Abstract: A method performed by a data system includes automatically learning relationship(s) among datasets based on one or more of a user query or an observation of a data flow through the data system. The method further includes generating an optimized data structure based on the learned relationships among the datasets. The data system then modifies a query plan to obtain query results that satisfy a query by reading the optimized data structure in lieu of reading the datasets.

Abstract: Disclosed embodiments include a method performed by server computer(s). The method includes receiving a query and defining a query plan based on the received query. The query plan refers to datasets contained in data sources. The method further includes determining that the received query can be accelerated based on an optimized data structure contained in a memory, where the optimized data structure is derived from a dataset referred to in the query plan. The method further includes modifying the query plan to include the optimized data structure, and executing the modified query plan to obtain query results that satisfy the received query by reading the optimized data structure in lieu of reading at least some data from the data sources.

Abstract: A method performed by a data system includes automatically learning relationship(s) among datasets based on one or more of a user query or an observation of a data flow through the data system. The method further includes generating an optimized data structure based on the learned relationships among the datasets. The data system then modifies a query plan to obtain query results that satisfy a query by reading the optimized data structure in lieu of reading the datasets.

Abstract: Disclosed embodiments include a method performed by server computer(s). The method includes receiving a query and defining a query plan based on the received query. The query plan refers to datasets contained in data sources. The method further includes determining that the received query can be accelerated based on an optimized data structure contained in a memory, where the optimized data structure is derived from a dataset referred to in the query plan. The method further includes modifying the query plan to include the optimized data structure, and executing the modified query plan to obtain query results that satisfy the received query by reading the optimized data structure in lieu of reading at least some data from the data sources.

Abstract: The disclosed embodiments include a method for caching by a data system. The method includes automatically caching a portion of a data object from an external data source to a local cluster of nodes in accordance with a unit of caching. The portion of the data object can be selected for caching based on a frequency of accessing the portion of the data object. The portion of the data object in the cache is mapped to the external data source in accordance with a unit of hashing. The method further includes, responsive to the data system receiving a query for data stored in the external data source, obtaining query results that satisfy the received query by reading the portion of the cached data object instead of reading the data object from the external data source.

Abstract: The disclosed embodiments include a method for caching by a data system. The method includes automatically caching a portion of a data object from an external data source to a local cluster of nodes in accordance with a unit of caching. The portion of the data object can be selected for caching based on a frequency of accessing the portion of the data object. The portion of the data object in the cache is mapped to the external data source in accordance with a unit of hashing. The method further includes, responsive to the data system receiving a query for data stored in the external data source, obtaining query results that satisfy the received query by reading the portion of the cached data object instead of reading the data object from the external data source.

Abstract: A method performed by a data system includes automatically learning relationship(s) among datasets based on one or more of a user query or an observation of a data flow through the data system. The method further includes generating an optimized data structure based on the learned relationships among the datasets. The data system then modifies a query plan to obtain query results that satisfy a query by reading the optimized data structure in lieu of reading the datasets.

Abstract: The disclosed embodiments include a method performed by a data system. The method includes automatically learning relationship(s) among datasets based on one or more of a user query or an observation of a data flow through the data system. The method further includes generating an optimized data structure based on the learned relationships among the datasets. The data system then modifies a query plan to obtain query results that satisfy a query by reading the optimized data structure in lieu of reading the datasets.

Abstract: The disclosed embodiments include a method for caching by a data system. The method includes automatically caching a portion of a data object from an external data source to a local cluster of nodes in accordance with a unit of caching. The portion of the data object can be selected for caching based on a frequency of accessing the portion of the data object. The portion of the data object in the cache is mapped to the external data source in accordance with a unit of hashing. The method further includes, responsive to the data system receiving a query for data stored in the external data source, obtaining query results that satisfy the received query by reading the portion of the cached data object instead of reading the data object from the external data source.

Abstract: The disclosed embodiments include a method performed by a data system. The method includes automatically learning relationship(s) among datasets based on one or more of a user query or an observation of a data flow through the data system. The method further includes generating an optimized data structure based on the learned relationships among the datasets. The data system then modifies a query plan to obtain query results that satisfy a query by reading the optimized data structure in lieu of reading the datasets.

Abstract: Disclosed embodiments include a method performed by server computer(s). The method includes receiving a query and defining a query plan based on the received query. The query plan refers to datasets contained in data sources. The method further includes determining that the received query can be accelerated based on an optimized data structure contained in a memory, where the optimized data structure is derived from a dataset referred to in the query plan. The method further includes modifying the query plan to include the optimized data structure, and executing the modified query plan to obtain query results that satisfy the received query by reading the optimized data structure in lieu of reading at least some data from the data sources.

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.

Abstract: A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.

Abstract: Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is received in response, the content is public, whereby the web proxy server caches the content and returns the content to the client. If the requested content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections.

Abstract: Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.

Abstract: Session management by analysis of requests and responses is described herein. A gateway receives requests from a client system, forwards the same to a protected resource, and receives responses from the protected resource. The gateway includes a session management module that manages an authenticated session between the client system and the protected resource. In one aspect, the session management module receives responses that are labeled to indicate whether the requests corresponding to the responses are user-initiated or automatically-initiated. In other aspects, the session management module analyzes the requests to identify any periodic patterns appearing therein. The session management module identifies any requests that are part of a periodic pattern as automatically-initiated requests. In either case, the session management module maintains a timer for each session, and resets the timer when a user-initiated request is identified. Any session whose timer expires is terminated.

Abstract: A system and method is disclosed for detecting savings opportunities for consumers based on the price protection and/or return policies of retailers, following a process of purchasing items from online or physical retailers. The system receives an order statement which comprises information about an order, such as an identifier of the retailer, a date and the details of one or more purchases, where each purchase includes at least an identifier of an item and the amount paid for that item. The system then extracts that information from the order statement, without requiring the user to specify the details of each purchase separately. The system continuously monitors the prices of the items and the conditions specified in the retailer's price protection and/or return policies.

Abstract: Systems and methods are described that improve the efficiency of byte caching mechanisms when transmitting or receiving structured data. Some of these techniques may normalize the structured data before transmission over the network. Other techniques may use templates or semantic differences.

Abstract: Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections.

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.