Patent application number | Description | Published |
20080289013 | TECHNIQUES FOR LOCAL PERSONALIZATION OF CONTENT - Techniques for the local personalization of content are presented. A content personalization service is dynamically pushed from a server environment to a client processing environment associated with a principal on demand. The content personalization service interjects itself between content that the principal attempts to view and access within the client processing environment and modifies and personalizes that content on behalf of the principal before the principal can view or access the content. | 11-20-2008 |
20080289049 | TECHNIQUES FOR PERSONALIZING CONTENT - Techniques for personalizing content are presented. A principal requests access to content. Policy is evaluated in response to the request for the content. Scripts are processed in response to the policy evaluation to rewrite and modify the content. The modified content is then delivered to the requesting principal to personalize the content for the principal. | 11-20-2008 |
20080313348 | TECHNIQUES FOR PORT HOPPING - Techniques for port hopping are presented. A sender and a receiver engage in a communication session with one another and dynamically switch ports during that communication session. A decision to switch ports is based on a data length or packet count of a given transaction occurring during the communication session. The data length and packet count randomly and dynamically change during the communication session and varies from one transaction to another transaction. Any particular port to switch to during the communication session is also randomly and dynamically generated and varies from one transaction to another transaction. | 12-18-2008 |
20090055531 | IDENTITY BASED NETWORK MAPPING - Techniques for identity-based network mapping are provided. A principal is associated with a resource identifier via a mapping. Conditions of a network are dynamically evaluated in response to policy and actions taken against a resource associated with the resource identifier of the mapping. | 02-26-2009 |
20090171953 | TECHNIQUES FOR RECOGNIZING MULTIPLE PATTERNS WITHIN A STRING - Techniques for recognizing multiple patterns within a string of characters are presented. A dictionary is hierarchically organized, such that leaf nodes within the dictionary represents words defined in the dictionary. A string of characters are received. Each character within the string is traversed by attempting to match it with a character defined in the dictionary. As long as a match continues with the dictionary the characters within the string are traversed. Once a longest possible match to a word within the dictionary is found, the next character following the last matched character for the string is processed. | 07-02-2009 |
20090199282 | TECHNIQUES FOR NON-UNIQUE IDENTITY ESTABLISHMENT - Techniques for non-unique identity establishment are presented. A plurality of biometric data associated with a user is acquired from a plurality of biometric devices. The intersection of the biometric data is registered or a vector for the biometric data is registered. This information is also registered along with answers to questions provided by the user. When a user attempts to subsequently access a secure resource of a network, the retained information is compared against user-supplied biometric data and in some cases where appropriate user-supplied answers to establish an identity of the user and to authenticate the user for access to the secure resource. | 08-06-2009 |
20090217351 | TECHNIQUES FOR ANONYMOUS INTERNET ACCESS - Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained. | 08-27-2009 |
20090241178 | CARDSPACE HISTORY VALIDATOR - Before a relying party grants a client access to a resource, the last use of the security token by the client to access the resource of the relying party can be verified. Verification can be accomplished by comparing the last time the client sent the security token to the relying party with the last time the relying party received the security token from the client. If the last use of the security token is not verified, the possibility exists that the security token has been fraudulently used by a third party. | 09-24-2009 |
20090319776 | TECHNIQUES FOR SECURE NETWORK COMMUNICATION - Techniques for secure network communication are provided. Credentials for a user along with a transparently generated secret are sent to a resource that the user desires to establish a secure communication session with. After successful authentication of the user, an initial sequence number for a first transaction of the session is set on a client of the user. Thereafter, with each transaction of the session the client supplies a new and unique sequence number to a server of the resource and uses the secret to encode and validate that transaction. The server of the resource does not permit any transaction that includes an invalid or previously used sequence number. | 12-24-2009 |
20090328166 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 12-31-2009 |
