Patent application number | Description | Published |
20120284767 | Method for detecting and applying different security policies to active client requests running within secure user web sessions - A method for detecting and applying security policy to active client requests within a secure user session begins by applying a first heuristic to a plurality of requests for a particular resource to identify a pattern indicating of an active client. In one embodiment, the heuristic evaluates a frequency of requests for the particular resource across one or more secure user sessions. Later, upon receipt of a new request for the particular resource, a determination is then made whether the new request is consistent with the pattern. If so, an action is taken with respect to a secure session policy. In one embodiment, the action bypasses the secure session policy, which policy is associated with an inactivity time-out that might otherwise have been triggered upon receipt of the new request. In addition, a second heuristic may be applied to determine whether a response proposed to be returned (in response to the new request) is expected by the active client. If so, the response is returned unaltered. If, however, applying the second heuristic indicates that the response proposed to be returned is not expected by the active client, the response is modified to create a modified response, which is then returned. | 11-08-2012 |
20120311674 | Method and system for automatic generation of cache directives for security policy - An authorization method is implemented in an authorization engine external to an authorization server. The authorization server includes a cache. The external authorization engine comprises an authorization decision engine, and a policy analytics engine. The method begins when the authorization decision engine receives a request for an authorization decision. The request is generated (at the authorization server) following receipt of a client request for which an authorization decision is not then available at the server. The authorization decision engine determines an authorization policy to apply to the client request, applies the policy, and generates an authorization decision. The authorization decision is then provided to the policy analytics engine, which stores previously-generated potential cache directives that may be applied to the authorization decision. Preferably, the cache directives are generated in an off-line manner (e.g., during initialization) by examining each security policy and extracting one or more cache dimensions associated with each such policy. The policy analytics engine determines an applicable cache directive, and the decision is augmented to include that cache directive. The decision (including the cache directive) is then returned to the authorization server, where the decision is applied to process the client request. The cache directive is then cached for re-use at the authorization server. | 12-06-2012 |
Patent application number | Description | Published |
20100023454 | Transaction Authorization - One embodiment provides a computer-implemented method for transaction authorization within a security service. The computer-implemented method intercepts a request by a security service, wherein a transaction identifier is cached to form a cached transaction identifier, and requests the requester to authenticate to form an authentication request. The computer-implemented method further determines whether the requester was authenticated, and responsive to a determination the requester was authenticated, receives authentication information, including an associated transaction identifier. The request is intercepted and the cached transaction identifier inserted. The computer-implemented method further determines whether the cached transaction identifier is equivalent to the authentication information, including an associated transaction identifier, and responsive to a determination that the cached transaction identifier is equivalent to authentication information, including an associated transaction identifier, passes the request to the application. | 01-28-2010 |
20110296036 | Method and apparatus for single sign-off using cookie tracking in a proxy - An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. When a session sign-off event is initiated in the reverse proxy, HTTP “Set-Cookie” headers are sent back to the web browser to destroy the cookies (in the browser) that represent sessions with the one or more backend application(s). | 12-01-2011 |
20120096068 | Method and apparatus for selectively processing cookies in a proxy - An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. The intermediary decides which cookies should be sent to the browser and which cookies should be stored therein. Preferably, this determination is made in an automated manner by examining the response for any cookie-dependent code (e.g., scripting) included in the response. | 04-19-2012 |
20120124217 | Adjusting The Connection Idle Timeout In Connection Pools - An approach is provided that responds to a connection request to connect to an external network entity using a connection from a managed connection pool. The connection pool is managed by selecting connections from the connection pool that includes one or more currently unused connections with the external network entity. One of the selected connections is validated by comparing an idle time associated with each of the selected connections to a maximum idle time value corresponding to the external network entity. The maximum idle time value being previously identified at the information handling system. The validated connection is then used to connect to the external network entity to satisfy the connection request. | 05-17-2012 |
