Multifactor authentication for programmatic interfaces
    1.
    发明授权
    Multifactor authentication for programmatic interfaces 有权
    用于编程接口的多因素认证

    公开(公告)号:US08776190B1

    公开(公告)日:2014-07-08

    申请号:US12955519

    申请日:2010-11-29

    IPC分类号: G06F7/04

    摘要: Systems and methods provide logic that validates a code generated by a user, and that executes a function of a programmatic interface after the user code is validated. In one implementation, a computer-implemented method performs a multifactor authentication of a user prior to executing a function of a programmatic interface. The method includes receiving, at a server, a user code through a programmatic interface. The server computes a server code in response to the user code, and compares the user code to the server code to determine that the user code corresponds to the server code. The server validates the user code and executes a function of the programmatic interface, after the user code is validated.

    摘要翻译: 系统和方法提供验证用户生成的代码的逻辑,并且在验证用户代码之后执行编程接口的功能。 在一个实现中,计算机实现的方法在执行编程接口的功能之前执行用户的多因素认证。 该方法包括通过编程接口在服务器处接收用户代码。 服务器根据用户代码计算服务器代码,并将用户代码与服务器代码进行比较,以确定用户代码对应于服务器代码。 在验证用户代码后,服务器验证用户代码并执行编程接口的功能。

    Virtual firewalls for multi-tenant distributed services
    2.
    发明授权
    Virtual firewalls for multi-tenant distributed services 有权
    用于多租户分布式服务的虚拟防火墙

    公开(公告)号:US08904511B1

    公开(公告)日:2014-12-02

    申请号:US12861692

    申请日:2010-08-23

    摘要: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.

    摘要翻译: 可以建立虚拟防火墙,执行关于由多租户分布式服务维护的计算资源的策略集。 计算资源的特定子集可以与多租户分布式服务的特定租户相关联。 租户可以建立由虚拟防火墙为相关联的计算资源子集强制执行的防火墙策略集,而不会影响多租户分布式服务的其他租户。 实施多个防火墙策略集的虚拟防火墙可以由多租户分布式服务的通用防火墙组件维护。 防火墙策略集可以分布在多租户分布式服务的多个位置。 对于针对特定计算资源的请求,常用防火墙组件可以标识相关联的虚拟防火墙,并根据相应的防火墙策略集将请求提交给虚拟防火墙进行评估。

    Controlling use of computing-related resources by multiple independent parties
    3.
    发明授权
    Controlling use of computing-related resources by multiple independent parties 有权
    由多个独立方控制计算相关资源的使用

    公开(公告)号:US08429757B1

    公开(公告)日:2013-04-23

    申请号:US13277070

    申请日:2011-10-19

    IPC分类号: H04L29/06

    摘要: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service) —in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.

    摘要翻译: 描述了用于管理对计算相关资源的访问的技术,例如,可以使多个不同方独立地控制对资源的访问(例如,使得只有当所有多个关联方批准该访问时,访问资源的请求才能成功 )。 例如,执行的软件应用程序可以代表最终用户利用由一个或多个远程第三方网络服务提供的一种或多种类型的计算相关资源(例如,由 在这种情况下,可以允许创建软件应用程序的开发者用户和终端用户独立地指定一个或多个特定的这样的计算相关资源(例如,存储的数据文件)的访问权限,例如, 最终用户和软件应用程序开发者用户以后都不可以在未经对方批准的情况下访问这些资源。

    Real-time Attribute Processor and Syntax Schema for Directory Access Protocol Services
    4.
    发明申请
    Real-time Attribute Processor and Syntax Schema for Directory Access Protocol Services 失效
    用于目录访问协议服务的实时属性处理器和语法模式

    公开(公告)号:US20110029683A1

    公开(公告)日:2011-02-03

    申请号:US12898917

    申请日:2010-10-06

    IPC分类号: G06F15/16

    摘要: A processor which cooperates with directory servers to handle requests for values of dynamic attributes which would otherwise present a real-time processing challenge to the directory server due to the server's dependence on the data normally being static in nature. Special schema syntax identifiers are used to identify dynamic attributes which then are not stored directly in the directory, but whose values are resolved at the time a read request is made for those attributes. This approach eliminates the need to store the dynamic information in the directory, and allows user-supplied modules to perform the resolution of the dynamic attributes in a real-time manner, including not only retrieving a value from a dynamic data source, but optionally performing calculations or manipulations on the data as well. One embodiment of the invention cooperates with Lightweight Directory Access Protocol (“LDAP”) directory servers.

    摘要翻译: 与目录服务器协作以处理对动态属性的值的请求的处理器,否则由于服务器对数据的依赖通常是静态的,否则将向目录服务器呈现实时处理挑战。 特殊模式语法标识符用于标识动态属性,然后不直接存储在目录中,但是在为这些属性进行读取请求时解析其值。 该方法消除了将动态信息存储在目录中的需要,并且允许用户提供的模块以实时方式来执行动态属性的解析,包括不仅从动态数据源检索值,而且还可以执行 也可以对数据进行计算或操作。 本发明的一个实施例与轻量级目录访问协议(“LDAP”)目录服务器协作。

    Distributed directory deployment
    5.
    发明授权
    Distributed directory deployment 失效
    分布式目录部署

    公开(公告)号:US07373348B2

    公开(公告)日:2008-05-13

    申请号:US11106396

    申请日:2005-04-14

    IPC分类号: G06F17/30

    摘要: Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure.