20100023996 | TECHNIQUES FOR IDENTITY AUTHENTICATION OF VIRTUALIZED MACHINES - Techniques for identity authentication of Virtual Machines (VM's) are provided. A VM is authenticated and once authenticated, each device interfaced to or accessible to the VM is also authenticated. When both the VM and each device are authenticated, the VM is granted access to a machine for installation thereon. | 01-28-2010 |
20100043049 | IDENTITY AND POLICY ENABLED COLLABORATION - Techniques for identity and policy enabled collaboration are provided. Access to assets of an enterprise is governed by identity relationships. A policy defines security restrictions between collaborating network resources based on identities assigned to the network resources. During collaboration, the security restrictions are enforced. | 02-18-2010 |
20100154050 | IDENTITY DRIVEN PEER-TO-PEER (P2P) VIRTUAL PRIVATE NETWORK (VPN) - Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another. | 06-17-2010 |
20100161281 | TECHNIQUES FOR DISTRIBUTED TESTING - Techniques for distributed testing are provided. Resources are identified for performing tests over a network. The tests and policies are sent to the resources and a proxy. The proxy delivers data for the tests to the resources and enforces the policies during the tests. The proxy also gathers statistics and results from the resources, which are executing the tests, and the proxy reports the statistics and results to one or more third-party services for subsequent manipulation and analysis. | 06-24-2010 |
20100235526 | SYSTEM AND METHOD FOR REDUCING CLOUD IP ADDRESS UTILIZATION USING A DISTRIBUTOR REGISTRY - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external cloud address to the internal cloud addresses of the cloud workloads. The routing system comprises a virtual router configured to function as a network address translator (“NAT”); a distributor connected between the virtual router and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, cloud address mappings, and cloud workload configuration information. | 09-16-2010 |
20100235539 | SYSTEM AND METHOD FOR REDUCED CLOUD IP ADDRESS UTILIZATION - System and method for providing cloud computing services is described. In one embodiment, the system includes a cloud computing environment, the cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal addresses of the cloud workloads. | 09-16-2010 |
20100235630 | SYSTEM AND METHOD FOR PROVIDING KEY-ENCRYPTED STORAGE IN A CLOUD COMPUTING ENVIRONMENT - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal cloud addresses of the cloud workloads. A designated one of the cloud workloads obtains one key of a first pair of cryptographic keys, the first pair of cryptographic keys for decrypting encrypted storage hosted within the cloud computing environment. | 09-16-2010 |
20100235887 | SYSTEM AND METHOD FOR QUEUING TO A CLOUD VIA A QUEUING PROXY - System and method for servicing queue requests via a proxy are described. In one embodiment, the system includes an enterprise queuing proxy (“EQP”) disposed within an enterprise computing environment and having an enterprise queue associated therewith; a cloud queuing proxy (“CQP”) disposed within a cloud computing environment, the CQP connected to a plurality of cloud queues each having associated therewith at least one queue service process listening on the cloud queue for queue requests to service; and a secure communications mechanism for interconnecting the EQP and the CQP. Upon receipt of a queue request from an enterprise service, the EQP evaluates the request against policy to determine whether to service it locally or remotely and, if the request is to be serviced remotely, forwards the request to the CQP via the secure communications mechanism. Upon receipt of the request, the CQP evaluates the queue request against policy to select one of the cloud queues to which to route the queue request for servicing. | 09-16-2010 |
20100235903 | SYSTEM AND METHOD FOR TRANSPARENT CLOUD ACCESS - System and method for transparent cloud access are described. In one embodiment, the system comprises an enterprise computing environment maintained by an enterprise and a cloud computing environment maintained by a cloud provider; and a secure bridge mechanism for interconnecting the enterprise computing environment and the cloud computing environment. The secure bridge mechanism comprises a first secure bridge portion associated with the enterprise and a second secure bridge portion associated with the cloud computing environment. The first and second secure bridge portions interoperate to provide transparent and secure access by resources of one of the computing environments to those of the other computing environment. | 09-16-2010 |
20100325693 | REMOTE AUTHORIZATION FOR OPERATIONS - Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network. | 12-23-2010 |
20110041171 | TECHNIQUES FOR VIRTUAL REPRESENTATIONAL STATE TRANSFER (REST) INTERFACES - Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network. | 02-17-2011 |
