Patent application number | Description | Published |
20080201191 | DYNAMIC WORKFLOW RESOURCE AUTHENTICATION AND DISCOVERY - Techniques for dynamic workflow resource authentication and discovery are presented. A processing workflow is augmented with a dynamic resource that becomes available and is authenticated as the workflow is processed. A reference to the newly discovered resource is provided and permits tasks of the workflow to be handled by the newly discovered resource via the dynamically supplied reference. | 08-21-2008 |
20080201708 | VIRTUALIZED WORKFLOW PROCESSING - Techniques for virtualized workflow processing are presented. A processing state of workflow within a first processing environment is imaged and configured for a second processing environment. The image is received in the second processing environment where it is authenticated and initiated within the second processing environment as a virtual machine. | 08-21-2008 |
20080244575 | Tessellated virtual machines conditionally linked for common computing goals - In a computing environment, an association and layout of virtual machines exist as a system of multiple applications instantiated for a common computing goal, such as providing a data center with an email system for an enterprise. In that every application need not always be operational or have applicability in every scenario, applications are only instantiated upon actionable requests for various services. Representatively, a communication channel is initialized between at least two applications, but instantiation of one of the applications is delayed until an actionable request between the applications occurs. In this manner, policy or governance can be enforced and/or computing resources can be conserved. Various features relate to defined incoming and outgoing connectors of virtual machines of the applications and their functional interaction to satisfy initial connectivity issues and to later instantiate needed applications. Libraries, software program products, and policy management are other features, to name a few. | 10-02-2008 |
20080244688 | VIRTUALIZED FEDERATED ROLE PROVISIONING - In various embodiments, techniques for virtualized federated role provisioning are provided. An entire policy and role provisioning environment is packaged in a first environment and sent to a second environment. The second environment authenticates and initiates the policy and role provisioning environment as a virtualized federated role provisioning service or a shared policy decision point service. The shared policy decision point service dynamically resolves policy, roles, and constraints for requesting resources within the second environment and supplies this information to a local policy enforcement point service that enforces roles on the resources. | 10-02-2008 |
20080256535 | Tessellated virtual machines for common computing goals - In a computing environment, an association and layout of virtual machines exist as a system instantiated for a common computing goal, such as providing a data center with an email system for an enterprise. Irrespective of physical computing devices, a template exists for each of the virtual machines according to a role of the common computing goal, including a definition for external connectivity with other virtual machines. From a template library, certain of the virtual machine templates are selected and tessellated into an application functioning to accomplish the computing goal. Collections of tessellated applications may be reposited in a library so that more than one application may be combined with another to achieve yet another computing goal, for example. Ultimately, tessellated applications provide a new computing paradigm to counter present-day computing complexities and cumbersomeness as systems evolve and become more regulated. | 10-16-2008 |
20080256538 | Storage configurations for tessellated virtual machines - In a computing environment, an association and layout of virtual machines is provided as a system instantiated for a common computing goal, such as providing a data center with an email system for an enterprise. Irrespective of physical computing devices, a template exists for each of the virtual machines according to a role of the common computing goal, including a definition for external connectivity with other virtual machines. From a template library, certain of the virtual machine templates are selected and tessellated into an application functioning to accomplish the computing goal. Storage configurations contemplate physical storage devices variously arranged over the near and short term relative to each of the virtual machine templates and to the tessellated application as a whole. Managers coordinate, allocate and oversee same. | 10-16-2008 |
20080281654 | Data center life cycle management - Managing a data center life cycle of an enterprise begins with a policy defining stages of the life cycle and criteria indicating a successful evaluation of each stage. Evaluators, according to a predetermined identity, attest to whether the policy is satisfied for a single stage of the life cycle until all stages are evaluated, but advancement from one stage to the next only occurs upon the policy being satisfactorily met. If the policy is not met, corrective action is taken, including an optional step of notifying personnel of a stage failure. Documenting the attestation is another consideration as is auditing the documenting. In this manner, troubleshooting is enhanced or an historical record is achieved. In the event of multiple evaluators, each may attest to the satisfaction of a portion of the policy. Further definitions include computing configurations per a single machine and/or an entirety of the data center. | 11-13-2008 |
20080294664 | MECHANISM FOR SUPPORTING INDEXED TAGGED CONTENT IN A GENERAL PURPOSE DATA STORE - A schema identifies a field in a document as a key field. Using an XML schema, the key field can be identified by attaching a property to the element or attribute to be used as a key field (if the XML schema standard is modified to support properties). Otherwise, attributes can be used to identify the element or attribute that is to be a key field. Fields can be primary keys, secondary keys, or foreign keys, as supported by data stores. The data store can analyze the schema to determine which fields are key fields. The key fields can be duplicated in the native format of the data store for use in indexing, searching, and other data store functions on the documents. The documents themselves can be stored as objects, into which the data store cannot reach, or can be stored in the native format of the data store, as desired. | 11-27-2008 |
20080307415 | Tessellated applications for user computing environments - A computing policy establishes computing rights of multiple users according to their roles, such as workplace job descriptions. Templates, in a library, each define a computing configuration of at least one virtual machine and any computing application to be executed by the virtual machine. A plurality of user applications are defined and configured from the templates and each corresponds to one or more roles of the users. Users select from the applications, according to their role. In this manner, policy or governance can be enforced and/or computing resources conserved. Various other features relate to: tessellating the applications from the templates; loading and configuring startup conditions of the applications; and mapping the applications to user viewing areas, such as a viewing boundary of a monitor or a virtual viewing area within the viewing boundary. Libraries, managers, software program products, and policy management are other features, to name a few. | 12-11-2008 |
20080313540 | SYSTEM AND METHOD FOR EVENT-BASED RENDERING OF VISUAL EFFECTS - A system and method is provided for rendering visual effects, or other types of effects, in response to an occurrence of one or more events. The visual effects may be rendered on a user desktop in order to alert or otherwise notify a user that the one or more events have occurred. The events may reflect incoming messages (e.g., e-mails, instant messages, etc.), application and/or system problems, downloads, appointments, alarms, updates, network status, or other software and/or hardware related events. The visual effects may be rendered on the desktop to subtly notify the user when an event of interest occurs. | 12-18-2008 |
