| Patent application number | Description | Published |
|---|
| 20100274768 | DE-DUPLICATION AND COMPLETENESS IN MULTI-LOG BASED REPLICATION - Aspects of the subject matter described herein relate to multi-log based replication. In aspects, database fragments are associated with different logs. Each change to a duplicated database record may be recorded in multiple logs. A history data structure is used to determine when duplication schemas are valid. A duplication schema indicates what database fragments duplicate one or more database records. For a particular time range, the duplication schema history is used to determine whether currently available logs include all changes. If multiple logs include the same change, one log may be selected to provide the change. Non-duplicative changes may be placed into a single data stream usable to update a remote database. | 10-28-2010 |
| 20110167038 | Dispatching Conflicting Data Changes - A method for distributing one or more conflicting data changes. The method includes extracting data changes from the source site log, and applying the data changes to the destination site. The method then includes identifying one or more constraints for each data change and generating a hash value for each identified constraint. The method then dispatches the data changes into a plurality of streams based on the hash values. The hash values are used to identify conflicting data changes and determine how the data changes should be sent through the plurality of streams such that data changes are applied in parallel in the plurality of streams without violating any causal consistency constraints. The method then includes committing data changes in the plurality of streams to the destination site in a single transaction, creating a consistent transactional view. | 07-07-2011 |
| 20110251997 | LOGICAL REPLICATION IN CLUSTERED DATABASE SYSTEM WITH ADAPTIVE CLONING - Architecture that addresses an end-to-end solution for logical transactional replication from a shared-nothing clustered database management system, which uses adaptive cloning for high availability. This can be time based using a global logical timestamp. The disclosed architecture, used for refreshing stale clones, does not preserve user transaction boundaries, which is a more complex situation than where the boundaries are preserved. In such a scenario it is probable that for a given data segment no clone of the segment may contain the complete user transaction history, and hence, the history has to be pieced together from the logs of multiple different clones. This is accomplished such that log harvesting is coordinated with the clone state transitions to ensure the correctness of logical replication. | 10-13-2011 |
| Patent application number | Description | Published |
|---|
| 20090300168 | DEVICE-SPECIFIC IDENTITY - A device identifier (ID) is used across enterprise boundaries. A user can use the device ID to publish a device for sharing with other remote users. The remote users can discover devices that are shared by other users based on device IDs, connect to a selected device, and then verify that they have connected to the correct device based on its device ID. An account authority service may be used to manage the publication and/or discovery of the shared devices and their device IDs. | 12-03-2009 |
| 20090300720 | CENTRALIZED ACCOUNT REPUTATION - A centralized account reputation system differentiates between illegitimate users and legitimate users using reputation scores associated with the users' online accounts. The system restricts the access of illegitimate users to certain network services while minimizing its negative effects on legitimate users. The system can manage the life cycle of an online account, considering data about the account that is obtained throughout the account network to compute the online account reputation score and allocating access to network services based on the online account reputation score. For example, a reputation score may be embedded in a security token that can be accessed by multiple services on the account network, so that each service can determine the appropriate level of access to be granted to the associated user account based on the reputation score. Various types of online account behavior over time can improve or diminish the online account's reputation. | 12-03-2009 |
| 20090300744 | TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service. | 12-03-2009 |
| 20100088753 | IDENTITY AND AUTHENTICATION SYSTEM USING ALIASES - An identity and authentication platform utilizes a data model that enables multiple identities such as e-mail addresses, mobile phone numbers, nicknames, gaming IDs, and other user IDs to be utilized as aliases which are unique sub-identities of a main account name. A user may utilize the aliases supported by the platform to project multiple different on-line identities while using the authentication credentials of the main account. The platform is configured to expose the aliases to various client applications and Internet-accessible sites and services such as e-mail, instant messaging, media sharing, gaming and social networks, and the like, to enable the implementation of a variety of usage scenarios that employ aliases. | 04-08-2010 |
| 20100287019 | SERVER FARM MANAGEMENT - Techniques and systems are disclosed that can measure capacity of a server farm, and project capacity needs based on traffic and resources. Server farm system information is collected for managing the server farm by identifying a list of servers in the server farm. Performance metrics are collected from identified servers and stored in a collection database. The stored performance metrics are analyzed in accordance with a server farm management request. | 11-11-2010 |