20110106926 | System and method for implementing a cloud workflow - System and method for implementing a workflow of a first domain, wherein the workflow is implemented as a series of steps to accomplish a workload and wherein at least one of the steps utilizes a process, are described. In one embodiment, the method comprises establishing a mutual trust relationship between the first domain and a second domain; wherein one of the steps is authored by the second domain, the method further comprising associating with the step authored by the second domain a digital attestation for enabling the first domain to verify authorship and non-modification thereof. | 05-05-2011 |
20110106927 | SYSTEM AND METHOD FOR IMPLEMENTING CLOUD MITIGATION AND OPERATIONS CONTROLLERS - System and method for implementing cloud mitigation and operations controllers are described. One embodiment is a system for controlling operation of a cloud computing environment, wherein the system comprises a repository for storing data regarding characteristics of the cloud computing environment, wherein the stored data includes policy notations designating compliance or noncompliance of the data with policy; an analyst module for analyzing the stored data in combination with external report information regarding the cloud computing environment and for providing results of the analysis; and a controller for evaluating the analysis results and issuing instructions for controlling operation of the cloud computing environment based on the evaluating. | 05-05-2011 |
20110107133 | SYSTEM AND METHOD FOR IMPLEMENTING A CLOUD COMPUTER - One embodiment is a clocking system for a computing environment. The system comprises a first set of processes executing in a first computing environment; a first local clock mechanism associated with the first set of processes; and a first communications channel for connecting the first local clock mechanism with the first set of processes. The first local clock mechanism stores clock rates of the first set of processes, wherein each clock rate is specified by function and source and destination combination, the first local clock mechanism further coordinating the clock speeds of the first set of processes as necessary. | 05-05-2011 |
20110107398 | SYSTEM AND METHOD FOR TRANSPARENT ACCESS AND MANAGEMENT OF USER ACCESSIBLE CLOUD ASSETS - System and method for enabling user access of cloud assets are described. In one embodiment, a method comprises authenticating a user to a system comprising a cloud computing environment in which a plurality of cloud assets are hosted; assembling a deployment associated with the authenticated user in accordance with a policy, the deployment comprising designated ones of the cloud assets; and providing a secure mechanism by which the designated ones of the cloud assets comprising the deployment are accessible by the authenticated user. | 05-05-2011 |
20110202714 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 08-18-2011 |
20110213956 | TECHNIQUES FOR MANAGING A SECURE COMMUNICATION SESSION - Techniques for managing a secure communication session are provided. A non-browser application utilizes a browser to establish a secure communication session with a server. The session cookie set in the browser is mapped by the server to a secret token that is supplied via the browser to the non-browser application. The browser is then closed and the secure communication session between the server and the non-browser application continues unabated via the secret token. | 09-01-2011 |
20110214176 | TECHNIQUES FOR SECURE ACCESS MANAGEMENT IN VIRTUAL ENVIRONMENTS - Techniques for secure access management to virtual environments are provided. A user authenticates to a portal for purposes of establishing a virtual machine (VM). The portal interacts with a cloud server and an identity server to authenticate the user, to acquire an Internet Protocol (IP) address and port number for the VM, and to obtain a secure token. The user then interacts with a secure socket layer virtual private network (SSL VPN) server to establish a SSL VPN session with the VM. The SSL VPN server also authenticates the token through the identity server and acquires dynamic policies to enforce during the SSL VPN session between the user and the VM (the VM managed by the cloud server). | 09-01-2011 |
20110231840 | TECHNIQUES FOR SHARING VIRTUAL MACHINE (VM) RESOURCES - Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM). | 09-22-2011 |
20110289553 | POLICY AND ATTRIBUTE BASED ACCESS TO A RESOURCE - Techniques are provided for controlling access to a resource based on access policies and attributes. A principal issues a request to a service for purposes of accessing a resource. The principal is authenticated and a service contract for the principal, the service, and the resource is generated. The service contract defines resource access policies and attributes which can be permissibly performed by the service on behalf of the principal during a session. Moreover, the session between the service and the resource is controlled by the service contract. | 11-24-2011 |
