Abstract: Potentially identical objects (e.g., files) are located across multiple computers based on stochastic partitioning of workload. For each of a plurality of objects stored on a plurality of computers in a network, a portion of object information corresponding to the object is selected. The object information can be generated in a variety of manners (e.g., based on hashing the object, based on characteristics of the object, and so forth). Any of a variety of portions of the object information can be used (e.g., the least significant bits of the object information). A stochastic partitioning process is then used to identify which of the plurality of computers to communicate the object information to for identification of potentially identical objects on the plurality of computers.

Abstract: Potentially identical objects (e.g., files) are located across multiple computers based on stochastic partitioning of workload. For each of a plurality of objects stored on a plurality of computers in a network, a portion of object information corresponding to the object is selected. The object information can be generated in a variety of manners (e.g., based on hashing the object, based on characteristics of the object, and so forth). Any of a variety of portions of the object information can be used (e.g., the least significant bits of the object information). A stochastic partitioning process is then used to identify which of the plurality of computers to communicate the object information to for identification of potentially identical objects on the plurality of computers.

Abstract: A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs a token bucket algorithm in order to reduce the success rate for a non-human user employing a guessing or artificial intelligence to solve a substantial number of HIP challenges. The algorithm can employ token buckets associated with IP address and user session from which the user is attempting to solve the HIP challenge. If a token bucket is empty the algorithm can treat a correct response as incorrect and refill a portion of the buckets for a further attempt. This forces two correct responses to be received by a user within the refill quantity for the users bucket(s) before the user is identified as human.

Abstract: A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs images from a large private database of manually categorized images to display as part of a Turing test challenge. The private database contains a sufficient quantity of images, such that the more economical manner to pass the HIP is to employ a human to take the challenge. The owner of the private database makes the database available to the presenter of the HIP due to an alignment of interests between both parties. The HIP is displayed with ads on behalf of the owner of the private database and the presenter of the HIP gains access to a large quantity of private manually categorized images.

Abstract: A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs a partial credit algorithm in order to allow a user to make one or more mistakes during consecutive HIP challenges and still be identified as a human. The algorithm assigns a user partial credit based upon getting part of the challenge incorrect. The partial credit is tracked and if during one or more consecutive subsequent challenges the same user gets a portion of the challenge incorrect again, they can still be identified as human.

Abstract: A serverless distributed file system manages the storage of files and directories using one or more directory groups. The directories may be managed using Byzantine-fault-tolerant groups, whereas files are managed without using Byzantine-fault-tolerant groups. Additionally, the file system may employ a hierarchical namespace to store files. Furthermore, the directory group may employ a plurality of locks to control access to objects (e.g., files and directories) in each directory.

Abstract: Potentially identical objects (e.g., files) are located across multiple computers based on stochastic partitioning of workload. For each of a plurality of objects stored on a plurality of computers in a network, a portion of object information corresponding to the object is selected. The object information can be generated in a variety of manners (e.g., based on hashing the object, based on characteristics of the object, and so forth). Any of a variety of portions of the object information can be used (e.g., the least significant bits of the object information). A stochastic partitioning process is then used to identify which of the plurality of computers to communicate the object information to for identification of potentially identical objects on the plurality of computers.

Abstract: Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.

Abstract: In a serverless distributed file system, the writer of a file can provide file authentication information to a verifying machine without having to compute a new digital signature every time a written file is closed. Periodically, the writer compiles a list of the hash values of all files that have been written over a recent interval, computes a hash of the list, and signs the hash. This signed list of hash values is known as a manifest, akin to a shipping manifest that enumerates the items in a shipment. The advantage of using a signed manifest is that the writer need only perform a single signature computation in order to authenticate the writes to multiple files, rather than having to compute a separate signature for each file, as it would if a signature were embedded in each file.

Abstract: An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.

Abstract: The described implementations relate to networked or distributed systems and more particularly to providing motivation for deployment of networked systems. One technique gathers a solicitation hierarchy in a distributed system. This technique also tracks contribution to the distributed system of participants within the hierarchy. This technique further probabilistically determines a participant as a lottery winner based at least in part on the solicitation hierarchy and the contribution.