20090006592 | NETWORK EVALUATION GRID TECHNIQUES - Network evaluation grid techniques are presented. Local specifications for traffic patterns are evaluated for local traffic on local grids of a grid computing environment and reported out. The local traffic reported out is then evaluated in response to global traffic pattern specifications and a global traffic policy in order to identify one or more remedial actions to take or to recommend in response to that evaluation. | 01-01-2009 |
20090030705 | PROJECT MANAGEMENT BLACK BOX PROTECTIONS - Techniques for project management black box protections are provided. A first principal associated with a first processing environment and a first stage of a project's lifecycle requests that an action be taken on its behalf. The first principal is authenticated and policy is evaluated when the first principal is successfully authenticated. Moreover, the action is taken on behalf of the principal when the policy permits and the when the principal was successfully authenticated. | 01-29-2009 |
20090037198 | TECHNIQUES FOR TEMPORARILY HOLDING PROJECT STAGES - Techniques for temporarily holding project stages are provided. Resources and configuration information associated with a source stage of project's lifecycle are imaged in a self-contained project package. The package is published to an intermediate holding area. The package is pulled to and initiated within a target stage of the project's lifecycle when release and access criteria are satisfied. | 02-05-2009 |
20090037921 | TECHNIQUES FOR INSTANTIATING AND CONFIGURING PROJECTS - Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives. | 02-05-2009 |
20090048888 | TECHNIQUES FOR CLAIM STAKING IN A PROJECT STAGE-BASED ENVIRONMENT - Techniques for claim staking in a project stage-based environment are provided. A stakeholder is assigned for a project as a whole or a sub portion of the project. Access permissions are defined in response to the stakeholder, the project, and/or the sub portion. The access permissions are dynamically enforced across processing environments, stages within a same project, and stages within different projects when attempted changes are made to the project or the sub portion. | 02-19-2009 |
20090048894 | TECHNIQUES FOR PROPAGATING CHANGES IN PROJECTS - Techniques for propagating changes in projects are provided. A first resource associated with a first project is modified in some manner. The modification is automatically and dynamically detected. A second project is identified for notification of that change. The notification is communicated to the second project in a custom manner. | 02-19-2009 |
20090064158 | MULTI-CORE RESOURCE UTILIZATION PLANNING - Techniques for multi-core resource utilization planning are provided. An agent is deployed on each core of a multi-core machine. The agents cooperate to perform one or more tests. The tests result in measurements for performance and thermal characteristics of each core and each communication fabric between the cores. The measurements are organized in a resource utilization map and the map is used to make decisions regarding core assignments for resources. | 03-05-2009 |
20090064292 | TRUSTED PLATFORM MODULE (TPM) ASSISTED DATA CENTER MANAGEMENT - Techniques for trusted platform module (TPM) assisted data center management are provided. A data center registers TPM remote attestations for physical processing environments of physical devices within a data center. Each time a physical processing environment is established; a new TPM remote attestation is generated and validated against the registered TPM remote attestation. Additionally, during registration other identifying information is supplied to the physical processing environments that permit each physical processing environment to be authenticated, validated, and controlled via unique identities. Inter-data center communication is established for sharing virtual processing environments and administrative operations are authenticated within each of the data centers perform any administrative operation is permitted to process within a particular data center. | 03-05-2009 |
20090077060 | TECHNIQUES FOR SECURE NETWORK SEARCHING - Techniques for network searching are provided. A search is defined and the search is encrypted in a format known to a search service. Return instructions are defined for delivering search results of the search to a principal that defined the search and the return instructions. The return instructions are encrypted in a different format know to a return search process. The encrypted search is delivered to the search service for processing the search and the encrypted return instructions are delivered to the return search process for handling search results provided by the search service and for conforming delivery of the search results to the return instructions. | 03-19-2009 |
20090089857 | IDENTITY-BASED ADDRESS NORMALIZATION - In various embodiments, techniques for identity-based address normalization are provided. A principal attempts to access a resource via a principal-supplied address. A principal identity for the principal is used to acquire one or more address patterns. The principal-supplied address is compared against the one or more address patterns and when a match is detected, the principal-supplied address is normalized according to policy associated with the matched pattern. Additional access limitations and security restrictions are then enforced in response to the normalized address. | 04-02-2009 |
20090133017 | ENVIRONMENT MANAGERS VIA VIRTUAL MACHINES - Methods and apparatus enforce computing policies of an enterprise in a distributed manner so that idiosyncratic services to a computing device can be minimized or altogether eliminated. Pluralities of virtual machines are arranged on one or more computing devices and define, for example, applications specified by a user and shared services approved by the enterprise. A central library stores the virtual machines and each is available for check-out by users. A manager evaluates the virtual machines for satisfactory compliance with the computing policies at a time when the virtual machines are resident in the library. Upon confirmation of satisfactory compliance, the applications and shared services are available for deployment to users. Otherwise, the virtual machines are centrally serviced for compliance and/or tested before redeployment. Libraries, managers, software program products, threat assessment, and policy management are other features, to name a few. | 05-21-2009 |
20090177656 | TECHNIQUES FOR EVALUATING PATENT IMPACTS - Techniques for evaluating patent impacts are provided. A claim of a patent is normalized and an abstract of the claim is generated. The abstract is used to search a repository of target sources and their corresponding abstracts. Related abstracts found during the search are returned for purposes of evaluating the claim in view of data sources associated with the related abstracts. | 07-09-2009 |
20090199282 | TECHNIQUES FOR NON-UNIQUE IDENTITY ESTABLISHMENT - Techniques for non-unique identity establishment are presented. A plurality of biometric data associated with a user is acquired from a plurality of biometric devices. The intersection of the biometric data is registered or a vector for the biometric data is registered. This information is also registered along with answers to questions provided by the user. When a user attempts to subsequently access a secure resource of a network, the retained information is compared against user-supplied biometric data and in some cases where appropriate user-supplied answers to establish an identity of the user and to authenticate the user for access to the secure resource. | 08-06-2009 |
20090217351 | TECHNIQUES FOR ANONYMOUS INTERNET ACCESS - Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained. | 08-27-2009 |
20090240694 | TECHNIQUES FOR APPLICATION DATA SCRUBBING, REPORTING, AND ANALYSIS - Techniques for application data scrubbing, reporting, and analysis are presented. A plurality of data sources are analyzed in accordance with their schemas and matching rules. Merging rules are applied to merge a number of data types across the data sources together. A report is produced for inspection and a master data source is generated. The processing can be iterated with rules modified in response to the report for purposes of refining the master data source. | 09-24-2009 |
20090240726 | TECHNIQUES FOR SCHEMA PRODUCTION AND TRANSFORMATION - Techniques for schema production and transformation are presented. Enterprise data from a plurality of data sources is analyzed to produce patterns to types of enterprise data. Merging rules group patterns together with entries across multiple schemas. Each schema associated with one of the data sources. A single entry is then produced within a single generic schema for each group of patterns. The generic schema can then be used to suggest changes to enterprise data policy and to make the enterprise data interoperable across the enterprise in an automated fashion. | 09-24-2009 |
