivity between a first node in a cluster of nodes and a data store is detected, an input/output (I/O) request associated with an application that was executing on the first node is shipped to a second node in the cluster that is in communication with the data store. The application can be gracefully shut down on the first node, and the second node can execute the application and satisfy the I/O request. | 08-08-2013 |
20130198742 | SUBSEQUENT OPERATION INPUT REDUCTION SYSTEMS AND METHODS FOR VIRTUAL MACHINES - Storage systems and methods are presented. A method can include: accessing virtual machine image information; performing an examination process on the virtual machine image information to determine characteristics of the virtual machine image information including temporary attributes of the virtual machine image information; performing an exclusion block identification process based upon results of the examination process to identify exclusion blocks, wherein exclusion blocks are identified for exclusion from a subsequent operation; and forwarding an indication of the exclusion blocks to the subsequent operation. In one embodiment the method is performed within a File Server. | 08-01-2013 |
20130198562 | METHOD AND SYSTEM FOR CLUSTER WIDE ADAPTIVE I/O SCHEDULING BY A MULTIPATHING DRIVER - A method and system for load balancing. The method includes determining that connectivity between a first host and a primary array controller of a storage system has failed. The first host is configured to send input/output messages (I/Os) to a storage system through a storage network fabric. An available host is discovered at a multi-pathing driver of the first host. The available host is capable of delivering I/Os to the primary array controller. An I/O is redirected from said first host to the available host over a secondary communication network for delivery to the storage system | 08-01-2013 |
20130198424 | METHOD AND SYSTEM FOR MULTI-LAYER DIFFERENTIAL LOAD BALANCING IN TIGHTLY COUPLED CLUSTERS - A method and system for load balancing. The method includes discovering each of a plurality of hosts in a cluster, wherein the plurality of hosts is configured for accessing a LUN of a storage system through a storage network fabric. Global input/output (I/O) load characteristics are collected for each of the plurality of hosts at the device and/or volume level. A selected host is determined for processing an I/O originating at the local host, wherein the host is selected based on a current set of the global I/O load characteristics. | 08-01-2013 |
20130191345 | VOLUME AND PARTIAL VOLUME MERGE TO SYNCHRONIZE TO NON-HOMOGENEOUS DRIVE LAYOUTS - A method and system for merging files of multiple volumes in a data store to a single merged volume. The method includes creating one or more snapshots of one or more volumes of a data store of a first system. Files in the one or more snapshots are merged into a merged volume. The merged volume is mounted and stored in a second system. | 07-25-2013 |
20130185259 | SYSTEM AND METHOD FOR SCALABLE REFERENCE MANAGEMENT IN A DEDUPLICATION BASED STORAGE SYSTEM - A system and method for managing a resource reclamation reference list at a coarse level. A storage device is configured to store a plurality of storage objects in a plurality of storage containers, each of said storage containers being configured to store a plurality of said storage objects. A storage container reference list is maintained, wherein for each of the storage containers the storage container reference list identifies which files of a plurality of files reference a storage object within a given storage container. In response to detecting deletion of a given file that references an object within a particular storage container of the storage containers, a server is configured to update the storage container reference list by removing from the storage container reference list an identification of the given file. A reference list associating segment objects with files that reference those segment objects may not be updated response to the deletion. | 07-18-2013 |
20130173780 | RESOURCE THROTTLING AND AUTOMATED POLICY MANAGEMENT IN A VIRTUAL MACHINE ENVIROMNENT - A method for providing resource throttling management. The method includes accessing a distributed computer system having a plurality of nodes, initiating a new object policy object backup protection for a new object, and implementing a discovery process to determine computer environment components subject to stress. The method further includes generating a physical resource throttling protocol in accordance with the components subject to stress, and processing the new object in accordance with the object management policy and in accordance with the throttling protocol. | 07-04-2013 |
20130173771 | AUTOMATED POLICY MANAGEMENT IN A VIRTUAL MACHINE ENVIRONMENT - A method for providing object policy management. The method includes accessing a distributed computer system having a plurality of nodes, and initiating a new object policy object backup protection for a new object. The method further includes processing a list of object attributes available for the new object policy, and processing the list to generate an object management policy. The new object is then processed in accordance with the object management policy. | 07-04-2013 |
20130167145 | SYSTEMS AND METHODS FOR SAFELY MIGRATING TO VIRTUALIZED PLATFORMS - A computer-implemented method for safely migrating to virtualized platforms may include (1) identifying a virtual machine that is a target of a physical-to-virtual conversion from a physical server, (2) determining that the physical-to-virtual conversion includes at least one future step before the physical-to-virtual conversion is complete, (3) based on determining that the physical-to-virtual conversion includes the future step, creating a snapshot of the virtual machine before the future step, and (4) reverting the virtual machine to the snapshot before the future step. Various other methods, systems, and computer-readable media are also disclosed. | 06-27-2013 |
20130151802 | FORMAT-PRESERVING DEDUPLICATION OF DATA - Data blocks are copied from a source (e.g., a source virtual disk) to a target (e.g., a target virtual disk). The source virtual disk format is preserved on the target virtual disk. Offsets for extents stored in the target virtual disk are converted to offsets for corresponding extents in the source virtual disk. A map of the extents for the source virtual disk can therefore be used to create, for deduplication, segments of data that are aligned to boundaries of the extents in the target virtual disk. | 06-13-2013 |
20130151801 | ARCHIVE SYSTEMS AND METHODS - Archive systems and methods are presented. In one embodiment, an archival information storage configuration method comprises: performing an information accessing process including determining if the information is associated with an archive process; and performing an archive storage boundary determination process including establishing archive storage boundaries based upon characteristics indicating potential sharing of the information and potential impacts on performance of archival storage operations. In one exemplary implementation, the archive storage boundary determination process comprises: performing an information mining process including identifying an indication the information is potentially shared; and performing an archival boundary selection process including selecting an archive storage boundary based in at least part upon results of the information mining process. | 06-13-2013 |
20130151477 | SYSTEMS AND METHODS FOR RESTORING APPLICATION DATA - A computer-implemented method for restoring application data may include (1) receiving a request to restore resource data for a resource to a selected state, (2) identifying a plurality of backup datasets, each backup dataset within the plurality of backup datasets including at least a portion of backed up data for the resource, (3) determining an order in which to restore the plurality of backup datasets in order to restore the resource data to the selected state, and (4) restoring the resource data for the resource to the selected state by restoring the plurality of backup datasets in the order as determined. Various other methods, systems, and computer-readable media are also disclosed. | 06-13-2013 |
20130145155 | PROVISIONING MULTIPLE DIGITAL CERTIFICATES - A method of provisioning a first digital certificate and a second digital certificate based on an existing digital certificate includes receiving information related to the existing digital certificate. The existing digital certificate includes a first name listed in a Subject field and a second name listed in a SubjectAltName extension. The method also includes receiving an indication from a user to split the existing digital certificate and extracting the first name from the Subject field and the second name from the SubjectAltName extension of the existing digital certificate. The method further includes extracting the public key from the existing digital certificate, provisioning the first digital certificate with the first name listed in a Subject field of the first digital certificate and the public key, and provisioning the second digital certificate with the second name listed in a Subject field of the second digital certificate and the public key. | 06-06-2013 |
20130138953 | COMBINING MULTIPLE DIGITAL CERTIFICATES - A method for forming a digital certificate includes receiving contact information associated with the digital certificate. The contact information includes at least a name, a mailing address, and an email address. The method also includes receiving billing information associated with the digital certificate and receiving a Certificate Signing Request (CSR) for the digital certificate. The method further includes receiving a first name for use in forming the digital certificate and receiving a second name for use in forming the digital certificate. Moreover, the method includes receiving an indication of a vendor of web server software, receiving an indication of a service period for the digital certificate, and forming the digital certificate. The first name is stored in a Subject field of the digital certificate and the second name is stored in the SubjectAltName extension of the digital certificate. | 05-30-2013 |