20120246312 | Transforming HTTP Requests Into Web Services Trust Messages For Security Processing - An approach is provided where an HTTP request is received and a Request for Security Token (RST) is created. Parameters are selected from the request and mappings are retrieved corresponding to the parameters. Context attributes are created in the RST corresponding to the parameters. A context attribute type value is set based on an HTTP section where the parameter is located within the HTTP request. The RST is sent to a security token service for processing. In another approach, a Request Security Token Response (RSTR) is received and an HTTP response is created. RSTR parameters are selected and parameter mappings are retrieved corresponding to the selected RSTR parameters from a mapping table with a TYPE value being identified based on the retrieved parameter mapping. Context attributes are added to the HTTP response based on the identified TYPE values. The HTTP response is transmitted to a remote computer system. | 09-27-2012 |
20130066943 | Application-Aware Quality Of Service In Network Applications - An approach is provided in which a number of requests are received from a variety of clients over a computer network. The system uses a processor to calculate request priority values pertaining to the received requests. The calculation of the request priority values is based on one or more attributes that correspond to the respective requests. For example, the attributes could include network level attributes, session attributes, and application specific attributes. Each of the requests is assigned a request priority value. A request may receive the same request priority value as other requests. The requests are queued in a memory based on the request priority values that were assigned to the requests. The queued requests are then serviced in order of request priority so that queued requests assigned higher request priority values are processed before queued requests with lower request priority values. | 03-14-2013 |
20130132552 | Application-Aware Quality Of Service In Network Applications - An approach is provided in which a number of requests are received from a variety of clients over a computer network. The system uses a processor to calculate request priority values pertaining to the received requests. The calculation of the request priority values is based on one or more attributes that correspond to the respective requests. For example, the attributes could include network level attributes, session attributes, and application specific attributes. Each of the requests is assigned a request priority value. A request may receive the same request priority value as other requests. The requests are queued in a memory based on the request priority values that were assigned to the requests. The queued requests are then serviced in order of request priority so that queued requests assigned higher request priority values are processed before queued requests with lower request priority values. | 05-23-2013 |
20130173815 | Selectively processing cookies in a proxy - An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. The intermediary decides which cookies should be sent to the browser and which cookies should be stored therein. Preferably, this determination is made in an automated manner by examining the response for any cookie-dependent code (e.g., scripting) included in the response. | 07-04-2013 |
20130246630 | Dynamic web session clean-up - A “sign-off” cookie is generated and stored upon initiation of a web session between a client and a web application executing on a server. The sign-off cookie preferably comprises both an identifier for the session (a “session ID”) together with an identifier (such as a URL) for a sign-off resource (associated with a sign-off mechanism) that can be used to clean-up the web session following its termination. The sign-off cookie may be returned to the client and/or retained within a proxy. Upon termination of the web session, the URL in the sign-off cookie is used to initiate a request to the sign-off mechanism to clean-up the web session. This approach provides for dynamic web session clean-up without requiring any pre-configuration of the sign-off mechanism. | 09-19-2013 |
20130332618 | Enabling different client contexts to share session information - The problem of sharing session information across client contexts is addressed by binding initial session information to a persistent, short-lived and one-time use temporary identifier. This identifier is persisted on a client side (e.g., through a cookie jar) that is shared among the different client contexts that can share the original session. This temporary identifier, in turn, allows one or more other sessions to use the original session information by acting as an index into that session information, which is stored on the server side. Preferably, this temporary identifier contains a unique identifier (ID) that is generated as a sufficiently-complex random number. A mapping back to the real session identifier is maintained on the server side for this short-lived ID. | 12-12-2013 |
Patent application number | Description | Published |
20140174724 | HOLLOW HYDROGEL CAPSULES AND METHODS OF USING THE SAME - The present invention relates to hollow hydrogel capsules. In various embodiments, the present invention provides a method of treating a subterranean formation with a hollow hydrogel capsule including a hydrogel shell including a hydrolyzed and crosslinked polymerized composition. The hollow hydrogel capsule also includes a hollow interior including at least one component of a downhole composition for subterranean petroleum or water well drilling, stimulation, clean-up, production, completion, abandonment, or a combination thereof. In various embodiments, the present invention provides compositions comprising the hollow hydrogel capsules and methods of making the hollow hydrogel capsules. | 06-26-2014 |