20110296486 | DYNAMIC SERVICE ACCESS - Apparatus, systems, and methods may operate to authenticate a desktop client to an identity service (IS), to receive a request, from an application, at the IS via the desktop client for a virtual service internet protocol (IP) address associated with a service. The IS may operate to build a routing token that includes an original physical IP address associated with the service when a policy associated with the IS permits access to the service by a user identity associated with the desktop client. After the routing token is validated, the application may be connected to the service via the desktop client. The application may comprise an e-mail application or a remote control application, such as a virtual network computing (VNC) application. Additional apparatus, systems, and methods are disclosed. | 12-01-2011 |
20110296504 | MULTIPLE ACCESS AUTHENTICATION - Apparatus, systems, and methods may operate to receive, at a generating identity provider (IDP), original user credentials sufficient to authenticate a user directly from a user machine, or indirectly from an initial identity provider. Additional activities may include generating, by the generating IDP, generated user credentials having the lifetime of a login session associated with the user, the lifetime initiated approximately when the original user credentials or a token associated with the user are/is validated at the generating IDP. Still further activities may include receiving a request associated with the user during the login session to access an application protected by an agent, and transmitting at least part of the generated user credentials from the generating IDP to the application to authenticate the user to the generating IDP while the login session is not terminated or expired. Additional apparatus, systems, and methods are disclosed. | 12-01-2011 |
20110313982 | FILE MAPPING AND CONVERTING FOR DYNAMIC DISK PERSONALIZATION FOR MULTIPLE PLATFORMS - File mapping and converting for dynamic disk personalization for multiple platforms are provided. A volatile file operation is detected in a first platform. The file supported by the first platform. A determination is made that the file is sharable with a second platform. The volatile operation is performed on the file in the first platform and the modified file is converted to a second file supported by the second platform. The modified file and second file are stored in a personalized disk for a user. The personalized disk is used to modify base images for VMs of the user when the user accesses the first platform or second platform. The modified file is available within the first platform and the second file is available within the second platform. | 12-22-2011 |
20120042355 | REPRESENTING EXTENSIBLE MARKUP LANGUAGE (XML) AS AN EXECUTABLE HAVING CONDITIONAL AUTHENTICATION OR POLICY LOGIC - Techniques for representing extensible markup language (XML) in an executable format are presented. An XML document is parsed into its components and content. The components and content are packaged as an executable. Some portions of the executable include authentication logic or policy logic that is subsequently enforced when the executable is processed. The executable is subsequently distributed to recipient machines. The machines process the executable and produce memory loaded versions of the components and content representing the XML document on the machines. The memory loaded versions of the components and content include conditionally added authentication logic of policy logic. | 02-16-2012 |
20120066487 | SYSTEM AND METHOD FOR PROVIDING LOAD BALANCER VISIBILITY IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for providing load balancer visibility in an intelligent workload management system described herein may expand a role or function associated with a load balancer beyond handling incoming and outgoing data center traffic into supporting governance, risk, and compliance concerns that may be managed in an intelligent workload management system. In particular, the load balancer may establish external connections with destination resources in response to client devices establishing internal connections with the load balancer and then attach connection tracers to monitor the internal connections and the external connections. The connection tracers may then detect incoming traffic and outgoing traffic that the internal and external connections pass through the load balancer, and traffic tracers may collect data from the incoming traffic and the outgoing traffic, which the workload management system may use to manage the data center. | 03-15-2012 |
20120084844 | FEDERATION CREDENTIAL RESET - Techniques for federated credential reset are presented. A principal requests a credential reset with a first service. The first service provides a link to a third party service previously selected by the principal. The principal separately authenticates to the third party service and cause the third party service to send a federated token to the first service. When the federated token is received by the first service, the first service permits the principal to reset an original credential to a new credential for purposes of accessing the first service. | 04-05-2012 |
