Patents by Inventor Sam Sanjabi
Sam Sanjabi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11477249Abstract: An identity provider (“IdP”) system maintains a framework of authentication methods and security targets that enables flexible authentication policy authoring and analysis of authentication performed by users of an organization. The IdP system generates authentication method profiles that include authentication factors and attributes, which may be further classified as required or optional. The IdP system also generates security target profiles that indicate security requirements needed to satisfy the corresponding security targets. The IdP system uses the generated profiles to determine relationships between authentication methods and security targets (e.g., a list of authentication methods that satisfy a given security target). Using these relationships, the IdP system may enable users to author policies and analyze how users' authentication behaviors comply with security targets.Type: GrantFiled: January 29, 2021Date of Patent: October 18, 2022Assignee: Okta, Inc.Inventors: Naomaru Itoi, Sam Sanjabi, Royal Chan, Vincent Voong, Daniel Jeffrey Post, Cedric Beust
-
Publication number: 20220247789Abstract: An identity provider (“IdP”) system maintains a framework of authentication methods and security targets that enables flexible authentication policy authoring and analysis of authentication performed by users of an organization. The IdP system generates authentication method profiles that include authentication factors and attributes, which may be further classified as required or optional. The IdP system also generates security target profiles that indicate security requirements needed to satisfy the corresponding security targets. The IdP system uses the generated profiles to determine relationships between authentication methods and security targets (e.g., a list of authentication methods that satisfy a given security target). Using these relationships, the IdP system may enable users to author policies and analyze how users' authentication behaviors comply with security targets.Type: ApplicationFiled: January 29, 2021Publication date: August 4, 2022Inventors: Naomaru Itoi, Sam Sanjabi, Royal Chan, Vincent Voong, Daniel Jeffrey Post, Cedric Beust
-
Patent number: 10331485Abstract: A first quality of service identifier is assigned to each subtask associated with each node of a compute workflow, the first quality of service identifier indicative of a level of quality of service associated with each node. A planned resource requirement is assigned to each subtask, the planned resource requirement indicative of a total amount of system resources required to complete each subtask. A resource allocation plan is generated for each subtask, the resource allocation plan indicative of a distribution of the system resources over time in at least one resource manager. The resource allocation plan and the first quality of service identifier are output to the at least one resource manager for enforcement of the level of quality of service on one or more jobs submitted for each node through at least one workflow orchestrator external to the at least one resource manager.Type: GrantFiled: May 30, 2017Date of Patent: June 25, 2019Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Sam Sanjabi, Chong Chen, Reza Pournaghi, Shane Anthony Bergsma, Wei Pei
-
Patent number: 9983907Abstract: A method, computer program product, and computer system for backfilling jobs based on energy aware scheduling are provided. A first job is received at a scheduler, where the scheduler manages one or more running jobs based on a plurality of system resources. The plurality of system resources comprises at least one resource constraint. A resource consumption of the first job is estimated based on one or more resource requirements of the first job. A first resource requirement of the one or more resource requirements is determined to exceed the resource constraint. In response to determining that the first resource requirement of the first job exceeds at least one resource constraint, at least one of (i) the first resource requirement of the first job and (ii) the plurality of system resources is modified. The first job is scheduled.Type: GrantFiled: October 27, 2015Date of Patent: May 29, 2018Assignee: International Business Machines CorporationInventors: Ji Li, Xiu Qiao Li, Zhenchao Liu, Xian Tao Meng, Xue Bin Min, Sam Sanjabi
-
Publication number: 20180143858Abstract: A first quality of service identifier is assigned to each subtask associated with each node of a compute workflow, the first quality of service identifier indicative of a level of quality of service associated with each node. A planned resource requirement is assigned to each subtask, the planned resource requirement indicative of a total amount of system resources required to complete each subtask. A resource allocation plan is generated for each subtask, the resource allocation plan indicative of a distribution of the system resources over time in at least one resource manager. The resource allocation plan and the first quality of service identifier are output to the at least one resource manager for enforcement of the level of quality of service on one or more jobs submitted for each node through at least one workflow orchestrator external to the at least one resource manager.Type: ApplicationFiled: May 30, 2017Publication date: May 24, 2018Inventors: Sam SANJABI, Chong Chen, Reza Pournaghi, Shane Anthony Bergsma, Wei Pei
-
Publication number: 20170116037Abstract: A method, computer program product, and computer system for backfilling jobs based on energy aware scheduling are provided. A first job is received at a scheduler, where the scheduler manages one or more running jobs based on a plurality of system resources. The plurality of system resources comprises at least one resource constraint. A resource consumption of the first job is estimated based on one or more resource requirements of the first job. A first resource requirement of the one or more resource requirements is determined to exceed the resource constraint. In response to determining that the first resource requirement of the first job exceeds at least one resource constraint, at least one of (i) the first resource requirement of the first job and (ii) the plurality of system resources is modified. The first job is scheduled.Type: ApplicationFiled: October 27, 2015Publication date: April 27, 2017Inventors: Ji Li, Xiu Qiao Li, Zhenchao Liu, Xian Tao Meng, Xue Bin Min, Sam Sanjabi
