Настройки

Укажите год
-

Небесная энциклопедия

Космические корабли и станции, автоматические КА и методы их проектирования, бортовые комплексы управления, системы и средства жизнеобеспечения, особенности технологии производства ракетно-космических систем

Подробнее
-

Мониторинг СМИ

Мониторинг СМИ и социальных сетей. Сканирование интернета, новостных сайтов, специализированных контентных площадок на базе мессенджеров. Гибкие настройки фильтров и первоначальных источников.

Подробнее

Форма поиска

Поддерживает ввод нескольких поисковых фраз (по одной на строку). При поиске обеспечивает поддержку морфологии русского и английского языка
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Укажите год
Укажите год
Применить Всего найдено 28. Отображено 28.
05-12-2017 дата публикации

Techniques to provide network security through just-in-time provisioned accounts

Номер: US0009838424B2
Автор: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington, BRADY SHANE, MATHUR SIDDHARTHA, DANI RAJALAKSHMI, KUMAR SANTOSH, SCHOEN LUKE, HETHERINGTON DAVID, Brady Shane, Mathur Siddhartha, Dani Rajalakshmi, Kumar Santosh, Schoen Luke, Hetherington David
Принадлежит: MICROSOFT TECHNOLOGY LICENSING, LLC, MICROSOFT TECHNOLOGY LICENSING LLC

Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Подробнее
Номер записи: 1
01-09-2015 дата публикации

Identifying and throttling tasks based on task interactivity

Номер: US0009122524B2
Автор: Siddhartha Mathur, David A. Sterling, Lu Yang, Zhengwen Zhu, David Nunez Tejerina, Ozan Ozhan, Michael Butler, MATHUR SIDDHARTHA, STERLING DAVID A, YANG LU, ZHU ZHENGWEN, NUNEZ TEJERINA DAVID, OZHAN OZAN, BUTLER MICHAEL, STERLING DAVID A.
Принадлежит: Microsoft Technology Licensing, LLC, MICROSOFT CORP, MICROSOFT TECHNOLOGY LICENSING LLC, MICROSOFT CORPORATION, MICROSOFT TECHNOLOGY LICENSING, LLC

The described implementations relate to processing of electronic data. One implementation is manifest as a system that can include logic and at least one processing device configured to execute the logic. The logic can be configured to receive a first task request to execute a first task that uses a resource when performed. The first task can have an associated first level of interactivity. The logic can also be configured to receive a second task request to execute a second task that also uses the resource when performed. The second task can have an associated second level of interactivity. The logic can also be configured to selectively throttle the first task and the second task based upon the first level of interactivity and the second level of interactivity.

Подробнее
Номер записи: 2
09-05-2017 дата публикации

Resource health based scheduling of workload tasks

Номер: US0009645856B2
Автор: David A. Sterling, Victor Boctor, Siddhartha Mathur, Ozan Ozhan, Vitali Prokopenko, David Nunez Tejerina, Selim Yazicioglu, STERLING DAVID A, BOCTOR VICTOR, MATHUR SIDDHARTHA, OZHAN OZAN, PROKOPENKO VITALI, TEJERINA DAVID NUNEZ, YAZICIOGLU SELIM, Sterling David A., Boctor Victor, Mathur Siddhartha, Ozhan Ozan, Prokopenko Vitali, Tejerina David Nunez, Yazicioglu Selim
Принадлежит: Microsoft Technology Licensing, LLC, MICROSOFT TECHNOLOGY LICENSING LLC

Allocation of computing threads can include receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Подробнее
Номер записи: 3
20-06-2013 дата публикации

Heuristic-Based Rejection of Computing Resource Requests

Номер: US20130159497A1
Автор: Michael Gene Butler, Huangjian Guo, Gleb Kholodov, Siddhartha Mathur, David Sterling, Zhengwen Zhu
Принадлежит: MICROSOFT CORPORATION

A computing system includes an authentication layer, the authentication layer being programmed to receive a request for resources of the computing system and to authenticate an identity of a user requesting the resources, and a command layer, the command layer being programmed to execute one or more commands from the request for resources, wherein the command layer logs characteristics associated with one or more of the commands, wherein the computing system monitors each logged command to determine when a threshold is met, and wherein the computing system blocks a subsequent request for resources from the user when the threshold is met.

