Abstract: A method and system provide security for a communication network and for one or more nodes within the network. Software can be distributed throughout the network from a centralized location or administrative console. The software can be made resident in the kernel of the operating system of a receiving node. The software can provide an observation functionality, an analysis functionality, a reporting functionality and a remediation functionality or some subset of those functionalities.
Type:
Grant
Filed:
June 22, 2007
Date of Patent:
May 29, 2012
Assignee:
Red Hat, Inc.
Inventors:
John M Suit, Vipul Sharma, Mark I Yourcheck, Daniel L Becker
Abstract: Embodiments of the present invention provide a protocol for ensuring data integrity of requests made by clients of a social network service. In particular, when a client gets a confirmation from an update request, the confirmation is accompanied by a token that provides information about the update. When the client next makes a read request it passes the token along with the read request. The node at the social network service receiving the request then waits until it makes sure that it has received any notifications that precede the state represented by the token before it processes the request and replies to the client. The token might be, among other things, a physical timestamp, a counter reflecting transactions committed on a database server, or a vector timestamp. In addition, the same technique can be used to ensure ordering between read requests.
Abstract: A physical memory location among multiple programs is shared among multiple programs. In one embodiment, multiple memory units are scanned to detect duplicated contents in the memory units. The memory units are used by programs running on a computer system. A data structure is used to identify memory units of identical contents. To improve performance, an additional data structure can be used to identify memory units of identical contents. Memory units that are identified to have identical contents can share the same physical memory space.
Type:
Grant
Filed:
February 27, 2009
Date of Patent:
May 29, 2012
Assignee:
Red Hat, Inc.
Inventors:
Izik Eidus, Andrea Arcangeli, Christopher M. Wright
Abstract: A method and system for managing images of virtual machines hosted by a server. The server maintains a base virtual machine image in a common data store for sharing by the virtual machines. When the server identifies an image modification for at least one of the virtual machines, the server determines whether the image modification includes data common to images of the other virtual machines. If so, the common data is copied to the base virtual machine image in the common data store, and a pointer to the copied data is added to an image of the virtual machine in an individual data store.
Abstract: Methods and systems can manage the multiple identities used by a user. The user's existing contact lists, website accounts, buddy lists, and the like are analyzed to determine the identities used by the user. A graph is then constructed in order to track and integrate the multiple identities of the user in a social network. The social network graph may then be used by a social network overlay so that the user can share information across their different identities with different users that only know some of the user's multiple identities.
Type:
Grant
Filed:
July 30, 2010
Date of Patent:
May 29, 2012
Assignee:
Red Hat, Inc.
Inventors:
Donald Fischer, Havoc Penington, Bryan Clark, Owen Taylor, Colin Walters
Abstract: A method and apparatus for providing securing a connection with a (Secure Sockets Layer) SSL/TLS-enabled server. In one embodiment, a web client establishes a new connection by initiating a communication with the SSL/TLS-enabled server. The communication includes a non-POST request. After the client negotiates the secured connection with the server in response to the non-POST request, the client submits a POST request to the SSL/TLS-enabled server via the secured connection.
Abstract: A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and requesting and receiving a unique identifier from a service provider, where the unique identifier is used for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR with the unique identifier to the service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.
Abstract: A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and generating a provisionally unique identifier from the network appliance for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR, the provisionally unique identifier, and information about the user login to a service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.
Abstract: Methods and systems for designating and handling confidential memory allocations of virtual memory are provided in which the operating system provides a memory allocation flag that applications may use to indicate any arbitrary area of physical memory marked with this flag may contain confidential data and should be handled accordingly. The operating system also ensures that memory allocated with this flag can be placed in physical memory. When freeing up memory, the operating system protects any data in the memory allocated with this flag. For example, the operating system may prevent the confidential memory from being swapped out to storage or from being accessible to other applications, such as a debuggers. Alternatively, the operating system may encrypt any data in the confidential memory before it is swapped out to storage.
Abstract: A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc. In general, the first data item will be a short alphanumeric string and the second data item will generally be much larger, e.g., a 128 bit sequence to be used principally for data authentication. According to another aspect of the present invention, consequential evidence of the transaction may be secured to provide after-the-fact evidence of the transaction.
Type:
Grant
Filed:
July 1, 2004
Date of Patent:
May 29, 2012
Assignee:
JP Morgan Chase Bank
Inventors:
Glenn Stuart Benson, Joseph R. Calaceto, Russell M. Logar
Abstract: Disclosed in certain embodiments is a method of determining the individual concentration of different antioxidants of the same class in a sample comprising contacting the sample with an effective amount of phenol; and analyzing the sample by voltammetry.