20130124451 | CLUSTER SYSTEMS AND METHODS - Information cluster systems and methods are presented. In one embodiment, a cluster method comprises: performing an engine process including issuing requests to bring a resource online, offline, and monitor the resources, wherein the engine process is performed by an engine; performing a resource interaction process including interacting with a resource and directing a resource to comply with the request from the engine process, wherein the resource interaction process is performed by a resource interaction agent; performing a predicate logic process including performing predicate logic operations to determine if a predicate logic condition associated with the resource is satisfied and forwarding an indication of the results of the predicate logic operations to the engine process, wherein the predicate logic process is performed by a predicate logic agent that is separate from the engine performing the engine process. | 05-16-2013 |
20130117231 | APPLICATION PROTECTION THROUGH A COMBINED FUNCTIONALITY FAILURE MANAGER - A method for providing application functionality protection. The method includes accessing a distributed computer system having a cluster including a plurality of nodes, and receiving an indication of an application failure. The method further includes attempting to restore the application through a number of application restart attempts, and receiving an indication that the restart attempts have not restored the application. An image history is then accessed to obtain a last known good point in time image of the application. The application is restored in accordance with the last known good point in time image. | 05-09-2013 |
20130111380 | DIGITAL WHITEBOARD IMPLEMENTATION | 05-02-2013 |
20130110784 | MANAGING BACKUPS OF DATA OBJECTS IN CONTAINERS | 05-02-2013 |
20130091570 | SHORT-RANGE MOBILE HONEYPOT FOR SAMPLING AND TRACKING THREATS - Files received by a mobile device are sampled for malware tracking. The method includes configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting all attempts to transfer files. The method further comprises intercepting files transferred via the short-range communication technology to the mobile device from another device. The method also comprises quarantining the files transferred to the mobile device and logging identifying information about each of the files quarantined and about the other devices from which each of the files originated. The method further includes providing the logged identifying information for the files received to a security server. The method can also include, responsive to a request from the security server for more information about one of the files, providing a copy of that file to the security server for malware analysis and for updating a reputation system tracking mobile device malware. | 04-11-2013 |
20130086690 | Hygiene-Based Computer Security - A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores. | 04-04-2013 |
20130086413 | FAST I/O FAILURE DETECTION AND CLUSTER WIDE FAILOVER - A method for fast I/O path failure detection and cluster wide failover. The method includes accessing a distributed computer system having a cluster including a plurality of nodes, and experiencing an I/O path failure for a storage device. An I/O failure message is generated in response to the I/O path failure. A cluster wide I/O failure message broadcast to the plurality of nodes that designates a faulted controller. Upon receiving I/O failure responses from the plurality nodes, an I/O queue message is broadcast to the nodes to cause the nodes to queue I/O through the faulted controller and switch to an alternate controller. Upon receiving I/O queue responses from the plurality nodes, an I/O failover commit message is broadcast to the nodes to cause the nodes to commit to a failure and un-queue their I/O. | 04-04-2013 |
20130086007 | SYSTEM AND METHOD FOR FILESYSTEM DEDUPLICATION USING VARIABLE LENGTH SHARING - Embodiments of the present invention are directed to a method and system for filesystem deduplication that uses both small fingerprint granularity and variable length sharing techniques. The method includes accessing, within an electronic system, a plurality of files in a primary storage filesystem and determining a plurality of fingerprints for the plurality of files. Each respective fingerprint may correspond to a respective portion of a respective file of the plurality of files. The method further includes determining a plurality of portions of the plurality of files where each of the plurality of portions has the same corresponding fingerprint and accessing a list comprising a plurality of portions of files previously deduplicated. A portion of a file of the plurality of files not present in the list may then be deduplicated. Consecutive portions of variables lengths having the same corresponding fingerprints may also be deduplicated. | 04-04-2013 |
20130085989 | CLOUD INFORMATION MIGRATION SYSTEMS AND METHODS - Information migration systems and methods are presented. In one embodiment, a cloud information migration method comprises: performing a migration interpretation process, including interpreting migration initiation information; performing a migration information retrieval process to automatically retrieve information in a first configuration from a first cloud vendor in accordance with the migration initiation information; performing a migration information configuration process, including automatically converting the retrieved information in a first configuration to information in a second configuration, wherein the second configuration is compatible with a second cloud vendor; and | 04-04-2013 |
20130085886 | METHOD AND SYSTEM FOR AUTOMATIC APPLICATION RECOMMENDATION - A system and method of automatic suggested application identification includes accessing a profile of a device, wherein the profile represents information specific to the device. From said profile, a determined pattern of use determined by the device is accessed, wherein the determined pattern is unique to the device. The profile including the determined pattern and a geo-specific data of the device and configuration information of the device and applications resident on the device is compared to similar profiles and similar determined patterns of other devices. A suggested application is identified based on said comparing. | 04-04-2013 |
20130080397 | DATABASE RESTORE USING INCREMENTAL BACKUPS IN REVERSE ORDER - A full backup of a database is created at a first point in time. To restore the database to its state at a second point in time (after the full backup was created), a set of incremental backups, including the incremental backup that corresponds to the second point in time and incremental backups created between the first and second points in time, is used in reverse chronological order. For example, blocks in the full backup can be selectively overwritten with corresponding blocks from the incremental backups in reverse chronological order. | 03-28-2013 |
20130080387 | CONVERSION OF PHYSICAL COMPUTERS TO VIRTUALIZED ENVIRONMENTS METHOD AND SYSTEM - A method for converting a physical file system to a virtual file system of a virtual machine. The method includes initiating a new incremental physical to virtual conversion process, and analyzing a history of a plurality of prior incremental conversions to determine whether there exists at least one prior incremental conversion that failed. Upon determination that a prior failed incremental conversion occurred, the method further includes determining a correct chronological order of the plurality of prior incremental conversions, and determining an original failure point and any subsequent failure points. The prior incremental conversions are re-applied from each of said original failure point and said subsequent failure points in the correct chronological order with the most recent incremental conversion re-applied last. | 03-28-2013 |
20130073914 | STORAGE MANAGEMENT SYSTEMS AND METHODS - Storage management systems and methods are presented. In one embodiment, a method comprises: performing a hierarchical configuration information process, including accessing information regarding hierarchical relationships of components associated with a storage environment; performing a storage resource consumption detection process, including detecting consumption of storage resources included in the storage environment; and performing a coordinated consumption analysis process in which at least part of an analysis of the consumption of the storage resources is coordinated across multiple levels of an active spindle hierarchy. In one embodiment, a reaction process is performed. The reaction process can include performing an automated consumption notification process and an automated reclamation process based upon results of the storage resource consumption detection process. | 03-21-2013 |
20130073527 | DATA STORAGE DEDEUPLICATION SYSTEMS AND METHODS - Storage systems and methods are presented. In one embodiment, a variable length segment storage method comprises: receiving a data stream; performing a tailored segment process on the data stream, wherein at least one of a plurality of tailored segments include corresponding data of at least one of a plurality of variable length segments and alignment padding to align with boundaries of a fixed length de-duplication scheme; performing a de-duplication process on the plurality of tailored segments; and storing information corresponding to the result of the de-duplication process. In one embodiment, the tailored segment process includes adjusting the alignment padding of the at least one of a plurality of tailored segments, wherein an adjustment in the alignment padding of the at least one of a plurality of tailored segments corresponds to a modification in the at least one of the plurality of variable length segments. | 03-21-2013 |
20130069772 | METHOD AND SYSTEM FOR TACTILE SIGNALED AUTHENTICATION - A system and method of transmitting an authentication code includes automatically calculating a security code on a device executing a security program. The security program may periodically calculate a respective unique security code. In response to a user requesting the security code, the device automatically vibrates according to a pattern representing the security code. The pattern tactilely communicates the security code to the user. | 03-21-2013 |
20130061321 | Using Aggregated DNS Information Originating from Multiple Sources to Detect Anomalous DNS Name Resolutions - A DNS security system collects and uses aggregated DNS information originating from a plurality of client computers to detect anomalous DNS name resolutions. A server DNS security component receives multiple transmissions of DNS information from a plurality of client computers, each transmission of DNS information concerning a specific instance of a resolution of a specific DNS name. The server component aggregates the DNS information from the multiple client computers. The server component compares DNS information received from a specific client computer concerning a specific DNS name to aggregated DNS information received from multiple client computers concerning the same DNS name to identify anomalous DNS name resolutions. Where an anomaly concerning received DNS information is identified, a warning can be transmitted to the specific client computer from which the anomalous DNS information was received. | 03-07-2013 |
