Patent application number | Description | Published |
20090300720 | CENTRALIZED ACCOUNT REPUTATION - A centralized account reputation system differentiates between illegitimate users and legitimate users using reputation scores associated with the users' online accounts. The system restricts the access of illegitimate users to certain network services while minimizing its negative effects on legitimate users. The system can manage the life cycle of an online account, considering data about the account that is obtained throughout the account network to compute the online account reputation score and allocating access to network services based on the online account reputation score. For example, a reputation score may be embedded in a security token that can be accessed by multiple services on the account network, so that each service can determine the appropriate level of access to be granted to the associated user account based on the reputation score. Various types of online account behavior over time can improve or diminish the online account's reputation. | 12-03-2009 |
20100235431 | DATACENTER SYNCHRONIZATION - A datacenter infrastructure comprising a plurality of datacenters is configured to provide services to users. Data (e.g., application data) provided to respective datacenters from a user is synchronized between different datacenters comprised within “a cloud” according to a multilevel synchronization scheme. Respective levels of the multilevel synchronization operate to transfer different priority (user) data between the plurality of datacenters, wherein respective priorities are determined based upon the importance of the data in providing a service. For example, data used to perform a service is synchronized by a synchronization component facilitating a higher level of synchronization between datacenters, while data not routinely used to perform a service is synchronized by a lower priority synchronization component. Synchronization between datacenters allows a network address routing system to provide substantially uninterrupted routing of a user to an available or otherwise appropriate datacenter within the datacenter infrastructure, thereby providing increased service reliability and performance. | 09-16-2010 |
20100287019 | SERVER FARM MANAGEMENT - Techniques and systems are disclosed that can measure capacity of a server farm, and project capacity needs based on traffic and resources. Server farm system information is collected for managing the server farm by identifying a list of servers in the server farm. Performance metrics are collected from identified servers and stored in a collection database. The stored performance metrics are analyzed in accordance with a server farm management request. | 11-11-2010 |
20110119591 | CONTENT TARGETING WITH AUDIENCES - The present invention provides a system and method for targeting content to audiences. The audience is defined by rules that may be based on properties as well as organizational structure associated with the users. Each of the rules is compiled to determine the group of members belonging to the rule. Logical operators are then applied to the groups to determine the audience membership. Compiling the rules enhances performance as the rules do not have to be run each time. Instead, a simple check against the rules results is performed. The rules making up the audience may be compiled at predetermined times in order to keep the audience up-to-date. Audiences are then selected and tagged to content so that the content may be viewed by the selected audiences. | 05-19-2011 |
20120079585 | PROXY AUTHENTICATION AND INDIRECT CERTIFICATE CHAINING - Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device. | 03-29-2012 |
20130074167 | Authenticating Linked Accounts - Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account. | 03-21-2013 |
20130326084 | DYNAMIC AND INTELLIGENT DNS ROUTING WITH SUBZONES - A request to resolve an IP address is received by a Domain Name Server (DNS). A record, such as an MX record, relating to the request is obtained that comprises a unique label (e.g. record=customer-com.mail.messaging.com) that is used in determining how to resolve the request. The unique label portion of the record (e.g. customer-com) is used to identify information relating to the request such as a version of software/service to use to handle the request, a region used to handle the request, and the like. The same record may be used to direct a request to a different version and/or different region. For example, without changing the record, a request at one time may access a first version/region and a request at a different time access a different version/region. | 12-05-2013 |
20150249660 | AUTHENTICATING LINKED ACCOUNTS - Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account. | 09-03-2015 |
Patent application number | Description | Published |
20090044273 | CIRCUITS AND METHODS FOR EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM - Various embodiments of the present invention circuits and methods for improved virus processing. As one example, such methods may include providing a system memory, a general purpose processor and a virus co processor. The methods further include receiving a data segment at the general purpose processor, and storing the data segment to the system memory using virtual addresses. The date segment is accessed from the system memory by the virus co processor using the virtual addresses. The virus co processor then scans the date segment for viruses and returns results. | 02-12-2009 |
20090304029 | VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING - Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, a method is provided for performing segmentation offloading, such as TCP segmentation offloading (TSO). An interface performs direct virtual memory addressing of a user memory space of a system memory on behalf of a network processor to fetch payload data originated by a user process running on a host processor. Then, the network processor segments the payload data across one or more packets. | 12-10-2009 |
