Patent application number | Description | Published |
20090089857 | IDENTITY-BASED ADDRESS NORMALIZATION - In various embodiments, techniques for identity-based address normalization are provided. A principal attempts to access a resource via a principal-supplied address. A principal identity for the principal is used to acquire one or more address patterns. The principal-supplied address is compared against the one or more address patterns and when a match is detected, the principal-supplied address is normalized according to policy associated with the matched pattern. Additional access limitations and security restrictions are then enforced in response to the normalized address. | 04-02-2009 |
20090300495 | SYSTEM AND METHOD FOR AN ADAPTIVE WIZARD UTILITY FOR GRAPHICAL USER INTERFACES - System and method for implementing an adaptive wizard utility for a graphical user interface (“GUI”) are described. In one embodiment, the method comprises, responsive to presentation of a page of the wizard utility to a user, monitoring user activity in connection with the page; analyzing the user activity to determine a current performance designation of the user; and modifying at least one page of the wizard utility based on the current performance designation of the user. | 12-03-2009 |
20100008584 | SYSTEM AND METHOD FOR DEVICE MAPPING BASED ON IMAGES AND REFERENCE POINTS - System and method for mapping a location of each of a plurality of devices in a data center. In one embodiment, the method comprises receiving image data comprising an image of at least a portion of the data center from a source; processing the image data to locate visual identifiers displayed in the image, wherein each of the visual identifiers is associated with one of the devices or with a spatial reference point; extracting the located visual identifiers and determining spatial coordinates for each of the identified visual identifiers from the image; and determining the spatial reference points from the image. The method further comprises developing groups based on extracted visual identifiers and spatial coordinates thereof and the spatial reference points, wherein allowances are made for an angle of the image, wherein each group comprises a subset of related ones of the devices; for each group, comparing each of the visual identifiers of the group with a key to determine information regarding the associated device to obtain processing results; and combining processing results corresponding to multiple images to remove redundant information and produce final results. | 01-14-2010 |
20100023996 | TECHNIQUES FOR IDENTITY AUTHENTICATION OF VIRTUALIZED MACHINES - Techniques for identity authentication of Virtual Machines (VM's) are provided. A VM is authenticated and once authenticated, each device interfaced to or accessible to the VM is also authenticated. When both the VM and each device are authenticated, the VM is granted access to a machine for installation thereon. | 01-28-2010 |
20100131641 | SYSTEM AND METHOD FOR IMPLEMENTING A WIRELESS QUERY AND DISPLAY INTERFACE - System and method for implementing a wireless query and display interface are disclosed. In one embodiment, the system includes a machine to be monitored and an end-point associated with the machine and comprising an interface, the end-point for connecting to the machine to be monitored via the interface. The system further includes a consolidator comprising an identity service and a Global Device Identity Listing (“GDIL”), the GDIL for maintaining a list of machines to be monitored using the system and a wireless device for viewing the list maintained by the GDIL and for issuing commands and queries related to one or more of the machines on the list. The end-point, the consolidator, and the wireless device are capable of wirelessly communicating with one another. | 05-27-2010 |
20100154037 | TECHNIQUES FOR NETWORK PROCESS IDENTITY ENABLEMENT - Techniques for network process identity enablement are provided. Inter-server communications within a network are intercepted so that unique identity-based information is gathered and recorded before a sending process is permitted to release a communication over the network to a receiving process. Moreover, the receiving process cannot process the communication being sent until identifying information is gathered again and independently validated against the prior recorded information. | 06-17-2010 |
20100251141 | Method of Sharing Information Associated with a Webpage - The invention discloses a method of sharing webpages between users. Webpages are shared by uploading information to a database as users browse the web. The information is then disseminated to other users visiting the webpage. The invention also discloses customized method of displaying information related to the webpage, including by methods of displaying comments by user and on set locations of the webpage. The invention also includes a method of finding new friends with similar interests, and a method of finding new friends based on the similarity of interests between users. | 09-30-2010 |