Abstract: A file format for a serverless distributed file system is composed of two parts: a primary data stream and a metadata stream. The data stream contains a file that is divided into multiple blocks. Each block is encrypted using a hash of the block as the encryption key. The metadata stream contains a header, a structure for indexing the encrypted blocks in the primary data stream, and some user information. The indexing structure defines leaf nodes for each of the blocks. Each leaf node consists of an access value used for decryption of the associated block and a verification value used to verify the encrypted block independently of other blocks. In one implementation, the access value is formed by hashing the file block and encrypting the resultant hash value using a randomly generated key. The key is then encrypted using the user's key as the encryption key. The verification value is formed by hashing the associated encrypted block using a one-way hash function.

Abstract: The clocks of remote computing devices are synchronized within a range of certainty through the determination of an upper bound and a lower bound around a reference time. A message from a computing device is propagated up a network tree of devices to a device having a reference time, which encodes the reference time and returns the message down the tree. Each receiving device can determine that the reference time could not have occurred before their transmission of the message, nor could it have occurred after their receipt of the return message. Cryptographic hashes can be used to guard against malicious computing devices. Alternate paths and scheduling of messages can be used to provide a narrower spread between the upper and lower bounds, and clock drift can be accounted for by increasing the spread over time.

Abstract: Potentially identical objects (e.g., files) are located across multiple computers based on stochastic partitioning of workload. For each of a plurality of objects stored on a plurality of computers in a network, a portion of object information corresponding to the object is selected. The object information can be generated in a variety of manners (e.g., based on hashing the object, based on characteristics of the object, and so forth). Any of a variety of portions of the object information can be used (e.g., the least significant bits of the object information). A stochastic partitioning process is then used to identify which of the plurality of computers to communicate the object information to for identification of potentially identical objects on the plurality of computers.

Abstract: Cryptographic protocols and methods of employing the same are described. The described protocols advantageously enable two or more identical encryptable objects that are coded for encryption with different keys to be identified as identical without access to either the unencrypted objects or the keys that are used in the encryption process. Additionally, the protocols enable two or more identical encryptable objects to be processed with different encryption keys, yet be stored in a manner so that the total required storage space is proportional to the space that is required to store a single encryptable object, plus a constant amount for each distinct encryption key. In various embodiments, the encryptable objects comprise files and the cryptographic protocols enable encrypted files to be used in connection with single instance store (SIS) systems.

Abstract: Digital maps can be composed of a series of image tiles that are selected based on the context of the map to be presented. Independently hosted tiles can comprise additional details that can be added to the map. A manifest can be created that describes the layers of map details composed of such independently hosted tiles. Externally referable mechanisms can, based on the manifest and map context, select tiles, from among the independently hosted tiles, that correspond to map tiles being displayed to a user. Subsequently, the mechanisms can instruct a browser, as specified in the manifest, to combine the map tiles and the independently hosted tiles to generate a more detailed map. Alternatively, customized mechanisms can generate map detail tiles in real-time, based on an exported map context. Also, controls instantiated by the browser can render three-dimensional images based on the combined map tiles.

Abstract: A delta pager maintains a database with atomic, isolated transactions. When a transaction seeks to make changes to the database, the delta pager stores the changes in write buffers, and applies the changes when intervening transactions do not literally or substantively change the state of the database relied upon by the transaction. The delta pager applies the changes to commit the transaction by conjoining the write buffers with the current state of the database to form a new data structure representing the state of the database. The delta pager coalesces write buffers to maintain efficiency, subject to snapshots the delta pager respects to preserve selected states of the database. The delta pager makes selected sections of the database durable by moving selected data to a durable store. The delta pager also provides cache objects between the durable store and current transactions to promote efficient access to data.

Abstract: Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.

Abstract: A file format for a serverless distributed file system is composed of two parts: a primary data stream and a metadata stream. The data stream contains a file that is divided into multiple blocks. Each block is encrypted using a hash of the block as the encryption key. The metadata stream contains a header, a structure for indexing the encrypted blocks in the primary data stream, and some user information. The indexing structure defines leaf nodes for each of the blocks. Each leaf node consists of an access value used for decryption of the associated block and a verification value used to verify the encrypted block independently of other blocks. In one implementation, the access value is formed by hashing the file block and encrypting the resultant hash value using a randomly generated key. The key is then encrypted using the user's key as the encryption key. The verification value is formed by hashing the associated encrypted block using a one-way hash function.

Abstract: A system is disclosed that transforms offline maps into interactive online maps. In the system, geo-coordinate relationships are determined between geo-coordinates on a source map and geo-coordinates on an online reference map. An image of the source map is transformed to form an image of a modified source map having geo-coordinates that substantially align with corresponding geo-coordinates on the reference map. Modified source tiles are formed with the image of the modified source map and displayed on a portion of the reference map.