| SYMANTEC CORPORATION Patent applications |
| Patent application number | Title | Published |
|---|
| 20120117650 | IP-BASED BLOCKING OF MALWARE - A security module on a client monitors file download activities at the client and reports hosting website data to a security server. A download analysis module at the security server receives a hosting website data report from the client, where the hosting website data report describes a domain name and an IP address of a website hosting a file the client is attempting to download. The download analysis module analyzes the domain name and IP address of the website to generate file download control data indicating whether to allow downloading of the file to the client. The download analysis module reports the file download control data to the security module of the client. The security module uses the file download control data to selectively block downloading of the file. | 05-10-2012 |
| 20120117035 | FILE SYSTEM CONSISTENCY CHECK ON PART OF A FILE SYSTEM - A file system that includes multiple logical devices can be subdivided into multiple containers. The containers each include respective non-overlapping sets of the logical devices. An amount of memory allocated to a container is dynamic. A set of the containers can be selected for a file system consistency check. The file system consistency check is performed on only the set of the containers instead of on the entire file system. | 05-10-2012 |
| 20120109921 | INODE SYSTEMS AND METHODS - Systems and methods for inode use are presented. In one embodiment; an inode reuse method includes: receiving an indication of an operation that involves access to file related information; assigning an inode to the access; identifying one of a plurality of inode reuse scenarios for the inode; and making the inode available for reuse in accordance with the one of the plurality of inode reuse scenarios. In one embodiment, the one of the plurality of inode reuse scenarios is a relatively expedited reuse scenario. In one exemplary implementation, the relatively expedited inode reuse scenario is utilized if the inode is not required for further processing associated with the operation. The inode can be reused for another immediately subsequent operation. In one embodiment, a first one of the plurality of inode reuse scenarios includes placing the inode at a head queue position of a use queue and a second one of the plurality of inode reuse scenarios includes placing the inode in a tail queue position of the use queue. Association of the inode to the inode reuse scenario can be tracked. The tracking can include flagging the inode for relatively expedited reuse. | 05-03-2012 |
| 20120109897 | SYSTEM AND METHOD FOR OPTIMIZING MIRROR CREATION - Embodiments of the present invention are directed to a method and system for optimizing mirror creation. The method includes receiving, within an electronic system, a request for creating a mirror of a portion of a volume and accessing a data structure comprising information about a plurality of regions of the volume. The method further includes determining a plurality of regions comprising non-zeros of the volume based on the data structure and copying only the plurality of regions comprising non-zeros to create the mirror. | 05-03-2012 |
| 20120096535 | One Time Password - A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s. | 04-19-2012 |
| 20120096516 | Software Signing Certificate Reputation Model - A request from a software developer is received to digitally sign software included in the request. A security policy associated with the software developer is accessed where the security policy describes criteria for valid request by the software developer. A determination is made whether the request is valid based at least in part on the security policy. The software is digitally signed responsive to the determination indicating that the request is valid. The digitally signed software is provided to the software developer. | 04-19-2012 |
| 20120095971 | ONLINE FILE SYSTEM CONSISTENCY CHECK - A lock is acquired on a data structure. Content in the data structure is read and verified while the lock is held. The lock is then released, and then the file system components that are referred to by the data structure are verified. In essence, a file system consistency check of the file system components is performed offline in the background while the data structure remains accessible. | 04-19-2012 |
| 20120095970 | IDENTIFYING UNREFERENCED FILE SYSTEM COMPONENTS - A list of data structures (e.g., inodes) can be accessed, and the data structures in the list can be examined. If a data structure is examined, a counter value associated with the data structure is changed to a generation number that is associated with the examination. Subsequently, the counter values can be used to identify unreferenced data structures. More specifically, the counter value for an unreferenced data structure will be different from the generation number for the most recently performed examination. | 04-19-2012 |
| 20120072766 | FAULT HANDLING SYSTEMS AND METHODS - Systems and methods for fault handling are presented. In one embodiment, a fault handling method includes: performing an error type detection process including determining if an error is a media error or a connectivity error; performing a detachment determination process to establish an appropriate detachment scenario, wherein the appropriate detachment scenario includes not detaching any mirrors if the connectivity error involves all mirrors; and returning an application write with a failure. In one embodiment, the detachment determination process detaches a mirror in accordance with results of a read-write-back process. In one exemplary implementation, the detachment determination process includes a connectivity status inquiry and mirrors are detached in accordance with results of the connectivity status inquiry. In one exemplary implementation, the connectivity status inquiry includes a SCSI connectivity inquiry. In one embodiment, consistency and synchronization is maintained between the mirrors by utilizing a read-write-back operation. | 03-22-2012 |
| 20120072393 | SELECTIVE VIRTUAL MACHINE IMAGE REPLICATION SYSTEMS AND METHODS - Systems and methods for fault handling are presented. In one embodiment, a fault handling method includes: performing an information collection process, wherein the information collection process includes collecting information regarding guest operating system files of a virtual machine; performing a selective replication region identification process, wherein the selective replication region identification process includes identifying regions associated with a selective amount of the guest operating system files; and performing a replication process based upon result of the replication region identification process. In one embodiment, the selective replication region identification process includes identifying regions associated with files of interest. The selective replication region identification process can include identifying regions associated with temporary files. The information regarding files can include a list of regions used by the files after loopback mounting of a virtual disk file, a list of regions which have been modified on the virtual disk file and regions associated with metadata that has changed. | 03-22-2012 |
| 20120047115 | EXTENT REFERENCE COUNT UPDATE SYSTEM AND METHOD - Systems and methods for extent reference count updates are presented. In one embodiment; a reference count update method includes: receiving an indication of new reference association with an extent of a shared storage component; generating reference count update log information for a reference count update log to indicate the new reference association with an extent of a shared storage component, wherein the altering occurs inline; forwarding a successful data update indicator to initiator of activity triggering the new reference association with the extent of the shared storage component; and updating a reference count table in accordance with the information in the reference count update log, wherein the updating is included in a background process. | 02-23-2012 |
| 20120042255 | METHOD AND SYSTEM FOR ANOMALY DETECTION AND PRESENTATION - A system and method for anomaly detection and presentation. The method of anomaly detection and presentation comprises receiving information for a plurality of traits from a plurality of servers. A first server has fewer of the plurality of traits than a second server. A first trait is on fewer of the plurality of servers than a second trait. The plurality of servers is rendered in a graphical display wherein the first server is positioned to one side of the second server based on respective numbers of traits had by the first and second servers. The first trait is rendered in the graphical display to one side of the second trait based on respective numbers of systems having the first and second traits. A table may be displayed in a cell in response to a user request. Anomalous traits may be displayed in an anomaly table. | 02-16-2012 |
| 20120042063 | METHOD AND SYSTEM FOR LINK COUNT UPDATE AND SYNCHRONIZATION IN A PARTITIONED DIRECTORY - A method of updating a link count in a partitioned directory shared by a plurality of computers within a cluster. The partitioned directory is traversed once by a first computer to obtain a link count. The link count is stored in the first computer and broadcast to a cluster of computers. A total number of allocated links is less than a maximum limit on link count minus the link count. A respective number of links is allocated to each computer within the cluster. Delta values of each computer are updated in real-time as subdirectories are created/erased. A delta value associated with each of the plurality of computers is received. A delta value represents a net number of links created or removed by each computer. The link count is updated based on the previous link count and further based on each of the delta values and further based a delta value associated with the first computer. The updated link count is stored by the first computer and broadcast to the plurality of computers. | 02-16-2012 |
| 20120042062 | METHOD AND SYSTEM FOR PARTITIONING DIRECTORIES - A method of partitioning directory. Accesses, e.g., shared/exclusive, and/or waiting requests, e.g., shared/exclusive, to access one or more files with a directory are monitored, e.g., incrementing/decrementing respective counters. The waiting requests are queued to be granted at a later time. The directory is determined to be primed for partitioning if a number of waiting requests to access the directory is greater than a threshold value of a plurality of heuristics and optionally further based on satisfying the condition for at least a programmable time threshold period. A trigger signal is automatically generated if the directory is primed for partitioning. The trigger signal causes a file system to partition the directory. It is appreciated that the plurality of heuristics is user programmable. | 02-16-2012 |
