Abstract: A method and system for distributing a secret to a plurality of computing systems. In one embodiment, the method determines the number (n) of shares to generate and a threshold number (k) of the shares from which the secret can be reconstructed. The method further chooses n coprime random bit strings in any one of general rings as moduli, the general rings including one or more non-integer rings. The secret is then embedded in a bit string which is at least one bit longer than the product of any k?1 moduli and at least one bit shorter than the product of any k moduli. The method further computes shares of the bit string for distribution to n computing systems, each share including one of the moduli and a corresponding remainder.

Abstract: A method and apparatus for verifying loadable objects. A request is received from an application to load a first loadable object into memory. A first signature value is calculated for the first loadable object. The first loadable object is loaded into memory if the first signature value matches one of a plurality of signature values, each of the plurality of signature values being associated with a distinct loadable object.

Abstract: Techniques for resource management of a PPM context model are described herein. According to one embodiment, in response to a sequence of symbols to be coded, contexts are allocated, each having multiple entries and each entry representing a symbol that the current context is able to encode, including a counter value representing a frequency of each entry being used. For each symbol coded by a context, a local counter value and a global counter value are maintained. The global counter value represents a total number of symbols that have been coded by the context model and the local counter value represents a number symbols that have been coded by the respective context. Thereafter, a resource management operation is performed for system resources associated with the plurality of contexts based on a global counter value and a local counter value associated with each of the plurality of contexts.

Abstract: A system and method for enabling single-socket server applications to receive information via multiple ports. In one embodiment, a system includes a network tunnel configured to receive traffic at a first port of an application server and to communicate the received traffic to a second port of the application server. The system further includes a single-socket application, coupled to the second port of the application server, to monitor for incoming traffic at the second port, and to receive the traffic destined for the first port and communicated to the second port via the network tunnel.

Abstract: A method and system for setting a time on a network appliance. The method may include attempting to establish a secure connection with a server using a certificate issued for a network appliance, and determining that an attempt to establish a secure connection has failed. The method may further include determining that a possible cause of the failure to establish a secure connection is incorrect time data provided by the network appliance, and updating the time on the network appliance using time data contained in the certificate.

Abstract: A system and method for enabling single-socket server applications to receive information via multiple ports. In one embodiment, a system includes a network tunnel configured to receive traffic at a first port of an application server and to communicate the received traffic to a second port of the application server. The system further includes a single-socket application, coupled to the second port of the application server, to monitor for incoming traffic at the second port, and to receive the traffic destined for the first port and communicated to the second port via the network tunnel.

Abstract: A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and requesting and receiving a unique identifier from a service provider, where the unique identifier is used for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR with the unique identifier to the service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.

Abstract: A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and generating a provisionally unique identifier from the network appliance for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR, the provisionally unique identifier, and information about the user login to a service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.

Abstract: Techniques for managing inodes of a file system are described herein. According to one embodiment, in response to a request received at the file system for committing a file to a storage, a first indirect block having multiple entries is allocated. At least one entry stores a pointer linked with a data block, where the first indirect block is referenced by a pointer stored within an inode associated with the file. A first set of data blocks having a first predetermined number of data blocks is allocated, where each entry is referenced by a pointer stored in an entry of the first indirect block. The first indirect block and the first set of data blocks are contiguous blocks with respect to each other, such that content of the first indirect block and the first set of data blocks can be retrieved via a single storage access operation.

Abstract: An aspect request associated with a web application is received by an aspect server, the web application being hosted by a web application server that is remote from the aspect server. Operations are performed according to the aspect request, the operations being associated with a crosscutting concern. A result is returned, the result supplementing functionality of the web application.

Abstract: A method and apparatus for validating service components via data mining. In one embodiment, the method includes making service components to be available for use in a production environment of a service subscriber, receiving data produced by instances of the service components in the production environment, and storing the received data in at least one database. The method may further include identifying a service component that is being evaluated, retrieving, from the database, data produced by instances of the service component being evaluated, and providing the retrieved data to a recipient, where the retrieved data indicates effectiveness of the service component being evaluated.

Abstract: Some embodiments of a method and an apparatus to reduce memory required for prediction by partial matching (PPM) models usable in data compression have been presented. In one embodiment, statistics of received data are accumulated in a tree of dynamic tree-type data structures. The data is compressed based on the statistics. The tree of dynamic tree-type data structures may be stored in a computer-readable storage medium.

Abstract: Some embodiments of a method and an apparatus to improve locality of references for objects have been presented. In one embodiment, an access counter is provided to each of a set of objects in a computing system. The access counter is incremented each time a respective object is accessed. In response to a request to organize the objects, the objects are sorted by their respective counts of access in the access counters.

Abstract: A two-party stateless protocol by which a server receives a request from a client, transmits a tamper-resistant challenge to the client, receives a response to the challenge, and validates the response, where each of the challenge and the response contain a copy of the request. If the client responds correctly to the challenge and does not modify the request during the protocol, the server executes the request.

Abstract: A service request is received from a client, the service request being directed to a web application, wherein a core concern of the web application is configured to perform a core operation upon receiving the service request. The service request is compared to a plurality of rules by a rules engine. If the service request satisfies a criterion specified in a first rule, an aspect service identified in the rule is initiated, wherein the aspect service performs an additional operation before or after the core operation is performed, and wherein the additional operation adds functionality to the core concern.

Abstract: A data compression method improves Lempel-Ziv (“LZ”) compression by encoding the offsets produced during LZ compression as variable-bit-length (“VBL”) encoded integers, and outputting the VBL integers as part of the compressed data. Other integers produced during LZ compression, as well as integers produced by other data compression algorithms, can also be encoded using a VBL scheme.

Abstract: In one embodiment, a mechanism for transport-safe codings for cryptographic use is disclosed. In one embodiment, a method for transport-safe coding for cryptographic use includes converting an input data stream into index values associated with “n” printable characters, wherein “n” is a radix associated with a base-“n” coding scheme and a prime power less than 94, performing a cryptographic operation on the index values to encrypt the index values, and translating the encrypted values directly into an output data stream of printable characters associated with the encrypted values in a base-“n” coding scheme.

Abstract: A method and system for distributing n shares of a secret to n computing systems, and a method and system for reconstructing the secret from k shares of the secret. In one embodiment, the method for distributing the secret comprises representing the secret as a first polynomial over GF(2). The method further comprises creating the n shares from the secret, each of the n shares including a polynomial over GF(2). The secret can be reconstructed, in one embodiment, by solving coefficients of an interpolating polynomial using k points in the k shares using modulo 2 arithmetic.

Abstract: A method and system for embedding a secret in a bit string for safeguarding the secret. In one embodiment, the method comprises computing the length of the overall bit string as a function of q and t, where q and t are determined from the length of the secret. The method further comprises generating a plurality of information pieces based on q and t, the information pieces including a transformed secret and information for extracting the secret from the overall bit string. The method further comprises concatenating the plurality of information pieces to form the overall bit string.

Abstract: A method and system stores and retrieves data items associated with a primary key, using search indices at multiple storage locations. A server receives a primary key, identifies one or more segments of the primary key, and hashes each segment with one or more hash functions to obtain a sequence of hash values. The hash values are used as keys to index a chain of search indices that are stored in multiple storage locations. One or more of the hash values in the sequence are used to form a host name, and the host name is mapped to an address of a server that stores a first search index in the chain. The last search index in the chain contains the data items associated with the primary key, or provides a reference to one or more locations at which the data items can be found.