20090241201 | TECHNIQUES FOR MULTILINGUAL PASSWORD CHALLENGE RESPONSE, PASSWORD RESET, AND/OR PASSWORD RECOVERY - Techniques for multilingual password challenge response, password reset, and/or password recovery are presented. When a password reset or password recovery request is received, a series of challenge questions are serially asked such that each question has to be answered correctly before the next question in the series is even presented. Furthermore, at least two questions are asked in different languages from one another. | 09-24-2009 |
20090288062 | MECHANISM TO SUPPORT ORPHANED AND PARTIALLY CONFIGURED OBJECTS - Mechanisms to support orphaned and partially configured objects are provided. A project includes a variety of objects. At least one object is designated as an orphaned object. The orphaned object lacks complete configuration details. Other objects of the project depend on the orphaned object and yet the other objects can load and process within the project as if the orphaned object was fully configured and available. | 11-19-2009 |
20090288093 | MECHANISM TO BUILD DYNAMIC LOCATIONS TO REDUCE BRITTLENESS IN A TEAM ENVIRONMENT - Mechanisms to build dynamic locations to reduce brittleness in a team environment are provided. A project includes resources, each resource is assigned a key. Each key is mapped to a current location for its corresponding resource. The keys and locations are maintained in an index. Locations for the resources can change as desired throughout the lifecycle of the project and as changes occur the index is updated. When references are made within the project to the resources, the references are translated to the keys, if necessary. The keys are then used for accessing the index and dynamically acquiring the current locations for the resources at the time the references are made. | 11-19-2009 |
20090293101 | INTEROPERABLE RIGHTS MANAGEMENT - Techniques for interoperable rights management are provided. Content is packaged with declarations defining access rights. The packaged content is delivered to a target resource in accordance with a distribution policy. When the content is accessed the access rights are enforced against the target resource within the target environment in accordance with a local access policy. | 11-26-2009 |
20090313281 | MECHANISMS TO PERSIST HIERARCHICAL OBJECT RELATIONS - Mechanisms to persist object relations are provided. A project is defined as a series of interrelated objects having dependencies and relationships with one another. The dependencies and relationships are maintained via a storage organization for files that define the objects within a project storage environment for the project. Thus, the dependencies and relationships are not maintained via hardcoded instructions or references that are included within the files. | 12-17-2009 |
20100017434 | MECHANISMS TO SHARE ATTRIBUTES BETWEEN OBJECTS - Mechanisms for sharing attributes between objects are provided. An object includes a special designation for at least one component, which is identified as a shared attribute. Data associated with the shared attribute is populated and managed from a central location within a processing environment. Multiple instances of a same object or of entirely different objects can reference, declare, and use the data from the central location. | 01-21-2010 |
20100030737 | IDENTITY ENABLED DATA LEVEL ACCESS CONTROL - Mechanisms for identity enabled data level access control are provided. Data queries from principals are intercepted and access rights are assigned in response to identities associated with the principals. The access rights are enforced by modifying the queries and/or filtering results from the queries. The modified queries and/or filtered results are processed against a data store on behalf of the principals and returned to the principals. | 02-04-2010 |
20100036869 | MECHANISMS TO SUPPORT FINE-GRAIN NAMESPACING - Mechanisms to support fine-grain namespacing are provided. When an object is to be loaded within a processing environment, a specific namespace for that object is dynamically resolved during the load. That namespace can be dynamically resolved via object inheritance, via specific object-attribute declaration, and/or via consultation with a namespace object. | 02-11-2010 |
20100036870 | MECHANISMS TO SUPPORT MULTIPLE NAME SPACE AWARE PROJECTS - Mechanisms to support multiple name space aware projects are provided. Multiple roots of a project declare multiple namespacing mechanisms. Resources of the project can utilize each of the multiple namespacing mechanisms. In some cases, a particular resource of the project can override and use a foreign namespace that is associated with a different project hierarchy even while that particular resource resides within a project hierarchy associated with the original project and even while the project hierarchy does not declare, at the root, the foreign namespace. | 02-11-2010 |
20100043049 | IDENTITY AND POLICY ENABLED COLLABORATION - Techniques for identity and policy enabled collaboration are provided. Access to assets of an enterprise is governed by identity relationships. A policy defines security restrictions between collaborating network resources based on identities assigned to the network resources. During collaboration, the security restrictions are enforced. | 02-18-2010 |
20100049683 | COLLABORATIVE DEBATING TECHNIQUES - Techniques for collaborative debating are provided. Pieces of content are associated with particular identities and submitted to virtual communities. The content and the identities then receive metrics as: comments, attributions, and/or reputation ratings from various members of the virtual communities. The metrics are collected in a repository and subsequently summarized for requesters to assist in analyzing the credibility of the identities and/or the value that particular pieces content add to a particular debate within a particular virtual community. | 02-25-2010 |
20100050239 | AUTOMATED SERVICE PLATFORM PROSPECTING - Techniques for automated service platform prospecting are provided. A prospector process is sent out in advance to scout for potential network sites that provide computing infrastructure and computing services (platforms) to self-contained computing environments. The prospector process validates the potential network sites for use and gathers site characteristics that are used to configure the self-contained computing environments when they are to be installed and executed on those network sites. | 02-25-2010 |
20100071031 | MULTIPLE BIOMETRIC SMART CARD AUTHENTICATION - Techniques for multiple biometric smart card authentication are provided. At least two biometric readings are obtained from a requesting user. Both biometric readings are verified before access to resources of a smart card are made available to the requesting user. | 03-18-2010 |
20100095268 | MANAGING COMPLEX DEPENDENCIES IN A FILE-BASED TEAM ENVIRONMENT - Techniques managing complex dependencies in a file-based team environment are provided. A software module is represented as an object. The object is defined via a file. The file includes relationships, and some of the relationships define dependencies to other objects. In some cases, attributes for the object are also included in the file and are defined via references to still other objects. The relationships and the attributes are carried with the object via the file. | 04-15-2010 |
20100100554 | TECHNIQUES FOR MEASURING THE RELEVANCY OF CONTENT CONTRIBUTIONS - Techniques for measuring the relevancy of content contributions are provided. Relevancy measurements for components of a collection of content are obtained. The relevancy measurements, the components to which they relate, and the collection of content as a whole are organized into a graphical presentation for subsequent analysis of the components vis-a-vis the collect of content as a whole. | 04-22-2010 |
20100106542 | TECHNIQUES FOR HELP DESK MANAGEMENT - Techniques for help desk management are provided. A user's experience with a resource is captured via a rating. The rating is recorded along with other metrics associated with a processing environment of the user and proactive action taken in response to configuration or performance problems with the user. | 04-29-2010 |