Abstract: A system and method for enabling single-socket server applications to receive information via multiple ports. In one embodiment, a system includes a network tunnel configured to receive traffic at a first port of an application server and to communicate the received traffic to a second port of the application server. The system further includes a single-socket application, coupled to the second port of the application server, to monitor for incoming traffic at the second port, and to receive the traffic destined for the first port and communicated to the second port via the network tunnel.
Abstract: A system and method for tracking call activity of a plurality of businesses is disclosed. A global pool of phone numbers is allocated from which to draw numbers. A business-specific pool of numbers is established for business locations involved in advertisements using the Internet via Web pages. As a consumer begins viewing an advertisement for a business, a number is temporarily allocated from the business's pool of available numbers. As the business's pool of unallocated numbers is exhausted, a metric is used to determine whether or not to grow the pool of numbers, to show an untracked ‘fallback’ number for the business, or to reuse a previously allocated number. When one of the temporarily allocated numbers is called, the online consumer it was associated with is credited for making the call and the business is credited and charged for receiving the call.
Abstract: Embodiments of the present invention provide methods and systems that allow users to share information about their recent activities with other users. In particular, as users receive and/or share multimedia content with other users, information that indicates the locations of this content, such as a website, playlist, or file, is passively tracked and logged. This information may be formatted into a viewable form, such as a web site or web log, and cooperatively shared with other users. Users may then incorporate the multimedia content played by other users into their own library. Users may also elect to synchronize their multimedia content with other users. For convenience, multiple locations for the same multimedia content may be determined when it is logged and tracked. Users may obtain the multimedia content using one or more of their existing accounts with a provider at their own discretion.
Type:
Grant
Filed:
May 31, 2006
Date of Patent:
May 22, 2012
Assignee:
Red Hat, Inc.
Inventors:
Donald Fischer, Havoc Pennington, Bryan Clark, Owen Taylor, Colin Walters
Abstract: The present invention provides a unified provisioning environment, which comprehensively manages the tasks related to software provisioning. In particular, the present invention manages software provisioning using a hierarchy of commands. The lowest level in the hierarchy comprises distribution commands, which primarily handle base operating system specific tasks of provisioning. The second level comprises profile commands, which associate a configuration file, such as a Linux kickstart file, with a distribution and optionally allow for customization. The third level comprises system commands, which associate remote systems that are involved with the provisioning of the software. The fourth level comprises repository commands, which address configurations and tasks related to updating the software, remote installation procedures, and optionally customizing the software.
Abstract: An RPM subsystem can be installed on a system that has its own native packaging subsystem. The RPM subsystem is initially delivered as a package wrapped in the non-RPM format of the native packaging system and installed. When an RPM package is installed, the RPM subsystem is also configured to create a stub entry in the native packaging, non-RPM system. The stub entry may contain the normal package information, such as name, version, description, as well as a list of files contained in a package. The stub may also contain uninstallation logic, which serves as a “callback” into the RPM subsystem during package removal and causes the RPM subsystem to remove the package when invoked. Removal of a RPM package via RPM tools also causes the removal of the stub entry.
Abstract: A method and apparatus for cross-platform generation of new software packages. The method may include generating a list of software packages having a first format associated with a first operating system, generating new support files for entries on the list, and generating new software packages from the new support files and code of corresponding software packages. The new software packages are generated in the format associated with a second operating system.
Abstract: The present invention is directed to the discovery of a novel family of enzymes designated herein as mRNA interferases that exhibit endoribonuclease activity. The novel finding of the present inventors, therefore, presents new applications for which mRNA interferase nucleic and amino acid sequences, and compositions thereof may be used to advantage. The invention also encompasses screening methods to identify compounds/agents capable of modulating mRNA interferase activity and methods for using such compounds/agents. Also provided is a kit comprising mRNA interferase nucleic and/or amino acid sequences, mRNA interferase activity compatible buffers, and instruction materials.
Type:
Grant
Filed:
June 14, 2004
Date of Patent:
May 22, 2012
Assignee:
University of Medicine and Dentistry of New Jersey
Inventors:
Masayori Inouye, Junjie Zhang, Yong Long Zhang
Abstract: An aspect request associated with a web application is received by an aspect server, the web application being hosted by a web application server that is remote from the aspect server. Operations are performed according to the aspect request, the operations being associated with a crosscutting concern. A result is returned, the result supplementing functionality of the web application.