| 20120041923 | METHOD AND SYSTEM FOR EFFICIENTLY READING A PARTITIONED DIRECTORY INCIDENT TO A SERIALIZED PROCESS - A method of reading data from a partitioned directory incident to a serialized process. A first read and an offset value are received. A first data block in a modeled fully partitioned directory is identified based on the offset value and a predetermined number of entries associated with a buffer. It is determined whether the first data block in the fully partitioned directory is present in the actual partitioned directory. Zeros are written in the buffer if the first data block in the fully partitioned directory is not present in the actual partitioned directory otherwise the first data block associated with the actual partitioned directory is written to the buffer. A second data block is similarly read by a second read operation and written. The second data block is associated with a second subdirectory, selected based on a horizontal node traversal at a node level of said first subdirectory. | 02-16-2012 |
| 20120036106 | Data Replication Techniques Using Incremental Checkpoints - Incremental checkpoint, for use in data replication, track the changes made to a file system after a point in time at which the incremental checkpoint is created. Data replication techniques using the incremental checkpoints may include taking a regular checkpoint of the file system and creating the first time full copy on remote node using the regular checkpoint. Changes made to the file system are then tracked in an incremental checkpoint that are stored on the remote node. The processes of taking the incremental checkpoint and storing the incremental checkpoint are iteratively performed. The first time fully copy and the incremental checkpoints may then be used for data replication, backup, continuous data protection (CDP), or the like. | 02-09-2012 |
| 20120030469 | Streamlined CSR Generation, Certificate Enrollment, and Certificate Delivery - The process of acquiring SSL certificates for enterprise SSL customers is improved by reducing the number of steps used to acquire the SSL certificate and streamlining the process. An on-line CSR generator on the certificate enrollment form is used to submit the customer information (i.e. Common Name, Organizational Unit, Organization, City/Locality, State/Province, and Country Code) and generate the CSR. By making the CSR generation part of the enrollment process, the administrator can use the same enrollment form to submit the customer information along with the contact information pertinent to the enterprise. | 02-02-2012 |
| 20120016840 | VIRTUAL MACHINE AWARE REPLICATION METHOD AND SYSTEM - A method for replicating a virtual file system of a virtual machine. The method includes accessing a host file system usage map of a host machine that indicates active blocks out of a plurality of blocks of the host file system, and accessing a virtual file system usage map of a virtual machine that indicates active blocks out of a plurality of blocks of the virtual file system. A merged usage map is generated from information of the host file system usage map and the virtual file system usage map that identifies active blocks of the host file system associated with the virtual file system. The virtual file system is then replicated at a replication destination in accordance with the merged usage map. | 01-19-2012 |
| 20120011499 | TECHNIQUES FOR INTERACTION WITH A GUEST VIRTUAL MACHINE - Techniques for inter-virtual machine communication are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for interaction with a guest virtual machine comprising monitoring image loads into electronic memory of a guest virtual machine using a secure virtual machine, identifying a memory structure having a specified format, and performing, using the secure virtual machine, at least one of reading one or more portions of the identified memory structure and setting a value in the identified memory structure. | 01-12-2012 |
| 20120011161 | PERMISSION TRACKING SYSTEMS AND METHODS - Systems and methods for permission maintenance are presented. In one embodiment, a permission maintenance method includes: gathering permission indication information including permission indications associated with various stored information; analyzing the permission indication information including analyzing potential permission indication origination; and creating interface presentation information based upon results of the analyzing the permission indications, wherein the interface presentation information includes information related to potential origination of a permission indication. The gathering can include scanning a file system and collecting active directory information. The analyzing can include determining the type of access a principal is given to a file. The analyzing can also include determining if a principal is associated with a group and the type of permissions given to the group. In one exemplary implementation, the permission indication information is organized in accordance with potential permission indication origination. In one embodiment, the interface presentation information is presented in a Graphical User Interface, including a permission indicator and the information related to potential origination of the permission indicator. | 01-12-2012 |
| 20120005751 | Systems and Methods for Creating Customized Confidence Bands for Use in Malware Detection - A computer-implemented method for creating customized confidence bands for use in malware detection may include 1) identifying a portal for receiving executable content, 2) identifying metadata relating to the portal, 3) analyzing the metadata to determine what risk executable content received via the portal poses, and then 4) creating, based on the analysis, a confidence band to apply during at least one disposition of executable content received via the portal. Various other methods, systems, and computer-readable media are also disclosed. | 01-05-2012 |
| 20120005750 | Systems and Methods for Alternating Malware Classifiers in an Attempt to Frustrate Brute-Force Malware Testing - A computer-implemented method for alternating malware classifiers in an attempt to frustrate brute-force malware testing may include (1) providing a group of heuristic-based classifiers for detecting malware, wherein each classifier within the group differs from all other classifiers within the group but has an accuracy rate that is substantially similar to all other classifiers within the group, (2) including the group of classifiers within a security-software product, and (3) alternating the security-software product's use of the classifiers within the group in an attempt to frustrate brute-force malware testing by (a) randomly selecting and activating an initial classifier from within the group and then, upon completion of a select interval, (b) replacing the initial classifier with an additional classifier randomly selected from within the group. Various other methods, systems, and computer-readable media are also disclosed. | 01-05-2012 |
| 20120005164 | CLUSTER CONFIGURATION SYSTEMS AND METHODS - Systems and methods for cluster maintenance are presented. In one embodiment a cluster configuration method includes: maintaining configuration information associated with a first node and a second node, including cluster configuration version information; evaluating the first node as a potential configuration update node for the second node, including evaluating an indication of potential partial snapshot update availability based upon the configuration information associated with the first node and configuration information associated with the second node; performing an update type selection, including continued analysis of partial snapshot update availability; and performing an update for the second node in accordance with results of the update type selection. Evaluating the first node as a potential configuration update node can include comparing an available configuration version indication associated with the first node to the available cluster configuration version indication associated with the second node. | 01-05-2012 |
| 20110321040 | Systems and Methods for Sharing the Results of Analyses Among Virtual Machines - A computer-implemented method may include performing a first analysis on at least one file of a master virtual machine and inserting, into the master virtual machine, information that indicates at least one result of the first analysis. The computer-implemented method may also include maintaining at least one additional virtual machine that is based on the master virtual machine. The computer-implemented method may further include directing the additional virtual machine to reference the information in the master virtual machine instead of performing a second analysis on at least one file of the additional virtual machine. Various other systems, methods, and computer-readable media are also disclosed. | 12-29-2011 |
| 20110307529 | AUTOMATICALLY RECLAIMING MEMORY SPACE - A method, in one embodiment, can include determining whether an administrative task for a file system is to be performed within a thin storage memory array. Furthermore, if the administrative task for the file system is to be performed, a determination is made as to whether memory space is freed up while performing the administrative task. If memory space is freed up while performing the administrative task, a determination is made as to whether the freed up memory space satisfies a predefined contiguous memory space threshold. If the predefined contiguous memory space threshold is satisfied by the freed up memory space, a determination is made as to whether a memory space reclamation process is to be performed. If the memory space reclamation process is to be performed, the freed up memory space is reclaimed from the file system. | 12-15-2011 |
| 20110282917 | SYSTEM AND METHOD FOR EFFICIENT RESOURCE MANAGEMENT - Embodiments of the present invention are directed to a method and system for managing resources. The method includes receiving a request, within an electronic system, which corresponds to an object of a file system and accessing a local data structure. The data structure comprises information corresponding to a plurality of inode numbers. The method further includes performing the request and updating the local data structure based on the request. The updating of the local data structure is independent of a plurality of data structures of a cluster of servers. | 11-17-2011 |
| 20110282834 | CONTINUOUS REPLICATION IN A DISTRIBUTED COMPUTER SYSTEM ENVIRONMENT - A method for implementing continuous data replication in a distributed computer system. The method includes receiving a forwarded data object write I/O from a data server. The method further includes examining attribute information of the data object to determine a consistency group for the data object. A replication policy is examined in view of the consistency group of the data object to determine a destination redundancy server. The data object write I/O is forwarded to the destination redundancy server for storage. An acknowledgment is then sent to the data server upon storage of the data object in the destination redundancy server. | 11-17-2011 |
