Some embodiments of a method and an apparatus to deliver messages between applications have been presented. In one embodiment, a client supplied binding is received from a client, wherein the client supplied binding includes an XQuery or a script. A predefined binding is stored in a server, wherein said predefined binding includes an XQuery, a script, or a program, allowing the client to select the predefined binding. An exchange receives an Extensible Markup Language (XML) message from a publisher application and sends the XML message to each message queue whose binding matches the XML message.
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
A method and apparatus for maintaining referential integrity in a plurality of directory servers is described. In one embodiment, a first directory server receives a request to operate on an entry in the first directory server (#202). The request is serially repeatec in at least one other directory server if the operation on the entry in the first directory server is not valid (#210). The at least one other directory server communicates indirectly with the first directly server (See figure 2).
A method and apparatus to prove user assertions. A client request to authenticate a user assertion pertaining to user personal data may be received. The requested authentication may be generated for the client, the authentication proving the user assertion without revealing other information about the user. The requested authentication may be sent to the client.
A method and apparatus for secure information transfer using dedicated public key pairs for articles of information. A first public key pair may be generated for an article of information. The article of information may be combined with a first public key from the first public key pair to form an information packet. The information packet may be digitally signed with a second private key from a second private key pair.
Some embodiments of a method and apparatus for protecting web pages against phishing have been presented. In one embodiment, a user interface control is created at a client machine. A user may submit a request to protect a web page via the user interface control. In response to the request, a web page protection module may protect the web page against phishing based on content of the web page. In some embodiments, the web page protection module may be integrated with a network access application, such as, for example, as a plug-in to a browser.
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
6.
CREATION AND MANAGEMENT OF SERVICE CANDIDATES FOR A SERVICE MODEL
An apparatus, system, and method to facilitate the creation and management of service candidates in a service-oriented architecture (SOA). In one embodiment, a method includes receiving a user request for an action concerning a service candidate associated with a SOA service model, and displaying a user interface corresponding to the requested action. The method further includes receiving user input for the service candidate via the user interface, and updating the SOA service model based on the requested action and the received user input for the service candidate.
An apparatus, system, and method to facilitate the creation and management of service composition candidates in a service-oriented architecture (SOA). In one embodiment, the method includes receiving user input pertaining to a composition candidate associated with service candidates in a SOA service model, and updating the SOA service model based on the user input.
An apparatus, system, and method to facilitate service-oriented component modeling in a service-oriented architecture (SOA) according to SOA design principles. In one embodiment, the apparatus includes a database to store a SOA service model, and a modeling tool that requires no programming knowledge from a user. The modeling tool is operable to receive input pertaining to one or more service-oriented components from the user, and update the SOA service model based on the received input.
Embodiments of the present invention provide a dynamic instrumentation system that uses statically defined probes. The probes may be defined using macro definitions. One or more libraries of macro definitions that are linked to static probes are provided in the computer system. Each probe is uniquely identified by a name having a well-defined prefix and a structured format. Probes may then be inserted at various locations and into the target software using standard macro calls. When the target software is compiled, the macro calls of each probe are expanded to calls to an existing function known as a probe handler function. Each probe handler function is identified in the computer system's symbol table with a unique symbol that corresponds to the name specified by the macro definition. When a probe is activated, the operating system kernel transfers control to an instrumentation kernel object. The instrumentation kernel object locates and runs the probe handler function to perform the actions requested for that probe.
System, method and computer program product for allocating physical memory to processes. The method includes enabling a kernel to free memory in a physical memory space corresponding to arbitrarily sized memory allocations released by processes or applications in a virtual memory space. After freeing the memory, the system determines whether freed physical memory in the physical memory space spans one or more fixed size memory units (e.g., page frames). The method further includes designating a status of the one or more page frames as available for reuse; the freed page frames marked as available for reuse being available for backing a new process without requiring the kernel to delete data included in the freed memory released by the process. The kernel may organize pages marked as available for reuse in one or more local 'pools' that is organized according to a variety of schemes which provide system efficiencies in that the kernel can eliminate the need for deleting of old data in those page frames without compromising data security.
Embodiments of the present invention provide methods and systems for tuning the size of the cache. In particular, when a page fault occurs, non-resident page data is checked to determine if that page was previously accessed. If the page is found in the non-resident page data, an inter-reference distance for the faulted page is determined and the distance of the oldest resident page is determined. The size of the cache may then be tuned based on comparing the inter-reference distance of the newly faulted page relative to the distance of the oldest resident page.
Embodiments of the present invention provide for controlling the write back caches in a computer system. In particular, when an event, such as a power failure or component failure, is detected, write back caching in both the computer system's memory and in the storage device are deactivated. In addition, one or both of the write back caches may be flushed to the storage medium.
Embodiments of the present invention provide methods and systems for efficiently tracking evicted or non-resident pages. For each non-resident page, a first hash value is generated from the page's metadata, such as the page's mapping and offset parameters. This first hash value is then used as an index to point one of a plurality of circular buffers. Each circular buffer comprises an entry for a clock pointer and entries that uniquely represent non-resident pages. The clock pointer points to the next page that is suitable for replacement and moves through the circular buffer as pages are evicted. In some embodiments, the entries that uniquely represent non-resident pages are a hash value that is generated from the page's inode data.
