Patent application number | Description | Published |
20110072513 | PROVISIONAL ADMINISTRATOR PRIVILEGES - A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally. | 03-24-2011 |
20120240221 | PROVISIONAL ADMINISTRATOR PRIVILEGES - A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally. | 09-20-2012 |
20140109218 | PROVISIONAL ADMINISTRATOR PRIVILEGES - A system grants “provisional privileges” to a user request for the purpose of provisionally performing a requested transaction. If the provisionally-performed transaction does not put the system in a degraded state, the transaction is authorized despite the user request having inadequate privileges originally. | 04-17-2014 |
20140279550 | Software Upgrades Using Tokens and Existing Licenses - An upgrade to a computer program is associated with a token which is in turn associated with the original key for the computer program. In particular, given the original key, a publisher provides a token for the upgrade which is digitally signed and associated with the original key. The token also can result in a license state for the upgrade that is different from the license state for the original computer program. The original key can be used in various business rules by the publisher to determine whether to issue the token and/or what license state to associate with the token. When the upgrade is run on the computer, the verification process authenticates the token, the original license and the original key and authorizes execution of the upgrade based on the token for upgrade. Multiple upgrades can use multiple tokens and the original key. | 09-18-2014 |
Patent application number | Description | Published |
20120076150 | CONTROLLED INTERCONNECTION OF NETWORKS USING VIRTUAL NODES - Methods, apparatuses, and systems for controlling interconnections between nodes using virtual nodes are described. A physical node—such as a router, bridge, switch, etc.—stores a virtual cost associated with a virtual link that links virtual nodes of the physical node. A first physical port and a second physical port of the physical node are designated as belonging to a first virtual node and a third physical port of the physical node is designated as belonging to the second virtual node. The first physical port is associated with a first network partition and the second physical port is associated with a second network partition. The physical node transmits a routing information packet that includes the virtual cost. | 03-29-2012 |
20140140348 | MULTI-HOP ERROR RECOVERY - Methods, apparatus and network architectures relating to the use of a Hop-by-Hop packet forwarding technique using “stepping stone” switches. The network architectures include use of stepping stone switches interspersed with non-stepping stone switches such as conventional network switches comprising network elements such switches, routers, repeaters, etc. The stepping stone switches are configured to route packets as multiplexed flows along tunneled sub-paths between stepping stone switches in a hop-by-hop manner with error recovery, as opposed to conventional routing under which packets are routed from a source to a destination using an arbitrary path or along a (generally) lengthy flow-based path. Accordingly, packets from a source endpoint are routed to a destination endpoint via multiple sub-paths connecting pairs of stepping stone switches, with each sub-path traversing one or more conventional switches and constituting a logical Hop in the Hop-by-Hop route. | 05-22-2014 |
20140153574 | NOTIFICATION BY NETWORK ELEMENT OF PACKET DROPS - Methods and apparatus for implementing notification by network elements of packet drops. In response to determining a packet is to be dropped, a network element such as a switch or router determines the source of the packet and returns a dropped packet notification message to the source. Upon receipt of notification, networking software or embedded hardware on the source causes the dropped packet to be retransmitted. The notification may also be sent from the network element to the destination computer to inform networking software or embedded logic implemented by the destination computer that the packet was dropped and notification to the source has been sent, thus alleviating the destination from needing to send a Selective ACKnowledge (SACK) message to inform the source the packet was not delivered. (Too narrow) | 06-05-2014 |
20140169173 | NETWORK CONGESTION MANAGEMENT BY PACKET CIRCULATION - Methods, apparatus, and networks configured to manage network congestion using packet recirculation. The networks employ network elements (e.g., Rbridges in Layer 2 networks and switches/routers in Layer 3 networks) that are configured to support multi-path forwarding under which packets addressed to the same destination may be routed via multiple paths to the destination. In response to network congestion conditions, such as lack of availability of a non-congested port via which a shortest path to the destination may be accessed, a packet may be routed backward toward a source node or forwarded toward a destination along a non-shortest path. The network elements may employ loopback buffers for looping packets back toward a source via the same link the packet is received on. | 06-19-2014 |
20140172906 | TIME-SHIFTING IMAGE SERVICE - Methods and systems may provide for obtaining a query image of a scene, wherein the query image includes embedded information and represents the scene at a time of capture. The embedded information may include location data and perspective data. Additionally, user input may be received, wherein the user input identifies a different time than the time of capture. A time-shifted image of the scene may be obtained based on the user input and the embedded information in the query image. Crowd sources and/or other public information sources may also be used to obtain the time-shifted image. In one example, the time-shifted image represents the scene at the different time. | 06-19-2014 |