20100106834 | SPONTANEOUS RESOURCE MANAGEMENT - Techniques for spontaneous resource management are provided. Information about resources is indexed and housed in a repository. The information is dynamically updated. Search queries are performed against the indexed information in the repository for purposes of forming dynamic groupings of the resources that are then managed as custom-defined and dynamic groups. | 04-29-2010 |
20100114940 | SELF-ORGANIZING MANAGED RESOURCES - Techniques for self-organizing managed resources are provided. A search that defines characteristics of a source resource is automatically constructed. The search is processed to obtain one or more target resources that are similar to the source resource. The source resource and the one or more target resources form a dynamic managed group that is used to monitor and manage the target resources and the source resource as a logical group. | 05-06-2010 |
20100122312 | PREDICTIVE SERVICE SYSTEMS - A predictive service system can include a gathering service to gather user information, a semantic service to generate a semantic abstract for the user information, a policy service to enforce a policy, and a predictive service to act on an actionable item that is created based on the user information, the semantic abstract, and the policy. The system can also include an analysis module to create the actionable item and send it to the predictive service. The system can also include an identity service to create a crafted identity for the user. | 05-13-2010 |
20100131640 | TECHNIQUES FOR IDENTIFYING AND LINKING RELATED CONTENT - Techniques for identifying and linking related content are provided. A principal content network node is received having principal-defined content organized around a principal-defined topic. Local content of the principal is also acquired. The principal-defined content and the local content are evaluated to derive relationships associated with principal identities, principal reputations, and the principal-defined topic. A content network is established that links the principal content network node to other content network nodes having the local content; the links are maintained in response to the relationships. | 05-27-2010 |
20100135497 | COMMUNICATION WITH NON-REPUDIATION - Apparatus, systems, and methods may operate to compare a first hashed value of at least a first decryption key, the first decryption key received from a sender, to a second hashed value of at least a second decryption key that has been received as a signed value from a receiver. Further operations may include sending the first decryption key to the receiver and sending the signed value to the sender upon determining that the first hashed value matches the second hashed value. Additional apparatus, systems, and methods are disclosed. | 06-03-2010 |
20100169314 | CONTENT ANALYSIS AND CORRELATION - A content analysis and correlation service system can include a summary manager service for generating content correlation summaries, wherein the generated content correlation summaries are based on discovered content and analyzed content based on the discovered content. The system can include a content search manager service for generating the discovered content based on search criteria and correlation criteria and a semantic analysis service for generating the analyzed content based on the discovered content. The system can also include a data store for storing the generated content correlation summaries and a notification service for providing notifications based on the generated content correlation summaries. | 07-01-2010 |
20100169315 | ATTRIBUTION ANALYSIS AND CORRELATION - An attribution analysis and correlation system can include a content manager and a semantic correlation module. The content manager can receive a list identifying at least one contributor to be evaluated. The content manager can also mine at least one community for content pertaining to the contributor(s). The semantic correlation module can generate correlation results by performing a semantic analysis and correlation on the persistent content and attributions corresponding to the contributor(s). | 07-01-2010 |
20100169337 | IDENTITY ANALYSIS AND CORRELATION - An identity analysis and correlation service system can include a summary manager service for generating identity correlation summaries pertaining to a persona, wherein the generated identity correlation summaries are based on discovered content corresponding to the persona and analyzed content corresponding to the discovered content. The system can include a content search manager service for generating the discovered content based on search criteria and a semantic analysis service for generating the analyzed content. The system can also include a data store for storing the generated identity correlation summaries and a notification service for providing a notification based on the generated identity correlation summaries. | 07-01-2010 |
20100211771 | KEY DISTRIBUTION - Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network. | 08-19-2010 |
20100223459 | KEY DISTRIBUTION - Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network. | 09-02-2010 |
20100235355 | SYSTEM AND METHOD FOR UNIFIED CLOUD MANAGEMENT - Method and system for managing workloads in a cloud computing environment comprising cloud services providers is described. In one embodiment, the method comprises, for each of the cloud services providers, monitoring a situation of the cloud services provider to obtain situation information for the cloud services provider and evaluating the obtained situation information and then deploying an workload to a selected one of the cloud services providers based at least in part on results of the evaluating. | 09-16-2010 |
20100235526 | SYSTEM AND METHOD FOR REDUCING CLOUD IP ADDRESS UTILIZATION USING A DISTRIBUTOR REGISTRY - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external cloud address to the internal cloud addresses of the cloud workloads. The routing system comprises a virtual router configured to function as a network address translator (“NAT”); a distributor connected between the virtual router and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, cloud address mappings, and cloud workload configuration information. | 09-16-2010 |
20100235539 | SYSTEM AND METHOD FOR REDUCED CLOUD IP ADDRESS UTILIZATION - System and method for providing cloud computing services is described. In one embodiment, the system includes a cloud computing environment, the cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal addresses of the cloud workloads. | 09-16-2010 |
20100235630 | SYSTEM AND METHOD FOR PROVIDING KEY-ENCRYPTED STORAGE IN A CLOUD COMPUTING ENVIRONMENT - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal cloud addresses of the cloud workloads. A designated one of the cloud workloads obtains one key of a first pair of cryptographic keys, the first pair of cryptographic keys for decrypting encrypted storage hosted within the cloud computing environment. | 09-16-2010 |
20100235887 | SYSTEM AND METHOD FOR QUEUING TO A CLOUD VIA A QUEUING PROXY - System and method for servicing queue requests via a proxy are described. In one embodiment, the system includes an enterprise queuing proxy (“EQP”) disposed within an enterprise computing environment and having an enterprise queue associated therewith; a cloud queuing proxy (“CQP”) disposed within a cloud computing environment, the CQP connected to a plurality of cloud queues each having associated therewith at least one queue service process listening on the cloud queue for queue requests to service; and a secure communications mechanism for interconnecting the EQP and the CQP. Upon receipt of a queue request from an enterprise service, the EQP evaluates the request against policy to determine whether to service it locally or remotely and, if the request is to be serviced remotely, forwards the request to the CQP via the secure communications mechanism. Upon receipt of the request, the CQP evaluates the queue request against policy to select one of the cloud queues to which to route the queue request for servicing. | 09-16-2010 |
20100235903 | SYSTEM AND METHOD FOR TRANSPARENT CLOUD ACCESS - System and method for transparent cloud access are described. In one embodiment, the system comprises an enterprise computing environment maintained by an enterprise and a cloud computing environment maintained by a cloud provider; and a secure bridge mechanism for interconnecting the enterprise computing environment and the cloud computing environment. The secure bridge mechanism comprises a first secure bridge portion associated with the enterprise and a second secure bridge portion associated with the cloud computing environment. The first and second secure bridge portions interoperate to provide transparent and secure access by resources of one of the computing environments to those of the other computing environment. | 09-16-2010 |