20090307363 | NETWORK PROTOCOL REASSEMBLY ACCELARATION - Methods and systems are provided for network protocol reassembly acceleration. According to one embodiment, an incoming packet is received at a network interface. Payload data from the packet is written by a memory interface to a physical page within a system memory on behalf of the network interface based on a sequence number associated with the incoming packet and by obtaining a physical address from a virtual memory map corresponding to an incoming session with which the packet is associated. After the physical page is full, the physical page is made accessible to a user process being executed by a processor associated with the system memory by remapping the physical page through a paging table used by the user process. | 12-10-2009 |
20110200057 | Virtual Memory Protocol Segmentation Offloading - Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, a method is provided for performing transport layer protocol segmentation offloading. Multiple buffer descriptors are stored in a system memory of a network device. The buffer descriptors contain information indicative of a starting address of a payload buffer stored in a user memory space of the system memory. The payload buffers contain payload data originated by a user process running on a host processor of the network device. The payload data is retrieved from the payload buffers on behalf of a network processor of the network device without copying the payload data from the user memory space to a kernel memory space of the system memory by performing direct virtual memory addressing of the user memory space. Finally, the payload data is segmented across one or more transport layer protocol packets. | 08-18-2011 |
20120317646 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A general purpose processor receives and stores a data segment to a first memory at a virtual address. The first memory contains paging data structures for translating virtual addresses to physical addresses. The general purpose processor directs a virus processing hardware accelerator to scan the data segment based on virus signatures compiled for the virus processing hardware accelerator and stored in a second memory. The first memory includes a first virus signature compiled for the general purpose processor. The virus processing hardware accelerator retrieves the data segment by accessing the first memory based on the virtual address and cached information, stored within one or more translation lookaside buffers local to the virus processing hardware accelerator, relating to most recently used entries of the paging data structures. | 12-13-2012 |
20130152203 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus processing content objects is provided. A content object is stored within a system memory by a general purpose processor using a virtual address. Most recently used entries of a page directory and a page table of the system memory are cached within a translation lookaside buffer (TLB) of a virus co-processor. Instructions are read from a virus signature memory of the co-processor. Those of a first type are assigned to a first of multiple instruction pipes of the co-processor. The first instruction pipe executes an instruction including accessing a portion of the content object by performing direct virtual memory addressing of the system memory using a physical address derived based on the virtual address and the TLB and comparing it to a string associated with the instruction. | 06-13-2013 |
20130215904 | VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING - Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, a user process of a host processor requests a network driver to store payload data within a system memory. The network driver stores (i) payload buffers each containing therein at least a subset of the payload data and (ii) buffer descriptors each containing therein information indicative of a starting address of a corresponding payload buffer within a user memory space. A network processor transmits onto a network the payload data within multiple transport layer protocol packets by (i) causing a network interface to retrieve the payload data from the payload buffers by performing direct virtual memory addressing of the user memory space using the buffer descriptors and information contained within a translation data structure stored within the system memory; and (ii) segmenting the payload data across the transport layer protocol packets. | 08-22-2013 |
20140096254 | EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus co-processing is provided. A general purpose processor stores a data segment to its system memory using a virtual address. The system memory has stored therein a page directory and a page table containing information for translating virtual addresses to physical addresses within a physical address space of the system memory. A virus processing hardware accelerator translates the virtual address of the data segment to a physical address of the data segment based on the page directory and the page table. The hardware accelerator accesses the data segment based on the physical address. The hardware accelerator scans the data segment for viruses by executing multiple pattern comparisons against the data segment. The hardware accelerator returns a result of the scanning to the general purpose processor via the system memory. | 04-03-2014 |
