公开(公告)号：US09350556B1

公开(公告)日：2016-05-24

申请号：US14691138

申请日：2015-04-20

Applicant: Google Inc.

Inventor： Ankur Taly ,  Asim Shankar ,  Gautham Thambidorai ,  David Presotto

IPC: G06F21/60 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3265 ,  H04L9/321 ,  H04L63/0823 ,  H04L2209/64 ,  H04L2209/76

Abstract: A client device communicates with a target entity server and one or more third party devices. The client device has a client credential that includes a client public key and a client certificate chain. The client certificate chain includes a chain of human-readable names. The client device delegates a third party device access to a service on the server by creating a delegate certificate chain for the third party device. The delegate certificate chain is bound to a public key for the third party device and includes a human-readable name with an extension selected for the third party device. The delegate certificate chain also may include a section of the human-readable name that identifies the client device. The client device transmits or otherwise presents the delegate certificate chain to the third party device.

Abstract translation: 客户端设备与目标实体服务器和一个或多个第三方设备进行通信。 客户端设备具有客户端凭证，其包括客户端公钥和客户端证书链。 客户端证书链包括一系列可读的名称。 客户端设备通过为第三方设备创建代理证书链来委托第三方设备对服务器上的服务的访问。 委托证书链被绑定到第三方设备的公共密钥，并且包括具有为第三方设备选择的扩展名的可读的名称。 委托证书链还可以包括识别客户端设备的人类可读名称的一部分。 客户端设备向第三方设备发送或以其他方式呈现代理证书链。

公开(公告)号：US09483568B1

公开(公告)日：2016-11-01

申请号：US14107851

申请日：2013-12-16

Applicant: GOOGLE INC.

Inventor： Marcus Fontoura ,  Daniel N. Meredith ,  Douglas Lee Taylor Rohde ,  Mahesh S. Palekar ,  Asim Shankar ,  Denis Murray Baylor ,  Zigmars Rasscevskis ,  Andras Csomai

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30631

Abstract: A hybrid-sharded index includes document-sharded posting lists and term-sharded posting lists. Implementations include systems and methods using a distributed hybrid-sharded index. For example, a method may include receiving, at a root node, a query having a first term and a second term and determining, that the first term is term-sharded. The method may also include retrieving a term-sharded posting list for the first term from a first leaf node that stores the term-sharded posting list and determining, at the root node, a second leaf node that stores a document-sharded posting list for the second term. The method may include sending the second term and a sub-set of documents from the term-sharded posting list to the second leaf node, the sub-set being documents assigned to the second leaf node; and generating a search result using a response received from the second leaf node.

Abstract translation: 混合分片索引包括文档分片的发布列表和条目分片的发布列表。 实现包括使用分布式混合分片索引的系统和方法。 例如，一种方法可以包括在根节点处接收具有第一项和第二项的查询，并确定第一项是术语划分的。 所述方法还可以包括从存储所述术语分片的发布列表的第一叶节点检索用于所述第一术语的术语分片的发布列表，以及在所述根节点处确定存储文档分片的发布列表的第二叶节点， 第二学期 该方法可以包括将第二项和一组文档从该术语分片的发布列表发送到第二叶节点，该子集是分配给第二叶节点的文档; 以及使用从所述第二叶节点接收的响应来生成搜索结果。

公开(公告)号：US20160352744A1

公开(公告)日：2016-12-01

申请号：US14824727

申请日：2015-08-12

Applicant: Google Inc.

Inventor： Michael Burrows ,  Martin Abadi ,  Himabindu Pucha ,  Adam Sadovsky ,  Asim Shankar ,  Ankur Taly

IPC: H04L29/06

CPC classification number: H04L63/101 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2141 ,  H04L63/102

Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.

Abstract translation: 在控制分布式系统中的实体之间的对象共享的方法中，处理器将识别对象并生成对象的访问控制列表（ACL），使得ACL包括子句列表。 每个条款都将包含一个与一个或多个祝福相匹配的祝福模式，至少有一个条款也可能包括对一个或多个组的引用。 每个组代表一组表示祝福模式或祝福模式片段的字符串。 处理器可以将ACL的每个子句生成为permit子句或deny子句，以指示具有与祝福模式匹配的祝福的实体是允许访问该对象。 处理器将将ACL保存到数据存储，以用于响应访问对象的请求。

公开(公告)号：US09501506B1

公开(公告)日：2016-11-22

申请号：US14107848

申请日：2013-12-16

Applicant: GOOGLE INC.

Inventor： Marcus Fontoura ,  Daniel N. Meredith ,  Douglas Lee Taylor Rohde ,  Mahesh S. Palekar ,  Asim Shankar ,  Denis Murray Baylor ,  Zigmars Rasscevskis ,  Andras Csomai

IPC: G06F17/30

CPC classification number: G06F17/30631

Abstract: A hybrid-sharded index includes document-sharded posting lists and term-sharded posting lists. Implementations include systems and methods for updating a hybrid-sharded index. For example, a method may include receiving updates to the hybrid-sharded index and generating, at a first leaf node, replacement posting lists and change information for a respective second leaf node. The method may also include dividing the replacement posting lists into portions, a portion having associated change information and being associated with a respective one of the second leaf nodes and sending the portions to respective leaf nodes. At a particular leaf node of the second leaf nodes, the method includes merging a received portion into an updated posing list portion, swapping the updated posting list portion into memory. During the swap, the change information and the updated posting list portion are used to respond to a query with an older version of the hybrid-sharded index.

Abstract translation: 混合分片索引包括文档分片的发布列表和条目分片的发布列表。 实现包括用于更新混合分片索引的系统和方法。 例如，方法可以包括接收对混合分片索引的更新，并且在第一叶节点处生成用于相应的第二叶节点的替换发布列表和改变信息。 该方法还可以包括将替换发布列表划分为部分，具有相关联的改变信息的部分，并且与相应的第二叶节点相关联，并将部分发送到相应的叶节点。 在第二叶节点的特定叶节点处，该方法包括将接收到的部分合并到更新的构图列表部分中，将更新的发布列表部分交换到存储器中。 在交换期间，更改信息和更新的发布列表部分用于响应具有旧版本的混合分片索引的查询。