20100239095 | KEY DISTRIBUTION - Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network. | 09-23-2010 |
20100250479 | INTELLECTUAL PROPERTY DISCOVERY AND MAPPING SYSTEMS AND METHODS - An apparatus can include an information gathering module, a semantic abstract generation module, and an intellectual property space identification module. The information gathering module can retrieve information pertaining to intellectual property activities within a particular technical field. The semantic abstract generation module can generate semantic abstracts based on the information retrieved by the information gathering module. The intellectual property space identification module can perform an evaluation of the particular technical field based on the generated semantic abstracts. | 09-30-2010 |
20100291529 | TECHNIQUES FOR COMPETITIVE EDUCATION - Techniques for competitive education are provided. Proficiency-based tasks are administered to participants. Performance on the tasks results in rewards. The rewards are usable as game attributes by the participants in network-based games to affect game play. The network-based games are played as competitions or collaborations among virtual communities. | 11-18-2010 |
20100325693 | REMOTE AUTHORIZATION FOR OPERATIONS - Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network. | 12-23-2010 |
20110010339 | TECHNIQUES FOR CLOUD CONTROL AND MANAGEMENT - Techniques for cloud control and management are provided. The control, creation, and management of workloads in distributed infrastructures are coordinated via a master Configuration Management Database (CMDB). The master CMDB is also used to unify the multiple distributed infrastructures so that the workloads are rationalized. Moreover, data centers are coordinated with the distributed infrastructures so the configuration settings and policies included in the master CMDB are enforced and synchronized throughout the network. | 01-13-2011 |
20110030044 | TECHNIQUES FOR ENVIRONMENT SINGLE SIGN ON - Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating. | 02-03-2011 |
20110038378 | TECHNIQUES FOR USING THE NETWORK AS A MEMORY DEVICE - Techniques for using the network as a memory device are provided. Network packets continue to circulate on a network using the network communication channel as a memory device. Nodes of the network are configured to selectively copy, use, verify, modify, create, and purge the network packets using file management semantics. | 02-17-2011 |
20110040805 | TECHNIQUES FOR PARALLEL BUSINESS INTELLIGENCE EVALUATION AND MANAGEMENT - Techniques for parallel business intelligence and management are provided. Data is collected from a variety of disparate sources and from a variety of disparate network locations. The data is then filtered and normalized. Next, relationships between elements in the data are established and correlations are created between the elements. The elements are then tagged and integrated with other data of a distributed knowledge store to create customized business intelligence reports and customized data visualizations. | 02-17-2011 |
20110106926 | System and method for implementing a cloud workflow - System and method for implementing a workflow of a first domain, wherein the workflow is implemented as a series of steps to accomplish a workload and wherein at least one of the steps utilizes a process, are described. In one embodiment, the method comprises establishing a mutual trust relationship between the first domain and a second domain; wherein one of the steps is authored by the second domain, the method further comprising associating with the step authored by the second domain a digital attestation for enabling the first domain to verify authorship and non-modification thereof. | 05-05-2011 |
20110106927 | SYSTEM AND METHOD FOR IMPLEMENTING CLOUD MITIGATION AND OPERATIONS CONTROLLERS - System and method for implementing cloud mitigation and operations controllers are described. One embodiment is a system for controlling operation of a cloud computing environment, wherein the system comprises a repository for storing data regarding characteristics of the cloud computing environment, wherein the stored data includes policy notations designating compliance or noncompliance of the data with policy; an analyst module for analyzing the stored data in combination with external report information regarding the cloud computing environment and for providing results of the analysis; and a controller for evaluating the analysis results and issuing instructions for controlling operation of the cloud computing environment based on the evaluating. | 05-05-2011 |
20110107133 | SYSTEM AND METHOD FOR IMPLEMENTING A CLOUD COMPUTER - One embodiment is a clocking system for a computing environment. The system comprises a first set of processes executing in a first computing environment; a first local clock mechanism associated with the first set of processes; and a first communications channel for connecting the first local clock mechanism with the first set of processes. The first local clock mechanism stores clock rates of the first set of processes, wherein each clock rate is specified by function and source and destination combination, the first local clock mechanism further coordinating the clock speeds of the first set of processes as necessary. | 05-05-2011 |
20110107398 | SYSTEM AND METHOD FOR TRANSPARENT ACCESS AND MANAGEMENT OF USER ACCESSIBLE CLOUD ASSETS - System and method for enabling user access of cloud assets are described. In one embodiment, a method comprises authenticating a user to a system comprising a cloud computing environment in which a plurality of cloud assets are hosted; assembling a deployment associated with the authenticated user in accordance with a policy, the deployment comprising designated ones of the cloud assets; and providing a secure mechanism by which the designated ones of the cloud assets comprising the deployment are accessible by the authenticated user. | 05-05-2011 |
20110107411 | SYSTEM AND METHOD FOR IMPLEMENTING A SECURE WEB APPLICATION ENTITLEMENT SERVICE - System and method for implementing a secure web application entitlement service are described. One embodiment of the system comprises a plurality of entitlement point records each comprising a unique identifier associated therewith such that each of the enforcement point records can be associated with an enforcement point within an application; an identity service (“IS”) configured to provide a first token for enabling a user to access the application; an access gateway configured to provide a second token, the second token including a list of at least a portion of the unique identifiers; an entitlement server (“ES”) configured to receive an entitlement request from the application, the entitlement request including the second token, the ES further configured to associate the entitlement request with a user-authenticated session in the IS; and a policy decision point (“PDP”) configured to receive the list of at least a portion of the unique identifiers and to render a decision on the entitlement request based at least in part on policy information associated with ones of the enforcement point records identified by the unique identifiers of the list and attribute information from the IS; wherein subsequent to the rendering of a decision by the PDP, the decision is communicated to the application. | 05-05-2011 |
20110119729 | IDENTITY AND POLICY ENFORCED INTER-CLOUD AND INTRA-CLOUD CHANNEL - Techniques for identity and policy enforced cloud communications are presented. Cloud channel managers monitor messages occurring within a cloud or between independent clouds. Policy actions are enforced when processing the messages. The policy actions can include identity-based restrictions and the policy actions are specific to the messages and/or clouds within which the messages are being processed. | 05-19-2011 |
20110126197 | SYSTEM AND METHOD FOR CONTROLLING CLOUD AND VIRTUALIZED DATA CENTERS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for controlling cloud and virtualized data centers described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, and further to creating cloud images having embedded management agents and identity services for validating the cloud images prior to deployment into the cloud and virtualized data centers and controlling, monitoring, and auditing activity associated with the cloud images following deployment into the cloud and virtualized data centers. | 05-26-2011 |