20130042310 | METHOD AND SYSTEM FOR AUTOMATIC AUTHENTICATION - A system and method for automatic authentication includes automatically calculating a security code on a computer running a security program. The security program resides on the same computer as a web browser. In response to a user signing into a web based account on a web site accessed by the web browser, automatically verifying that the security program is registered with the web based account. In response to a second factor security code entry request on the web based account, automatically entering the security code into the web based account. The security code is transmitted to the web site transparently to the user for login. | 02-14-2013 |
20130042139 | SYSTEMS AND METHODS FOR FAULT RECOVERY IN MULTI-TIER APPLICATIONS - A computer-implemented method for fault recovery in multi-tier applications may include: 1) identifying a plurality of clusters, 2) identifying a multi-tier application that includes a plurality of components, each cluster within the plurality of clusters hosting a component, 3) identifying a fault of a first component within the plurality of components on a first cluster within the plurality of clusters, the fault requiring a first recovery action, 4) identifying at least one dependency relationship involving the first component and a second component within the plurality of components on a second cluster within the plurality of clusters, 5) determining, based on the fault and the dependency relationship, that the second component requires a second recovery action to ensure that the multi-tier application operates correctly, and 6) performing the second recovery action on the second component. Various other methods, systems, and computer-readable media are also disclosed. | 02-14-2013 |
20130024925 | LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP) PROXY - Two factor LDAP authentication systems and methods are presented. In one embodiment, implementation of a method for authenticating a user through a two factor process includes: at an LDAP proxy server, receiving a BIND request from a client, wherein the BIND request is for authenticating a user associated with a username to an LDAP server, and wherein the BIND request comprises a password comprising a first factor security code and a second factor security code; stripping the second factor security code from the password; reconfiguring the BIND request with the password that is stripped of the second factor security code; forwarding the reconfigured BIND request to the LDAP server for authentication of the username using the first factor security code; performing authentication of the second factor security code; and positively authenticating the username to the LDAP server when the first factor security code and the second factor security code are authenticated in connection with the username. | 01-24-2013 |
20130024486 | METHOD AND SYSTEM FOR IMPLEMENTING HIGH AVAILABILITY STORAGE ON THINLY PROVISIONED ARRAYS - A method for storage allocation and reclamation in a storage device. The method includes executing a distributed computer system having a plurality of file systems accessing storage on a shared storage device, creating a physical storage allocation state map that indicates whether a plurality of data blocks comprising a range of data is allocated or unallocated, and consulting a free extent state map to identify free data blocks of the shared storage device. An allocation operation is performed causing the shared storage device to allocate storage a requested range of allocation. The physical storage allocation state map is updated in accordance with the requested range of allocation. Upon a subsequent reclamation process, the physical storage allocation state map is accessed to identify free previously allocated data blocks. Reclamation processing a subsequent performed on the identified free previously allocated data blocks. | 01-24-2013 |
20130024432 | METHOD AND SYSTEM FOR STORING DATA IN COMPLIANCE WITH A COMPRESSION HANDLING INSTRUCTION - A method for storing data in a storage system. In one embodiment, implementation of a method for storing data in compliance with a compression handling instruction includes: at a storage controller, receiving an object for storage within a data storage, wherein the object is in an original state; determining whether a compression handling instruction is received in association with the object; and executing the compression handling instruction when storing the object. | 01-24-2013 |
20130024428 | METHOD AND SYSTEM FOR A FAST FULL STYLE SYSTEM CHECK USING MULTITHREADED READ AHEAD - A method for file system checking in a storage device. The method includes executing a computer system having a plurality microprocessor cores, initiating a file system check operation by using a file system check agent that execute on the computer system and accesses a storage device, and validating a plurality of meta-data structures of the file system. The method further includes dividing and allocating the metadata structures among a plurality of worker threads. For each worker thread, data corresponding to the metadata structures is processed using a read ahead operation. file system check is processed to completion, wherein the read ahead operation feeds data corresponding to the metadata structures to each of the plurality of worker threads in parallel. | 01-24-2013 |
20120303558 | SYSTEMS AND METHODS FOR GENERATING MACHINE LEARNING-BASED CLASSIFIERS FOR DETECTING SPECIFIC CATEGORIES OF SENSITIVE INFORMATION - A computer-implemented method may include (1) identifying a plurality of specific categories of sensitive information to be protected by a DLP system, (2) obtaining a training data set for each specific category of sensitive information that includes a plurality of positive and a plurality of negative examples of the specific category of sensitive information, (3) using machine learning to train, based on an analysis of the training data sets, at least one machine learning-based classifier that is capable of detecting items of data that contain one or more of the plurality of specific categories of sensitive information, and then (4) deploying the machine learning-based classifier within the DLP system to enable the DLP system to detect and protect items of data that contain one or more of the plurality of specific categories of sensitive information in accordance with at least one DLP policy of the DLP system. | 11-29-2012 |
20120297374 | DYNAMIC INSERTION AND REMOVAL OF VIRTUAL SOFTWARE SUB-LAYERS - The disclosure is directed to dynamic insertion and removal of virtual software sub-layers. In one example, a virtual layer associated with a software application is virtually installed and activated in a computing device. A virtual sub-layer associated with a component of the software application is dynamically inserted in the virtual layer. The virtual layer remains active during the dynamic insertion of the virtual sub-layer. In certain embodiments, a process is executed from the virtual layer, a determination is made as to whether the process launched before or after the insertion of the virtual sub-layer, and the inserted virtual sub-layer is selectively made visible or invisible to the process based on the determination. | 11-22-2012 |
20120284776 | Techniques for Providing Access to Data in Dynamic Shared Accounts - Techniques for providing access to data in dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic shared accounts. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a first user associated with an account, identify a second user to have access to the account associated with the first user in the event the first user is unavailable to access data or perform functions associated with the account, map the second user to the account, and provide the second user access to the account based on the mapping and with access privileges associated with the first user. | 11-08-2012 |
20120284707 | METHOD AND SYSTEM FOR MIGRATING A SELECTED SET OF A VIRTUAL MACHINES BETWEEN VOLUMES - A method for migrating a selected set of virtual machines from a first volume to a second volume. The method includes receiving a list of virtual machines which are not migrating from a first volume to a second volume, accessing a host file system usage map of a host machine that indicates active blocks of the host file system, and accessing virtual file system usage maps of a plurality of virtual machines that indicate active blocks. A filter usage map that identifies the active blocks of the virtual machines which are not migrating is generated. The plurality of virtual machines are migrated from the first volume to the second volume, wherein the active blocks of the virtual file systems which are not migrating are skipped in accordance with the filter usage map. Subsequently, the metadata at the second volume is processed to reflect the virtual machines which were not migrated. | 11-08-2012 |
20120278761 | METHOD AND SYSTEM FOR MANAGING DUPLICATE ITEM DISPLAY - A system and method for displaying items in a list includes displaying a representation of duplicate items within the list as a visual attribute, wherein the duplicate items include a common body portion. In response to user interaction with the visual attribute, the list is expanded, wherein the expanding causes the display of the duplicate items. In response to user interaction with the visual attribute, the list is collapsed, wherein the collapsing causes the removal of the display of the duplicate items. | 11-01-2012 |
20120278580 | DATA STORAGE RECLAMATION SYSTEMS AND METHODS - Storage systems and methods are presented. In one embodiment, a storage reclamation method comprises performing a potential reclamation identification process, wherein the potential reclamation identification process includes determining if there is the potential for reclaiming storage resources; performing a reclamation process, wherein reclamation is performed on storage resources identified by the potential reclamation identification process as being eligible for reclamation, and wherein the storage resources correspond to free space associated with a data file; and performing a valid free space indication process, wherein a valid free space indication process includes forwarding a valid free space indication recognizable to an application as a valid free space indication when the application attempts to direct a read to the storage spaces reclaimed by the reclamation process. | 11-01-2012 |