20140238114 | DETERMINING CONSTITUENTS OF A WELLBORE FLUID - Techniques for determining a wellbore fluid constituent concentration include depositing a portion of a hydraulic fracturing fluid that includes a base fluid on a quartz crystal microbalance, the base fluid including a constituent; measuring an oscillation frequency of the quartz crystal microbalance based on the constituent of the base fluid; determining, with the quartz crystal microbalance, a mass of the constituent in the deposited portion of the hydraulic fracturing fluid; and based on at least one of the determined mass or the measured frequency, determining a concentration of the constituent of the base fluid. | 08-28-2014 |
Patent application number | Description | Published |
20130168309 | Water Filter Faucet And Cartridge Therefor - A water treatment assembly generally in the form of a filter faucet generally of the type mounted on a sink or similar countertop surface. The water treatment assembly generally comprises a mounted valve assembly, an inline water filter, and a water spout. The inline water filter is configured intermediate the mounted valve assembly and the spout. The inline water filter has a watertight shell comprising a water inflow port and a water outflow port that allow the filter to be used as a readily replaceable and disposable modular filter cartridge. The filter inflow port allows for releasable fluid engagement with the valve assembly. The filter outflow port comprises a fitting for receiving the spout. Water flow through the filter and spout is controlled by the valve assembly. The combined assembly permits the new use of standard components improved in a cost effective manner to form a reliable filter faucet. | 07-04-2013 |
20140158602 | Water Filtration Device And Filter Therefor - The present invention is a water filtration device in the form of a filter faucet that includes a faucet body, a water delivery spout, and a removable filter that is readily accessible for quick and easy replacement in a generally pull-out and push-in manner. The filter is attached to the faucet body water outlet, and the water delivery spout is attached to the filter outflow port. The filter is swivable in relation to the faucet body while maintaining a watertight connection. Whereby the water delivery spout being affixed to the filter outflow port, in an embodiment, may be readily and conveniently positioned in a desired direction. The invention also provides a replacement kit that includes a generally inline water filter suitable for forming a water filtration device in conjunction with a water faucet body. | 06-12-2014 |
20140215709 | Sink Faucet Assembly - A sink faucet assembly that includes a sink faucet and a filter faucet combined together into a single unit. The sink faucet is of the single-handle type for mixing hot and cold water and includes a body member, base, or escutcheon mount upon which the filter faucet is attached. The filter faucet includes a faucet body and spout that may dispense filtered water from an undersink filter and it may further include a water filter fluidly disposed between the faucet body and spout. A filter replacement kit is provided in an embodiment that includes a generally inline water filter, an optional water spout, and an elongated hollow tubular stem adapter attachable to the filter faucet body in a generally push-in manner. | 08-07-2014 |
Patent application number | Description | Published |
20090206548 | PROTECTIVE GAME PIECE COVER AND FACEPLATES - A customizable game piece including one or more faceplates and a protective cover is disclosed. The protective cover can be a flexible jacket. Roll performance for dice on different surfaces, in particular, can make the selection of materials for protective covers and faceplates difficult. The protective cover can be disposable per use, adapted for long term application, can comprise a pliable plastic cover, can comprise a harder plastic cover, can comprise multiple components, can be transparent to allow the original finish of the game piece to be visible, can be colored for aesthetic value, or to combinations of the same or the like. | 08-20-2009 |
20090210101 | ELECTRONIC DICE - An electronic die capable of reporting roll results is disclosed. The die can include an acceleration measurement system capable of outputting roll data. A processor can then interpret the roll data and transmit it through a wireless interface to a monitoring device. The monitoring device can then show a user the roll result. Waking the electronic die from a low power mode is also disclosed along with customizing the electronic die with faceplates and protective covers. | 08-20-2009 |
20130178275 | ELECTRONIC DICE - An electronic die capable of reporting roll results is disclosed. The die can include an acceleration measurement system capable of outputting roll data. A processor can then interpret the roll data and transmit it through a wireless interface ID a monitoring device. The monitoring device can then show a user the roll result. Waking the electronic die from a low power mode is also disclosed along with customizing the electronic die with faceplates and protective covers. | 07-11-2013 |
20140309016 | ELECTRONIC DICE - An electronic die capable of reporting roll results is disclosed. The die can include an acceleration measurement system capable of outputting roll data. A processor can then interpret the roll data and transmit it through a wireless interface to a monitoring device. The monitoring device can then show a user the roll result. Waking the electronic die from a low power mode is also disclosed along with customizing the electronic die with faceplates and protective covers. | 10-16-2014 |