20110191308 | TECHNIQUES FOR GENERICALLY ACCESSING DATA - Techniques for generic data access are provided. A middle-tier server agent uses data providers that can communicate with backend resources. A request received in a first format is used to identify a specific data provider by the middle-tier server agent; the data provider uses the first format to communicate with a specific backend resource in a second format. Results from the specific backend resource are returned from the data provider in the first format and passed to a client that initially made the request. | 08-04-2011 |
20110191541 | TECHNIQUES FOR DISTRIBUTED CACHE MANAGEMENT - Techniques for distributed cache management are provided. A server having backend resource includes a global cache and a global cache agent. Individual clients each have client cache agents and client caches. When data items associated with the backend resources are added, modified, or deleted in the client caches, the client cache agents report the changes to the global cache agent. The global cache agent records the changes and notifies the other client cache agents to update a status of the changes within their client caches. When the changes are committed to the backend resource each of the statuses in each of the caches are updated accordingly. | 08-04-2011 |
20110197188 | EXTENDING FUNCTIONALITY OF LEGACY SERVICES IN COMPUTING SYSTEM ENVIRONMENT - Methods and apparatus involve extending functionality of legacy services. A legacy application has functionality designed for use on an original computing device. In a modern environment, virtual machines (VMs) operate as independent guests on processors and memory by way of scheduling control from a virtualization layer (e.g., hypervisor). At least one VM is provisioned to modify standard entry points of the original legacy application for new accessing of various system functions of the hardware platform. Representative functions include network access, processors, and storage. Policy decision points variously located are further employed to ensure compliance with computing policies. Multiple platforms and computing clouds are contemplated as are VMs in support roles and dedicated software appliances. In this manner, continued use of legacy services in modern situations allows participation in more capable environments and application capabilities heretofore unimagined. Other embodiments contemplate computing systems and computer program products, to name a few. | 08-11-2011 |
20110208778 | MANAGING DIGITAL IDENTITY INFORMATION - A basic architecture for managing digital identity information in a network such as the World Wide Web is provided. A user of the architecture can organize his or her information into one or more profiles which reflect the nature of different relationships between the user and other entities, and grant or deny each entity access to a given profile. Various enhancements which may be provided through the architecture are also described, including tools for filtering email, controlling access to user web pages, locating other users and making one's own location known, browsing or mailing anonymously, filling in web forms automatically with information already provided once by hand, logging in automatically, securely logging in to multiple sites with a single password and doing so from any machine on the network, and other enhancements. | 08-25-2011 |
20110219353 | TECHNIQUES FOR INSTANTIATING AND CONFIGURING PROJECTS - Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives. | 09-08-2011 |
20110225659 | SEMANTIC CONTROLS ON DATA STORAGE AND ACCESS - Methods and apparatus teach defining an access policy to digital data available on one or more computing devices, including identifying one or more semantic attributes of at least one first digital data set and using the identified attributes to define policy dictating user access privileges. On receipt of a user request to access at least one second digital data set, semantic attributes are compared to the at least one first digital data set and access is allowed or not allowed based on the policy. Semantic attributes are selected from at least one of a closeness attribute, a relatedness attribute, and a semantic vector attribute. Also is taught configuring a policy enforcement agent on the one or more computing devices to undertake the comparing and to allow or not allow access. In turn, computer program products and computing systems for accomplishing the foregoing are provided. | 09-15-2011 |
20110231552 | TECHNIQUES FOR INTELLIGENT SERVICE DEPLOYMENT - Techniques for intelligent service deployment are provided. Cloud and service data are evaluated to develop a service deployment plan for deploying a service to a target cloud processing environment. When dictated by the plan or by events that trigger deployment, the service is deployed to the target cloud processing environment in accordance with the service deployment plan. | 09-22-2011 |
20110231779 | COLLABORATIVE DECISION MAKING - Techniques for collaborative decision making are presented. A collaborative decision making process is referred to as a buzz. A principal creates and defines the policies for the buzz as well as the criteria for participants of the buzz. The buzz is launched for online collaboration and is managed according to the policies. Actions and decisions are logged and recorded during the buzz. | 09-22-2011 |
20110231822 | TECHNIQUES FOR VALIDATING SERVICES FOR DEPLOYMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - Techniques for validating services for deployment in an intelligent workload management system are provided. A service is created with workloads and software products. Test modules are integrated into the service to test each of the products. The service with the test modules is executed and test results are produced. The test results are compared against known results and a decision is made to deploy the service to a cloud processing environment or to require the service to be retested. | 09-22-2011 |
20110231846 | TECHNIQUES FOR MANAGING SERVICE DEFINITIONS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - Techniques for managing service definitions in an intelligent workload management system are provided. Workloads and software products are assembled as a single unit with custom configuration settings. The single unit represents a recallable and reusable service definition for a service that can be custom deployed within designated cloud processing environments. | 09-22-2011 |
20110276593 | MECHANISMS TO PERSIST HIERARCHICAL OBJECT RELATIONS - Mechanisms to persist object relations are provided. A project is defined as a series of interrelated objects having dependencies and relationships with one another. The dependencies and relationships are maintained via a storage organization for files that define the objects within a project storage environment for the project. Thus, the dependencies and relationships are not maintained via hardcoded instructions or references that are included within the files. | 11-10-2011 |
20110282975 | TECHNIQUES FOR DYNAMIC CLOUD-BASED EDGE SERVICE COMPUTING - Techniques for dynamic cloud-based edge service computing are provided. A principal requests a service and a policy is evaluated to select a cloud processing environment capable of supplying the service from an optimal network location as defined by the policy. The selected cloud processing environment is configured to supply the requested service and to monitor and control access of the principal to the requested service from the selected cloud processing environment. | 11-17-2011 |
20110283114 | TECHNIQUES FOR SECURE NETWORK SEARCHING - Techniques for network searching are provided. A search is defined and the search is encrypted in a format known to a search service. Return instructions are defined for delivering search results of the search to a principal that defined the search and the return instructions. The return instructions are encrypted in a different format know to a return search process. The encrypted search is delivered to the search service for processing the search and the encrypted return instructions are delivered to the return search process for handling search results provided by the search service and for conforming delivery of the search results to the return instructions. | 11-17-2011 |
20110289198 | TECHNIQUES FOR EVALUATING AND MANAGING CLOUD NETWORKS VIA POLITICAL AND NATURAL EVENTS - Techniques for evaluating and managing cloud networks via political and natural events are provided. Geographical locations for cloud processing environments are combined with attributes and usage metrics to form associations between each cloud processing environment's geographical location and that cloud's corresponding attributes and usage metrics. Some associations and attributes relate to political and natural events. The political and natural events are used to update a proper selection of a particular cloud processing environment to handle targeted services. | 11-24-2011 |
