Patent application number | Description | Published |
20110307587 | DEFINITION CONFIGURATION AND ADMINISTRATION OF DISTRIBUTED SERVER SYSTEMS THROUGH STRUCTURED DATA MODEL - A platform for manipulating data associated with defining, deploying, and administering distributed server systems utilizes a structured data model with a flexible replication mechanism, a set of schemas, and an object model to manipulate system topology, configuration (settings), and policies. A scoping mechanism for characteristics of the settings, policies, and resolution is provided in addition to the data model along with an authorization mechanism for single and multi-tenant environments. | 12-15-2011 |
20130152196 | THROTTLING OF ROGUE ENTITIES TO PUSH NOTIFICATION SERVERS - Techniques for throttling of rogue entities to push notification servers are described. An apparatus may comprise a processor and a memory communicatively coupled to the processor. The memory may store an application, the application maintaining a monitored domain table, the application maintaining an offending domain table, the application operative to receive an incoming request from a client in a domain, to detect harmful activity based on the request, and to respond to the harmful activity based on one or both of the monitored domain table and the offending domain table. Other embodiments are described and claimed. | 06-13-2013 |
20150356088 | TILE-BASED GEOCODER - A geocoding architecture that generates and associates one or more tile documents with geocoded tiles. When connected entities are defined, the connected entity attributes are collected in a single tile document so that tile-document terms are attributes of all connected entities. These terms later serve as keys that enable search for tiles relevant for a given query. Entity documents are created that are an aggregation of entity attributes. Like the entity document, the tile document serves as an aggregator for all the geospatial entities within a pre-determined surface area. Search is then performed on the content of tile and entity documents. | 12-10-2015 |
Patent application number | Description | Published |
20090116634 | ACCOMMODATION OF TWO INDEPENDENT TELEPHONY SYSTEMS - Independent telephony systems are integrated by using symmetric forking from both systems. Calls received by either system are forked to the other system. Thus, a call can be accepted by one of the systems, using its external interfaces, and presented to all devices in both systems. Each system is enabled to leverage internal call control advanced features to enhance overall user experience. Internally inserted parameters to call requests are used between the two systems for preventing endless loop of calls between the integrated systems. | 05-07-2009 |
20100306000 | UNIFIED MODEL FOR AUTHORING AND EXECUTING FLOW-BASED AND CONSTRAINT-BASED WORKFLOWS - Designing and executing a workflow having flow-based and constraint-based regions. A user selects one or more activities to be part of a constraint-based region. Each constraint-based region has a constraint associated therewith. The workflow is executed by executing the flow-based region and the constraint-based region. The flow-based region executes sequentially. The constraint is evaluated, and the constraint-based region executes responsive to the evaluated constraint. | 12-02-2010 |
20110299387 | SURVIVABLE AND RESILIENT REAL TIME COMMUNICATION ARCHITECTURE - Enhanced communication systems with various resiliency and survivability aspects are provided. Data center, cluster, network, and load balancer survivability are provided for seamless communication experience in case of data center, cluster, discovery infrastructure, or hardware load balancer failures. Call, data, and authentication survivability are provided through dynamic re-routing over alternative networks, continuous data replication, and alternative authentication mechanisms. Seamless failover is ensured through use of identical signaling protocols and data carried by protocols between primary and backup clusters. Voicemail resiliency is achieved by re-routing calls directed to voicemail over alternative paths such as PSTN connections. | 12-08-2011 |
20120078677 | UNIFIED MODEL FOR AUTHORING AND EXECUTING FLOW-BASED AND CONSTRAINT-BASED WORKFLOWS - Designing and executing a workflow having flow-based and constraint-based regions. A user selects one or more activities to be part of a constraint-based region. Each constraint-based region has a constraint associated therewith. The workflow is executed by executing the flow-based region and the constraint-based region. The flow-based region executes sequentially. The constraint is evaluated, and the constraint-based region executes responsive to the evaluated constraint. | 03-29-2012 |
20120317207 | Directing Messages Based On Domain Names - A communication system has a plurality of collections. Each collection comprises a security boundary within which private data is accessible. Each collection is associated with a director. The directors receive messages that specify domains. When a director for a given collection receives a message, the director identifies one of the collections as being a home collection for the domain specified by the message. If the specified domain's home collection is the given collection or another collection within a given privacy boundary, the director forwards the message to a server pool associated with the specified domain's home collection. Otherwise, if the specified domain's home collection is not within the given privacy boundary, the director forwards the message to the director of the specified domain's home collection. | 12-13-2012 |
20130024690 | CENTRALIZED SERVICE FOR DISTRIBUTED SERVICE DEPLOYMENTS - A centralized service communicatively links an application provider to a plurality of different message forwarding services. The centralized service receives a request and authenticates the application provider associated with the request. Further, the centralized service delivers a message embodied by the request to a first message forwarding service with a first protocol and/or to a second message forwarding service with a second protocol different than the first protocol. | 01-24-2013 |