| 20110282830 | DETERMINING WHETHER TO RELOCATE DATA TO A DIFFERENT TIER IN A MULTI-TIER STORAGE SYSTEM - In general, a block of data in a data file is stored in a multi-tier storage system. The block of data includes multiple rows and multiple entry values per row, including values for a particular entry. The values of the particular entry in the data block can be used to determine whether to move the data block to a different tier of a multi-tier storage system. The block of data can then either be relocated in a different tier or kept in the current tier. | 11-17-2011 |
| 20110271341 | BEHAVIORAL SIGNATURE GENERATION USING CLUSTERING - A behavioral signature for detecting malware is generated. A computer is used to collect behavior traces of malware in a malware dataset. The behavior traces describe sequential behaviors performed by the malware. The behavior traces are normalized to produce malware behavior sequences. Similar malware behavior sequences are clustered together. The malware behavior sequences in a cluster describe behaviors of a malware family. The cluster is analyzed to identify a behavior subsequence common to the cluster's malware family. A behavior signature for the malware family is generated using the behavior subsequence. A trace of new malware is normalized and aligned with an existing cluster, if possible. The behavioral signature for that cluster is generated based on the behavior sequence of the new malware and the other sequences in the cluster. | 11-03-2011 |
| 20110271069 | DISMOUNTING A STORAGE VOLUME - In response to an instruction to dismount a storage volume, for example, an object in the storage volume is identified and a handle that references the object is closed. Once an exclusive lock on the storage volume is acquired, the storage volume can be dismounted. The storage volume can then remounted. | 11-03-2011 |
| 20110264865 | TECHNIQUES FOR DIRECTORY SERVER INTEGRATION - Techniques for directory server integration are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory server integration comprising setting one or more parameters determining a range of permissible expiration times for a plurality of cached directory entries, creating, in electronic storage, a cached directory entry from a directory server, assigning a creation time to the cached directory entry, and assigning at least one random value to the cached directory entry, the random value determining an expiration time for the cached directory entry within the range of permissible expiration times, wherein randomizing the expiration time for the cached directory entry among the range of permissible expiration times for a plurality of cached directory entries reduces an amount of synchronization required between cache memory and the directory server at a point in time. | 10-27-2011 |
| 20110264781 | TECHNIQUES FOR DIRECTORY DATA RESOLUTION - Techniques for directory data resolution are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory data resolution comprising receiving data identifying one or more groups of interest of a directory server, traversing, using a processor, one or more directory entries contained in hierarchical directory data, the traversal starting at a directory entry corresponding to a current group of interest, reading a first directory entry to identify a member contained in the first directory entry, adding, in the event a member is contained in the first directory entry, the current group of interest to a mapping for the member. The method may also include use of caching and recursion. | 10-27-2011 |
| 20110252270 | UPDATING A LIST OF QUORUM DISKS - A node in a server cluster is designated as a quorum disk. The node stores a list of other nodes in the server cluster also designated as quorum disks. The node can replace the first list with a second and more recent list of quorum disks only if the second list is updated on at least a simple majority of quorum disks on the first list. | 10-13-2011 |
| 20110252067 | INSERT OPTIMIZATION FOR B+ TREE DATA STRUCTURE SCALABILITY - A method, in one embodiment, can include receiving a key and associated data via a computing device. Furthermore, the method can include searching a B+ tree data structure using the key to find a leaf node. The B+ tree data structure is stored by a persistent storage coupled to the computing device. The B+ tree data structure can include a first plurality of nodes that each contains a key-value entry that is not maintained in a sorted order based on its key. In addition, the key and associated data are appended to the leaf node. A sector that includes the leaf node and the key and associated data can be flushed to the persistent storage. | 10-13-2011 |
| 20110246875 | DIGITAL WHITEBOARD IMPLEMENTATION - A computing system includes a touch screen display that can display a graphical user interface (GUI). The GUI includes a display region and a first plurality of GUI elements including a first GUI element associated with a tool. The tool is invoked when selection of the first GUI element is sensed by the touch screen display. The GUI also includes a second plurality of GUI elements including a second GUI element associated with a graphical object. The graphical object is displayed in the display region when selection of the second GUI element is sensed by the touch screen display and the graphical object is dragged-and-dropped to a position within the display region. | 10-06-2011 |
| 20110225624 | Systems and Methods for Providing Network Access Control in Virtual Environments - A computer-implemented method for providing network access control in virtual environments. The method may include: 1) injecting a transient security agent into a virtual machine that is running on a host machine; 2) receiving, from the transient security agent, an indication of whether the virtual machine complies with one or more network access control policies; and 3) controlling network access of the virtual machine based on the indication of whether the virtual machine complies with the one or more network access control policies. Various other methods, systems, and computer-readable media are also disclosed herein. | 09-15-2011 |
| 20110225266 | STORAGE SYSTEMS AND METHODS - Systems and methods for extent reference count updates are presented. In one embodiment; a reference count update method includes: receiving a plurality of data files associated with various modalities; performing an analysis on the data files including examining an impact of the plurality of data files on storage based upon a type of the modality; and forwarding resulting analysis information for presentation in a convenient user interface, including an indication of the impact of the plurality of data files on the storage based upon the type of the modality. In one embodiment the analysis includes resource consumption analysis of the storage associated with the type of modality. The analysis can include a cost analysis of the storage associated with the type of modality. The storage can be included in a cloud environment. | 09-15-2011 |
| 20110225214 | Systems and Methods for Garbage Collection in Deduplicated Data Systems - A computer-implemented method for garbage collection in deduplicated data systems may include: 1) identifying a deduplicated data system, 2) identifying at least one segment object added to the deduplicated data system during a garbage-collection process of the deduplicated data system, 3) locking the segment object to prevent removal of the segment object by the garbage-collection process, and 4) unlocking the segment object after the garbage-collection process. The method may allow a small possibility of incorrectly removing useful segment objects. The method may also verify data objects during the garbage-collection process and recover incorrectly removed segment objects. Various other methods, systems, and computer-readable media are also disclosed. | 09-15-2011 |
| 20110225211 | METHOD AND SYSTEM FOR PROVIDING DEDUPLICATION INFORMATION TO APPLICATIONS - A method of maintaining and providing information relating to file deduplication. A first portion of a first file and a second portion of a second file that contain a first content are identified. A first header associated with the first portion is created. The first header identifies the first portion and the second portion containing the first content. The first header is appended to a storage location of the first content of the first portion to form a first data structure for the first file. The first data structure is stored. The first data structure is provided to an application requesting the first file so that duplicate data processing can be avoided by the application. The first data structure is updated when the first file or the second file are altered. A similar process may occur to generate a data structure for the second file. | 09-15-2011 |
| 20110225199 | METHOD AND SYSTEM FOR IDENTIFICATION OF DATA OWNER IN AN UNSTRUCTURED DATA ENVIRONMENT - A system and method of identifying a data owner examining a plurality of criterion including access type, number of accesses at a given time and over the period of time selected, recentness of access, and permission levels of users. The method of file owner identification comprises collecting a plurality of samples including usage of a file by a plurality of users. A plurality of factors is calculated based on said plurality of users, wherein a respective factor is calculated for each of said plurality of users, wherein each factor is based on a plurality of use elements. Based on said plurality of factors, a file owner is determined of said file from among said plurality of users. The file owner may be communicated and/or displayed e.g., in a graph. | 09-15-2011 |
| 20110225129 | METHOD AND SYSTEM TO SCAN DATA FROM A SYSTEM THAT SUPPORTS DEDUPLICATION - An interface is disclosed that makes information obtained from a file deduplication process available to an application for the efficient operation thereof. A data deduplication repository is scanned to determine a plurality of file segments and respective checksum values associated with the segments. A data structure is generated that allows shared segments to be identified by indexing using a common checksum value. The segments also indicate the file to which they belong and may also include a timestamp value. This data structure is updated as files are modified, etc. The data structure is accessible to an application program so that the application program can readily determine which segments are shared between multiple files. With this information, the application can efficiently process the segment once rather than multiple times. Timestamps can be used by the application to efficiently identify only those segments that were accessed after a given time. | 09-15-2011 |