    摘要翻译: 读取目录树的每个LDIF条目,分割为LDIF片段的域(对应于后端服务器)并写入每个LDIF片段。 可以通过散列函数完成拆分,为LDIF条目的迭代建立写入文件。 LDIF条目附加到写入文件。 读取随后的LDIF条目。 确定对应的LDIF片段,其不需要与写入第一LDIF条目的LDIF片段不同。 当前的LDIF条目写入当前选择的写入文件。 该过程继续,直到所有LDIF条目从目录树中用尽。 LDIF片段都被复制到不同的后端服务器,其中每个LDIF片段可以被加载到分布式目录数据结构中。

    Controlling use of computing-related resources by multiple independent parties
    6.
    发明授权
    Controlling use of computing-related resources by multiple independent parties 有权
    由多个独立方控制计算相关资源的使用

    公开(公告)号:US08051491B1

    公开(公告)日:2011-11-01

    申请号:US11966692

    申请日:2007-12-28

    IPC分类号: G06F7/04 G06F17/30 H04N7/16

    摘要: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.

    摘要翻译: 描述了用于管理对计算相关资源的访问的技术,例如,可以使多个不同方独立地控制对资源的访问(例如,使得只有当所有多个关联方批准该访问时,访问资源的请求才能成功 )。 例如,执行的软件应用程序可以代表最终用户利用由一个或多个远程第三方网络服务提供的一种或多种类型的计算相关资源(例如,由 在这种情况下,可以允许创建软件应用程序的开发者用户和终端用户独立地指定一个或多个特定的这样的计算相关资源(例如,存储的数据文件)的访问权限,例如, 最终用户和软件应用程序开发者用户以后都不可以在未经对方批准的情况下访问这些资源。

    Distributed directory deployment
    7.
    发明授权
    Distributed directory deployment 失效
    分布式目录部署

    公开(公告)号:US07860864B2

    公开(公告)日:2010-12-28

    申请号:US12108416

    申请日:2008-04-23

    IPC分类号: G06F17/30

    摘要: Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure.

    摘要翻译: 读取目录树的每个LDIF条目,分割为LDIF片段的域(对应于后端服务器)并写入每个LDIF片段。 可以通过散列函数完成拆分,为LDIF条目的迭代建立写入文件。 LDIF条目附加到写入文件。 读取随后的LDIF条目。 确定对应的LDIF片段,其不需要与写入第一LDIF条目的LDIF片段不同。 当前的LDIF条目写入当前选择的写入文件。 该过程继续,直到所有LDIF条目从目录树中用尽。 LDIF片段都被复制到不同的后端服务器,其中每个LDIF片段可以被加载到分布式目录数据结构中。

    Method and system to alleviate denial-of-service conditions on a server

    公开(公告)号:US20080216080A1

    公开(公告)日:2008-09-04

    申请号:US12105140

    申请日:2008-04-17

    IPC分类号: G06F9/46

    摘要: A method is presented for processing data in a multithreaded application to alleviate impaired or substandard performance conditions. Work items that are pending processing by the multithreaded application are placed into a data structure. The work items are processed by a plurality of threads within the multithreaded application in accordance with a first algorithm, e.g., first-in first-out (FIFO). A thread within the multithreaded application is configured apart from the plurality of threads such that it processes work items in accordance with a second algorithm that differs from the first algorithm, thereby avoiding the impairing condition. For example, the thread may process a pending work item only if it has a particular characteristic. The thread restricts its own processing of work items by intermittently evaluating workflow conditions for the plurality of threads; if the workflow conditions improve or are unimpaired, then the thread does not process any work items.

    Real-time attribute processor and syntax schema for directory access protocol services
    10.
    发明授权
    Real-time attribute processor and syntax schema for directory access protocol services 失效
    用于目录访问协议服务的实时属性处理器和语法模式

    公开(公告)号:US07840588B2

    公开(公告)日:2010-11-23

    申请号:US10809583

    申请日:2004-03-25

    IPC分类号: G06F17/30

    摘要: A directory server handles requests for values of dynamic attributes by providing at least one declaration for an attribute to be handled as a real-time attribute associated with but external to a directory structure; receiving a directory access protocol request for access to an attribute value from the associated directory structure; detecting requested access to an attribute declared as a real-time external attribute; resolving a real-time value by obtaining an attribute value from a real-time source external to the directory structure; converting the obtained attribute value from a real-time attribute to a static attribute, wherein the real-time attribute is incompatible with the directory access protocol, and wherein the static attribute is compatible with the directory access protocol; and returning to a requester the converted real-time attribute directly in the directory access protocol, wherein storing and updating of the converted real-time attribute value in the directory structure is eliminated or avoided.

    摘要翻译: 目录服务器通过为要处理的属性作为与目录结构相关联但在外部的实时属性提供至少一个声明来处理对动态属性的值的请求; 从相关联的目录结构接收访问属性值的目录访问协议请求; 检测对被声明为实时外部属性的属性的请求访问; 通过从目录结构外部的实时源获取属性值来解析实时值; 将所获得的属性值从实时属性转换为静态属性,其中所述实时属性与所述目录访问协议不兼容,并且其中所述静态属性与所述目录访问协议兼容; 并且直接在目录访问协议中返回到请求者转换的实时属性,其中消除或避免了在目录结构中存储和更新转换的实时属性值。