Подробнее
Номер записи: 4
05-04-2016 дата публикации

Traffic shaping based on request resource usage

Номер: US0009305274B2
Автор: David A. Sterling, Siddhartha Mathur, Victor Boctor, STERLING DAVID A, MATHUR SIDDHARTHA, BOCTOR VICTOR, STERLING DAVID A.
Принадлежит: Microsoft Technology Licensing, LLC, STERLING DAVID A, MATHUR SIDDHARTHA, BOCTOR VICTOR, MICROSOFT TECHNOLOGY LICENSING LLC, STERLING DAVID A., MICROSOFT TECHNOLOGY LICENSING, LLC

A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Подробнее
Номер записи: 5
01-08-2013 дата публикации

TECHNIQUES FOR TRACKING RESOURCE USAGE STATISTICS PER TRANSACTION ACROSS MULTIPLE LAYERS OF PROTOCOLS

Номер: US20130198363A1
Автор: Raghu Kolluru, David Nunez Tejerina, Siddhartha Mathur, James Kleewein, Adrian Hamza, Ozan Ozhan
Принадлежит: MICROSOFT CORPORATION

Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed. 1. A computer-implemented method , comprising:assigning an activity context to a request at the beginning of a first stage, wherein the activity context has an initial set of properties;assigning values to the properties in the initial set during the first stage;storing a value of a property on a data store local to the first stage;transferring the activity context to a second stage when the request begins the second stage;collecting the stored values; andgenerating a log file from the stored values.2. The method of claim 1 , wherein a stage comprises at least one of:a thread, a process, or a device.3. The method of claim 1 , further comprising:adding a property to the set of properties during a stage.4. The method of claim 1 , further comprising:analyzing the log file to determine a resource usage statistic.5. The method of claim 4 , further comprising: adjust a throttling algorithm;', 'determine a peak usage time;', 'determine a response time;', 'determine a relative resource usage of a first client-initiated action and a second client-initiated action; and', 'debug a resource performance problem., 'using the resource ...

Подробнее
Номер записи: 6
12-09-2017 дата публикации

Tenant lockbox

Номер: US0009762585B2
Автор: Rajalakshmi Dani, Anand Madhava Menon, Paul H. Rich, Naveen Madan, Vikas Ahuja, Siddhartha Mathur, Liqiang Zhu, DANI RAJALAKSHMI, MENON ANAND MADHAVA, RICH PAUL H, MADAN NAVEEN, AHUJA VIKAS, MATHUR SIDDHARTHA, ZHU LIQIANG, Dani Rajalakshmi, Menon Anand Madhava, Rich Paul H., Madan Naveen, Ahuja Vikas, Mathur Siddhartha, Zhu Liqiang
Принадлежит: Microsoft Technology Licensing, LLC, MICROSOFT TECHNOLOGY LICENSING LLC, Microsoft Technology Licensing, LLC.

Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Подробнее
Номер записи: 7
10-07-2014 дата публикации

IDENTIFYING AND THROTTLING TASKS BASED ON TASK INTERACTIVITY

Номер: US20140196048A1
Автор: Siddhartha Mathur, David A. Sterling, Lu Yang, Zhengwen Zhu, David Nunez Tejerina, Ozan Ozhan, Michael Butler, MATHUR SIDDHARTHA, STERLING DAVID A, YANG LU, ZHU ZHENGWEN, NUNEZ TEJERINA DAVID, OZHAN OZAN, BUTLER MICHAEL, STERLING DAVID A.
Принадлежит: MICROSOFT CORPORATION