20110029500 | SYSTEM AND METHOD FOR FLOATING INDEX NAVIGATION - System and method for implementing a floating index navigation tool are described. In one embodiment, the method includes, in response to a user's updating a search term, building first and second search queries; issuing the first and second search queries to at least one database comprising a searchable index of content; and responsive to receipt of search results from the first and second search queries, displaying the first query search results in a first manner and displaying the second query search results in a second manner different than the first manner. | 02-03-2011 |
20110202714 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 08-18-2011 |
20110209064 | SYSTEM AND METHOD FOR PROVIDING VIRTUAL DESKTOP EXTENSIONS ON A CLIENT DESKTOP - The system and method described herein may identify one or more virtual desktop extensions available in a cloud computing environment and launch virtual machine instances to host the available virtual desktop extensions in the cloud. For example, a virtual desktop extension manager may receive a virtual desktop extension request from a client desktop and determine whether authentication credentials for the client desktop indicate that the client desktop has access to the requested virtual desktop extension. In response to authenticating the client desktop, the virtual desktop extension manager may then launch a virtual machine instance to host the virtual desktop extension in the cloud and provide the client desktop with information for locally controlling the virtual desktop extension remotely hosted in the cloud. | 08-25-2011 |
20110231552 | TECHNIQUES FOR INTELLIGENT SERVICE DEPLOYMENT - Techniques for intelligent service deployment are provided. Cloud and service data are evaluated to develop a service deployment plan for deploying a service to a target cloud processing environment. When dictated by the plan or by events that trigger deployment, the service is deployed to the target cloud processing environment in accordance with the service deployment plan. | 09-22-2011 |
20110231822 | TECHNIQUES FOR VALIDATING SERVICES FOR DEPLOYMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - Techniques for validating services for deployment in an intelligent workload management system are provided. A service is created with workloads and software products. Test modules are integrated into the service to test each of the products. The service with the test modules is executed and test results are produced. The test results are compared against known results and a decision is made to deploy the service to a cloud processing environment or to require the service to be retested. | 09-22-2011 |
20110231846 | TECHNIQUES FOR MANAGING SERVICE DEFINITIONS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - Techniques for managing service definitions in an intelligent workload management system are provided. Workloads and software products are assembled as a single unit with custom configuration settings. The single unit represents a recallable and reusable service definition for a service that can be custom deployed within designated cloud processing environments. | 09-22-2011 |
20110313982 | FILE MAPPING AND CONVERTING FOR DYNAMIC DISK PERSONALIZATION FOR MULTIPLE PLATFORMS - File mapping and converting for dynamic disk personalization for multiple platforms are provided. A volatile file operation is detected in a first platform. The file supported by the first platform. A determination is made that the file is sharable with a second platform. The volatile operation is performed on the file in the first platform and the modified file is converted to a second file supported by the second platform. The modified file and second file are stored in a personalized disk for a user. The personalized disk is used to modify base images for VMs of the user when the user accesses the first platform or second platform. The modified file is available within the first platform and the second file is available within the second platform. | 12-22-2011 |
20120066487 | SYSTEM AND METHOD FOR PROVIDING LOAD BALANCER VISIBILITY IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for providing load balancer visibility in an intelligent workload management system described herein may expand a role or function associated with a load balancer beyond handling incoming and outgoing data center traffic into supporting governance, risk, and compliance concerns that may be managed in an intelligent workload management system. In particular, the load balancer may establish external connections with destination resources in response to client devices establishing internal connections with the load balancer and then attach connection tracers to monitor the internal connections and the external connections. The connection tracers may then detect incoming traffic and outgoing traffic that the internal and external connections pass through the load balancer, and traffic tracers may collect data from the incoming traffic and the outgoing traffic, which the workload management system may use to manage the data center. | 03-15-2012 |
20120084844 | FEDERATION CREDENTIAL RESET - Techniques for federated credential reset are presented. A principal requests a credential reset with a first service. The first service provides a link to a third party service previously selected by the principal. The principal separately authenticates to the third party service and cause the third party service to send a federated token to the first service. When the federated token is received by the first service, the first service permits the principal to reset an original credential to a new credential for purposes of accessing the first service. | 04-05-2012 |