20140136878 | Scaling Up and Scaling Out of a Server Architecture for Large Scale Real-Time Applications - Scaling up and scaling out of a server architecture for large scale real-time applications is provided. A group of users may be provisioned by assigning them to a server pool and allotting them to a group. Grouped users help to reduce inter-server communication when they are serviced by the same server in the pool. High availability may be provided by choosing a primary server and one or more secondary servers from the pool to ensure that grouped users are serviced by the same server. Operations taken on the primary server are synchronously replicated to secondary servers so that when a primary server fails, a secondary server may be chosen as the primary for the group. Servers for multiple user groups may be load balanced to account for changes in either the number of users or the number of servers in a pool. Multiple pools may be paired for disaster recovery. | 05-15-2014 |
20160044096 | Scaling Up and Scaling Out of a Server Architecture for Large Scale Real-Time Applications - Scaling up and scaling out of a server architecture for large scale real-time applications is provided. A group of users may be provisioned by assigning them to a server pool and allotting them to a group. Grouped users help to reduce inter-server communication when they are serviced by the same server in the pool. High availability may be provided by choosing a primary server and one or more secondary servers from the pool to ensure that grouped users are serviced by the same server. Operations taken on the primary server are synchronously replicated to secondary servers so that when a primary server fails, a secondary server may be chosen as the primary for the group. Servers for multiple user groups may be load balanced to account for changes in either the number of users or the number of servers in a pool. Multiple pools may be paired for disaster recovery. | 02-11-2016 |
20160104301 | CROSS-LEVEL IMAGE BLENDING - One or more techniques and/or systems are provided for image blending and/or facilitating image transitions. In an example, a map interface displays map information, such as of a town, through a visualization. A first image having a first level of detail and a first image type (e.g., satellite imagery of the town) may be displayed through the visualization. While zoomed into the town, a second image having a second level of detail and a second image type (e.g., aerial imagery of the town) may be displayed through the visualization. Instead of merely transitioning the visualization from displaying the first image to displaying the second image (during zooming), which may otherwise provide a visually abrupt transition, one or more intermediate blended images, having intermediate levels of detail between the first image and the second image, may be generated and displayed during the transition between the first image and the second image. | 04-14-2016 |
Patent application number | Description | Published |
20150134800 | Managed Directory Service - Techniques for connecting computer system entities to remote computer system resources are described herein. A computer system entity that requests access to a remote computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the remote computer system resource. While connected, the managed directory service receives commands to perform operations on the remote computer system resource and, if the computer system entity is authorized to perform the operations on the remote computer system resource, the managed directory service performs the operation on the remote computer system resource. | 05-14-2015 |
20150134826 | Managed Directory Service Connection - Techniques for connection computer system entities to local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service receives commands to perform operations on the local computer system resource and, if the computer system entity is authorized to perform the operations on the local computer system resource, the managed directory service performs the operation on the local computer system resource. | 05-14-2015 |
20150134827 | MANAGED DIRECTORY SERVICE WITH EXTENSION - Techniques for connecting computer system entities to remotely extended local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service extends the local computer system resource to a corresponding extended remote computer system resource, receives commands to perform operations on the local or extended remote computer system resources and, if the computer system entity is authorized to perform the operations on the appropriate computer system resource, the managed directory service performs the operations on the appropriate computer system resource. | 05-14-2015 |
20150135257 | SINGLE SET OF CREDENTIALS FOR ACCESSING MULTIPLE COMPUTING RESOURCE SERVICES - A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services. | 05-14-2015 |
20150135272 | IDENTITY POOL BRIDGING FOR MANAGED DIRECTORY SERVICES - A customer of a computing resource service provider may utilize a set of credentials to request creation of an identity pool within a managed directory service. Accordingly, the managed directory service may create the identity pool. Instead of having the customer create a separate account within this identity pool, the managed directory service may create a shadow administrator account within the identity pool, which may be used to manage other users and resources in the identity pool within the managed directory service. The managed directory service further exposes an application programming interface command that may be used to obtain a set of credentials for accessing the shadow administrator account. The customer may use this command to receive the set of credentials and access the shadow administrator account. Accordingly, the customer can manage users and resources in the identity pool within the managed directory service. | 05-14-2015 |