20120110329 | TECHNIQUES FOR MOBILE DEVICE AUTHENTICATION - A user authenticates a mobile device (MD) to a network-based service (NBS) for initial authentication. Policy is pushed from the NBS to the MD and the MD automatically obtains details about devices and attributes that are near or accessible to the MD in accordance with the policy. The details are pushed as a packet from the MD to the NBS and multifactor authentication is performed based on the details and the policy. If the multifactor authentication is successful, access privileges are set for the MD for accessing the NBS and perhaps for accessing local resources of the MD. | 05-03-2012 |
20120130936 | SYSTEM AND METHOD FOR DETERMINING FUZZY CAUSE AND EFFECT RELATIONSHIPS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified. As such, fuzzy logic may the be applied to any such patterns to determine possible relationships among the potential causes and the potential effects associated with the infrastructure operational state. | 05-24-2012 |
20120151066 | TECHNIQUES FOR DISTRIBUTED TESTING - Techniques for distributed testing are provided. Resources are identified for performing tests over a network. The tests and policies are sent to the resources and a proxy. The proxy delivers data for the tests to the resources and enforces the policies during the tests. The proxy also gathers statistics and results from the resources, which are executing the tests, and the proxy reports the statistics and results to one or more third-party services for subsequent manipulation and analysis. | 06-14-2012 |
20120151132 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 06-14-2012 |
20120159605 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 06-21-2012 |
20120233625 | TECHNIQUES FOR WORKLOAD COORDINATION - Techniques for workload coordination are provided. An automated discovery service identifies resources with hardware and software specific dependencies for a workload. The dependencies are made generic and the workload and its configuration with the generic dependencies are packaged. At a target location, the packaged workload is presented and the generic dependencies automatically resolved with new hardware and software dependencies of the target location. The workload is then automatically populated in the target location. | 09-13-2012 |
20120271936 | TECHNIQUES FOR AUDITING AND CONTROLLING NETWORK SERVICES - Techniques for auditing and controlling network services are provided. A proxy is interposed between a principal and a network service. Interactions between the principal and the service pass through the proxy. The proxy selectively raises events and evaluates policy based on the interactions for purposes of auditing and controlling the network service. | 10-25-2012 |
20120297183 | TECHNIQUES FOR NON REPUDIATION OF STORAGE IN CLOUD OR SHARED STORAGE ENVIRONMENTS - Techniques for non-repudiation of storage in cloud or shared storage environments are provided. A unique signature is generated within a cloud or shared storage environment for each file of the storage tenant that accesses the cloud or shared storage environment. Each signature is stored as part of the file system and every time a file is accessed that signature is verified. When a file is updated, the signature is updated as well to reflect the file update. | 11-22-2012 |
20120311344 | TECHNIQUES FOR SECURITY AUDITING OF CLOUD RESOURCES - Techniques for security auditing of cloud resources are provided. A virtual machine (VM) is captured and isolated when a session indicates that a session with the VM has terminated. Security checks are executed against the VM in the isolated environment. Results from the security checks are then reported. | 12-06-2012 |
20120324527 | TECHNIQUES FOR WORKLOAD SPAWNING - Techniques for spawning workloads are provided. A single repository is read once to obtain an image for a workload or files and resources for the image. The read operation spawns multiple, and in some cases, concurrent write operations, to instantiate the workload over a network as multiple occurrences or instances of the workload in multiple processing environments. | 12-20-2012 |
20130007250 | CONTROL OF COMMUNICATION PORTS OF COMPUTING DEVICES USING POLICY-BASED DECISIONS - In a computing system environment, an arrangement of computing devices includes multiple layers behind a content flow director, such as an L4 switch in a web service. In a computing device of an outermost layer directly communicating with the content flow director, a communications port is conditionally enabled upon policy being met or exceeded in the computing system environment behind the content flow director. If unmet, the communications port is disabled, if already enabled, or prevented from becoming enabled, if not otherwise already enabled. In this manner, policy establishes port enablement. In certain aspects, policy determinations include determining a time of response, a quality of service check or a pass/fail condition of the one of the computing devices. Policy is also easily implemented as remote or local computer executable instructions on the computing devices. Representative computing devices include switches, such as L4 switches, routers, servers, repeaters, adapters or the like. | 01-03-2013 |