| 20110225095 | SYSTEM AND METHOD TO DEFINE, VISUALIZE AND MANAGE A COMPOSITE SERVICE GROUP IN A HIGH-AVAILABILITY DISASTER RECOVERY ENVIRONMENT - A method for defining and managing a composite service group for a cluster based computer system is disclosed. The method includes instantiating a plurality of application units on a cluster based computer system, wherein the application units implement a business service. The method further includes receiving a composite service group definition, wherein a composite service group enumerates application units, out of the plurality of application units, that implement the business service, and generating a consolidated status of the composite service group. The business service is then started (online)/stopped (offline)/migrated/failed-over/failed-back in accordance with the consolidated status, as a single unit, by using the composite service group. | 09-15-2011 |
| 20110219263 | FAST CLUSTER FAILURE DETECTION - A method and system for fast failure detection in a distributed computer system. The method includes executing a distributed computer system having a plurality of clusters comprising at least a first cluster, a second cluster and the third cluster, and initializing failure detection by creating a connected cluster list in each of the plurality of clusters, wherein for each one of the plurality of clusters, a respective connected cluster list describes others of the plurality of clusters said each one is communicatively connected with. A status update message is sent upon changes in connectivity between the plurality of clusters, and generating an updated connected cluster list in each of the plurality of clusters in accordance with the status update message. The method then determines whether the change in connectivity results from a cluster failure by examining the updated connected cluster list in each of the plurality of clusters. | 09-08-2011 |
| 20110219201 | COPY ON WRITE STORAGE CONSERVATION SYSTEMS AND METHODS - Systems and methods for copy on write storage conservation are presented. In one embodiment a copy on write storage conservation method includes creating and mounting a snapshot; mounting a snapshot; monitoring interest in the snapshot; initiating a copy on write discard process before a backup or replication is complete; and deleting the snapshot when the backup or replication is complete. In one embodiment the method also includes marking a file as do not copy on write. In one embodiment, the copy on write discard process includes discarding copy on write data when a corresponding read on the file in the snapshot is successful. Initiating a copy on write discard process can be done at a variety of levels (e.g., a file level, an extent level, a block-level, etc.). | 09-08-2011 |
| 20110219048 | Multiple File System and/or Multi-Host Single Instance Store Techniques - A multiple file system and/or multi-host single instance store technique includes receiving one or more commands and one or more parameters to create a single instance store, a plurality of volumes and one or more file systems. Information creating the plurality of volumes, including creating a plurality of thin volumes on top of a single instance store solution, are stored in a volume manager configuration file. Information creating the one or more file systems, wherein each file system is created on top of the plurality of volumes including the plurality of thin volumes, are stored in a file system configuration file. | 09-08-2011 |
| 20110213753 | Systems and Methods for Managing Application Availability - A computer-implemented method for managing application availability. The method may include identifying an application running on a first cluster node of a failover cluster and copying configuration data of the application to a storage location accessible by a second cluster node of the failover cluster. The method may also include detecting failure of the first cluster node, restoring the configuration data to the second cluster node, and executing the application on the second cluster node in accordance with the configuration data. Various other methods, systems, and computer-readable media are also disclosed herein. | 09-01-2011 |
| 20110208931 | Systems and Methods for Enabling Replication Targets to Reclaim Unused Storage Space on Thin-Provisioned Storage Systems - A computer-implemented method for enabling replication targets to reclaim unused storage space on thin-provisioned storage systems may include: 1) replicating data from a replication source to a replication target, 2) identifying unused storage space within the replicated data, 3) generating a reclamation request for reclaiming the unused storage space from a thin-provisioned storage system that provides thin-provisioned storage for the replication target, and then 4) issuing the reclamation request to the thin-provisioned storage system in order to reclaim the unused storage space from the thin-provisioned storage system. Various other related systems, methods, and configured computer-readable media are also disclosed. | 08-25-2011 |
| 20110202795 | DATA CORRUPTION PREVENTION DURING APPLICATION RESTART AND RECOVERY - Embodiments of the present invention are directed to a method and system for draining or aborting IO requests of a failed system prior to restarting or recovering an application in virtual environments. The method includes detecting, within an electronic system, an application error condition of an application executing on a virtual machine and determining an application restart target. The method further includes sending an input/output (IO) request drain command to a virtual IO server operable to provide storage to the virtual machine and receiving a signal that the IO requests have been drained. The drain command is operable to drain IO requests issued from the application. The application can then be restarted or recovered. | 08-18-2011 |
| 20110202734 | STORAGE SYSTEMS AND METHODS - Systems and methods for backup test restore are presented. In one embodiment a backup restore test method includes performing a backup process; performing a test restore virtual environment creation process, the test restore virtual environment including a plurality of virtual machines; and performing a test of the backup on the test restore virtual environment. The backup process can include backing up information associated with an application; identifying prerequisites associated with running the application; and backing up information associated with the prerequisites. The test restore virtual environment creation process can include gathering information identifying the prerequisites associated with the application; creating the plurality of virtual machines, wherein the plurality of virtual machines includes virtual machines corresponding to physical machines the application and perquisites run on; and bringing up the plurality of virtual machines utilizing the information from the backup process. | 08-18-2011 |
| 20110191555 | MANAGING COPY-ON-WRITES TO SNAPSHOTS - An attempt to write to a block of data in a main volume of data is detected. An indicator associated with the block of data is accessed before a copy-on-write operation to a snapshot volume is performed for the block of data. The indicator is used to determine whether the copy-on-write operation is to be performed for the block of data. | 08-04-2011 |
| 20110191341 | Systems and Methods for Sharing the Results of Computing Operations Among Related Computing Systems - A computer-implemented for sharing the results of computing operations among related computing systems may include: 1) identifying a need to perform a computing operation on a file, 2) identifying a unique identifier associated with the file, 3) determining, by using the unique identifier to query a shared store that is shared by a group of related computing systems, that at least one computing system within the group of related computing systems has previously performed the computing operation on an instance of the file, and then 4) retrieving the results of the computing operation from the shared store instead of performing the computing operation. Various other methods, systems, and computer-readable media are also disclosed. | 08-04-2011 |
| 20110191295 | MOUNTING APPLICATIONS ON A PARTIALLY REPLICATED SNAPSHOT VOLUME - A partial replication step shot method. The method includes receiving a first snapshot at a first time from a replication source and receiving a set of data objects from the replication source that have been modified during a time period between the first time and a subsequent second time. A second snapshot is generated at the second time on the replication source by using the set of data objects. An application is mounted onto the second snapshot prior to the set of data objects being received to completion. | 08-04-2011 |
| 20110167096 | Systems and Methods for Removing Unreferenced Data Segments from Deduplicated Data Systems - A computer-implemented method for removing unreferenced data segments from deduplicated data systems may include: 1) identifying a deduplicated data system that contains a plurality of data objects, 2) dividing the data objects within the deduplicated data system into a plurality of data object groups, 3) identifying, within the data object groups, at least one data object group that has changed subsequent to a prior garbage-collection operation that removed data segments that were not referenced by data objects within the deduplicated data system, 4) identifying at least one container within the deduplicated data system that contains data segments referenced by data objects within the changed data object group, and then, for each identified container, 5) removing data segments from the identified container that are not referenced by data objects within the deduplicated data system. Various other methods, systems, and computer-readable media are also disclosed. | 07-07-2011 |
| 20110161335 | LOCATING THE LATEST VERSION OF REPLICATED DATA FILES - A list of servers known to a client is compared with lists of servers stored on the servers. An instance of content (e.g., a data file) can be accessed from a server on the list if at least a simple majority of the servers have the same version of the list. | 06-30-2011 |
| 20110154092 | MULTISTAGE SYSTEM RECOVERY FRAMEWORK - A method and system for multi-staged recovery of a distributed computer system. The method includes receiving a failure event notification from at least one node of the distributed computer system and executing a plurality of recovery stages upon receiving the failure event notification by using a recovery manager, wherein each of the plurality of recovery stages performs a defined recovery task. The progress of recovery is tracked by using at least one state machine executed by the recovery manager, wherein the state machine reflects progress of each of the recovery stages. The progress of recovery is monitored to a completion by using the state machine and the recovery manager. | 06-23-2011 |