20110289440 | TECHNIQUES FOR EVALUATING AND MANAGING CLOUD NETWORKS - Techniques for evaluating and managing cloud networks are provided. Geographical locations for cloud processing environments are combined with attributes and usage metrics to form associations between each cloud processing environment's geographical location and that cloud's corresponding attributes and usage metrics. A map is organized for the associations to form a cloud network. The map is dynamically updated, supplied to services, and rendered for evaluation of the cloud network. | 11-24-2011 |
20110289553 | POLICY AND ATTRIBUTE BASED ACCESS TO A RESOURCE - Techniques are provided for controlling access to a resource based on access policies and attributes. A principal issues a request to a service for purposes of accessing a resource. The principal is authenticated and a service contract for the principal, the service, and the resource is generated. The service contract defines resource access policies and attributes which can be permissibly performed by the service on behalf of the principal during a session. Moreover, the session between the service and the resource is controlled by the service contract. | 11-24-2011 |
20110289558 | NETWORK APPLICATION LAYER ROUTING - Techniques for network application layer routing are provided. Requests for services are inspected at an application layer of a network. A priority for a requestor is obtained and in response to the priority the requests are routed to particular processing environments. Depending on the priority the processing environments may be high performing or low performing. | 11-24-2011 |
20110296246 | TECHNIQUES FOR DEBUGGING AN APPLICATION - Techniques for debugging applications are provided. Access to an application is controlled by a wrapper. The wrapper intercepts calls to the application and records the calls. The calls are then passed to the application for processing. The recorded calls form a log which may be analyzed or mined to detect error conditions or undesirable performance characteristics associated with the application independent of source associated with the application. | 12-01-2011 |
20110314513 | ROLE POLICY MANAGEMENT - In various embodiments, techniques for role management systems/services are provided. According to an embodiment, a method is provided to allow a role management system to be configured, modified, and restricted. Specific roles assignments may be decorated to be meaningful to an application but which are not generally applicable to an original role specification. A Policy Enforcement Point (PEP) role request response may be modified by an augmentation service, which evaluates a resource association to identify an appropriate resource profile. Resource decorations are identified by the selected profile and are applied to the role request response. | 12-22-2011 |
20120017085 | TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT - Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement. | 01-19-2012 |
20120042001 | TECHNIQUES TO POLLUTE ELECTRONIC PROFILING - Techniques to pollute electronic profiling are provided. A cloned identity is created for a principal. Areas of interest are assigned to the cloned identity, where a number of the areas of interest are divergent from true interests of the principal. One or more actions are automatically processed in response to the assigned areas of interest. The actions appear to network eavesdroppers to be associated with the principal and not with the cloned identity. | 02-16-2012 |
20120042079 | TECHNIQUES FOR PROVIDING SERVICES AND ESTABLISHING PROCESSING ENVIRONMENTS - Techniques are provided for the delivery of client services and for the establishment of client processing environments. A client receives services within a processing environment which is defined by a processing container. The processing container includes one or more processing groups, and each processing group has a particular context that supports one or more applications or services which are processing within that context. The processing groups communicate with one another via connector interfaces included within the processing container. Services and processing containers can be dynamically added or removed from the processing container. | 02-16-2012 |
20120159605 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 06-21-2012 |
20120173728 | POLICY AND IDENTITY BASED WORKLOAD PROVISIONING - Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool. | 07-05-2012 |
20120191852 | NETWORK EVALUATION GRID TECHNIQUES - Network evaluation grid techniques are presented. Local specifications for traffic patterns are evaluated for local traffic on local grids of a grid computing environment and reported out. The local traffic reported out is then evaluated in response to global traffic pattern specifications and a global traffic policy in order to identify one or more remedial actions to take or to recommend in response to that evaluation. | 07-26-2012 |
20120198282 | META-DIRECTORY CONTROL AND EVALUATION OF EVENTS - Techniques for meta-directory control and evaluation of events are provided. Disparate events from heterogeneous processing environments are collected as the events are produced by resources within the processing environments. The events are filtered and organized into taxonomies. Next the filtered and organized events are assigned to nodes of a Meta directory, each node defining a relationship between two or more of the resources and policy is applied. Finally, additional policy is evaluated in view of the events and their node assignments with other events, and one or more automated actions are then taken. | 08-02-2012 |
20120198375 | MULTI-CONDITION RESOURCE PLANNING - Techniques for multi-condition resource planning are presented. A principal interactively establishes a resource plan for a workflow by making selections for the workflow. Impacts that are forecasted based on the selections are dynamically presented to the principal and the principal is permitted to make adjustments. The finalized resource plan results in the workflow that is subsequently processed according to policy. | 08-02-2012 |
20120216174 | MECHANISM TO SUPPORT ORPHANED AND PARTIALLY CONFIGURED OBJECTS - Mechanisms to support orphaned and partially configured objects are provided. A project includes a variety of objects. At least one object is designated as an orphaned object. The orphaned object lacks complete configuration details. Other objects of the project depend on the orphaned object and yet the other objects can load and process within the project as if the orphaned object was fully configured and available. | 08-23-2012 |
20120222041 | TECHNIQUES FOR CLOUD BURSTING - Techniques for automated and controlled cloud migration or bursting are provided. A schema for a first cloud in a first cloud processing environment is used to evaluate metrics against thresholds defined in the schema. When a threshold is reached other metrics for other clouds in second cloud processing environments are evaluated and a second cloud processing environment is selected. Next, a second cloud is cloned in the selected second cloud processing environment for the first cloud and traffic associated with the first cloud is automatically migrated to the cloned second cloud. | 08-30-2012 |
20120233703 | TECHNIQUES TO POLLUTE ELECTRONIC PROFILING - Techniques to pollute electronic profiling are provided. A cloned identity is created for a principal. Areas of interest are assigned to the cloned identity, where a number of the areas of interest are divergent from true interests of the principal. One or more actions are automatically processed in response to the assigned areas of interest. The actions appear to network eavesdroppers to be associated with the principal and not with the cloned identity. | 09-13-2012 |
20120239801 | CONTENT DELIVERY VALIDATION SERVICE - Techniques for content delivery validation services are provided. A Request for content is validated for a specific level of service that is to be provided over a network when making the request for the content and when delivering the content to satisfy the request over the network. A network transaction is tagged representing the request and the delivery of the content. Resources that comport with the specific level of service are designated to handle the network transaction and the transaction is injected into the network. Usage of the resources is monitored as the network transaction is processed. | 09-20-2012 |