20130007840 | TECHNIQUES FOR PREVENT INFORMATION DISCLOSURE VIA DYNAMIC SECURE CLOUD RESOURCES - Techniques for preventing information disclosure via dynamic secure cloud resources are provided. Data (information) remotely housed on a particular cloud resource of a particular cloud is periodically, randomly, and dynamically changed to a different cloud resource within the same cloud or to a different cloud resource within an entirely different cloud. A requesting principal for the data is dynamically authenticated and a current location for the data is dynamically resolved and the principal is securely and dynamically connected to the current cloud resource and current cloud hosting the data for access. | 01-03-2013 |
20130014245 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 01-10-2013 |
20130055265 | TECHNIQUES FOR WORKLOAD TOXIC MAPPING - Techniques for toxic workload mapping are provided. A state of a target workload is recorded along with a configuration and state of an environment that is processing the workload. Micro valuations are taken, via statistical sampling, for metrics associated with the workload and for different combinations of resources within the environment. The sampling taken at micro second intervals. The valuations are aggregated to form an index representing a toxic mapping for the workload within the environment. The toxic mapping is mined, in view of policy, to provide conditions and scenarios that may be deemed problematic within the workload and/or environment. | 02-28-2013 |
20130111208 | TECHNIQUES FOR AUTHENTICATION VIA A MOBILE DEVICE | 05-02-2013 |
20130111543 | TECHNIQUES FOR CONTROLLING AUTHENTICATION | 05-02-2013 |
20130263213 | TECHNIQUES FOR IDENTITY AND POLICY BASED ROUTING - Techniques for identity and policy based routing are presented. A resource is initiated on a device with a resource identity and role assignments along with policies are obtained for the resource. A customized network is created for the resource using a device address for the device, the resource identity, the role assignments, and the policies. | 10-03-2013 |
20130326063 | TECHNIQUES FOR WORKLOAD DISCOVERY AND ORGANIZATION - Techniques for workload discovery and organization are presented. A workload when initiated on a network self-inspects the network for other workloads processing as a collection over the network. Shared communication information is used by the workload to dynamically join the collection. A network address for the initiated workload is then added to a shared Domain Name System (DNS) database being maintained for the network and the collection. | 12-05-2013 |
20130326218 | TECHNIQUES FOR SECURE MESSAGE OFFLOADING - Techniques for secure message offloading are presented. An intermediary is transparently situated between a user's local messaging client and an external and remote messaging client. The user authenticates to the local client for access and the intermediary authenticates the user for access to the remote client using different credentials unknown to the user. Messages sent from the local client are transparently encrypted by the intermediary before being passed to the remote client and messages received from the remote client are transparently decrypted before being delivered to the local client. | 12-05-2013 |
20140019971 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 01-16-2014 |
20140020062 | TECHNIQUES FOR PROTECTING MOBILE APPLICATIONS - Techniques for protecting mobile applications are presented. A user's mobile device is provisioned and proxied over a cloud environment with enterprise policy enforced in that cloud environment. Enterprise applications run on the mobile device within the cloud environment. Administrative reporting and control occurs within the cloud environment and the enterprise applications establish connections to, authenticate to, and communicate with remote enterprise services via the provisioned cloud environment. | 01-16-2014 |
20140032174 | TECHNIQUES FOR DISTRIBUTED TESTING - Techniques for distributed testing are provided. Resources are identified for performing tests over a network. The tests and policies are sent to the resources and a proxy. The proxy delivers data for the tests to the resources and enforces the policies during the tests. The proxy also gathers statistics and results from the resources, which are executing the tests, and the proxy reports the statistics and results to one or more third-party services for subsequent manipulation and analysis. | 01-30-2014 |
20140032724 | TECHNIQUES FOR WORKLOAD COORDINATION - Techniques for workload coordination are provided. An automated discovery service identifies resources with hardware and software specific dependencies for a workload. The dependencies are made generic and the workload and its configuration with the generic dependencies are packaged. At a target location, the packaged workload is presented and the generic dependencies automatically resolved with new hardware and software dependencies of the target location. The workload is then automatically populated in the target location. | 01-30-2014 |