Embodiments of the present invention provide a mechanism for certifying the compatibility of a software product by identifying the interfaces (API or ABI) used by that product. The source code or object code of a component is analyzed by a tool that traces which interfaces and data structures of an ABI/API are being utilized. For example, an ISV or IHV may be required to run the tool on their respective components in order to have that component certified with a particular version of an operating system and submit the results to a certification service. The certification service may collect this API/ABI information into an integrated database. The certification service may then use this database to analyze the impact of changes to an operating system at the binary interface level, proactively notify vendors prior to these changes, test compatibility and emulation libraries, and certify components are compatible with an operating system without the need of significant testing.
Techniques for virtualized computer system environments running one or more virtual machines that obviate the extra host operating system (O/S) copying steps required for sending and receiving packets of data over a network connection, thus eliminating major performance problems in virtualized environment. Such techniques include methods for emulating network FO hardware device acceleration-assist technology providing zero-copy I/O sending and receiving optimizations. Implementation of these techniques require a host O/S to perform actions including, but not limited to: checking of the address translations (ensuring availability and data residency in physical memory), checking whether the destination of a network packet is local (to another virtual machine within the computing system), or across an external network; and, if local, checking whether either the sending destination VM, receiving VM process, or both, supports emulated hardware accelerated-assist on the same physical system. This optimization, in particular, provides a further optimization in that the packet data checksumming operations may be omitted when sending packets between virtual machines in the same physical system.
Users searching for common subject matter on a computer network are identified and enabled to communicate with one another, such as by engaging in an on-line chat. The users' search queries are transmitted to a server and processed to identify which users are searching for common subject matter within a time window. A dialogue such as an on-line chat is launched and the identified users are invited to join. The users may preview the chat before joining. The users can share links to resources such as web pages and provide annotations to accompany the links. Additionally, the users' search queries may be shared in the chat. The functionality may be provided by a plug-in to web browser software, or by an executable script embedded in a web page of search results.
Embodiments of the present invention provide a virtualization protection system (VPS) (204) that leverages virtual machine monitor (VMM) technology. In some embodiments, a computer system (100) contains a host operating system (202) and one or more virtual machines (206, 208) that run on 'guest' operating systems (210). The VPS (204) makes certain areas of memory of the computer system read-only, making it essentially impossible for the virtual machines or other component to compromise the system.
A method of and system for managing storage resources (210) in a distributed file system is described. A lock (205) for a storage resource (210) is maintained on a lock-holding node (203). A master node that controls the lock-holding node receives a lock request from a requesting node (501). The lock request includes a request to obtain a lock for the storage resource (S02), and a request to perform an action by the lock-holding node on the storage resource if the request to obtain the lock is not granted immediately.
A spam detection system (100) is illustrated for detecting unsolicited bulk emails (spam) according to an exemplary embodiment of the present invention. The spam detection system (100) includes a list server (110), a database (114), a plurality to senders (116) of email, and a plurality of mail servers (118). The list server (110) is used to receive and detect both regular email and unsolicited bulk email (spam). Accordingly, the list server (110) includes a plurality of spamtrap addresses (112). According to at least one embodiment of the present invention, the spamtrap addresses (112) correspond to email addresses that are monitored only for the receipt of unsolicited bulk email (spam). The list server (110) monitors the amount of spam received at the spamtrap addresses (112) in order to identify senders (116) that transmit spam. According to other embodiments of the invention, the list server (110) can count only emails that are received at more than one spamtrap address (112). Accordingly, if a particular spam message is only received at one spamtrap address (112), it may be discarded for purposes of identifying a sender (116) as a spammer. According to one or more further embodiments of the invention, spam messages are assigned higher weight factors (as will be described in further detail below) if they are received at more than one spamtrap address (112).
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
20.
METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR IMPLEMENTING SINGLE-NODE AND CLUSTER SNAPSHOTS
A computer assisted method of organizing a data structure for managing a computer storage device that contains a plurality of blocks. The method comprises initializing entries of the data structure to indicate that the blocks are shared between an origin and one or more snapshots and receiving a first request to modify a first portion of the storage device. The method also includes identifying a first chunk that contains the first portion to be modified, wherein the first chunk includes at least one block and writing first metadata into an entry of the data structure to indicate that the first chunk is unshared. The method also includes allowing the first chunk to be modified. Similar systems and software products are also described.
A computing device includes a local directory service cache. The local directory service cache is a live database. The directory service cache is stored in a shared memory space. In certain embodiments of the invention, client processes needing directory services can directly access the local directory service cache via memory mapping. A caching program updates and maintains the database and obtains the needed data if a cache miss is encountered. Some socket communications between the client processes and the caching program may be used to update database entries, notify the caching program of cache misses, etc.
A method is disclosed for detecting computer viruses. The method allows receipt of an electronic mail message that includes at least one encrypted attachment. The electronic mail message is examined in order to identify potential encryption codes. The encryption codes are used in order to attempt and decrypt the attachments. The attachments are expanded into one or more files. The files are then checked for the presence of computer viruses.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
23.
APPARATUS AND METHOD FOR MANAGING DIGITAL RIGHTS WITH ARBITRATION
A method is disclosed for controlling access to a digital content. The method allows receipt of a notice regarding suspension of a sender’s rights to use content. A trusted third party arbiter transmits a key to restore the sender’s access to the content. Information regarding at least the sender and the key is then documented. The sender can also be required to supply proof of ownership or authority to access the content. This can be in the form of original licensing information supplied by the content provider. The key can also be generated such that it expires after a predetermined length of time.
patents