The described implementations relate to processing of electronic data. One implementation is manifest as a system that can include logic and at least one processing device configured to execute the logic. The logic can be configured to receive a first task request to execute a first task that uses a resource when performed. The first task can have an associated first level of interactivity. The logic can also be configured to receive a second task request to execute a second task that also uses the resource when performed. The second task can have an associated second level of interactivity. The logic can also be configured to selectively throttle the first task and the second task based upon the first level of interactivity and the second level of interactivity. 1. A system comprising: receive a first task request to execute a first task that uses a resource when performed, the first task having an associated first level of interactivity,', 'receive a second task request to execute a second task that also uses the resource when performed, the second task having an associated second level of interactivity; and', 'selectively throttle the first task and the second task based upon the first level of interactivity and the second level of interactivity; and, 'logic configured toat least one processing device configured to execute the logic.2. The system according to claim 1 , wherein the resource is a computing resource and the first task is a computing task that uses the computing resource.3. The system according to claim 1 , wherein the resource corresponds to cost or availability of electrical power.4. The system according to claim 1 , wherein the second level of interactivity indicates that the second task is relatively less interactive than the first task.5. The system according to claim 4 , wherein the logic is further configured to proceed with the first task while throttling the second task based upon health of the resource.6. The system according to claim 1 , ...

Подробнее
Номер записи: 8
22-02-2018 дата публикации

TECHNIQUES TO PROVIDE NETWORK SECURITY THROUGH JUST-IN-TIME PROVISIONED ACCOUNTS

Номер: US20180054460A1
Автор: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
Принадлежит: MICROSOFT TECHNOLOGY LICENSING, LLC

Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Подробнее
Номер записи: 9
20-06-2017 дата публикации

Techniques for tracking resource usage statistics per transaction across multiple layers of protocols

Номер: US0009686152B2
Автор: Raghu Kolluru, David Nunez Tejerina, Siddhartha Mathur, James Kleewein, Adrian Hamza, Ozan Ozhan, KOLLURU RAGHU, TEJERINA DAVID NUNEZ, MATHUR SIDDHARTHA, KLEEWEIN JAMES, HAMZA ADRIAN, OZHAN OZAN, Kolluru Raghu, Tejerina David Nunez, Mathur Siddhartha, Kleewein James, Hamza Adrian, Ozhan Ozan
Принадлежит: Microsoft Technology Licensing, LLC, KOLLURU RAGHU, TEJERINA DAVID NUNEZ, MATHUR SIDDHARTHA, KLEEWEIN JAMES, HAMZA ADRIAN, OZHAN OZAN, MICROSOFT TECHNOLOGY LICENSING LLC, Kolluru Raghu, Tejerina David Nunez, Mathur Siddhartha, Kleewein James, Hamza Adrian, Ozhan Ozan

Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Подробнее
Номер записи: 10
07-07-2016 дата публикации

TRAFFIC SHAPING BASED ON REQUEST RESOURCE USAGE

Номер: US20160197833A1
Автор: David A. Sterling, Siddhartha Mathur, Victor Boctor
Принадлежит: Microsoft Technology Licensing, LLC

A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Подробнее
Номер записи: 11
27-07-2021 дата публикации

Tenant lockbox

Номер: US0011075917B2
Автор: Rajalakshmi Dani, Anand Madhava Menon, Paul H. Rich, Naveen Madan, Vikas Ahuja, Siddhartha Mathur, Liqiang Zhu, DANI RAJALAKSHMI, MENON ANAND MADHAVA, RICH PAUL H, MADAN NAVEEN, AHUJA VIKAS, MATHUR SIDDHARTHA, ZHU LIQIANG, Dani, Rajalakshmi, Menon, Anand Madhava, Rich, Paul H., Madan, Naveen, Ahuja, Vikas, Mathur, Siddhartha, Zhu, Liqiang
Принадлежит: MICROSOFT TECHNOLOGY LICENSING, LLC, MICROSOFT TECHNOLOGY LICENSING LLC, Microsoft Technology Licensing, LLC

Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Подробнее
Номер записи: 12
18-06-2019 дата публикации

Techniques to provide network security through just-in-time provisioned accounts

Номер: US0010326795B2
Автор: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington, BRADY SHANE, MATHUR SIDDHARTHA, DANI RAJALAKSHMI, KUMAR SANTOSH, SCHOEN LUKE, HETHERINGTON DAVID, Brady, Shane, Mathur, Siddhartha, Dani, Rajalakshmi, Kumar, Santosh, Schoen, Luke, Hetherington, David
Принадлежит: MICROSOFT TECHNOLOGY LICENSING, LLC, MICROSOFT TECHNOLOGY LICENSING LLC

Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Подробнее
Номер записи: 13
13-06-2013 дата публикации

Resource Health Based Scheduling of Workload Tasks

Номер: US20130152097A1
Автор: Victor Boctor, Siddhartha Mathur, Ozan Ozhan, Vitali V. Prokopenko, David Andrew Sterling, David Nunez Tejerina, Selim Yazicioglu
Принадлежит: MICROSOFT CORPORATION

A computer-implemented method for allocating threads includes: receiving a registration of a workload, the registration including a workload classification and a workload priority; 1. A computer-implemented method for allocating threads , the method comprising:receiving a registration of a workload, the registration including a workload classification and a workload priority;monitoring statuses of a plurality of resources;identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload;evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; andallocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.2. The method of claim 1 , wherein the workload classification is one of internal and external.3. The method of claim 2 , wherein the workload classification is specified by default.4. The method of claim 1 , wherein the allocating is performed in a round-robin fashion when workload priorities are similar.5. The method of claim 1 , wherein the allocating selects a preferred thread allocation when workload priorities are dissimilar.6. The method of claim 1 , wherein the allocating determines whether a thread allocation count parameter exceeds a threshold value.7. The method of claim 6 , wherein the thread allocation count parameter quantifies a number of consecutive times the workload is selected.8. The method of claim 1 , further comprising throttling the workload.9. The method of claim 8 , wherein the throttling is performed when the resource is overloaded.10. The method of claim 9 , further comprising re-allocating the thread for the workload when the resource recovers from overloading.11. The method of claim 1 , further comprising configuring the workload ...

Подробнее
Номер записи: 14
01-10-2015 дата публикации

TECHNIQUES TO OPERATE A SERVICE WITH MACHINE GENERATED AUTHENTICATION TOKENS

Номер: US20150281225A1
Автор: Luke Schoen, Santosh Kumar, Rajalakshmi Dani, Siddhartha Mathur, Shane Brady, Ramesh Arimilli, David Hetherington, Vikas Ahuja
Принадлежит: Microsoft Corporation

Techniques to operate a service with machine generated authentication tokens comprising a authentication token management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, validate the request to generate the authentication token based on the client authentication information associated with the client, and a token generation component to generate the authentication token for the second account. Other embodiments are described and claimed. 1. An apparatus , comprising:a processor circuit; anda server application for execution by the processor circuit, the server application comprising a management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, and validate the request to generate the authentication token based on the client authentication information associated with the client.2. The apparatus of claim 1 , wherein the server application further comprises:a proxy component to request for account information of one or more accounts associated with the first account of the client by providing a portion of proxy authentication information to a token management proxy application configured to retrieve the account ...

Подробнее
Номер записи: 15
28-07-2016 дата публикации

RESOURCE HEALTH BASED SCHEDULING OF WORKLOAD TASKS

Номер: US20160217008A1
Автор: David A. Sterling, Victor Boctor, Siddhartha Mathur, Ozan Ozhan, Vitali Prokopenko, David Nunez Tejerina, Selim Yazicioglu, STERLING DAVID A, BOCTOR VICTOR, MATHUR SIDDHARTHA, OZHAN OZAN, PROKOPENKO VITALI, TEJERINA DAVID NUNEZ, YAZICIOGLU SELIM, Sterling David A., Boctor Victor, Mathur Siddhartha, Ozhan Ozan, Prokopenko Vitali, Tejerina David Nunez, Yazicioglu Selim
Принадлежит: Microsoft Technology Licensing, LLC

Allocation of computing threads can include receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Подробнее
Номер записи: 16
21-11-2017 дата публикации

Traffic shaping based on request resource usage

Номер: US0009825869B2
Автор: David A. Sterling, Siddhartha Mathur, Victor Boctor, STERLING DAVID A, MATHUR SIDDHARTHA, BOCTOR VICTOR, Sterling David A., Mathur Siddhartha, Boctor Victor
Принадлежит: Microsoft Technology Licensing, LLC, MICROSOFT TECHNOLOGY LICENSING LLC

A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Подробнее
Номер записи: 17
18-07-2013 дата публикации