| 20110153977 | STORAGE SYSTEMS AND METHODS - Systems and methods for information storage replication are presented. In one embodiment a storage flow control method includes receiving a memory operation indication; performing a pre-reserve allocation process before proceeding with the memory operation, wherein the pre-reserve allocation process includes converting available unallocated memory space to allocated memory space if there is sufficient available unallocated memory space to perform the memory operation; executing the memory operation if the pre-reserve allocation process returns an indication there is sufficient memory space allocated to perform the memory operation; and aborting the memory operation if the pre-reserve allocation process returns an indication there is sufficient memory space allocated to perform the memory operation. In one embodiment, the memory operation is a write operation. The memory operation can be a write operation. | 06-23-2011 |
| 20110145818 | STORAGE VISIBILITY IN VIRTUAL ENVIRONMENTS - Embodiments of the present invention are directed to a method and system for making storage information available to virtual machines in virtual environments. A method includes sending a request, via an electronic system, for a plurality of storage attributes to a virtual storage access module. The virtual storage access module may facilitate access to storage for a virtual machine via a virtual access path. The method further includes receiving the plurality of storage attributes from the virtual storage access module and storing the plurality of storage attributes. In one embodiment, storing is operable to store the plurality of storage attributes such that they are available for use in storage management tasks. | 06-16-2011 |
| 20110145806 | DYNAMIC INSERTION AND REMOVAL OF VIRTUAL SOFTWARE SUB-LAYERS - The disclosure is directed to dynamic insertion and removal of virtual software sub-layers. In one example, a virtual layer associated with a software application is virtually installed and activated in a computing device. A virtual sub-layer associated with a component of the software application is dynamically inserted in the virtual layer. The virtual layer remains active during the dynamic insertion of the virtual sub-layer. In certain embodiments, a process is executed from the virtual layer, a determination is made as to whether the process launched before or after the insertion of the virtual sub-layer, and the inserted virtual sub-layer is selectively made visible or invisible to the process based on the determination. | 06-16-2011 |
| 20110145631 | ENHANCED CLUSTER MANAGEMENT - An embodiment of the present invention is directed to a method and system for making intelligent failover decisions within a server cluster. The method includes receiving temperature information and location information using RFID technology and detecting an error condition. The method further includes responsive to the error condition, selecting a failover target based on said temperature information and location information and transferring operations from a portion of a storage cluster to the failover target based on the selecting. | 06-16-2011 |
| 20110145357 | STORAGE REPLICATION SYSTEMS AND METHODS - Systems and methods for information storage replication are presented. In one embodiment a storage flow control method includes estimating in a primary data server what an outstanding request backlog trend is for a remote secondary data server; determining a relationship of an outstanding request backlog trend to a threshold; and notifying a client that the primary data server can not service additional requests if the trend exceeds the threshold. In one embodiment the estimating comprises: sampling a number of outstanding messages at a plurality of fixed time intervals; and determining if there is a trend in the number of outstanding messages over the plurality of fixed time intervals. It is appreciated the estimating can be performed in a variety of ways, (e.g., utilizing an average, a moving average, etc). Determining the trend can include determining if values monotonically increase. The estimating in the primary server can be performed without intruding on operations of the remote secondary data server. The primary data server and the secondary data server can have a variety of configurations (e.g., a mirrored configuration, a RAID5 configuration, etc.). | 06-16-2011 |
| 20110145207 | SCALABLE DE-DUPLICATION FOR STORAGE SYSTEMS - A method for performing storage system de-duplication. The method includes accessing a plurality of initial partitions of files of a storage system and performing a de-duplication on each of the initial partitions. For each duplicate found, an indicator comprising the metadata that is similar across said each duplicate is determined. For each indicator, indicators are determined that infer a likelihood that data objects with said indicators contain duplicate data is high. Optimized partitions are generated in accordance with the chosen indicators. A de-duplication process is subsequently performed on each of the optimized partitions. | 06-16-2011 |
| 20110126269 | SYSTEM AND METHOD FOR VIRTUAL DEVICE COMMUNICATION FILTERING - Embodiments of the present invention are directed to a method and system for virtual device communication filtering. The method includes receiving, within an electronic system, an instantiation request for a first virtual device and determining whether the first virtual device and a second virtual device are allowed to communicate based on an authorization record datastore. The method further includes modifying an authorization record of the authorization record datastore. The modifying comprises setting an indicator of a data filtering module to filter communication between the first virtual device and the second virtual device. A response can then be sent to the instantiation request. | 05-26-2011 |
| 20110126268 | SYSTEM AND METHOD FOR AUTHORIZATION AND MANAGEMENT OF CONNECTIONS AND ATTACHMENT OF RESOURCES - Embodiments of the present invention are directed to a method and system for authorization management and resource attachment. The method includes receiving, within an electronic system, a notification of an emulated device operable to be provisioned and updating an authorization record of an authorization record datastore. The updating of the authorization record comprises updating routing information related to communication of the emulated device and a virtual device. The method further includes receiving a request for initial instantiation or reconnection of the emulated device with the virtual device and determining whether the emulated device and the virtual device are allowed to communicate based on the authorization record datastore. A response to the request for instantiation or reconnection can then be sent. | 05-26-2011 |
| 20110125951 | DISTRIBUTED STORAGE THROUGH A VOLUME DEVICE ARCHITECTURE - A volume manager I/O method and system. The method includes determining a storage extent mapping of storage functionality of a plurality of storage devices and generating a logical disk extent based on the storage extent mapping. The logical disk extent is exported to a volume device component that is communicatively coupled to implement I/O for an application. An I/O request from the application is received via the volume device component. The I/O request is executed in accordance with the logical disk extent. | 05-26-2011 |
| 20110119461 | FILE SYSTEM QUOTA AND RESERVATION - A method, in one embodiment, can include allowing storage allocation of data of a file system within an object based storage system. Furthermore, the method can include determining if storage allocation usage for the file system is below a threshold. If the storage allocation usage for the file system is not below the threshold, a client is requested to flush its dirty data associated with the file system. After requesting a client flush, the method can include determining the storage allocation usage for the file system. In addition, the method can include determining periodically if the storage allocation usage has reached a quota. If the quota is reached, the quota is enforced for the data of the file system. | 05-19-2011 |
| 20110119460 | RESTRICTING ACCESS TO OBJECT BASED STORAGE - A method, in one embodiment, can include a server receiving a message to deactivate a partition key of an object based storage system. A token of the object based storage system is signed by the partition key. The object based storage system includes the server. Additionally, after receiving the message, the server can deactivate the partition key to block access to a partition of the object based storage system by a client. The server includes the partition. | 05-19-2011 |
| 20110119228 | SELECTIVE FILE SYSTEM CACHING BASED UPON A CONFIGURABLE CACHE MAP - A method for implementing selective file system caching. The method includes receiving I/O requests from an application and comparing each of the I/O requests with a configurable cache map, wherein the configurable cache map controls a selective caching based on an I/O type and a file type. Each of the I/O requests are processed to render caching decisions based on the configurable cache map. Selective caching is then implemented on each of the I/O requests in accordance with the caching decisions. | 05-19-2011 |
| 20110113466 | Systems and Methods for Processing and Managing Object-Related Data for use by a Plurality of Applications - A computer-implemented method for indexing data for use by a plurality of applications may include receiving a data object at a first application of a plurality of applications. The method may include tokenizing the common-form data object to extract tokens from the data object and creating an index of the tokens extracted from the data object, the index being formatted to be utilized by each of the plurality of applications. The method may further include storing the index in a database that is accessible by the plurality of applications. The plurality of applications may comprise two or more application types. Various other methods and systems are also disclosed. | 05-12-2011 |
| 20110107358 | MANAGING REMOTE PROCEDURE CALLS WHEN A SERVER IS UNAVAILABLE - A server node can monitor the status of servers in a server cluster. The node may receive an alert indicating that a server in the server cluster is unavailable. In response to the alert, the node can send instructions that cause pending remote procedure call requests to be canceled and then reissued to another server in the server cluster instead of to the first server. | 05-05-2011 |
| 20110107025 | SYNCHRONIZING SNAPSHOT VOLUMES ACROSS HOSTS - Prior to overwriting a block of data in a first volume of data on a primary host, the block of data is written to a first snapshot of the first volume. Subsequently, the first snapshot can be synchronized with a snapshot of a second volume of data on a secondary host, where the second volume is a replica of the first volume. To synchronize the snapshots, only a portion of the first snapshot (e.g., the block of data that was written to the first snapshot) is sent to the secondary host. | 05-05-2011 |