20120271870 | METHOD AND SYSTEM FOR RECLAIMING STORAGE ON A SHARED STORAGE DEVICE OR INDEPENDENT OF THE MOUNT STATE OF A FILE SYSTEM - A method for storage reclamation in a shared storage device. The method includes executing a distributed computer system having a plurality of file systems accessing storage on a shared storage device, and initiating a reclamation operation by using a reclamation agent that accesses the shared storage device. The method further includes reading the file system data structure that represent unallocated storage blocks of one of the plurality of file systems that will undergo a reclamation operation. A plurality of I/O resources that are used to provide I/O to the unallocated storage blocks are then interrupted. Storage from the unallocated storage blocks is then reclaimed, and normal operation of the I/O resources that are used to provide I/O to the unallocated storage blocks is resumed. | 10-25-2012 |
20120271797 | REFERENCE VOLUME FOR INITIAL SYNCHRONIZATION OF A REPLICATED VOLUME GROUP - A method for using a reference volume for initial synchronization of a replicated volume group. The method includes initiating a replication and synchronization operation between a parent virtual machine and a child virtual machine, and specifying a parent virtual machine to be used for replication and a subsequent synchronization. The method further includes accessing a point in time snapshot of the parent virtual machine, coordinating with a secondary site to obtain an image of the parent reference volume at said point in time, and copying the common regions from a parent reference volume to a new volume. The differences between the parent reference volume and the new volume are transmitted and are applied to the new volume to synchronize the child virtual machine on the secondary site to the child virtual machine on the primary site, wherein the child and the parent may be in different virtual machine groups. | 10-25-2012 |
20120266210 | METHOD AND APPARATUS FOR CREATING AN INFORMATION SECURITY POLICY BASED ON A PRE-CONFIGURED TEMPLATE - A method and apparatus for creating a policy based on a pre-configured template is described. In one embodiment, source data having a tabular structure is identified. Further, one of multiple policy templates is used to automatically create a policy for detecting information from any one or more rows within the tabular structure of the source data. | 10-18-2012 |
20120260121 | SELECTING AN ALTERNATIVE PATH FOR AN INPUT/OUTPUT REQUEST - A first path for forwarding an I/O request from a host device to a disk in a disk array is identified. The first path includes two endpoints (a first initiator endpoint on the host device and a first target endpoint on the disk array) separated by a storage area network. In response to an indication that the first path is non-functional, a second path to the disk for the I/O request is identified as an alternative to the first path. The second path includes a second initiator endpoint and a second target endpoint and is identified by selecting a path from among those paths that have at least one endpoint that is different from the two endpoints of the first path. | 10-11-2012 |
20120260112 | CONTEXT SENSITIVE POWER MANAGEMENT FOR A RESOURCE - Power management systems and methods are presented. In one embodiment, implementation of a method for context specific power management of a resource, comprises: defining a context within which a resource operates, wherein the context is defined by one or more parameters; tracking a usage history of the resource operating within the context to determine passive user feedback related to a plurality of timeout values; and determining a timeout value for a current operation of the resource within the context based on the usage history. | 10-11-2012 |
20120260050 | DATA STORAGE RESOURCE MANAGEMENT SYSTEMS AND METHODS - Storage systems and methods are presented. In one embodiment, a data storage resource management method comprises: performing a data update process, including communicating a data update input output packet between a primary storage resource and a secondary storage resource, wherein corresponding data updates in the secondary storage resource are a mirror of data updates in the primary storage resource; and performing a reclamation process, including: communicating reclamation information in a reclamation input output packet through the same interface as the data update input output packet, wherein the reclamation input output packet is communicated between the primary storage resource and the secondary storage resource; and reclaiming storage locations on the secondary storage resource in accordance with reclamation information in the reclamation input output packet communicated between the primary storage resource and secondary storage resource. | 10-11-2012 |
20120260040 | POLICY FOR STORING DATA OBJECTS IN A MULTI-TIER STORAGE SYSTEM - A sliding window policy is implemented to manage database objects. At a first time, a first portion of a database object is allocated to a first tier of a multi-tier storage system. The first portion corresponds to a first specified percentage of the size of the database object at the first time and is selected according to information associated with the database object. The remaining portion of the database object at the first time is allocated to one or more other tiers. At a second (later) time, a second portion of the database object is allocated to the first tier. The second portion corresponds to a second specified percentage of the size of the database object at the second time and is also selected according to information associated with the database object. The remaining portion of the database object at the second time is allocated to the other tier(s). | 10-11-2012 |
20120260036 | STORAGE MANAGEMENT SYSTEMS AND METHODS - Storage management systems and methods are presented. In one embodiment, a storage management method comprises: establishing a cluster including one or more logical unit number storage components (LUNs) communicatively coupled to one or more host nodes, wherein one of the one or more nodes is a master host node; performing a LUN naming process wherein a master host node assigns a name to each of the one or more LUNs respectively, even if the one or more LUNS are communicatively coupled to a slave host node; and operating the cluster, wherein the one or more host nodes refer to the one or more LUNs by the name. In one embodiment, the master host node stores information associated with the name in a computer readable medium. The cluster can include one or more slave host nodes. | 10-11-2012 |
20120259972 | EXCLUSIVE IP ZONE SUPPORT SYSTEMS AND METHOD - Network resource monitoring systems and methods are presented. In one embodiment, a network resource monitoring method comprises: gathering network resource pre-monitoring information, including information indicating whether a network resource is associated with a zone, and if associated with a zone also gathering information indicating zone type; performing a network resource monitoring process on the network resource based on results of the gathered network resource pre-monitoring information; including performing a network resource monitoring process when the network resource is in a local zone that does not otherwise make available or share information with a global zone; and analyzing the results of the network resource monitoring process. In one embodiment, if the network resource is included in an exclusive IP zone. In one exemplary implementation, the network resource monitoring process comprises: ascertaining if a monitoring type trigger condition exists; performing a corresponding type of monitoring if the monitoring type trigger condition exists. | 10-11-2012 |
20120259849 | DETERMINING FILE OWNERSHIP OF ACTIVE AND INACTIVE FILES BASED ON FILE ACCESS HISTORY - File management systems and methods are presented. In one embodiment, implementation of a method for determining the accurate ownership of a file within a data system includes: identifying a first plurality of access events for a file, wherein the file is associated with a directory of related files; identifying a second plurality of access events for the related files within the directory, wherein access events in the first and second plurality of access events occur within a period; determining a pool of users accessing files within the directory within the period; and selecting a user from the pool of users as an inferred owner of the file based on access metrics related to the plurality of access events. | 10-11-2012 |
20120259823 | PARTITIONING A DIRECTORY WHILE ACCESSING THE DIRECTORY - A process for reading entries in a directory is initiated. A first index is maintained to indicate how far the read has progressed in the directory. If, during execution of the process, the directory is partitioned into subdirectories, then a second index is maintained for each of the subdirectories to indicate how far the read has progressed in each of the subdirectories. A third index that indicates how far the read has progressed in the partitioned directory is also maintained. | 10-11-2012 |
20120259820 | METHOD AND SYSTEM FOR RESTARTING FILE LOCK SERVICES AT AN ADOPTIVE NODE DURING A NETWORK FILESYSTEM SERVER MIGRATION OR FAILOVER - A method for file lock recovery in a distributed computer system. The method includes executing a distributed computer system having a plurality of nodes comprising a cluster, and initiating a network file system server fail over from one node of the cluster to an adoptive node of the cluster. File lock services are then stopped at the adoptive node. File lock services are subsequently restarted at the adoptive node, wherein the restart causes the adoptive node to commence a grace period for other network file system clients to connect to the adoptive node and reclaim file locks. After restarting file lock services, a cluster file system is updated on the adoptive node with process identifiers, and file lock services are resumed at the adoptive node. The cluster file system can be simultaneously exposing the file lock services to other clients as well, like CIFS, etc. | 10-11-2012 |