TRAFFIC SHAPING BASED ON REQUEST RESOURCE USAGE

Номер: US20130185427A1
Автор: David A. Sterling, Siddhartha Mathur, Victor Boctor
Принадлежит: Microsoft Corporation

A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Подробнее
Номер записи: 18
11-06-2019 дата публикации

Techniques for tracking resource usage statistics per transaction across multiple layers of protocols

Номер: US0010320623B2
Автор: Raghu Kolluru, David Nunez Tejerina, Siddhartha Mathur, James Kleewein, Adrian Hamza, Ozan Ozhan, KOLLURU RAGHU, TEJERINA DAVID NUNEZ, MATHUR SIDDHARTHA, KLEEWEIN JAMES, HAMZA ADRIAN, OZHAN OZAN, Kolluru, Raghu, Tejerina, David Nunez, Mathur, Siddhartha, Kleewein, James, Hamza, Adrian, Ozhan, Ozan
Принадлежит: Microsoft Technology Licensing, LLC, MICROSOFT TECHNOLOGY LICENSING LLC

Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Подробнее
Номер записи: 19
24-09-2015 дата публикации

TECHNIQUES TO PROVIDE NETWORK SECURITY THROUGH JUST-IN-TIME PROVISIONED ACCOUNTS

Номер: US20150271200A1
Автор: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
Принадлежит:

Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed. 1. An apparatus , comprising:a processor circuit; and an account management component to receive a request from a client having a first account via a client device for a second account to access a server device in a set of server devices,', 'an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account,', 'an account provisioning component to provision the second account to enable a client to access the server device, and', 'an account notification component to provide account information associated with the second account to the client via the client device., 'a server application for execution by the processor circuit, the server application comprising2. The apparatus of claim 1 , wherein the account authorization component is to further:determine a scope and a role associated with the request, determine a scope and a role associated with the first account based on the account information associated with the first account, and authorize the request based at least partially on the scope and the role of the first account.3. The apparatus of claim 2 , wherein the account provisioning component is to further:determine existence of the ...

Подробнее
Номер записи: 20
22-09-2016 дата публикации

TENANT LOCKBOX

Номер: US20160277411A1
Автор: Rajalakshmi Dani, Anand Madhava Menon, Paul H. Rich, Naveen Madan, Vikas Ahuja, Siddhartha Mathur, Liqiang Zhu, DANI RAJALAKSHMI, MENON ANAND MADHAVA, RICH PAUL H, MADAN NAVEEN, AHUJA VIKAS, MATHUR SIDDHARTHA, ZHU LIQIANG, Dani Rajalakshmi, Menon Anand Madhava, Rich Paul H., Madan Naveen, Ahuja Vikas, Mathur Siddhartha, Zhu Liqiang
Принадлежит: Microsoft Technology Licensing, LLC.

Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs. 1. A computer-implemented method for providing tenant approval for operator access to a tenant's data , comprising:receiving an indication to create an access control request for temporarily elevating a role of an operator to a security group giving the operator a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the tenant's data;creating the access control request for temporarily elevating the role of the operator;computing a set of one or more internal administrators authorized to grant a first set of permissions to temporarily elevate the role of the operator;sending the access control request to the one or more internal administrators;receiving an access control response from one of the one or more internal administrators;determining whether the access control response from the internal administrator is an approval or a rejection of the access control request;upon determining that the access control response from the internal administrator is an approval of the access control request, granting the first set ...

Подробнее
Номер записи: 21
03-05-2016 дата публикации

Resource health based scheduling of workload tasks

Номер: US0009329901B2
Автор: David Andrew Sterling, Victor Boctor, Siddhartha Mathur, Ozan Ozhan, Vitali V. Prokopenko, David Nunez Tejerina, Selim Yazicioglu, STERLING DAVID ANDREW, BOCTOR VICTOR, MATHUR SIDDHARTHA, OZHAN OZAN, PROKOPENKO VITALI V, TEJERINA DAVID NUNEZ, YAZICIOGLU SELIM, PROKOPENKO VITALI V.
Принадлежит: Microsoft Technology Licensing, LLC, STERLING DAVID ANDREW, BOCTOR VICTOR, MATHUR SIDDHARTHA, OZHAN OZAN, PROKOPENKO VITALI V, TEJERINA DAVID NUNEZ, YAZICIOGLU SELIM, MICROSOFT TECHNOLOGY LICENSING LLC, PROKOPENKO VITALI V., MICROSOFT TECHNOLOGY LICENSING, LLC