| 20110106863 | USING A PER FILE ACTIVITY RATIO TO OPTIMALLY RELOCATE DATA BETWEEN VOLUMES - A method for identifying data for relocation in a multivolume file system. The method includes generating a file location map, the file location map containing a list of the locations of files that occupy space on each of a plurality of volumes of the file system, wherein The file system comprising least a first volume and a second volume. The method further includes updating the file location map in accordance with changes in a file change log for the file system, and identifying data residing on the first volume of the file system by scanning the file location map. Using the identified data, a ratio of per-file activity during a first time period relative to overall file system activity over a second time period is calculated to derive a file activity ratio for each of the files of the identified data. Files are then selected for relocation based on the file activity ratio. | 05-05-2011 |
| 20110106862 | METHOD FOR QUICKLY IDENTIFYING DATA RESIDING ON A VOLUME IN A MULTIVOLUME FILE SYSTEM - A method for quickly identifying data residing on a volume in a multivolume file system. The method includes generating a file location map, the file location map containing a list of the locations of files that occupy space on each of a plurality of volumes of the file system. The file system comprises least a first volume and a second volume. The file location map is updated in accordance with changes in a file change log for the file system. Data residing on the first volume of the file system is identified by scanning the file location map. | 05-05-2011 |
| 20110106763 | STORAGE REPLICATION SYSTEMS AND METHODS - Systems and methods for information storage replication are presented. In one embodiment a replication method includes performing an intelligent synchronization process of selected portions of a primary image and intelligent verification of the accuracy of the replication. The intelligent synchronization process can include forwarding information if the information is in use (e.g., has been altered, written to, etc.) and the intelligent verification can be performed on the information in use. | 05-05-2011 |
| 20110103239 | FLOW SYSTEMS AND METHODS - Systems and methods for process flow tracking are presented. In one embodiment, a flow method comprises collecting records associated with flow for post analysis; performing a flow connection process associated with the flow, wherein the flow connection process examines information in a hash table and connects flow segments based upon connect ID; and performing a presentation process in which the flow is visualized, searched and traversed. In one exemplary implementation, a flow connection process utilizes a hash table that draws a correlation between the connect ID and a connect-start record or a connect-end record. | 05-05-2011 |
| 20110082836 | STORAGE REPLICATION SYSTEMS AND METHODS - Systems and methods for information storage replication are presented. In one embodiment, a namespace conversion process is performed. Node information regarding a file systems operation change is received. A changed node to pathname object conversion process is performed. An unchanged node to pathname object conversion process is performed. In one exemplary implementation, the changed node to pathname object conversion process and the unchanged node to pathname object conversion process utilize data structures that return the object indications and parent node indications. An object indication is inserted in a pathname. | 04-07-2011 |
| 20110082835 | PERIODIC FILE SYSTEM CHECKPOINT MANAGER - A periodic checkpoint method for a file system replication source. The method comprises generating a first checkpoint at a first time on a file system replication source and identifying a set of data objects from the replication source that have been modified during a time period between the first time and a subsequent second time. A periodic checkpoint is then generated at the second time on the file system replication source by using the set of data objects. | 04-07-2011 |
| 20110067101 | Individualized Time-to-Live for Reputation Scores of Computer Files - An individualized time-to-live (TTL) is determined for a reputation score of a computer file. The TTL is determined based on the reputation score and the confidence in the reputation score. The confidence can be determined based on attributes such as the reputation score, an age of the file, and a prevalence of the file. The reputation score is used to determine whether the file is malicious during a validity period defined by the TTL, and discarded thereafter. | 03-17-2011 |
| 20110067086 | Using Metadata In Security Tokens to Prevent Coordinated Gaming In A Reputation System - To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client. | 03-17-2011 |
| 20110055343 | METHOD AND APPARATUS FOR FILTERING EMAIL SPAM USING EMAIL NOISE REDUCTION - A method and system for filtering email spam using email noise reduction are described. In one embodiment, the method includes detecting, in an email message, data indicative of noise added to the email message to avoid spam filtering. The method further includes modifying the content of the email message to reduce the noise, and comparing the modified content of the email message with the content of a spam message. | 03-03-2011 |
| 20110055123 | Systems and Methods for Using Multiple In-line Heuristics to Reduce False Positives - An exemplary method for using multiple in-line heuristics to reduce false positives may include: 1) training a first heuristic using a set of training data, 2) deploying the first heuristic, 3) identifying false positives produced by the first heuristic during deployment, 4) modifying the training data to include the false positives produced by the first heuristic, 5) creating a second heuristic using the modified training data, 6) deploying both the first heuristic and the second heuristic, and then 7) applying both the first heuristic and the second heuristic, in sequence, to a set of field data. | 03-03-2011 |
| 20110035740 | Systems and Methods for Updating a Software Product - A method may include receiving a request to install a second version of a software product over a first version of the software product, installing the second version of the software product in a dormant state while the first version of the software product is running, and swapping the first and second versions of the software product by activating the second version of the software product and deactivating the first version of the software product. Various other methods, systems, and computer-readable media are also disclosed. | 02-10-2011 |
| 20110004585 | SYSTEM AND METHOD FOR BACKING UP A COMPUTER SYSTEM - A backup computer storage system that protects and/or recovers data on a primary computer storage system is disclosed. The backup computer system may be used to backup databases, files, and/or applications. The backup system may be used to backup an image of the primary computer system. The backup system may also be used to backup one or more databases. The backup system may replicate an image of data that is on a primary computer system. The backup system may also be used to restore data from the backup system to the primary computer system. The backup system may restore data to a database while non-affected portions of the database are available and can be used. The backup system may record all transactions in real time without overwriting any previously stored backup data. The backup system may maintain historical and/or chronological information related to the backed up data. | 01-06-2011 |
| 20100274980 | TECHNIQUES FOR SYSTEM RECOVERY USING CHANGE TRACKING - Techniques for system recovery using change tracking are disclosed. In one particular exemplary embodiment, the techniques may be realized as a computer implemented method for providing system recovery using change tracking comprising receiving a request to write to electronic storage, identifying a region in the electronic storage region associated with the write request, setting a region indicator identifying the electronic storage region as dirty, and setting one or more portion indicators identifying one or more dirty portions of the electronic storage region. | 10-28-2010 |
| 20100250858 | Systems and Methods for Controlling Initialization of a Fingerprint Cache for Data Deduplication - A computer-implemented method for controlling initialization of a fingerprint cache for data deduplication associated with a single-instance-storage computing subsystem may comprise: 1) detecting a request to store a data selection to the single-instance-storage computing subsystem, 2) leveraging a client-side fingerprint cache associated with a previous storage of the data selection to the single-instance-storage computing subsystem to initialize a new client-side fingerprint cache, and 3) utilizing the new client-side fingerprint cache for data deduplication associated with the request to store the data selection to the single-instance-storage computing subsystem. Other exemplary methods of controlling initialization of a fingerprint cache for data deduplication, as well as corresponding exemplary systems and computer-readable-storage media, are also disclosed. | 09-30-2010 |
| 20100235923 | Methods and Systems for Applying Parental-Control Policies to Media Files - A computer-implemented method may intercept a file-system call associated with a media file. The computer-implemented method may determine an attribute of the media file. The computer-implemented method may also identify a parental-control policy associated with the attribute of the media file. The computer-implemented method may further apply the parental-control policy to the media file. Various other methods, systems, and computer-readable media are also disclosed. | 09-16-2010 |
| 20100229169 | Methods and Systems for Merging Virtualization Sublayers - A computer-implemented method may include identifying first and second sublayers of a virtualized application. The first and/or second virtualization sublayers may include a read-write sublayer, a read-only sublayer, a virtual-reset-point sublayer, and/or a patch sublayer. The computer-implemented method may also include merging an instance of the first virtualization sublayer with an instance of the second virtualization sublayer. Various other methods, systems, and computer-readable media are also disclosed. | 09-09-2010 |
