| Patent application number | Description | Published |
|---|
| 20080256616 | UNIFIED AUTHENTICATION FOR WEB METHOD PLATFORMS - An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment. | 10-16-2008 |
| 20080256643 | MULTIPLE ENTITY AUTHORIZATION MODEL - An authorization framework is provided that protects data records in a platform, such as a service-based platform, by requiring multiple level entities to be authorized with respect to the data records. For example, the data records can have an associated owner user that can grant access to other users with respect to the data. Additionally, however, the user can also grant access to certain applications that access the platform such that the data records can be initially closed for a user requiring the user to explicitly grant desired access to applications and/or users. In this regard, applications can be forbidden from accessing the data, even on behalf of the user, unless expressly authorized to do so by the user. Thus, the user can make informed decisions regarding who is to have access to its data. | 10-16-2008 |
| 20090083240 | AUTHORIZATION AGNOSTIC BASED MECHANISM - Systems and methods that provides for an authorization agnostic access in web service environments to privileged information. A query component can specify how a call is to be made to a data store and predefines the data that is retrievable in response to a query defined thereby (e.g., thru HTTPS, Java script, and the like). The query component can employ a plurality of filters that are implemented as part thereof, to customize retrieval for a predetermined portion of the data for a designated period, and encompass an end-to-end scenario from the browser up to the storage. | 03-26-2009 |
| 20090083241 | DATA PAGING WITH A STATELESS SERVICE - Systems and methods that facilitate data retrieval in a stateless environment by limiting amount of retrievable data associated with a single client request. A retrieval limitation component partially satisfies a query and retrieves an initial batch of information. Moreover, identifications can further be designated to retrieve additional information if so is required. Accordingly, an application requesting data thru a query can initially be supplied with a limited number of data, which subsequently can be followed by additional data items returned as unique identifiers. | 03-26-2009 |
| 20090307488 | HEALTH KEYSET MANAGEMENT - Systems and methodologies that facilitate delegation of keyset management to a platform presenting a centralized health-related data repository are provided. Effectively, a central keyset manager is provided that generates, manages and distributes key material to client applications and servers deploying the platform. Thus, communications with the platform storing sensitive health-related data can be secured without incurring the costs associated with implementing and enforcing policies associated with key generation and expiration among a plurality of servers and client applications. Additionally, the innovation can scale keyset management to meet short term demand needs. | 12-10-2009 |
| 20090326980 | FLAGGING TO CONTROL ACCESS TO HEALTH INFORMATION - A method for protecting access to health information. The method includes presenting a graphical user interface for accessing health information. The health information may include a health record which includes at least one item. A request to access the health record is received and the health record is retrieved from a data store. The items of the health record are filtered based on a source of the request to access the health record. A portion of the health record may be displayed. | 12-31-2009 |
| 20100217612 | CHOOSING LOCATION OR MANNER OF STORING DATA - Data may be stored in a location or manner that takes various considerations into account. Examples of such considerations are the availability, speed and cost of storage resources, and commercial and regulatory expectations concerning the reliability, security, and/or availability of the stored data. When a piece of data is to be stored, a storage choice component may take the above-considerations into account in order to determine where the data is to be stored, how many copies of the data are to be made, whether the data is to be encrypted, and/or other issues. Additionally, a migration engine may re-evaluate data that has already been stored in order to determine whether the data may be migrated to other storage resources, and/or whether changes may be made with regard to issues such as the encryption level and/or the number of stored copies of the data. | 08-26-2010 |
| 20100235410 | DISTRIBUTED DATA STORAGE - In one example, data may be divided into blocks, and the blocks may be stored in various storage resources. Data to be stored may be provided to a data divider. The data divider may divide the data into blocks. Redundancy may be introduced into the blocks to allow the original data to be reconstructed at some point in the future, even if fewer than all of the original blocks are available. The blocks may be sent to a data shuffler, which may shuffle the blocks, and may provide a key that describes how to reconstruct the original data from the blocks. The key may be provided to the owner of the data. When the original data is to be retrieved, the key may be provided to a reassembler, which retrieves the blocks from the various storage resources and reconstructs the data using the key. | 09-16-2010 |
