Patent application number | Description | Published |
20080282354 | ACCESS CONTROL BASED ON PROGRAM PROPERTIES - A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access. | 11-13-2008 |
20080294701 | ITEM-SET KNOWLEDGE FOR PARTIAL REPLICA SYNCHRONIZATION - A system is disclosed for synchronizing partially-replicated collections while keeping synchronization overhead low by using the concept of item-set knowledge. Item-set knowledge uses knowledge fragments, which associate knowledge vectors with item-sets. An item-set consists of an explicitly represented list of items. In a partial replica, this item set may be the items known to a replica within which a filter is applied limiting the items known to some subset of the overall items in the collection. | 11-27-2008 |
20080320299 | ACCESS CONTROL POLICY IN A WEAKLY-COHERENT DISTRIBUTED COLLECTION - A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority. | 12-25-2008 |
20090006489 | HIERARCHICAL SYNCHRONIZATION OF REPLICAS - A hierarchical system is disclosed for synchronizing partially-replicated collections that provides guaranteed paths of information to all replicas in a collection. Each partial replica is assigned a parent replica to act as a proxy on its behalf, and with which the replica synchronizes regularly. Each parent replica is responsible for one or more child replicas. Parent replicas have filters which are either the same as, or more inclusive than, their child replicas, and parent replicas thus store and synchronize all objects that are of interest to their one or more child replicas. | 01-01-2009 |
20090006495 | MOVE-IN/MOVE-OUT NOTIFICATION FOR PARTIAL REPLICA SYNCHRONIZATION - A system is disclosed for synchronizing partially-replicated collections using the concept of item-set knowledge and move-out notifications. Move-out notifications are provided to allow removal of changed items from replicas when the change in the item takes that item outside of the interest set of the replicas. | 01-01-2009 |
20090240719 | ACCUMULATING STAR KNOWLEDGE IN REPLICATED DATA PROTOCOL - A distributed system includes full and partial replicas of a set of data items that may be inserted, modified, or deleted by any replica. Replicas may occasionally synchronize with other arbitrarily chosen replicas to learn about updates. A replica's knowledge includes of one or more knowledge fragments, where each fragment indicates a set of items. A type of knowledge fragment, called a star knowledge fragment, contains versions associated with all items in the system. Star knowledge fragments are compact because the set of items stored at a replica need not be explicitly listed. Once all replicas know of all updates in the system, partial and full replicas will have the same compact star knowledge fragment. | 09-24-2009 |
20090265715 | VEX - Virtual Extension Framework - Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process. | 10-22-2009 |
20110016100 | MULTIPLE FIDELITY LEVEL ITEM REPLICATION AND INTEGRATION - A distributed system synchronizes replica devices with respect to items that may be inserted, modified, or deleted by any of the replica devices. Replicas may synchronize with other replicas to learn about updates to items. Each replica device may include a high-fidelity replication platform and/or a low-fidelity replication platform. The low-fidelity replication platforms may synchronize low-fidelity versions of items among the replica devices, and the high-fidelity replication platforms may synchronize high-fidelity versions of items among the replica devices. Each replica device may include a fidelity manager that copies high-fidelity versions of items from the high-fidelity replication platform, generates low-fidelity versions of the items from the high-fidelity versions of the items, and adds the low-fidelity versions of the items to the low-fidelity replication platforms. The fidelity managers may further integrate changes made to low-fidelity versions of items into the corresponding high-fidelity versions of the items. | 01-20-2011 |
20110208958 | COMMUNICATING USING A CLOUD INFRASTRUCTURE - A cloud infrastructure that communicates with computing devices is provided. The computing devices install filters on other computing devices that they wish to receive items from including pictures, messages, and documents. The filters include criteria that are evaluated on the computing devices, rather than at a server, to determine if an item may be sent to another computing device. The computing devices may then send items that match the criteria to the cloud infrastructure, and the items may be stored and queued for delivery to other computing devices. The items may be encrypted before being provided to the cloud infrastructure, and decrypted when received by the computing devices. | 08-25-2011 |