| 20100162395 | Methods and Systems for Detecting Malware - A method for detecting malware is disclosed. The method may include examining a plurality of metadata fields of a plurality of known-clean-executable files. The method may also include examining a plurality of metadata fields of a plurality of known-malicious-executable files. The method may further include deducing, based on information obtained from examining the plurality of metadata fields of the plurality of known-clean- and known-malicious-executable files, metadata-field attributes indicative of malware. Corresponding systems and computer-readable media are also disclosed. | 06-24-2010 |
| 20100162393 | Methods and Systems for Detecting Man-in-the-Browser Attacks - A computer-implemented method for detecting man-in-the-browser attacks may include identifying a transaction fingerprint associated with a web site. The method may also include tracking a user's input to the web site. The user's input may be received through a web browser. The method may further include intercepting an outgoing submission to the web site. The method may additionally include determining whether, in light of the transaction fingerprint, the user's input generated the outgoing submission. Various other methods, systems, and computer-readable media are also disclosed. | 06-24-2010 |
| 20100154056 | Context-Aware Real-Time Computer-Protection Systems and Methods - A computer-implemented method for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest may comprise: 1) detecting an event of interest, 2) identifying at least one file associated with the event of interest, 3) accessing contextual metadata associated with the event of interest, 4) accessing at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file, and then 5) determining, by applying the rule, whether to perform the security scan on the file. Corresponding systems and computer-readable media are also disclosed. | 06-17-2010 |
| 20100154027 | Methods and Systems for Enabling Community-Tested Security Features for Legacy Applications - A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed. | 06-17-2010 |
| 20100146122 | Balanced Consistent Hashing for Distributed Resource Management - A method, system, computer-readable storage medium and apparatus for balanced and consistent placement of resource management responsibilities within a multi-computer environment, such as a cluster, that are both scalable and make efficient use of cluster resources are provided. Embodiments reduce the time that a cluster is unavailable due to redistribution of resource management responsibilities by reducing the amount of redistribution of those responsibilities among the surviving cluster members. Embodiments further provide redistribution of resource management responsibilities based upon relative capabilities of the remaining cluster nodes. | 06-10-2010 |
| 20100083376 | METHOD AND APPARATUS FOR REDUCING FALSE POSITIVE DETECTION OF MALWARE - Method and apparatus for detecting malware are described. In some examples, files of unknown trustworthiness are identified as potential threats on the computer. A trustworthiness level for each of the files is received from a backend. The trustworthiness level of each of the files is compared to a threshold level. Each of the files where the trustworthiness level thereof satisfies the threshold level is designated as a false positive threat. Each of the files where the trustworthiness level thereof does not satisfy the threshold level is designated as a true positive threat. | 04-01-2010 |
| 20100077479 | METHOD AND APPARATUS FOR DETERMINING SOFTWARE TRUSTWORTHINESS - Aspects of the invention relate to a method, apparatus, and computer readable medium for determining software trustworthiness. In some examples, a software package identified as including at least one file of unknown trustworthiness is installed on a clean machine. A report package including a catalog of files that have been installed or modified on the clean machine by the software package is generated. Identification attributes for each of the files in the catalog is determined. Each of the files in the catalog is processed to assign a level of trustworthiness thereto. The report package is provided as output. | 03-25-2010 |
| 20100077445 | Graduated Enforcement of Restrictions According to an Application's Reputation - Security software on a client observes a request for a resource from an application on the client and then determines the application's reputation. The application's reputation may be measured by a reputation score obtained from a remote reputation server. The security software determines an access policy from a graduated set of possible access policies for the application based on the application's reputation. The security software applies the access policy to the application's request for the resource. In this way, the reputation-based system uses a graduated trust scale and a policy enforcement mechanism that restricts or grants application functionality for resource interactivity along a graduated scale. | 03-25-2010 |
| 20100064340 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO DATA THROUGH APPLICATION VIRTUALIZATION LAYERS - A computer-implemented method for controlling access to data is. A request to access data is received. A determination is made that an access-control policy of the data is satisfied. A virtualization layer is activated to allow access to the data after determining that the access-control policy is satisfied. Various other methods, systems, and computer-readable media are also disclosed. | 03-11-2010 |
| 20100017889 | Control of Website Usage Via Online Storage of Restricted Authentication Credentials - A client communicates with a website usage server via a network to gain access to an account on a website. The client requests an indication of whether user access to the account on the website is permitted. The website usage server determines whether website usage is permitted based at least in part on a website usage policy associated with the website and the user. The website usage server provides restricted authentication credentials to the website responsive to determining that access to the account is permitted. | 01-21-2010 |
| 20100017877 | METHODS AND SYSTEMS FOR DETERMINING FILE CLASSIFICATIONS - A computer-implemented method for determining file classifications. The method may include determining identification information of a first file stored on a first computing system. The method may also include querying a second computing system for classification information by sending the identification information of the first file to the second computing system. The first computing system may receive, in response to the query, identification information of a second file. The first computing system may also receive the classification information. The classification information may indicate that the first file and second file are trusted. The first computing system may use the identification information of the second file to determine that the second file is stored on the first computing system. The first computing system may also apply the classification information to the first and second files by excluding the first and second files from a security scan. | 01-21-2010 |
| 20090328209 | Simplified Communication of a Reputation Score for an Entity - A reputation server is coupled to multiple clients via a network. A security module in each client monitors client encounters with entities such as files, programs, and websites, and then computes a hygiene score based on the monitoring. The hygiene scores are then provided to the reputation server, which computes reputation scores for the entities based on the clients' hygiene scores and the interactions between the clients and the entity. When a particular client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The reputation score may comprises a statistical measure based on a number of other trustworthy or “good hygiene” clients that have a hygiene score above a threshold. The client communicates this reputation score to a user with a message indicating that the reputation score is based on other clients deemed trustworthy. | 12-31-2009 |
| 20090300199 | Methods and Media for a Protocol Abstraction Layer for Information Handling Systems - A method for communicating with remote devices wherein the method includes sending a request through an application programming interface (API), formatting the request and routing the request to a first connection associated with a first protocol. The method further includes mapping the request into a first command, wherein the first command conforms to the first protocol and sending the first command to a remote device. | 12-03-2009 |
| 20090300080 | SYSTEMS AND METHODS FOR TRACKING CHANGES TO A VOLUME - A computer-implemented method for tracking changes to a volume is disclosed. The method may comprise: 1) identifying a first snapshot of a volume, 2) identifying a window within which the first snapshot was created, the window beginning with a first point known to have occurred before the first snapshot and ending with a second point known to have occurred after the first snapshot, 3) identifying at least one change to the volume that occurred within the window, and 4) associating the at least one change that occurred within the window with both the first snapshot and a second snapshot created after the first snapshot. Corresponding systems and computer-readable media are also disclosed. | 12-03-2009 |
| 20090293125 | Centralized Scanner Database With Qptimal Definition Distribution Using Network Queries - A system and method detects malware on client devices based on partially distributed malware definitions from a central server. A server stores malware definitions for known malware. The server generates one or more filters based on the malware definitions and distributes the filter(s) to client devices. The server also distributes full definitions to the clients for a subset of the most commonly detected malware. The client device scans files for malware by first applying the filter to a file. If the filter outputs a positive detection, the client scans the file using the full definition to determine if the file comprises malware. If the full definition is not stored locally by the client, the client queries the server for the definition and then continues the scanning process. | 11-26-2009 |
| 20090288166 | SECURE APPLICATION STREAMING - A server includes a scanning module for determining whether an application is free of malware, a module for packaging the application into blocks for delivery via application streaming, a module for providing the blocks to a client on request, and a module for adding to each block an indication of whether the associated application has already been determined to be free of malware. A client includes a module for requesting blocks of a streamed application from the server. When the client receives a block, it employs a module for verifying that the associated applications have been determined to be free of malware by examining the indication provided by the server. If verification is successful, then the block's code is executed without first receiving and scanning any additional blocks from the server. | 11-19-2009 |