20120281557 | TECHNIQUES FOR PRIVILEGED NETWORK ROUTING - Techniques for privileged network routing are provided. As traffic is received at a gateway of a network backbone provider environment it is interrogated for predefined criteria. If the traffic satisfies the predefined criteria, then the information is routed within the network backbone provider environment to use a set of reserved and restricted resources to provide premium service for the traffic being routed through the network backbone provider environment. | 11-08-2012 |
20120284768 | TECHNIQUES FOR SECURE CHANNEL MESSAGING - Techniques for secure channel messaging are provided. Resources communicate with one another over temporary and secure communication channels. The channels come in and out of existence or switch between different channels using a variety of information and based on dynamic policy evaluation. In some situations, the channels are randomly generated using a variety of the information. Authorized resources are informed of the channels to use and when to use them for purposes of delivering and receiving messages to communicate. | 11-08-2012 |
20120284780 | TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE - Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment. | 11-08-2012 |
20130014244 | TECHNIQUES FOR ENVIRONMENT SINGLE SIGN ON - Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating. | 01-10-2013 |
20130014245 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 01-10-2013 |
20130073332 | TECHNIQUES FOR INSTANTIATING AND CONFIGURING PROJECTS - Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives. | 03-21-2013 |
20130232127 | META-DIRECTORY CONTROL AND EVALUATION OF EVENTS - Techniques for meta-directory control and evaluation of events are provided. Disparate events from heterogeneous processing environments are collected as the events are produced by resources within the processing environments. The events are filtered and organized into taxonomies. Next the filtered and organized events are assigned to nodes of a Meta directory, each node defining a relationship between two or more of the resources and policy is applied. Finally, additional policy is evaluated in view of the events and their node assignments with other events, and one or more automated actions are then taken. | 09-05-2013 |
20130232266 | TECHNIQUES FOR GENERICALLY ACCESSING DATA - Techniques for generic data access are provided. A middle-tier server agent uses data providers that can communicate with backend resources. A request received in a first format is used to identify a specific data provider by the middle-tier server agent; the data provider uses the first format to communicate with a specific backend resource in a second format. Results from the specific backend resource are returned from the data provider in the first format and passed to a client that initially made the request. | 09-05-2013 |
20130263213 | TECHNIQUES FOR IDENTITY AND POLICY BASED ROUTING - Techniques for identity and policy based routing are presented. A resource is initiated on a device with a resource identity and role assignments along with policies are obtained for the resource. A customized network is created for the resource using a device address for the device, the resource identity, the role assignments, and the policies. | 10-03-2013 |
20140130005 | MECHANISMS TO PERSIST HIERARCHICAL OBJECT RELATIONS - Mechanisms to persist object relations are provided. A project is defined as a series of interrelated objects having dependencies and relationships with one another. The dependencies and relationships are maintained via a storage organization for files that define the objects within a project storage environment for the project. Thus, the dependencies and relationships are not maintained via hardcoded instructions or references that are included within the files. | 05-08-2014 |
20140143602 | TECHNIQUES FOR EVALUATING AND MANAGING CLOUD NETWORKS - Techniques for evaluating and managing cloud networks are provided. Geographical locations for cloud processing environments are combined with attributes and usage metrics to form associations between each cloud processing environment's geographical location and that cloud's corresponding attributes and usage metrics. A map is organized for the associations to form a cloud network. The map is dynamically updated, supplied to services, and rendered for evaluation of the cloud network. | 05-22-2014 |
20140156357 | TECHNIQUES FOR HELP DESK MANAGEMENT - Techniques for help desk management are provided. A user's experience with a resource is captured via a rating. The rating is recorded along with other metrics associated with a processing environment of the user and proactive action taken in response to configuration or performance problems with the user. | 06-05-2014 |
20140192644 | TECHNIQUES FOR PRIVILEGED NETWORK ROUTING - Techniques for privileged network routing are provided. As traffic is received at a gateway of a network backbone provider environment it is interrogated for predefined criteria. If the traffic satisfies the predefined criteria, then the information is routed within the network backbone provider environment to use a set of reserved and restricted resources to provide premium service for the traffic being routed through the network backbone provider environment. | 07-10-2014 |
20140195292 | TECHNIQUES FOR INSTANTIATING AND CONFIGURING PROJECTS - Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives. | 07-10-2014 |
20140282547 | EXTENDING FUNCTIONALITY OF LEGACY SERVICES IN COMPUTING SYSTEM ENVIRONMENT - Methods and apparatus involve extending functionality of legacy services. A legacy application has functionality designed for use on an original computing device. In a modern environment, virtual machines (VMs) operate as independent guests on processors and memory by way of scheduling control from a virtualization layer (e.g., hypervisor). At least one VM is provisioned to modify standard entry points of the original legacy application for new accessing of various system functions of the hardware platform. Representative functions include network access, processors, and storage. Policy decision points variously located are further employed to ensure compliance with computing policies. Multiple platforms and computing clouds are contemplated as are VMs in support roles and dedicated software appliances. In this manner, continued use of legacy services in modern situations allows participation in more capable environments and application capabilities heretofore unimagined. Other embodiments contemplate computing systems and computer program products, to name a few. | 09-18-2014 |
20140344461 | TECHNIQUES FOR INTELLIGENT SERVICE DEPLOYMENT - Techniques for intelligent service deployment are provided. Cloud and service data are evaluated to develop a service deployment plan for deploying a service to a target cloud processing environment. When dictated by the plan or by events that trigger deployment, the service is deployed to the target cloud processing environment in accordance with the service deployment plan. | 11-20-2014 |
20140351894 | TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE - Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment. | 11-27-2014 |
20140359132 | POLICY AND IDENTITY BASED WORKLOAD PROVISIONING - Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool. | 12-04-2014 |
20140365656 | IDENTITY AND POLICY ENFORCED INTER-CLOUD AND INTRA-CLOUD CHANNEL - Techniques for identity and policy enforced cloud communications are presented. Cloud channel managers monitor messages occurring within a cloud or between independent clouds. Policy actions are enforced when processing the messages. The policy actions can include identity-based restrictions and the policy actions are specific to the messages and/or clouds within which the messages are being processed. | 12-11-2014 |
20150012740 | TECHNIQUES FOR SECURE NETWORK SEARCHING - Techniques for network searching are provided. A search is defined and the search is encrypted in a format known to a search service. Return instructions are defined for delivering search results of the search to a principal that defined the search and the return instructions. The return instructions are encrypted in a different format know to a return search process. The encrypted search is delivered to the search service for processing the search and the encrypted return instructions are delivered to the return search process for handling search results provided by the search service and for conforming delivery of the search results to the return instructions. | 01-08-2015 |