| 20100299716 | Model Based Multi-Tier Authentication - Authentication is widely used to protect consumer data and computing services, such as email, document storage, and online banking. Current authentication models, such as those employed by online identity providers, may have limited options and configurations for authentication schemes. Accordingly, as provided herein, a model based authentication scheme may be configured based upon a policy and/or an authentication mechanism list. The policy may define the target resource, a user, a group the user belongs to, devices used to connect to the target resource, a service owning the target resource, etc. The authentication mechanism list may comprise predefined authentication mechanisms and/or user plug-in authentication mechanisms (e.g., user created authentication mechanism). Once the authentication scheme is configured, it may be enforced upon authentication requests from a user. Feedback may be provided to the user based upon patterns of usage of the target resource. | 11-25-2010 |
| 20110247055 | TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service. | 10-06-2011 |
| Patent application number | Description | Published |
|---|
| 20090187988 | CROSS-NETWORK REPUTATION FOR ONLINE SERVICES - A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score. | 07-23-2009 |
| 20090204808 | Session Key Security Protocol - Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key. | 08-13-2009 |
| 20090260072 | IDENTITY OWNERSHIP MIGRATION - Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider. | 10-15-2009 |
| 20100042735 | CROSS-DOMAIN AUTHENTICATION - Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data. | 02-18-2010 |
| 20110138179 | Scalable Session Management - Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers. | 06-09-2011 |
| 20110179469 | CROSS-DOMAIN AUTHENTICATION - Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data. | 07-21-2011 |
| 20110271329 | CROSS-NETWORK REPUTATION FOR ONLINE SERVICES - A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score. | 11-03-2011 |
| 20110314540 | PREVENTING ABUSE OF SERVICES THROUGH INFRASTRUCTURE INCOMPATIBILITY - Spammers, and other abusers of web services, may be deterred in their attempts to sign up for these services at large scale by making changes to the service registration procedure, where the changes are designed to break the spammer's infrastructure. In one example, a procedure to register for a web service involves presenting a Human Interaction Proof (HIP, or “captcha”) to the user, and gating access to the service upon receipt of a correct solution. If spammers use botnets and/or image capture techniques to initiate registration processes and to transport the HIPs to human or automated solvers, then the registration procedure can be changed in a way that is incompatible with capturing these images, or in a way that is incompatible with receiving HIP solutions from someplace other than the location at which registration was initiated. | 12-22-2011 |
| Patent application number | Description | Published |
|---|
| 20090034370 | Diagnostic ultrasound transducer - An ultrasound transducer includes an array of PZT elements mounted on a non-recessed distal surface of a backing block. Between each element and the backing block is a conductive region formed as a portion of a metallic layer sputtered onto the distal surface. Traces on a longitudinally extending circuit board—preferably, a substantially rigid printed circuit board, which may be embedded within the block—connect the conductive region, and thus the PZT element, with any conventional external ultrasound imaging system. A substantially “T” or “inverted-L” shaped electrode is thereby formed for each element, with no need for soldering. At least one longitudinally extending metallic member mounted on a respective lateral surface of the backing block forms a heat sink and a common electrical ground. A thermally and electrically conductive layer, such as of foil, transfers heat from at least one matching layer mounted on the elements to the metallic member. | 02-05-2009 |
| 20100327698 | DIAGNOSTIC ULTRASOUND TRANSDUCER - An ultrasound transducer includes an array of PZT elements mounted on a non-recessed distal surface of a backing block. Between each element and the backing block is a conductive region formed as a portion of a metallic layer sputtered onto the distal surface. Traces on a longitudinally extending circuit board—preferably, a substantially rigid printed circuit board, which may be embedded within the block—connect the conductive region, and thus the PZT element, with any conventional external ultrasound imaging system. A substantially “T” or “inverted-L” shaped electrode is thereby formed for each element, with no need for soldering. At least one longitudinally extending metallic member mounted on a respective lateral surface of the backing block forms a heat sink and a common electrical ground. A thermally and electrically conductive layer, such as of foil, transfers heat from at least one matching layer mounted on the elements to the metallic member. | 12-30-2010 |
| 20110088248 | DIAGNOSTIC ULTRASOUND TRANSDUCER - An ultrasound transducer includes an array of PZT elements mounted on a non-recessed distal surface of a backing block. Between each element and the backing block is a conductive region formed as a portion of a metallic layer sputtered onto the distal surface. Traces on a longitudinally extending circuit board—preferably, a substantially rigid printed circuit board, which may be embedded within the block—connect the conductive region, and thus the PZT element, with any conventional external ultrasound imaging system. A substantially “T” or “inverted-L” shaped electrode is thereby formed for each element, with no need for soldering. At least one longitudinally extending metallic member mounted on a respective lateral surface of the backing block forms a heat sink and a common electrical ground. A thermally and electrically conductive layer, such as of foil, transfers heat from at least one matching layer mounted on the elements to the metallic member. | 04-21-2011 |
| Patent application number | Description | Published |
|---|
| 20090099035 | OLIGONUCLEOTIDE ARRAYS FOR HIGH RESOLUTION HLA TYPING - Arrays of HLA Class I oligonucleotide probes on a solid support are provided, wherein the probes are sufficient to represent at least 80% of the known polymorphisms in exons 2 and 3 of the HLA Class I locus. | 04-16-2009 |
