Patent application number | Description | Published |
20090089334 | LAZY UPDATES TO INDEXES IN A DATABASE - System(s) and method(s) facilitate improved performance for insert/update query requests in a database. A lazy updating based on delaying updates of newly inserted records combined with a master-staging partitioning scheme avoid deterioration of performance arising from updating indexes related to new records inserted in a database. Table partitioning as well as partitioning of indexes associated with the table allow new records to reside in manageable sections of memory for pre-configured periods of times prior to being updated. To avoid deterioration of performance associated with increasing size of table/index partitions, the size is maintained below specific thresholds that can be determined based on query workload and other historical data. Deployment of partitions among file systems and design of update delay times can further increase performance of lazy updating. | 04-02-2009 |
20090106549 | METHOD AND SYSTEM FOR EXTENDING ENCRYPTING FILE SYSTEM - Users can share encrypted files without having access to other users' public key certificates, by specifying only the other users' identity information. A client agent interacts with a trusted service account to transparently add user encryption certificates to encrypted files after it was created. A header of each encrypted file includes signed encrypted data blocks, file system metadata, and a digital signature. When a user attempting to open an encrypted file is denied access, the client agent transmits the header data and the encryption certificate of the user to the trusted service account, with a request that the user encryption certificate be added to modify the encrypting file system metadata. After the trusted service account determines tampering has not occurred enroute and the user is authorized to access the file, the modified header data are returned to the client agent to enable the user to open the file. | 04-23-2009 |
20090106550 | EXTENDING ENCRYPTING WEB SERVICE - A data encryption service is provided over the Internet. Users specifying only authorized users' identity information can share encrypted information without sharing passwords or accessing public key certificates. A user sends data to be encrypted to a trusted EWS, along with authorization information. An encrypted data envelope including signed encrypted data blocks, authorization information, and a digital signature is returned to the user. When a second user attempts to access the data inside the encrypted data envelope, it is transmitted to the EWS. If the EWS authenticates the second user, determines that tampering has not occurred, and verifies the second user's identity against the authorization information in the data envelope, then the data are returned. The encrypted data envelope can be expressed as a raw byte stream or encoded within an HTML file to enable browser-based data envelope submission and retrieval. | 04-23-2009 |
20090106552 | RIGHTS MANAGEMENT SERVICES-BASED FILE ENCRYPTION SYSTEM AND METHOD - A method to leverage Windows Rights Management Services (RMS) to provide protection and sharing of encryption keys to file systems. Windows Rights Management Services (RMS) that enables users to share protected content without having to exchange encryption certificates or passwords. Using the method any EFS can be extended to protect its FEKs and assign it user access rights using RMS. This enables EFSs to delegate key sharing, management and recovery to the RMS system. User rights to FEKs are derived from files security descriptor information or as explicitly specified by users. Whenever an encrypted file is created its FEK is protected using RMS and the resulting byte stream is stored in the file encryption metadata information. When a user tries to access an encrypted file and doesn't have a private key to decrypt the FEK, the EFS transparently extracts the RMS protected byte stream from the file encryption metadata information. It then uses RMS to try and obtain access to the FEK stored in the bytes stream using the user security context. If the user is authorized access and the FEK is successfully obtained then EFS is able to decrypt the file data and the user is granted access. The FEK is protected with the user master key, encryption certificate or password and cached in the system protected non-page memory or local stable storage. This enables the system to reuse the FEK for the user on the next file access. If the user doesn't hold rights to extract the FEK then the user is denied access. | 04-23-2009 |
20130091199 | DATA COMMUNICATION COORDINATION WITH SEQUENCE NUMBERS - Described are sequence numbers for client-server communication, to control a client's use of server resources. A server grants the client credits, and the client consumes a credit for sending each command to the server. Each credit corresponds to a sequence number, with the set of sequence numbers forming a valid command window. The server enforces that for each received command, the command includes a sequence number that is within the valid command window and that the sequence number has not been used with another command. The server may also maintain a maximum window size, such that clients with credits cannot send a command with a sequence number that beyond a maximum sequence number. When incorporated into a data communication protocol, quality of service, combating denial of service, detection of message loss, division of server resources, secure message signing, and other numerous benefits result. | 04-11-2013 |
20130097211 | DATA COMMUNICATION PROTOCOL - Described is a data communication protocol, in which a client and server negotiate in a manner that does not require the client to retry negotiation when servers are not capable of the client-desired protocol. In one example implementation, the desired protocol is SMB 2.0 or greater. The protocol describes a create command with possibly additional context data attached for built-in extensibility, and a compound command comprising a plurality of related commands or unrelated commands. A multi-channel command requests data transfer on a separate data channel, a signed capability verification may be used to ensure that a secure connection is established, and the protocol provides the ability to transfer extended error data from the server in response to a request. | 04-18-2013 |
20130304932 | DATA COMMUNICATION PROTOCOL - Described is a data communication protocol, in which a client and server negotiate in a manner that does not require the client to retry negotiation when servers are not capable of the client-desired protocol. In one example implementation, the desired protocol is SMB 2.0 or greater. The protocol describes a create command with possibly additional context data attached for built-in extensibility, and a compound command comprising a plurality of related commands or unrelated commands. A multi-channel command requests data transfer on a separate data channel, a signed capability verification may be used to ensure that a secure connection is established, and the protocol provides the ability to transfer extended error data from the server in response to a request. | 11-14-2013 |
20150026248 | DATA COMMUNICATION COORDINATION WITH SEQUENCE NUMBERS - Described are sequence numbers for client-server communication, to control a client's use of server resources. A server grants the client credits, and the client consumes a credit for sending each command to the server. Each credit corresponds to a sequence number, with the set of sequence numbers forming a valid command window. The server enforces that for each received command, the command includes a sequence number that is within the valid command window and that the sequence number has not been used with another command. The server may also maintain a maximum window size, such that clients with credits cannot send a command with a sequence number that beyond a maximum sequence number. When incorporated into a data communication protocol, quality of service, combating denial of service, detection of message loss, division of server resources, secure message signing, and other numerous benefits result. | 01-22-2015 |