20120110329 | TECHNIQUES FOR MOBILE DEVICE AUTHENTICATION - A user authenticates a mobile device (MD) to a network-based service (NBS) for initial authentication. Policy is pushed from the NBS to the MD and the MD automatically obtains details about devices and attributes that are near or accessible to the MD in accordance with the policy. The details are pushed as a packet from the MD to the NBS and multifactor authentication is performed based on the details and the policy. If the multifactor authentication is successful, access privileges are set for the MD for accessing the NBS and perhaps for accessing local resources of the MD. | 05-03-2012 |
20120130936 | SYSTEM AND METHOD FOR DETERMINING FUZZY CAUSE AND EFFECT RELATIONSHIPS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified. As such, fuzzy logic may the be applied to any such patterns to determine possible relationships among the potential causes and the potential effects associated with the infrastructure operational state. | 05-24-2012 |
20120151132 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 06-14-2012 |
20120222041 | TECHNIQUES FOR CLOUD BURSTING - Techniques for automated and controlled cloud migration or bursting are provided. A schema for a first cloud in a first cloud processing environment is used to evaluate metrics against thresholds defined in the schema. When a threshold is reached other metrics for other clouds in second cloud processing environments are evaluated and a second cloud processing environment is selected. Next, a second cloud is cloned in the selected second cloud processing environment for the first cloud and traffic associated with the first cloud is automatically migrated to the cloned second cloud. | 08-30-2012 |
20120233625 | TECHNIQUES FOR WORKLOAD COORDINATION - Techniques for workload coordination are provided. An automated discovery service identifies resources with hardware and software specific dependencies for a workload. The dependencies are made generic and the workload and its configuration with the generic dependencies are packaged. At a target location, the packaged workload is presented and the generic dependencies automatically resolved with new hardware and software dependencies of the target location. The workload is then automatically populated in the target location. | 09-13-2012 |
20120271936 | TECHNIQUES FOR AUDITING AND CONTROLLING NETWORK SERVICES - Techniques for auditing and controlling network services are provided. A proxy is interposed between a principal and a network service. Interactions between the principal and the service pass through the proxy. The proxy selectively raises events and evaluates policy based on the interactions for purposes of auditing and controlling the network service. | 10-25-2012 |
20120284768 | TECHNIQUES FOR SECURE CHANNEL MESSAGING - Techniques for secure channel messaging are provided. Resources communicate with one another over temporary and secure communication channels. The channels come in and out of existence or switch between different channels using a variety of information and based on dynamic policy evaluation. In some situations, the channels are randomly generated using a variety of the information. Authorized resources are informed of the channels to use and when to use them for purposes of delivering and receiving messages to communicate. | 11-08-2012 |
20120300940 | DYNAMIC KEY MANAGEMENT - Apparatus, systems, and methods may operate to receive a public key associated with a public/private key pair at a key distribution handler, after a new workload and an associated key agent are created within a network of nodes. The associated key agent may be used to generate the key pair. Additional activity may include distributing, by the key distribution handler, the public key to other key agents associated with permitted workloads operating in the network. The public key may be used to overwrite or delete prior public keys for an authenticated workload identity associated with the new workload. Additional apparatus, systems, and methods are disclosed. | 11-29-2012 |
20120311344 | TECHNIQUES FOR SECURITY AUDITING OF CLOUD RESOURCES - Techniques for security auditing of cloud resources are provided. A virtual machine (VM) is captured and isolated when a session indicates that a session with the VM has terminated. Security checks are executed against the VM in the isolated environment. Results from the security checks are then reported. | 12-06-2012 |
20120324527 | TECHNIQUES FOR WORKLOAD SPAWNING - Techniques for spawning workloads are provided. A single repository is read once to obtain an image for a workload or files and resources for the image. The read operation spawns multiple, and in some cases, concurrent write operations, to instantiate the workload over a network as multiple occurrences or instances of the workload in multiple processing environments. | 12-20-2012 |