A computer-implemented method for allocating threads includes: receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Подробнее
Номер записи: 22
14-09-2017 дата публикации

TECHNIQUES FOR TRACKING RESOURCE USAGE STATISTICS PER TRANSACTION ACROSS MULTIPLE LAYERS OF PROTOCOLS

Номер: US20170264505A1
Автор: Hamza Adrian, Kleewein James, Kolluru Raghu, Mathur Siddhartha, Ozhan Ozan, Tejerina David Nunez
Принадлежит: Microsoft Technology Licensing, LLC

Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed. 120.-. (canceled)21. A computer-implemented method , comprising:receiving a request for at least one of data and services;processing the request across a plurality of stages, beginning with a first stage; an activity identifier that identifies the request;', 'a tenant identifier that identifies a domain name of a tenant receiving services; and', 'a component identifier that identifies a component that handles the request;, 'in the first stage, assigning an activity context to the request, wherein the activity context includes an initial set of properties that describe the request, wherein the initial set of properties includesin the first stage, assigning values to the initial set of properties;transferring the activity context for the request to a second stage of the plurality of stages;generating a log file of the assigned values for the initial set of properties;analyzing the log file to determine a resource usage statistic; andusing the resource usage statistic to perform an action.22. The method of claim 21 , wherein a stage comprises at least one of a thread or a process.23. The method of claim 21 , wherein the ...

Подробнее
Номер записи: 23
19-10-2017 дата публикации

TENANT LOCKBOX

Номер: US20170302677A1
Автор: Ahuja Vikas, Dani Rajalakshmi, Madan Naveen, Mathur Siddhartha, Menon Anand Madhava, Rich Paul H., Zhu Liqiang
Принадлежит: Microsoft Technology Licensing, LLC

Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs. 120.-. (canceled)21. A computer-implemented method for providing tenant approval for operator access data of a tenant , comprising:receiving an indication to create an access control request for temporarily elevating a role of an operator to provide a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the data of the tenant;creating the access control request for temporarily elevating the role of the operator;identifying one or more tenant administrators authorized to grant the set of permissions to temporarily elevate the role of the operator, wherein the one or more tenant administrators are associated with an organization of the tenant;sending the access control request to the one or more tenant administrators;receiving an access control response from at least one of the one or more tenant administrators;upon determining that the access control response from the at least one tenant administrator is an approval of the access control request, granting the set of permissions to temporarily elevate the role of the ...

Подробнее
Номер записи: 24
03-10-2016 дата публикации

Techniques to operate a service with machine generated authentication tokens

Номер: PH12016501640A1
Автор: Ahuja Vikas, Arimilli Ramesh, Brady Shane, Dani Rajalakshmi, Hetherington David, Kumar Santosh, Mathur Siddhartha, Schoen Luke
Принадлежит: Microsoft Technology Licensing LLC

Techniques to operate a service with machine generated authentication tokens comprising a authentication token management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, validate the request to generate the authentication token based on the client authentication information associated with the client, and a token generation component to generate the authentication token for the second account. Other embodiments are described and claimed.

Подробнее
Номер записи: 25
24-02-2017 дата публикации

Techniques to operate a service with authentication signals generated by machine.