20120259819 | METHOD AND SYSTEM FOR PERFORMING A CLEAN FILE LOCK RECOVERY DURING A NETWORK FILESYSTEM SERVER MIGRATION OR FAILOVER - A method for file lock recovery in a distributed computer system. The method includes executing a distributed computer system having a plurality of nodes comprising a cluster, and initiating a network file system server migration from one node of the cluster to a different node of the cluster. A migration count is incremented, wherein the migration count is stored at each of the nodes comprising the cluster. File lock services are paused at each of the nodes comprising the cluster. The network file system server migration is completed at the different node of the cluster. The migration count is then decremented in response to the completion. File lock services are then resumed at each of the nodes comprising cluster. | 10-11-2012 |
20120254269 | MANAGING PERFORMANCE WITHIN AN ENTERPRISE OBJECT STORE FILE SYSTEM - A file system is disclosed that includes an application wide name space instantiated in a global index (Gindex) that is used for accessing objects related to an application. Summary workload statistics are monitored and calculated via a calibrated hierarchical service level agreement (SLA) in a method of operation that includes: establishing a tenant wide name space used for accessing objects of an application stored in physical file systems across one or more appliances, each defining a storage cluster, in association with a tenant logically spanning across the appliances; and monitoring a performance statistic for the application across the tenant. | 10-04-2012 |
20120254268 | APPLICATION WIDE NAME SPACE FOR ENTERPRISE OBJECT STORE FILE SYSTEM - A file system is disclosed that includes an application wide name space used for accessing objects related to an application. The file system includes one or more appliances. Each of the appliances logically define a storage cluster, for instance, a cluster file system. The file system also includes a tenant that logically spans across the one or more appliances. The file system also includes one or more physical file systems arranged within each of the one or more appliances. Further, one or more bucket sets define one or more corresponding physical file systems of a corresponding appliance for the tenant. The system also includes an application wide object name space that is used for accessing objects of an application, wherein the objects are stored in the physical file systems by bucket set across the one or more appliances in association with the tenant. | 10-04-2012 |
20120254111 | GLOBAL INDEXING WITHIN AN ENTERPRISE OBJECT STORE FILE SYSTEM - A file system is disclosed that includes an application wide name space instantiated in a global index (Gindex) that is used for accessing objects related to an application. Using the Gindex, a method for cache coherency includes establishing one or more appliances, each defining a storage cluster; establishing one or more tenants spanning across appliances, wherein an application stores objects in file systems associated with the appliances and tenants; establishing a Gindex including metadata relating to objects stored in association with the application; replicating the Gindex to plurality of data centers supporting the tenants; storing an original object at a first data center; storing a cached copy of the object at a second data center; aligning the cached copy using metadata for the object from a local copy of the Gindex. | 10-04-2012 |
20120246721 | METHOD AND APPARATUS FOR DETERMINING SOFTWARE TRUSTWORTHINESS - Aspects of the invention relate to a method, apparatus, and computer readable medium for determining software trustworthiness. In some examples, a software package identified as including at least one file of unknown trustworthiness is installed on a clean machine. A report package including a catalog of files that have been installed or modified on the clean machine by the software package is generated. Identification attributes for each of the files in the catalog is determined. Each of the files in the catalog is processed to assign a level of trustworthiness thereto. The report package is provided as output. | 09-27-2012 |
20120246598 | SYSTEMS AND METHODS FOR DISPLAYING TRUSTWORTHINESS CLASSIFICATIONS FOR FILES AS VISUALLY OVERLAID ICONS - A computer-implemented method for displaying trustworthiness classifications for files as visually overlaid icons may include (1) identifying a file, (2) identifying a file icon that graphically represents the file within a file manager interface on a computing device, (3) obtaining a trustworthiness classification assigned to the file that identifies the trustworthiness of the file, and then (4) visually overlaying the file icon with a trustworthiness icon that graphically represents the trustworthiness classification assigned to the file. Various other systems, methods, and computer-readable media are also disclosed. | 09-27-2012 |
20120240229 | SYSTEMS AND METHODS FOR LOOKING UP ANTI-MALWARE METADATA - A computer-implemented method for looking up anti-malware metadata may include identifying a plurality of executable objects to be scanned for malware before execution. The computer-implemented method may also include, for each executable object within the plurality of executable objects, assessing an imminence of execution of the executable object. The computer-implemented method may further include prioritizing, based on the assessments, a retrieval order for anti-malware metadata corresponding to the plurality of executable objects. The computer-implemented method may additionally include retrieving anti-malware metadata corresponding to an executable object within the plurality of executable objects based on the retrieval order. Various other methods, systems, and computer-readable media are also disclosed. | 09-20-2012 |
20120240181 | TECHNIQUES FOR SECURING A CHECKED-OUT VIRTUAL MACHINE IN A VIRTUAL DESKTOP INFRASTRUCTURE - Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out. | 09-20-2012 |
20120240076 | METHOD AND SYSTEM FOR NOTIFICATION MANAGEMENT - A system and method for notification management includes collecting information for a number of objects within a management tool for security assets. The display of the information is displayed on a window of a graphical user interface of the management tool. In response to user interaction with the graphical user interface, a notification tool window of a notification tool is displayed. The notification tool window is layered over at least a portion of the window of the graphical user interface. In response to user interaction with the notification tool window, notification instructions are created for at least one of the number of objects based on a portion of the information of the window of the graphical user interface. The notification instructions are operable to cause the notification tool to communicate at least one notification communication to at least one recipient concerning at least one object. | 09-20-2012 |
20120215744 | TECHNIQUES FOR VIRTUAL ARCHIVING - Techniques for virtual archiving are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for performing virtual archiving comprising applying archiving rules to a backup catalog, generating a virtual archive catalog based at least in part on a result of applying archiving rules to the backup catalog, determining a backup image associated with the virtual archive catalog becoming expired and converting the backup image into an archive image. | 08-23-2012 |
20120198552 | METHOD, COMPUTER SOFTWARE, AND SYSTEM FOR PROVIDING END TO END SECURITY PROTECTION OF AN ONLINE TRANSACTION - Techniques for categorizing programs running on an information handling system. One method includes, while a program is running on an information handling system in a manner that permits the program to infect the information handling system, calculating a first score and a second score. The first score is indicative of the likelihood that the program is malicious; the second score is indicative of the likelihood that the program is valid. This method further includes categorizing the program with respect to the likelihood of the program infecting the information handling system, including by categorizing the program as valid code based on the second score being above a threshold value, regardless of the first score. | 08-02-2012 |
20120198443 | STORAGE RECLAMATION SYSTEMS AND METHODS - Efficient and effective storage reclamation systems and methods are presented. In one embodiment, a storage reclamation method comprises: receiving an indication from a virtual machine that a reclamation opportunity for reclamation of a physical storage resource is available; and performing a reclamation process of the physical storage resource in accordance with the indication from the virtual machine that the reclamation opportunity is available, wherein the reclamation process is performed while the virtual machine is running. The indication can be received from a virtual communication protocol (e.g., can include an in-band communication protocol, out-of band communication protocol, a socket based communication protocol or a serial character device communication protocol). | 08-02-2012 |
20120191918 | TECHNIQUES FOR DIRECTORY SERVER INTEGRATION - Techniques for directory server integration are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory server integration comprising setting one or more parameters determining a range of permissible expiration times for a plurality of cached directory entries, creating, in electronic storage, a cached directory entry from a directory server, assigning a creation time to the cached directory entry, and assigning at least one random value to the cached directory entry, the random value determining an expiration time for the cached directory entry within the range of permissible expiration times, wherein randomizing the expiration time for the cached directory entry among the range of permissible expiration times for a plurality of cached directory entries reduces an amount of synchronization required between cache memory and the directory server at a point in time. | 07-26-2012 |
20120185447 | Systems and Methods for Providing Increased Scalability in Deduplication Storage Systems - A computer-implemented method for providing increased scalability in deduplication storage systems may include ( | 07-19-2012 |
20120174112 | APPLICATION RESOURCE SWITCHOVER SYSTEMS AND METHODS - Registry information systems and methods are presented. In one embodiment, an application resource switchover method comprises receiving a switchover indication wherein the switchover indication includes an indication to switchover execution of at least one service of an application running on a primary system resource to running on a secondary system resource; performing a switchover preparation process, wherein the switchover preparation process includes automatically generating a switchover plan including indications of switchover operations for performance of a switchover process; and performing the switchover process in which the at lease one of the application services is brought up on the secondary system resource in accordance with the plan of switchover operations. In one embodiment, automatically generating a plan of switchover operations includes analyzing the switchover indication, wherein the analyzing includes determining a type of switchover corresponding to the switchover indication. There can be a variety of switchover types (e.g., a migration switchover, a recovery switchover, etc.). | 07-05-2012 |