20140143876 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A data segment is received by a general purpose processor coupled to a virus co-processor and a memory via an interconnect bus. The memory includes a first signature and a second signature. The first includes a primitive instruction and a Content Pattern Recognition (CPR) instruction stored at contiguous locations in the memory and compiled for hardware execution on the co-processor. The second is compiled for software execution. The data segment is scanned by the general purpose processor by applying the second signature against the data segment. The co-processor is directed by the general purpose processor to scan the data segment by applying the first signature against the data segment by storing the data segment to the memory and indicating a request for a scan to the co-processor. | 05-22-2014 |
20140237601 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object is stored by a general purpose processor to a system memory. The memory has stored therein a page directory containing information for translating virtual addresses to physical addresses. Multiple most recently used entries of the page directory are cached, by a virus co-processor, within translation lookaside buffers (TLBs) implemented within an on-chip cache of the co-processor. Instructions are read by the co-processor, from a virus signature memory of the co-processor. The instructions contain op-codes of a first and second instruction type. Instructions of the first type are assigned to a first instruction pipe of the co-processor. An instruction assigned to the first instruction pipe is executed including accessing the content object by performing direct virtual memory addressing of the system memory and comparing the content object against a string. | 08-21-2014 |
20140351937 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A virus signature file that includes multiple virus signatures capable of detecting and identifying a variety of known viruses is downloaded by a general purpose processor. It is determined by the general purpose processor whether a virus co-processor is coupled to the general purpose processor. When the virus co-processor is determined to be coupled to the general purpose processor, then it is further determined by the general purpose processor which virus signatures are supported by the virus co-processor (“CP-supported virus signatures”). The CP-supported virus signatures are transferred to a memory associated with the virus co-processor. The virus co-processor is directed by the general purpose processor to perform a virus scan based on the supported virus signatures. | 11-27-2014 |
20140380483 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned to a first instruction pipe of multiple instruction pipes of the virus co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory. | 12-25-2014 |
20150101054 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a system includes a system memory, a general purpose processor, an instruction memory and a virus co-processor. The processor is coupled to the system memory and operable to store a data segment therein. The instruction memory includes a virus signature, having a first instruction of a first instruction type and a second instruction of a second instruction type, for detection of a computer virus. The co-processor is coupled to the instruction memory and the system memory and is operable to access the data segment. The co-processor includes first and second instruction pipes operable to execute the first and second instruction types, respectively. The first and second instruction pipes include first and second write back circuits, respectively, that are linked to ensure a ordered write back of instructions. | 04-09-2015 |
20150110125 | VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING - Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of the computer system is fetched by an interface of the computer system by performing direct virtual memory addressing of a user memory space of a system memory of the computer system on behalf of a network processor of the computer system. The direct virtual memory addressing maps a physical address of the payload data to a virtual address. The payload data is segmented by the network processor across one or more packets. | 04-23-2015 |
20150269381 | EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory that contain information for translating virtual addresses to physical addresses. Virus processing of a content object is offloaded to a hardware accelerator coupled to the processor by storing scanning parameters, including the content object and a type of the content object, to the memory using one or more virtual addresses and indicating to the hardware accelerator that the content object is available for processing. Responsive thereto, the hardware accelerator: (i) translates the virtual addresses to corresponding physical addresses based on the page directory and the page table; (ii) accesses the scanning parameters based on the physical addresses; (iii) scans the content object for viruses by applying multiple virus signatures; and (iv) returns a result of the scanning to the processor. | 09-24-2015 |
20150332046 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned to a first instruction pipe of multiple instruction pipes of the virus co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory. | 11-19-2015 |
20160098559 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a virus processing system includes a virus co-processor, a first memory, a general purpose processor (GPP) and a second memory. The first memory is communicably coupled to the co-processor via a first memory interface. The first memory includes a first signature compiled for execution on the co-processor. The GPP is communicably coupled to the co-processor. The second memory is communicably coupled to the co-processor via a second memory interface and to the GPP. The second memory includes a second signature compiled for execution on the GPP. The co-processor is operable to retrieve the first signature stored within the first memory through an instruction cache. The co-processor is operable to retrieve a data segment to be scanned from second memory through a data cache that is separate from the instruction cache. | 04-07-2016 |