20140185618 | PATH SPLITTING WITH A CONNECTION-ORIENTED NETWORK - In one embodiment this disclosure provides a network device that includes an input port configured to link to a first device to receive a packet from the first device, wherein the received packet having a first label encoded therein, the value of the first label is specific to the link between the network device and the first device; the input port having an input port identifier, the input port identifier and the first label form an input tuple; a plurality of output ports configured to link to respective ones of a plurality of second devices, each output port having a respective output port identifier; a forwarding table that includes at least one input tuple and a corresponding set of output tuples; wherein each output tuple comprises an output port identifier and a second label, the value of the second label is specific to the link between the network device and a respective one of the second plurality of devices; and routing circuitry configured to compare the input tuple of the received packet with at least one input tuple of the forwarding table, identify the corresponding set of output tuples, and select one output tuple from among the set of corresponding output tuples; the routing circuitry is also configured to replace the first label of the received packet with the second label and send the packet to the output port specified by the output port identifier in the selected output tuple. | 07-03-2014 |
20140189807 | METHODS, SYSTEMS AND APPARATUS TO FACILITATE CLIENT-BASED AUTHENTICATION - Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider. | 07-03-2014 |
20140192677 | NETWORK ROUTING PROTOCOL POWER SAVING METHOD FOR NETWORK ELEMENTS - Methods and apparatus relating to network routing protocols to support power savings in network elements. A most utilized link path network topology for a computer network is discovered using a routing protocol such as a Spanning Tree, link-state, or distance vector routing protocol. In view of the most utilized link path network topology, links are identified as candidates for power management under which a power state of the link and associated network ports are managed to save power under applicable link conditions, such as low utilization. Link power-state change conditions are detected, and in response a corresponding change to the power state of a link is effected by changing the power-state of the network ports at the ends of the link. Power state changes include putting a link into a reduced power state, taking a link offline, and powering a link back up. | 07-10-2014 |
20140207928 | Providing Different Levels of Service Over a Storage Transport - In accordance with some embodiments, identification of transport streams facilitates the classification of those streams. Classification of those streams in turn enables a classification to be matched to a quality of service policy. Thus, quality of service policies may be enforced so that different streams can be afforded appropriate quality of service. | 07-24-2014 |
20150009823 | CREDIT FLOW CONTROL FOR ETHERNET - One embodiment provides a method for enabling class-based credit flow control for a network node in communication with a link partner using an Ethernet communications protocol. The method includes receiving a control frame from the link partner. The control frame includes at least one field for specifying credit for at least one traffic class and the credit is based on available space in a receive buffer associated with the at least one traffic class. The method further includes sending data packets to the link partner based on the credit, the data packets associated with the at least one traffic class. | 01-08-2015 |
Patent application number | Description | Published |
20090019293 | AUTOMATIC DATA REVOCATION TO FACILITATE SECURITY FOR A PORTABLE COMPUTING DEVICE - Some embodiments of the present invention provide a system that automatically revokes data on a portable computing device. During operation, the system uses a key K | 01-15-2009 |
20090279692 | FAST COMPUTATION OF ONE-WAY HASH SEQUENCES - Some embodiments of the present invention provide a system that computes a target secret S | 11-12-2009 |
20090296926 | KEY MANAGEMENT USING DERIVED KEYS - Some embodiments of the present invention provide a system that generates and retrieves a key derived from a master key. During operation, the system receives a request at a key manager to generate a new key, or to retrieve an existing key. To generate a new key, the system generates a key identifier and then derives the new key by cryptographically combining the generated key identifier with the master key. To retrieve an existing key, the system obtains a key identifier for the existing key from the request and then cryptographically combines the obtained key identifier with the master key to produce the existing key. | 12-03-2009 |
20100142713 | NEARLY-STATELESS KEY ESCROW SERVICE - Some embodiments provide a system to generate a key pair. During operation, the system can receive a request to generate the key pair, wherein the key pair is generated by a key assigner, and wherein the key pair is associated with a user. Next, the system can determine a secret associated with the key assigner. Specifically, the system can determine the secret by determining an initial secret associated with the key assigner, and by applying a one-way hash function to the initial secret one or more times. The system can then determine a seed based on the secret. Specifically, the system can determine the seed by cryptographically combining the secret with information associated with the user. Next, the system can generate the key pair by using the seed as an input to a key generator. The system can then return the key pair to a requestor. | 06-10-2010 |
20100329460 | METHOD AND APPARATUS FOR ASSURING ENHANCED SECURITY - Some embodiments provide a system to assure enhanced security, e.g., by assuring that information is not revealed over a covert channel. All communications between a source system and a destination system may pass through an intermediate system. In some embodiments, the intermediate system may perform an additional level of blinding to ensure that the source system does not covertly reveal information to the destination system. In some embodiments, the intermediate system may request the source system to perform a modification operation, and then check if the source system performed the modification operation. Examples of the modification operation include a blinding operation and a cryptographic hashing operation. | 12-30-2010 |