20120159177 | System and Method for Website Authentication Using a Shared Secret - A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer. | 06-21-2012 |
20120159081 | DEDUPLICATION-AWARE PAGE CACHE - An access request that includes a combination of a file identifier and an offset value is received. If the page cache does not contain the page indexed by the combination, then the file system is accessed and the offset value is mapped to a disk location. The file system can access a block map to identify the location. A table (e.g., a shared location table) that includes entries (e.g., locations) for pages that are shared by multiple files is accessed. If the aforementioned disk location is in the table, then the requested page is in the page cache and it is not necessary to add the page to the page cache. Otherwise, the page is added to the page cache. | 06-21-2012 |
20120158659 | HOST BASED SOFTWARE BLOCK LEVEL REPLICATION USING METADATA INDICATING CHANGED DATA OBJECTS AT SOURCE AND SECONDARY NODES - A host-based replication snapshot method. The method includes synchronizing a set of data objects stored at both a replication source node and a secondary node. The method further includes identifying changed data objects out of the set of data objects from the replication source node that have been modified during a time period between a first time and a subsequent second time. Metadata indicating the changed data objects from the replication source node is transmitted to the secondary node. A snapshot is then generated at the second time on the secondary node by using the metadata. | 06-21-2012 |
20120151501 | CONFIGURATION REGISTRY SYSTEMS AND METHODS - Registry information systems and methods are presented. In one embodiment, an application dedicated registry hive method comprises: performing application dedicated registry hive agent operations, including: an online initiation phase in which a system independent application dedicated registry hive from a shared resource is loaded into the system namespace; a monitoring phase in which status of the system independent application dedicated registry hive is monitored; and an offline initiation phase in which the system independent application dedicated registry hive is unloaded from the system namespace; and performing an application dedicated registry hive driver filter process, including redirecting read and write operations to the system independent application dedicated registry hive. The system independent application dedicated registry hive can include a registry content file and a corresponding transaction log file. | 06-14-2012 |
20120151363 | SYSTEMS AND METHODS FOR DISPLAYING A DYNAMIC LIST OF VIRTUAL OBJECTS WHEN A DRAG AND DROP ACTION IS DETECTED - A computer-implemented method to display a dynamic list of virtual objects is described. An activity relating to a management object is detected. A dynamic list of virtual objects is displayed on a screen. The virtual objects are possible recipients of the management object. A determination is made as to whether the activity relating to the management object is terminated. The display of the dynamic list of virtual objects on the screen is terminated when the activity relating to the management object is terminated. | 06-14-2012 |
20120151164 | SYSTEM AND METHOD FOR OPTIMIZING REPLICATION - Embodiments of the present invention are directed to a method and system for optimizing replication within a storage system utilizing multiple tiers by using tier-specific replication modes. The method includes receiving, within an electronic system having a plurality of tiers, an access request for a portion of storage associated with a first tier of the plurality of tiers and accessing a replication attribute corresponding to the first tier and also corresponding to a replication mode. The method further includes sending the access request to the portion of storage; and replicating the access request to a remote storage wherein the replicating is based on the replication mode and wherein each of the plurality of tiers have associated therewith a respective replication attribute defining a respective replication mode. | 06-14-2012 |
20120147203 | TECHNIQUES FOR PROVIDING IMPROVED PERPETRATOR IMAGING - Techniques for providing improved perpetrator imaging are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing improved perpetrator imaging comprising identifying a client device as at least one of lost and stolen, detecting, on the client device, a difference in first pixel data associated with a first frame of a visual image and second pixel data associated with a second frame of the visual image, and capturing, on the client device, a plurality of photographs in response to detecting the difference. | 06-14-2012 |
20120144488 | COMPUTER VIRUS DETECTION SYSTEMS AND METHODS - Systems and methods for computer virus detection are presented. In one embodiment; an computer virus detection method includes: receiving an indication of a change to a file; performing a virus analysis process, including executing the changes to the file in a virtual machine and examining results of the executing the changes; and handling the file based upon the virus analysis. The virus analysis can be performed in a system in which the change to the file occurs. Handling the file can include treating the file as potentially infected with a virus based upon the virus analysis. In one exemplary implementation, examining the results includes comparing the results of executing the changes to the file to other results from executing changes to another file, wherein the file is identified as potentially infected with a virus if the examining results indicates the results of executing the changes to the file are similar to results from executing changes to another file. Examining results includes examining behavior resulting from executing the file (e.g., examining system calls, etc.). Outcome of the examining results can be forwarded for utilization in developing virus data sets. | 06-07-2012 |
20120117650 | IP-BASED BLOCKING OF MALWARE - A security module on a client monitors file download activities at the client and reports hosting website data to a security server. A download analysis module at the security server receives a hosting website data report from the client, where the hosting website data report describes a domain name and an IP address of a website hosting a file the client is attempting to download. The download analysis module analyzes the domain name and IP address of the website to generate file download control data indicating whether to allow downloading of the file to the client. The download analysis module reports the file download control data to the security module of the client. The security module uses the file download control data to selectively block downloading of the file. | 05-10-2012 |
20120117035 | FILE SYSTEM CONSISTENCY CHECK ON PART OF A FILE SYSTEM - A file system that includes multiple logical devices can be subdivided into multiple containers. The containers each include respective non-overlapping sets of the logical devices. An amount of memory allocated to a container is dynamic. A set of the containers can be selected for a file system consistency check. The file system consistency check is performed on only the set of the containers instead of on the entire file system. | 05-10-2012 |
20120109921 | INODE SYSTEMS AND METHODS - Systems and methods for inode use are presented. In one embodiment; an inode reuse method includes: receiving an indication of an operation that involves access to file related information; assigning an inode to the access; identifying one of a plurality of inode reuse scenarios for the inode; and making the inode available for reuse in accordance with the one of the plurality of inode reuse scenarios. In one embodiment, the one of the plurality of inode reuse scenarios is a relatively expedited reuse scenario. In one exemplary implementation, the relatively expedited inode reuse scenario is utilized if the inode is not required for further processing associated with the operation. The inode can be reused for another immediately subsequent operation. In one embodiment, a first one of the plurality of inode reuse scenarios includes placing the inode at a head queue position of a use queue and a second one of the plurality of inode reuse scenarios includes placing the inode in a tail queue position of the use queue. Association of the inode to the inode reuse scenario can be tracked. The tracking can include flagging the inode for relatively expedited reuse. | 05-03-2012 |
20120109897 | SYSTEM AND METHOD FOR OPTIMIZING MIRROR CREATION - Embodiments of the present invention are directed to a method and system for optimizing mirror creation. The method includes receiving, within an electronic system, a request for creating a mirror of a portion of a volume and accessing a data structure comprising information about a plurality of regions of the volume. The method further includes determining a plurality of regions comprising non-zeros of the volume based on the data structure and copying only the plurality of regions comprising non-zeros to create the mirror. | 05-03-2012 |
20120096535 | One Time Password - A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s. | 04-19-2012 |
20120096516 | Software Signing Certificate Reputation Model - A request from a software developer is received to digitally sign software included in the request. A security policy associated with the software developer is accessed where the security policy describes criteria for valid request by the software developer. A determination is made whether the request is valid based at least in part on the security policy. The software is digitally signed responsive to the determination indicating that the request is valid. The digitally signed software is provided to the software developer. | 04-19-2012 |
20120095971 | ONLINE FILE SYSTEM CONSISTENCY CHECK - A lock is acquired on a data structure. Content in the data structure is read and verified while the lock is held. The lock is then released, and then the file system components that are referred to by the data structure are verified. In essence, a file system consistency check of the file system components is performed offline in the background while the data structure remains accessible. | 04-19-2012 |