20150160956 | AUTOMATIC DIRECTORY JOIN FOR VIRTUAL MACHINE INSTANCES - A customer utilizes an interface provided by a virtual computer system service to provision a virtual machine instance and join this instance to a directory. The interface may have previously obtained the domain name and the Internet Protocol addresses for one or more directories available to the customer for joining the virtual machine instance. The virtual computer system service may communicate with a managed directory service to obtain a set of temporary credentials that may be used to transmit a request to the directory to allow joining of the virtual machine instance. Upon provisioning of the instance, an agent operating within the instance may be configured to obtain the domain name and Internet Protocol addresses for the directory to establish a connection with the directory. The agent may also be configured to obtain the set of temporary credentials to transmit a request to the directory for joining of the instance. | 06-11-2015 |
20160088066 | VIRTUAL DESKTOP MIGRATION - It may be determined that a cloud desktop should be migrated from a current region. A destination region to which the cloud desktop will be migrated can be identified. A data volume of the cloud desktop may be copied from the current region to the destination region. The data volume at the current region and the data volume at the destination region may be maintained in sync during the copying. Upon completion of the copying, a current user session associated with the cloud desktop at the current region may be frozen, a current memory and processor state of the current user session may be copied to the destination region, and a second cloud desktop instance at the destination region may be started using the copied data volume and current memory and processor state. The current user session may be connected to the second cloud desktop instance. | 03-24-2016 |
20160094584 | MANAGEMENT OF APPLICATION ACCESS TO DIRECTORIES BY A HOSTED DIRECTORY SERVICE - Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-premises or off-premises, and the applications can access the directories via the directory management system regardless of the physical location of the directories. Additionally, the applications may be hosted by a computing service provider that also hosts or otherwise manages the directory management service, or the applications can be hosted by third-party servers separate from the directory management system and the organizations. | 03-31-2016 |
20160099924 | USING CREDENTIALS STORED IN DIFFERENT DIRECTORIES TO ACCESS A COMMON ENDPOINT - A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint. | 04-07-2016 |
Patent application number | Description | Published |
20120072597 | USING TEMPLATES TO CONFIGURE CLOUD RESOURCES - The present invention extends to methods, systems, and computer program products for using templates to configure cloud resources. Embodiments of the invention include encapsulating cloud configuration information in an importable/exportable node template. Node templates can also be used to bind groups of nodes to different cloud subscriptions and cloud service accounts. Accordingly, managing the configuration of cloud based resources can be facilitated through an interface at a (e.g., high performance) computing component. Templates can also specify a schedule for starting/stopping instance running within a resource cloud. | 03-22-2012 |
20120072728 | RETRIEVING AND USING CLOUD BASED STORAGE CREDENTIALS - The present invention extends to methods, systems, and computer program products for retrieving and using cloud based storage credentials. Embodiments of the invention include automatically retrieving cloud based credentials (e.g., storage keys) as needed, such as, for example, on demand. Automatically retrieving credentials reduces administrator workloads and mitigates the potential for human errors. Embodiments of the invention also include using credentials (e.g., storage keys) in the deployment and ongoing operation of services (e.g., computing workers) in a resource cloud. Embodiments of the invention also include propagating credentials (e.g., storage keys) to instances running in the cloud during deployment. | 03-22-2012 |
20140317299 | USING TEMPLATES TO CONFIGURE CLOUD RESOURCES - The present invention extends to methods, systems, and computer program products for using templates to configure cloud resources. Embodiments of the invention include encapsulating cloud configuration information in an importable/exportable node template. Node templates can also be used to bind groups of nodes to different cloud subscriptions and cloud service accounts. Accordingly, managing the configuration of cloud based resources can be facilitated through an interface at a (e.g., high performance) computing component. Templates can also specify a schedule for starting/stopping instance running within a resource cloud. | 10-23-2014 |
Patent application number | Description | Published |
20080301231 | Method and System for Maintaining and Distributing Wireless Applications - Computer- and network-based methods and systems for maintaining and provisioning wireless applications are provided. Example embodiments provide a Mobile Application System (MAS), which is a collection of interoperating server components that work individually and together in a secure fashion to provide applications and resources to mobile subscriber devices, such as wireless devices. Embodiments of the present invention can also be used to deploy applications and resources for wired subscriber devices. Application, resources, and other content is provisioned and verified by the MAS for authorized access by the subscriber, compatibility with a requesting subscriber device, and the security and billing policies of the carrier and system administrators of the MAS. In this manner, applications, resources, and other content can be downloaded to devices, such as wireless devices, with greater assurance of their ability to successfully execute. In one embodiment, content is provisioned by one or more of the steps of inspecting the content for malicious or banned code, optimizing the content for smaller size and greater speed, instrumentation of code that implements security, billing, and other carrier policies, and packaging of code for the intended subscriber device. Additional security is provided through application filters that are used to prevent applications that contain designated API from being downloaded to a subscriber's device. In one embodiment, the MAS includes a Protocol Manager, Provisioning Manager, Cache, Deployment Manager, Billing Manager, Logging Manager, Administrator, and Heartbeat Monitor, which interoperate to provide the provisioning functions. | 12-04-2008 |