| 20090282476 | Hygiene-Based Computer Security - A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores. | 11-12-2009 |
| 20090249020 | TECHNIQUES FOR OPTIMIZING CONFIGURATION PARTITIONING - Techniques for optimizing configuration partitioning are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for configuration partitioning comprising a module for providing one or more policy managers, a module for providing one or more applications, the one or more applications assigned to one or more application groups, a module for associating related application groups with one or more blocks, and a module for assigning each of the one or more blocks to one of the one or more policy managers, wherein if one or more of the one or more blocks cannot be assigned to a policy manager, breaking the one or more blocks into the one or more application groups and assigning the one or more application groups to one of the one or more policy managers. | 10-01-2009 |
| 20090172793 | SYSTEMS AND METHODS FOR DELEGATING ACCESS TO ONLINE ACCOUNTS - Computer-implemented methods for delegating access to online accounts and for facilitating delegates' access to these online accounts are disclosed. In one embodiment, a method for delegating access to an online account comprises receiving a request to delegate access to a first online account to a first delegate, identifying the first online account, identifying a contact record for the first delegate, and delegating access to the first online account to the first delegate by associating the contact record for the first delegate with the first online account. Corresponding systems and computer-readable media are also disclosed. | 07-02-2009 |
| 20090158399 | Method and apparatus for processing a multi-step authentication sequence - A method of automating an authentication sequence for accessing a computer resource comprising processing form information associated with the authentication sequence, wherein the authentication sequence comprises a plurality of queries associated with a plurality of web pages; and communicating a response to a portion of the authentication sequence using form information that corresponds to a query upon recognition of indicia of the portion of the plurality of web pages where the portion comprises the query. | 06-18-2009 |
| 20090089523 | TECHNIQUES FOR VIRTUAL ARCHIVING - Techniques for virtual archiving are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for performing virtual archiving comprising applying archiving rules to a backup catalog, generating a virtual archive catalog based at least in part on a result of applying archiving rules to the backup catalog, determining a backup image associated with the virtual archive catalog becoming expired and converting the backup image into an archive image. | 04-02-2009 |
| 20090089338 | TECHNIQUES FOR FILE SYSTEM RECOVERY - Techniques for file system recovery are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for file system recovery comprising starting a recovery process for a failed node, utilizing the recovery process to read one or more committed but un-applied transactions from storage associated with the failed node, and recreating the one or more committed but un-applied transactions in memory associated with the recovery process. | 04-02-2009 |
| 20090007083 | TECHNIQUES FOR PARSING ELECTRONIC FILES - Techniques for parsing electronic files are disclosed. In one particular exemplary embodiment, the techniques may be realized as an apparatus for parsing electronic files comprising an input module operable to read one or more electronic files, a syntax element store, associated with one or more syntax elements, a mutation module operable to mutate one or more of the one or more syntax elements and parse the one or more electronic files read from the input module, and an output module operable to create one or more normalized electronic files from the one or more parsed electronic files. | 01-01-2009 |
| 20090006569 | Method and apparatus for creating predictive filters for messages - A method and apparatus for creating predictive filters for messages. In one embodiment, filter information is coupled to a reputation database. One or more filters for a message feature are generated if a reputation of the message feature is associated with one or more portions of the filter information. In one embodiment, SPAM filters are generated. In yet another embodiment, one or more message features are tested using heuristics. One or more message features are blacklisted based on a determination of the heuristics. One or more additional message filters are generated if a reputation of the message feature is associated with a blacklisted feature. | 01-01-2009 |
| 20090006535 | Techniques For Performing Intelligent Content Indexing - Techniques for intelligent content indexing are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for performing intelligent content indexing comprising indexing by one or more processes associated with a client an initial full set of data of the client to create an index of the client data, detecting a change in the client data, and modifying the index to reflect the change in the client data. | 01-01-2009 |
| 20080301081 | Method and apparatus for generating configuration rules for computing entities within a computing environment using association rule mining - A method and apparatus for generating computer configuration rules comprising receiving configuration data regarding a plurality of computers, analyzing the configuration data to determine associations within the configuration data, and generating configuration rules from a result of the analysis. | 12-04-2008 |
| 20080256594 | Method and apparatus for managing digital identities through a single interface - Method and apparatus for managing digital identities through a single interface is described. One aspect of the invention relates to managing digital identities related to a user. An identity policy of an entity is obtained. At least one relevant digital identity is selected from the digital identities. Each relevant digital identity includes information required by the identity policy. A selected digital identity is obtained from the relevant digital identity or identities. A representation of the selected digital identity is provided to the entity that complies with the identity policy. | 10-16-2008 |
| 20080244722 | Method and apparatus for accepting a digital identity of a user based on transitive trust among parties - Method and apparatus for accepting a digital identity of a user based on transitive trust among parties are described. One aspect of the invention relates to managing a digital identity of a user. The digital identity is provided to a first party, where the digital identity includes a self-asserted claim. An acceptance token is obtained from the first party. The acceptance token purports authenticity of the self-asserted claim according to the first party. The digital identity and the acceptance token are provided to a second party to request validation of the self-asserted claim by the second party based on the acceptance token. | 10-02-2008 |
| 20080244601 | Method and apparatus for allocating resources among backup tasks in a data backup system - Method and apparatus for allocating resources among backup tasks in a data backup system is described. One aspect of the invention relates to managing backup tasks in a computer network. An estimated resource utilization is established for each of the backup tasks based on a set of backup statistics. A resource reservation is allocated for each of the backup tasks based on the estimated resource utilization thereof. The resource reservation of each of the backup tasks is dynamically changed during performance thereof. | 10-02-2008 |
| 20080244032 | TECHNIQUES FOR HOST TO HOST TRANSFER OF SEQUENTIAL MEDIA AND USE OF PERSISTENT RESERVATION TO PROTECT MEDIA DURING HOST TO HOST TRANSFER - Techniques for host to host transfer of media and the use of persistent reservation to protect media during host to host transfer is disclosed. Exemplary embodiments may be realized as methods and systems for transferring a sequential media loaded in a drive from a first host to a second host without physically unloading the media. The first host may have a persistent reservation or non-persistent reservation of the drive. Likewise, the second host may have a persistent reservation or non-persistent reservation of the drive. Logical unload, logical load and preemption commands are utilized as is error recovery from a failed reservation. | 10-02-2008 |
| 20080229159 | FAILSAFE COMPUTER SUPPORT ASSISTANT - A computer running a host operating system in a host virtual machine includes a support operating system running in a support virtual machine. A support module running in the support operating system identifies and remediates defects associated with the host operating system. A monitoring module running in the support operating system identifies a defect associated with the host operating system and notifies the support module responsive to identification of the defect. A user interface is provided for the support module. The user interface can be through a web server or a support button associated with an input device of the computer. The user interface can be supported through input/output virtualization hardware of the computer. A host agent module executing in the host operating system can interact with the support module to remediate a defect associated with the host operating system. | 09-18-2008 |
| 20080209562 | Metamorphic Computer Virus Detection - The executions of computer viruses are analyzed to develop register signatures for the viruses. The register signatures specify the sets of outputs the viruses produce when executed with a given set of inputs. A virus detection system (VDS) ( | 08-28-2008 |
| 20080201602 | Method and apparatus for transactional fault tolerance in a client-server system - Method and apparatus for transactional fault tolerance in a client-server system is described. In one example, output data generated by execution of a service on a primary server during a current epoch between a first checkpoint and a second checkpoint is buffered. A copy of an execution context of the primary server is established on a secondary server in response to the second checkpoint. The output data as buffered is released from the primary server in response to establishment of the copy of the execution context on the secondary server. | 08-21-2008 |
| 20080201458 | Method and apparatus for flexible access to storage facilities - A method and apparatus for providing flexible access to storage resources in a storage area network is provided. One aspect of the invention relates to managing hosts and storage resources on a storage area network. At least one logical relationship among the storage resources is associated with each of a plurality of virtual identifiers. At least one of the plurality of virtual identifiers is then associated to an interface of each of the hosts. | 08-21-2008 |