20120095970 | IDENTIFYING UNREFERENCED FILE SYSTEM COMPONENTS - A list of data structures (e.g., inodes) can be accessed, and the data structures in the list can be examined. If a data structure is examined, a counter value associated with the data structure is changed to a generation number that is associated with the examination. Subsequently, the counter values can be used to identify unreferenced data structures. More specifically, the counter value for an unreferenced data structure will be different from the generation number for the most recently performed examination. | 04-19-2012 |
20120072766 | FAULT HANDLING SYSTEMS AND METHODS - Systems and methods for fault handling are presented. In one embodiment, a fault handling method includes: performing an error type detection process including determining if an error is a media error or a connectivity error; performing a detachment determination process to establish an appropriate detachment scenario, wherein the appropriate detachment scenario includes not detaching any mirrors if the connectivity error involves all mirrors; and returning an application write with a failure. In one embodiment, the detachment determination process detaches a mirror in accordance with results of a read-write-back process. In one exemplary implementation, the detachment determination process includes a connectivity status inquiry and mirrors are detached in accordance with results of the connectivity status inquiry. In one exemplary implementation, the connectivity status inquiry includes a SCSI connectivity inquiry. In one embodiment, consistency and synchronization is maintained between the mirrors by utilizing a read-write-back operation. | 03-22-2012 |
20120072393 | SELECTIVE VIRTUAL MACHINE IMAGE REPLICATION SYSTEMS AND METHODS - Systems and methods for fault handling are presented. In one embodiment, a fault handling method includes: performing an information collection process, wherein the information collection process includes collecting information regarding guest operating system files of a virtual machine; performing a selective replication region identification process, wherein the selective replication region identification process includes identifying regions associated with a selective amount of the guest operating system files; and performing a replication process based upon result of the replication region identification process. In one embodiment, the selective replication region identification process includes identifying regions associated with files of interest. The selective replication region identification process can include identifying regions associated with temporary files. The information regarding files can include a list of regions used by the files after loopback mounting of a virtual disk file, a list of regions which have been modified on the virtual disk file and regions associated with metadata that has changed. | 03-22-2012 |
20120047115 | EXTENT REFERENCE COUNT UPDATE SYSTEM AND METHOD - Systems and methods for extent reference count updates are presented. In one embodiment; a reference count update method includes: receiving an indication of new reference association with an extent of a shared storage component; generating reference count update log information for a reference count update log to indicate the new reference association with an extent of a shared storage component, wherein the altering occurs inline; forwarding a successful data update indicator to initiator of activity triggering the new reference association with the extent of the shared storage component; and updating a reference count table in accordance with the information in the reference count update log, wherein the updating is included in a background process. | 02-23-2012 |
20120042255 | METHOD AND SYSTEM FOR ANOMALY DETECTION AND PRESENTATION - A system and method for anomaly detection and presentation. The method of anomaly detection and presentation comprises receiving information for a plurality of traits from a plurality of servers. A first server has fewer of the plurality of traits than a second server. A first trait is on fewer of the plurality of servers than a second trait. The plurality of servers is rendered in a graphical display wherein the first server is positioned to one side of the second server based on respective numbers of traits had by the first and second servers. The first trait is rendered in the graphical display to one side of the second trait based on respective numbers of systems having the first and second traits. A table may be displayed in a cell in response to a user request. Anomalous traits may be displayed in an anomaly table. | 02-16-2012 |
20120042063 | METHOD AND SYSTEM FOR LINK COUNT UPDATE AND SYNCHRONIZATION IN A PARTITIONED DIRECTORY - A method of updating a link count in a partitioned directory shared by a plurality of computers within a cluster. The partitioned directory is traversed once by a first computer to obtain a link count. The link count is stored in the first computer and broadcast to a cluster of computers. A total number of allocated links is less than a maximum limit on link count minus the link count. A respective number of links is allocated to each computer within the cluster. Delta values of each computer are updated in real-time as subdirectories are created/erased. A delta value associated with each of the plurality of computers is received. A delta value represents a net number of links created or removed by each computer. The link count is updated based on the previous link count and further based on each of the delta values and further based a delta value associated with the first computer. The updated link count is stored by the first computer and broadcast to the plurality of computers. | 02-16-2012 |
20120042062 | METHOD AND SYSTEM FOR PARTITIONING DIRECTORIES - A method of partitioning directory. Accesses, e.g., shared/exclusive, and/or waiting requests, e.g., shared/exclusive, to access one or more files with a directory are monitored, e.g., incrementing/decrementing respective counters. The waiting requests are queued to be granted at a later time. The directory is determined to be primed for partitioning if a number of waiting requests to access the directory is greater than a threshold value of a plurality of heuristics and optionally further based on satisfying the condition for at least a programmable time threshold period. A trigger signal is automatically generated if the directory is primed for partitioning. The trigger signal causes a file system to partition the directory. It is appreciated that the plurality of heuristics is user programmable. | 02-16-2012 |
20120041923 | METHOD AND SYSTEM FOR EFFICIENTLY READING A PARTITIONED DIRECTORY INCIDENT TO A SERIALIZED PROCESS - A method of reading data from a partitioned directory incident to a serialized process. A first read and an offset value are received. A first data block in a modeled fully partitioned directory is identified based on the offset value and a predetermined number of entries associated with a buffer. It is determined whether the first data block in the fully partitioned directory is present in the actual partitioned directory. Zeros are written in the buffer if the first data block in the fully partitioned directory is not present in the actual partitioned directory otherwise the first data block associated with the actual partitioned directory is written to the buffer. A second data block is similarly read by a second read operation and written. The second data block is associated with a second subdirectory, selected based on a horizontal node traversal at a node level of said first subdirectory. | 02-16-2012 |
20120036106 | Data Replication Techniques Using Incremental Checkpoints - Incremental checkpoint, for use in data replication, track the changes made to a file system after a point in time at which the incremental checkpoint is created. Data replication techniques using the incremental checkpoints may include taking a regular checkpoint of the file system and creating the first time full copy on remote node using the regular checkpoint. Changes made to the file system are then tracked in an incremental checkpoint that are stored on the remote node. The processes of taking the incremental checkpoint and storing the incremental checkpoint are iteratively performed. The first time fully copy and the incremental checkpoints may then be used for data replication, backup, continuous data protection (CDP), or the like. | 02-09-2012 |
20120030469 | Streamlined CSR Generation, Certificate Enrollment, and Certificate Delivery - The process of acquiring SSL certificates for enterprise SSL customers is improved by reducing the number of steps used to acquire the SSL certificate and streamlining the process. An on-line CSR generator on the certificate enrollment form is used to submit the customer information (i.e. Common Name, Organizational Unit, Organization, City/Locality, State/Province, and Country Code) and generate the CSR. By making the CSR generation part of the enrollment process, the administrator can use the same enrollment form to submit the customer information along with the contact information pertinent to the enterprise. | 02-02-2012 |
20120016840 | VIRTUAL MACHINE AWARE REPLICATION METHOD AND SYSTEM - A method for replicating a virtual file system of a virtual machine. The method includes accessing a host file system usage map of a host machine that indicates active blocks out of a plurality of blocks of the host file system, and accessing a virtual file system usage map of a virtual machine that indicates active blocks out of a plurality of blocks of the virtual file system. A merged usage map is generated from information of the host file system usage map and the virtual file system usage map that identifies active blocks of the host file system associated with the virtual file system. The virtual file system is then replicated at a replication destination in accordance with the merged usage map. | 01-19-2012 |
20120011499 | TECHNIQUES FOR INTERACTION WITH A GUEST VIRTUAL MACHINE - Techniques for inter-virtual machine communication are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for interaction with a guest virtual machine comprising monitoring image loads into electronic memory of a guest virtual machine using a secure virtual machine, identifying a memory structure having a specified format, and performing, using the secure virtual machine, at least one of reading one or more portions of the identified memory structure and setting a value in the identified memory structure. | 01-12-2012 |