20140068094 | FEDERATED TIMEOUT - Techniques for workload federated timeout are presented, A federated service manages communications between service components of a system. Each component queries the federated service to determine a last activity time by the other components of the system before timing out during a session. Each component can update its last activity time based on the discovered last activity time of one of the components to prevent a premature time out from the session. | 03-06-2014 |
20140122730 | TECHNIQUES FOR DEVICE INDEPENDENT SESSION MIGRATION - Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration. | 05-01-2014 |
20140122731 | TECHNIQUES FOR DESKTOP MIGRATION - Techniques for desktop migration are presented. A user authenticates to an original device and a token is generated for remoting to that device's desktop. A target device acquires the token while in proximity to the original device and uses the token to authenticate to a third-party service that provides a second token back to the target device. The second token permits the target device to authenticate and to directly connect via remoting software to the original device's desktop. | 05-01-2014 |
20140143200 | SYSTEM AND METHOD FOR DETERMINING FUZZY CAUSE AND EFFECT RELATIONSHIPS IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified. As such, fuzzy logic may the be applied to any such patterns to determine possible relationships among the potential causes and the potential effects associated with the infrastructure operational state. | 05-22-2014 |
20140164606 | TECHNIQUES FOR AUDITING AND CONTROLLING NETWORK SERVICES - Techniques for auditing and controlling network services are provided. A proxy is interposed between a principal and a network service. Interactions between the principal and the service pass through the proxy. The proxy selectively raises events and evaluates policy based on the interactions for purposes of auditing and controlling the network service. | 06-12-2014 |
20140189775 | TECHNIQUES FOR SECURE DEBUGGING AND MONITORING - Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token. | 07-03-2014 |
20140215587 | REMOTE KEYCHAIN FOR MOBILE DEVICES - An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset. | 07-31-2014 |
20140242949 | MOBILE TOUCH AUTHENTICATION REFRESH - Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device. | 08-28-2014 |
20140280867 | ANALYTIC INJECTION - Techniques for inserting analytic logic into network requests are presented. In an embodiment, instructions are dynamically inserted into web pages as the pages are requested. The instructions enable analytics to be captured and/or tracked when the web pages are processed. In another embodiment, web requests are intercepted and processed to include analytic instructions. | 09-18-2014 |
20140281509 | TECHNIQUES FOR SECURE DATA EXTRACTION IN A VIRTUAL OR CLOUD ENVIRONMENT - Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data. | 09-18-2014 |
20140359623 | FILE MAPPING AND CONVERTING FOR DYNAMIC DISK PERSONALIZATION FOR MULTIPLE PLATFORMS - File mapping and converting for dynamic disk personalization for multiple platforms are provided. A volatile file operation is detected in a first platform. The file supported by the first platform. A determination is made that the file is sharable with a second platform. The volatile operation is performed on the file in the first platform and the modified file is converted to a second file supported by the second platform. The modified file and second file are stored in a personalized disk for a user. The personalized disk is used to modify base images for VMs of the user when the user accesses the first platform or second platform. The modified file is available within the first platform and the second file is available within the second platform. | 12-04-2014 |
20140366096 | TECHNIQUES FOR SHARING VIRTUAL MACHINE (VM) RESOURCES - Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM). | 12-11-2014 |
20140380316 | TECHNIQUES FOR DYNAMIC DISK PERSONALIZATION - Techniques for dynamic disk personalization are provided. A virtual image that is used to create an instance of a virtual machine (VM) is altered so that disk access operations are intercepted within the VM and redirected to a service that is external to the VM. The external service manages a personalized storage for a principal, the personalized storage used to personalize the virtual image without altering the virtual image. | 12-25-2014 |
20140380411 | TECHNIQUES FOR WORKLOAD SPAWNING - Techniques for spawning workloads are provided. A single repository is read once to obtain an image for a workload or files and resources for the image. The read operation spawns multiple, and in some cases, concurrent write operations, to instantiate the workload over a network as multiple occurrences or instances of the workload in multiple processing environments. | 12-25-2014 |