Patent application number | Description | Published |
20140075196 | SECURELY FILTERING TRUST SERVICES RECORDS - Embodiments are directed to securely filtering trust services records. In one scenario, a client computer system receives at least one of the following trust services records: a trust services certificate, a principal certificate, a group certificate and a trust services policy. The client computer system performs a time validity check to validate the trust services record's timestamp, performs an integrity check to validate the integrity of the trust services record and performs a signature validity check to ensure that the entity claiming to have created the trust services record is the actual creator of the trust services record. The client computer system then, based on the time validity check, the integrity check and the signature validity check, determines that the trust services record is valid and allows a client computer system user to perform a specified task using the validated trust services record. | 03-13-2014 |
20150143127 | SECURELY FILTERING TRUST SERVICES RECORDS - Embodiments include method, systems, and computer program products for filtering trust services records. Embodiments include receiving a trust services record that includes a plurality of security components and that is usable to secure data that is stored in an untrusted location. It is determined whether the trust services record has been tampered with, including verifying each of the plurality of security components of the trust services record. The trust services record is filtered based on the determination of whether the trust services record has been tampered with. The filtering includes, when the trust services record is determined to have not been tampered with, allowing performance of at least one task with respect to the secured data; and, when the trust services record is determined to have been tampered with, disallowing performance of any task with respect to the secured data. | 05-21-2015 |
Patent application number | Description | Published |
20140283054 | Automatic Fraudulent Digital Certificate Detection - A computing device analyzes digital certificates received from various different sites (e.g., accessed via the Internet or other network) in order to automatically detect fraudulent digital certificates. The computing device maintains a record of the digital certificates it receives from these various different sites. A certificate screening service operating remotely from the computing device also accesses these various different sites and maintains a record of the digital certificates that the service receives from these sites. In response to a request to access a target site the computing device receives a current digital certificate from the target site. The computing device determines whether the current digital certificate is genuine or fraudulent based on one or more of previously received digital certificates for the target site, confirmation certificates received from the certificate screening service, and additional characteristics of the digital certificates and/or the target site. | 09-18-2014 |
20160072796 | Preserving Data Protection With Policy - Data files are encrypted based on a key associated with an entity that sets a data protection policy controlling access to the data files. The data protection policy identifies various restrictions on how the plaintext data of the encrypted data in the data files can be used. The data files have corresponding metadata identifying the entity that sets the data protection policy, and processes that are running instances of applications that are allowed to access the plaintext data are also associated with the identifier of the entity. These identifiers of the entity, as well as the data protection policy, are used by an operating system of a computing device to protect the data in accordance with the data protection policy, including having the protection be transferred to other devices with the protected data, or preventing the protected data from being transferred to other devices. | 03-10-2016 |
20160080149 | Secure Key Management for Roaming Protected Content - Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user's device. This data protection key can be securely transferred to other of the user's devices, allowing any of the user's devices to access the protected content. | 03-17-2016 |
20160127327 | ROAMING CONTENT WIPE ACTIONS ACROSS DEVICES - Content on a device is encrypted and protected based on a data protection key. The protected content can then be copied to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A key used to retrieve plaintext content from the protected content is associated with an identifier of a particular device that provides the key, the device providing the key being the device that generated the key, or another managed device to which the protected content was transferred. A wipe command can similarly be transferred to the various ones of the user's devices, causing any keys associated with a particular device to be deleted from each of the various ones of the user's devices. | 05-05-2016 |