20120011161 | PERMISSION TRACKING SYSTEMS AND METHODS - Systems and methods for permission maintenance are presented. In one embodiment, a permission maintenance method includes: gathering permission indication information including permission indications associated with various stored information; analyzing the permission indication information including analyzing potential permission indication origination; and creating interface presentation information based upon results of the analyzing the permission indications, wherein the interface presentation information includes information related to potential origination of a permission indication. The gathering can include scanning a file system and collecting active directory information. The analyzing can include determining the type of access a principal is given to a file. The analyzing can also include determining if a principal is associated with a group and the type of permissions given to the group. In one exemplary implementation, the permission indication information is organized in accordance with potential permission indication origination. In one embodiment, the interface presentation information is presented in a Graphical User Interface, including a permission indicator and the information related to potential origination of the permission indicator. | 01-12-2012 |
20120005751 | Systems and Methods for Creating Customized Confidence Bands for Use in Malware Detection - A computer-implemented method for creating customized confidence bands for use in malware detection may include 1) identifying a portal for receiving executable content, 2) identifying metadata relating to the portal, 3) analyzing the metadata to determine what risk executable content received via the portal poses, and then 4) creating, based on the analysis, a confidence band to apply during at least one disposition of executable content received via the portal. Various other methods, systems, and computer-readable media are also disclosed. | 01-05-2012 |
20120005750 | Systems and Methods for Alternating Malware Classifiers in an Attempt to Frustrate Brute-Force Malware Testing - A computer-implemented method for alternating malware classifiers in an attempt to frustrate brute-force malware testing may include (1) providing a group of heuristic-based classifiers for detecting malware, wherein each classifier within the group differs from all other classifiers within the group but has an accuracy rate that is substantially similar to all other classifiers within the group, (2) including the group of classifiers within a security-software product, and (3) alternating the security-software product's use of the classifiers within the group in an attempt to frustrate brute-force malware testing by (a) randomly selecting and activating an initial classifier from within the group and then, upon completion of a select interval, (b) replacing the initial classifier with an additional classifier randomly selected from within the group. Various other methods, systems, and computer-readable media are also disclosed. | 01-05-2012 |
20120005164 | CLUSTER CONFIGURATION SYSTEMS AND METHODS - Systems and methods for cluster maintenance are presented. In one embodiment a cluster configuration method includes: maintaining configuration information associated with a first node and a second node, including cluster configuration version information; evaluating the first node as a potential configuration update node for the second node, including evaluating an indication of potential partial snapshot update availability based upon the configuration information associated with the first node and configuration information associated with the second node; performing an update type selection, including continued analysis of partial snapshot update availability; and performing an update for the second node in accordance with results of the update type selection. Evaluating the first node as a potential configuration update node can include comparing an available configuration version indication associated with the first node to the available cluster configuration version indication associated with the second node. | 01-05-2012 |
20110321040 | Systems and Methods for Sharing the Results of Analyses Among Virtual Machines - A computer-implemented method may include performing a first analysis on at least one file of a master virtual machine and inserting, into the master virtual machine, information that indicates at least one result of the first analysis. The computer-implemented method may also include maintaining at least one additional virtual machine that is based on the master virtual machine. The computer-implemented method may further include directing the additional virtual machine to reference the information in the master virtual machine instead of performing a second analysis on at least one file of the additional virtual machine. Various other systems, methods, and computer-readable media are also disclosed. | 12-29-2011 |
20110307529 | AUTOMATICALLY RECLAIMING MEMORY SPACE - A method, in one embodiment, can include determining whether an administrative task for a file system is to be performed within a thin storage memory array. Furthermore, if the administrative task for the file system is to be performed, a determination is made as to whether memory space is freed up while performing the administrative task. If memory space is freed up while performing the administrative task, a determination is made as to whether the freed up memory space satisfies a predefined contiguous memory space threshold. If the predefined contiguous memory space threshold is satisfied by the freed up memory space, a determination is made as to whether a memory space reclamation process is to be performed. If the memory space reclamation process is to be performed, the freed up memory space is reclaimed from the file system. | 12-15-2011 |
20110282917 | SYSTEM AND METHOD FOR EFFICIENT RESOURCE MANAGEMENT - Embodiments of the present invention are directed to a method and system for managing resources. The method includes receiving a request, within an electronic system, which corresponds to an object of a file system and accessing a local data structure. The data structure comprises information corresponding to a plurality of inode numbers. The method further includes performing the request and updating the local data structure based on the request. The updating of the local data structure is independent of a plurality of data structures of a cluster of servers. | 11-17-2011 |
20110282834 | CONTINUOUS REPLICATION IN A DISTRIBUTED COMPUTER SYSTEM ENVIRONMENT - A method for implementing continuous data replication in a distributed computer system. The method includes receiving a forwarded data object write I/O from a data server. The method further includes examining attribute information of the data object to determine a consistency group for the data object. A replication policy is examined in view of the consistency group of the data object to determine a destination redundancy server. The data object write I/O is forwarded to the destination redundancy server for storage. An acknowledgment is then sent to the data server upon storage of the data object in the destination redundancy server. | 11-17-2011 |
20110282830 | DETERMINING WHETHER TO RELOCATE DATA TO A DIFFERENT TIER IN A MULTI-TIER STORAGE SYSTEM - In general, a block of data in a data file is stored in a multi-tier storage system. The block of data includes multiple rows and multiple entry values per row, including values for a particular entry. The values of the particular entry in the data block can be used to determine whether to move the data block to a different tier of a multi-tier storage system. The block of data can then either be relocated in a different tier or kept in the current tier. | 11-17-2011 |
20110271341 | BEHAVIORAL SIGNATURE GENERATION USING CLUSTERING - A behavioral signature for detecting malware is generated. A computer is used to collect behavior traces of malware in a malware dataset. The behavior traces describe sequential behaviors performed by the malware. The behavior traces are normalized to produce malware behavior sequences. Similar malware behavior sequences are clustered together. The malware behavior sequences in a cluster describe behaviors of a malware family. The cluster is analyzed to identify a behavior subsequence common to the cluster's malware family. A behavior signature for the malware family is generated using the behavior subsequence. A trace of new malware is normalized and aligned with an existing cluster, if possible. The behavioral signature for that cluster is generated based on the behavior sequence of the new malware and the other sequences in the cluster. | 11-03-2011 |
20110271069 | DISMOUNTING A STORAGE VOLUME - In response to an instruction to dismount a storage volume, for example, an object in the storage volume is identified and a handle that references the object is closed. Once an exclusive lock on the storage volume is acquired, the storage volume can be dismounted. The storage volume can then remounted. | 11-03-2011 |
20110264865 | TECHNIQUES FOR DIRECTORY SERVER INTEGRATION - Techniques for directory server integration are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory server integration comprising setting one or more parameters determining a range of permissible expiration times for a plurality of cached directory entries, creating, in electronic storage, a cached directory entry from a directory server, assigning a creation time to the cached directory entry, and assigning at least one random value to the cached directory entry, the random value determining an expiration time for the cached directory entry within the range of permissible expiration times, wherein randomizing the expiration time for the cached directory entry among the range of permissible expiration times for a plurality of cached directory entries reduces an amount of synchronization required between cache memory and the directory server at a point in time. | 10-27-2011 |
20110264781 | TECHNIQUES FOR DIRECTORY DATA RESOLUTION - Techniques for directory data resolution are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory data resolution comprising receiving data identifying one or more groups of interest of a directory server, traversing, using a processor, one or more directory entries contained in hierarchical directory data, the traversal starting at a directory entry corresponding to a current group of interest, reading a first directory entry to identify a member contained in the first directory entry, adding, in the event a member is contained in the first directory entry, the current group of interest to a mapping for the member. The method may also include use of caching and recursion. | 10-27-2011 |