20130007840 | TECHNIQUES FOR PREVENT INFORMATION DISCLOSURE VIA DYNAMIC SECURE CLOUD RESOURCES - Techniques for preventing information disclosure via dynamic secure cloud resources are provided. Data (information) remotely housed on a particular cloud resource of a particular cloud is periodically, randomly, and dynamically changed to a different cloud resource within the same cloud or to a different cloud resource within an entirely different cloud. A requesting principal for the data is dynamically authenticated and a current location for the data is dynamically resolved and the principal is securely and dynamically connected to the current cloud resource and current cloud hosting the data for access. | 01-03-2013 |
20130055265 | TECHNIQUES FOR WORKLOAD TOXIC MAPPING - Techniques for toxic workload mapping are provided. A state of a target workload is recorded along with a configuration and state of an environment that is processing the workload. Micro valuations are taken, via statistical sampling, for metrics associated with the workload and for different combinations of resources within the environment. The sampling taken at micro second intervals. The valuations are aggregated to form an index representing a toxic mapping for the workload within the environment. The toxic mapping is mined, in view of policy, to provide conditions and scenarios that may be deemed problematic within the workload and/or environment. | 02-28-2013 |
20130111208 | TECHNIQUES FOR AUTHENTICATION VIA A MOBILE DEVICE | 05-02-2013 |
20130111540 | CLOUD PROTECTION TECHNIQUES | 05-02-2013 |
20130111543 | TECHNIQUES FOR CONTROLLING AUTHENTICATION | 05-02-2013 |
20130263213 | TECHNIQUES FOR IDENTITY AND POLICY BASED ROUTING - Techniques for identity and policy based routing are presented. A resource is initiated on a device with a resource identity and role assignments along with policies are obtained for the resource. A customized network is created for the resource using a device address for the device, the resource identity, the role assignments, and the policies. | 10-03-2013 |
20130283269 | SYSTEM AND METHOD FOR PROVIDING VIRTUAL DESKTOP EXTENSIONS ON A CLIENT DESKTOP - The system and method described herein may identify one or more virtual desktop extensions available in a cloud computing environment and launch virtual machine instances to host the available virtual desktop extensions in the cloud. For example, a virtual desktop extension manager may receive a virtual desktop extension request from a client desktop and determine whether authentication credentials for the client desktop indicate that the client desktop has access to the requested virtual desktop extension. In response to authenticating the client desktop, the virtual desktop extension manager may then launch a virtual machine instance to host the virtual desktop extension in the cloud and provide the client desktop with information for locally controlling the virtual desktop extension remotely hosted in the cloud. | 10-24-2013 |
20130326063 | TECHNIQUES FOR WORKLOAD DISCOVERY AND ORGANIZATION - Techniques for workload discovery and organization are presented. A workload when initiated on a network self-inspects the network for other workloads processing as a collection over the network. Shared communication information is used by the workload to dynamically join the collection. A network address for the initiated workload is then added to a shared Domain Name System (DNS) database being maintained for the network and the collection. | 12-05-2013 |
20140019971 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 01-16-2014 |
20140032724 | TECHNIQUES FOR WORKLOAD COORDINATION - Techniques for workload coordination are provided. An automated discovery service identifies resources with hardware and software specific dependencies for a workload. The dependencies are made generic and the workload and its configuration with the generic dependencies are packaged. At a target location, the packaged workload is presented and the generic dependencies automatically resolved with new hardware and software dependencies of the target location. The workload is then automatically populated in the target location. | 01-30-2014 |
20140050317 | Cloud Key Management System - This invention uses a cloud-based key management system to store, retrieve, generate, and perform other key operations. The cloud-based system ensures security of the keys while preventing their loss or destruction. Using this invention, a company can now manage, audit, and maintain control and security around their keys. Security event auditing permits evaluation of the operations to ensure that each step is completely securely. | 02-20-2014 |
20140052849 | Sensor-based Detection and Remediation System - The invention comprises a method and system of deploying and managing sensor agents to provide services to networks and devices within a network. The invention dynamically deploys, initiates, and controls sensor agents that scan networks. Data obtained during the scan are returned to an analysis system for evaluation. Results are displayed to a user through a graphical interface or stored in a database. Results may also be used by the analysis system to remediate anomalies and provide graphical network information. Typically, a plurality of sensor agents are used to gather data in the aggregate and provide a more complete analysis on the operation and security of a network. | 02-20-2014 |