-
Patent number: 9513962Abstract: A preempt of a live migratable workload, or job, in a distributed computing environment is performed, allowing it to release its resources for use by a higher priority workload by moving to another place in the distributed computing environment without interruption. A job scheduler receives a request to schedule a higher priority job, wherein resources needed to run the higher priority job are already dedicated for use by a currently running lower priority job. A dummy job is scheduled at a highest priority that is a copy of the lower priority job. Resources required to run the dummy job are reserved. A live migration of the lower priority job to another host is initiated, and its resources are then released. Upon a successful completion of the live migration of the lower priority job, the higher priority job is then dispatched to run using the now released resources.Type: GrantFiled: December 3, 2013Date of Patent: December 6, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Chong Chen, Sam Sanjabi, Michael John Spriggs, Zhao Xing, Jie Zhu
-
Patent number: 9507631Abstract: A preempt of a live migratable workload, or job, in a distributed computing environment is performed, allowing it to release its resources for use by a higher priority workload by moving to another place in the distributed computing environment without interruption. A job scheduler receives a request to schedule a higher priority job, wherein resources needed to run the higher priority job are already dedicated for use by a currently running lower priority job. A dummy job is scheduled at a highest priority that is a copy of the lower priority job. Resources required to run the dummy job are reserved. A live migration of the lower priority job to another host is initiated, and its resources are then released. Upon a successful completion of the live migration of the lower priority job, the higher priority job is then dispatched to run using the now released resources.Type: GrantFiled: September 9, 2014Date of Patent: November 29, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Chong Chen, Sam Sanjabi, Michael John Spriggs, Zhao Xing, Jie Zhu
-
Publication number: 20150268987Abstract: A method for reducing job credentials management load is provided in the illustrative embodiments. A determination is made whether a credential data submitted with a job matches a second credential data stored in a repository, the credential data comprising a set of attributes. Responsive to the credential data matching the second credential data, a reference to the second credential data is associated with the job. The second credential data is updated to enable the job for execution. The job is forwarded with the reference to a receiver application, wherein the reference provides the receiver application an authorization to execute the job.Type: ApplicationFiled: June 3, 2015Publication date: September 24, 2015Applicant: International Business Machines CorporationInventors: CHONG CHEN, Zhaohui Ding, Fang Liu, Sam Sanjabi, Rongsong Shen, Shuai Jie Wang
-
Publication number: 20150154047Abstract: A preempt of a live migratable workload, or job, in a distributed computing environment is performed, allowing it to release its resources for use by a higher priority workload by moving to another place in the distributed computing environment without interruption. A job scheduler receives a request to schedule a higher priority job, wherein resources needed to run the higher priority job are already dedicated for use by a currently running lower priority job. A dummy job is scheduled at a highest priority that is a copy of the lower priority job. Resources required to run the dummy job are reserved. A live migration of the lower priority job to another host is initiated, and its resources are then released. Upon a successful completion of the live migration of the lower priority job, the higher priority job is then dispatched to run using the now released resources.Type: ApplicationFiled: December 3, 2013Publication date: June 4, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Chong Chen, Sam Sanjabi, Michael John Spriggs, Zhao Xing, Jie Zhu
-
Publication number: 20150154056Abstract: A preempt of a live migratable workload, or job, in a distributed computing environment is performed, allowing it to release its resources for use by a higher priority workload by moving to another place in the distributed computing environment without interruption. A job scheduler receives a request to schedule a higher priority job, wherein resources needed to run the higher priority job are already dedicated for use by a currently running lower priority job. A dummy job is scheduled at a highest priority that is a copy of the lower priority job. Resources required to run the dummy job are reserved. A live migration of the lower priority job to another host is initiated, and its resources are then released. Upon a successful completion of the live migration of the lower priority job, the higher priority job is then dispatched to run using the now released resources.Type: ApplicationFiled: September 9, 2014Publication date: June 4, 2015Inventors: Chong Chen, Sam Sanjabi, Michael John Spriggs, Zhao Xing, Jie Zhu
-
Publication number: 20150150013Abstract: A method, system, and computer program product for reducing job credentials management load are provided in the illustrative embodiments. A determination is made whether a credential data submitted with a job matches a second credential data stored in a repository, the credential data comprising a set of attributes. Responsive to the credential data matching the second credential data, a reference to the second credential data is associated with the job. The second credential data is updated to enable the job for execution. The job is forwarded with the reference to a receiver application, wherein the reference provides the receiver application an authorization to execute the job.Type: ApplicationFiled: November 25, 2013Publication date: May 28, 2015Applicant: International Business Machines CorporationInventors: Chen Chong, Zhaohui Ding, Fang Liu, Sam Sanjabi, Rongsong Shen, Shuai Jie Wang