| 20100167295 | METHODS FOR HAPLOTYPING GENOMIC DNA - The present invention provides a novel method for specifically isolating and separating large segments of genomic DNA that can subsequently be used to determine a genomic haplotype. The invention relies on using a solid phase having a flat surface arrayed with oligonucleotides designed to specifically hybridize to each particular haplotype of an individual sample, e.g., oligonucleotides designed to specifically hybridize with each of the two HLA-B haplotypes, HLA-A, HLA-C, HLA-DR, HLA-DQ, and the like. The genomic DNA is contacted and hybridized to the arrayed oligonucleotides to form a genomic DNA/oligonucleotide complex. The excess genomic DNA is washed away and the haplotype separated genomic DNA is denatured from the oligonucleotide probe and collected. The method of the present invention allows for the separation of genomic DNA fragments of between approximately 2 to about 4 megabases (Mb). Separation of the haplotypes of large genomic DNA fragments allows for linkage analysis of other HLA alleles and polymorphisms, microsatellite, SNPs, and the like across a large span of the HLA region, including HLA-A, -B, -C, and HLA-DRB1 regions. This linkage analysis is particularly useful when HLA typing for an individual with limited family HLA typing available. | 07-01-2010 |
| Patent application number | Description | Published |
|---|
| 20080269846 | DEVICE FOR TREATMENT OF BLOOD VESSELS USING LIGHT - Light generating devices for illuminating portions of vascular tissue to administer photodynamic therapy, and usable with, or including a distal protection device. A first device includes a hollow tip, a flushing lumen, a guidewire lumen, and at least one of a light source, and a hollow light transmissive shaft that is adapted to accommodate a light source. If desired, the device can include a balloon, so that a portion of a body lumen between the balloon and the distal protection device is isolated when the balloon is inflated. A second device includes inner and outer catheters, the outer catheter including a balloon, and the inner catheter including a light source encompassed by another balloon. Yet another device is a catheter having two balloons and a sleeve extending there between. Within the sleeve, the catheter includes a light source and an expanding member. | 10-30-2008 |
| 20090036773 | METHODS AND APPARATUS FOR ENGAGEMENT AND COUPLING OF AN INTRACAVITORY IMAGING AND HIGH INTENSITY FOCUSED ULTRASOUND PROBE - A combined imaging/HIFU probe includes an imaging scan head, a HIFU transducer, and an outlet port that delivers a flow of fluid across the HIFU transducer. At least a portion of the body cavity is filled with fluid in which the probe is immersed. The fluid provides a coupling for transmission of ultrasound energy between the probe and the patient. A flow of fluid may also be used to flush obstructions from an area of tissue near the HIFU transducer. Further described herein is a cuff to help retain fluid in the body cavity, a regulator to regulate fluid flow with respect to the body cavity according to a desired fluid pressure, and a cover for the HIFU transducer that has at least one perforation defined therethrough to allow fluid to flow through the cover. Further disclosed herein are methods of deploying a combined imaging/HIFU probe in a body cavity. | 02-05-2009 |
| 20100213200 | Temperature-stabilized storage systems - A substantially thermally sealed storage container includes an outer assembly, including one or more sections of ultra efficient insulation material substantially defining at least one thermally sealed storage region, and an inner assembly, including at least one heat sink unit within the at least one thermally sealed storage region, and at least one stored material dispenser unit, wherein the at least one stored material dispenser unit includes one or more interlocks. | 08-26-2010 |
| 20100274330 | DEVICE FOR TREATMENT OF BLOOD VESSELS USING LIGHT - Light generating devices for illuminating portions of vascular tissue to administer photodynamic therapy, and usable with, or including a distal protection device. A first device includes a hollow tip, a flushing lumen, a guidewire lumen, and at least one of a light source, and a hollow light transmissive shaft that is adapted to accommodate a light source. If desired, the device can include a balloon, so that a portion of a body lumen between the balloon and the distal protection device is isolated when the balloon is inflated. A second device includes inner and outer catheters, the outer catheter including a balloon, and the inner catheter including a light source encompassed by another balloon. Yet another device is a catheter having two balloons and a sleeve extending there between. Within the sleeve, the catheter includes a light source and an expanding member. | 10-28-2010 |
| 20110077464 | MEDICAL APPARATUS EMPLOYING FLEXIBLE LIGHT STRUCTURES AND METHODS FOR MANUFACTURING SAME - A method of manufacture and medical apparatus that provides an apparatus useful in illuminating at least a portion of a lumen of a body. The apparatus includes an elongated flexible member and a polymer encasement portion encasing a plurality of light emitters. The light emitters may be electrically coupled to one another without the use of wire bonds, and in some embodiments may be coupled without intervening electrical paths or traces. A maximum cross-sectional dimension of the polymer encasement portion may be less than twice a dimension of one of the light emitters. In some embodiments the maximum cross-sectional dimension is less than or equal to the sum of the dimension of one of the light emitters and a marginal dimension by which an outer portion of the polymer encasement portion extends beyond the light emitter. Light emitters may be arranged linearly, helically or in partially overlapping back-to-back relation. | 03-31-2011 |
| 20110155745 | Temperature-stabilized storage systems with flexible connectors - Substantially thermally sealed containers including flexible connectors joining an aperture in the exterior of the container to an aperture in a substantially thermally sealed storage region within the container are described. The flexible connectors include a duct forming an elongated thermal pathway between the exterior of the container and the substantially thermally sealed storage region within the container. The flexible connectors include compression units mated to each end of the duct and a plurality of compression strands connected between the compression units. | 06-30-2011 |