20140052994 | Object Signing Within a Cloud-based Architecture - This invention uses a cloud-based architecture to sign objects by dynamically creating a cloud-based virtual machine with the ability to sign objects, perform network and object isolation, and encrypt and store keys generated by an object signing agent. Multi-user authentication is supported along with mobile access. | 02-20-2014 |
20140143200 | SYSTEM AND METHOD FOR DETERMINING FUZZY CAUSE AND EFFECT RELATIONSHIPS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified. As such, fuzzy logic may the be applied to any such patterns to determine possible relationships among the potential causes and the potential effects associated with the infrastructure operational state. | 05-22-2014 |
20140164606 | TECHNIQUES FOR AUDITING AND CONTROLLING NETWORK SERVICES - Techniques for auditing and controlling network services are provided. A proxy is interposed between a principal and a network service. Interactions between the principal and the service pass through the proxy. The proxy selectively raises events and evaluates policy based on the interactions for purposes of auditing and controlling the network service. | 06-12-2014 |
20140195800 | Certificate Information Verification System - The invention discloses a system and apparatus for detecting problematic certificate action requests and digital certificates. Ideally, the invention will be used to detect a certificate request that will result in security problems and detect issued certificates that lack essential information. The invention uses a proxy system that intercepts certificate requests and transmitted certificates. The proxy system runs a series of checks on the intercepted request and/or certificate. The checks vary depending on the certificate contents, requester, and system providing the request or certificate. | 07-10-2014 |
20140237091 | Method and System of Network Discovery - The invention comprises a method of discovering certificate resources using internal and external sensor agents. This information is correlated to create an extensive network map and detect potential phishing threats. The information is stored in a repository of correlated information and returned to authenticated users. | 08-21-2014 |
20140344461 | TECHNIQUES FOR INTELLIGENT SERVICE DEPLOYMENT - Techniques for intelligent service deployment are provided. Cloud and service data are evaluated to develop a service deployment plan for deploying a service to a target cloud processing environment. When dictated by the plan or by events that trigger deployment, the service is deployed to the target cloud processing environment in accordance with the service deployment plan. | 11-20-2014 |
20140344937 | Method and System of Attack Surface Detection - The invention comprises a method of using sensor agents to collect information in a central location to determine the entire attack surface of all certificate based resources, which includes vulnerable, insecure, or unknown resources but also includes where all the secure resources are located and the attack surface for each certificate resource. If a vulnerable resource is detected, the system may initiated additional sensor agents to determine the threat caused by the vulnerability. The system can also assign a rating to the overall security of the network based on vulnerabilities and display the attack surface as a topographic format for easy review by administrators. | 11-20-2014 |
20140359016 | TECHNIQUES FOR NETWORK PROCESS IDENTITY ENABLEMENT - Techniques for network process identity enablement are provided. Inter-server communications within a network are intercepted so that unique identity-based information is gathered and recorded before a sending process is permitted to release a communication over the network to a receiving process. Moreover, the receiving process cannot process the communication being sent until identifying information is gathered again and independently validated against the prior recorded information. | 12-04-2014 |
20140359623 | FILE MAPPING AND CONVERTING FOR DYNAMIC DISK PERSONALIZATION FOR MULTIPLE PLATFORMS - File mapping and converting for dynamic disk personalization for multiple platforms are provided. A volatile file operation is detected in a first platform. The file supported by the first platform. A determination is made that the file is sharable with a second platform. The volatile operation is performed on the file in the first platform and the modified file is converted to a second file supported by the second platform. The modified file and second file are stored in a personalized disk for a user. The personalized disk is used to modify base images for VMs of the user when the user accesses the first platform or second platform. The modified file is available within the first platform and the second file is available within the second platform. | 12-04-2014 |
20140359769 | CLOUD PROTECTION TECHNIQUES - Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment. | 12-04-2014 |
20140380316 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 12-25-2014 |
20140380411 | TECHNIQUES FOR WORKLOAD SPAWNING - Techniques for spawning workloads are provided. A single repository is read once to obtain an image for a workload or files and resources for the image. The read operation spawns multiple, and in some cases, concurrent write operations, to instantiate the workload over a network as multiple occurrences or instances of the workload in multiple processing environments. | 12-25-2014 |