Номер: CL2016002353A1
Автор: David Hetherington, Luke Schoen, Rajalakshmi Dani, Ramesh Arimilli, Santosh Kumar, Shane Brady, Siddhartha Mathur, Vikas Ahuja
Принадлежит: Microsoft Technology Licensing LLC

<p>TECNICAS PARA OPERAR UN SERVICIO CON SEÑALES DE AUTENTIFICACION GENERADAS POR MAQUINA QUE COMPRENDEN UN COMPONENTE DE MANEJO DE SEÑAL DE AUTENTIFICACION PARA ESTABLECER UNA CONEXION SEGURA CON UN DISPOSITIVO DE CLIENTE BASANDOSE AL MENOS PARCIALMENTE EN LA INFORMACION DE AUTETIFICACION DE CLIENTE ASOCIADA CON UNA PRIMERA CUENTA DE CLIENTE, RECIBIR UNA SOLICITUD PARA LA INFORMACION DE CUENTA DE UNA O MAS CUENTAS ASOCIADAS CON LA PRIMERA CUENTA DEL CLIENTE, PROPORCIONAR  INFORMACION DE CUENTA PARA UNA SEGUNDA CUENTA ASOCIADA CON LA PRIMERA CUENTA PARA EL CLIENTE A TRAVES DEL DISPOSITIVO DE CLIENTE, RECIBIR UNA SOLICITUD PARA GENERAR UNA SEÑAL DE AUTENTIFICACION PARA LA SEGUNDA CUENTA, VALIDAR LA SOLICITUD PARA GENERAR LA SEÑAL DE AUTENTIFICACION BASANDOSE EN LA INFORMACION AUTENTIFICACION DE CLIENTE ASOCIADA CON EL CLIENTE, Y UN COMPONENTE DE GENERACION DE SEÑAL PARA GENERAR LA SEÑAL DE AUTENTIFICACION PARA LA SEGUNDA CUENTA, SE DESCRIBEN Y RECLAMAN OTRAS MODALIDADES.</p> <p> TECHNIQUES TO OPERATE A SERVICE WITH MACHINE GENERATED AUTHENTICATION SIGNS THAT UNDERSTAND AN AUTHENTICATION SIGNAL MANAGEMENT COMPONENT TO ESTABLISH A SAFE CONNECTION WITH A CUSTOMER DEVICE BASED AT LEAST PARTIALLY ON CLIENT AUTHORIFICATION INFORMATION WITH A FIRST CUSTOMER CUSTOMER ACCOUNT, RECEIVE AN APPLICATION FOR THE ACCOUNT INFORMATION OF ONE OR MORE ACCOUNTS ASSOCIATED WITH THE CLIENT'S FIRST ACCOUNT, PROVIDE ACCOUNT INFORMATION FOR A SECOND ACCOUNT ASSOCIATED WITH THE CLIENT ACCOUNT THROUGH THE CLIENT DEVICE, RECEIVE ONE APPLICATION TO GENERATE AN AUTHENTICAL SIGNAL FOR THE SECOND ACCOUNT, VALIDATE THE APPLICATION TO GENERATE THE AUTHENTICAL SIGNAL BASED ON THE CLIENT AUTHENTICATION INFORMATION ASSOCIATED WITH THE CLIENT, AND A SIGNAL GENERATION COMPONENT TO GENERATE THE SECOND AUTHENTICAL SIGNAL , DESCRIBE AND CLAIM OTHER MODALITIES. </p>

Подробнее
Номер записи: 26
15-08-2017 дата публикации

device, computer-implemented method, and computer-readable storage hardware to provide network security through accounts provided just-in-time

Номер: BR112016020337A2
Автор: David Hetherington, Luke Schoen, Rajalakshmi Dani, Santosh Kumar, Shane Brady, Siddhartha Mathur
Принадлежит: Microsoft Technology Licensing LLC

dispositivo, método implementado por computador e hardware de armazenamento legível por computador para fornecer segurança de rede através de contas fornecidas just-in-time. técnicas para conter movimento lateral de invasores através de contas fornecidas just-in-time (jit) compreendendo um componente de gerenciamento de conta para receber uma solicitação de uma primeira conta através de um dispositivo do cliente para uma segunda conta para acessar um dispositivo do servidor em um conjunto de dispositivos do servidor, um componente de autorização de conta para autorizar a solicitação para a segunda conta com base pelo menos parcialmente na informação da conta associada com a primeira conta, um componente de fornecimento de conta para fornecer a segunda conta para permitir que um cliente acesse o dispositivo do servidor e um componente de notificação de conta para fornecer informação da conta associada com a segunda conta a um cliente através do dispositivo do cliente. outras modalidades são descritas e reivindicadas. device, computer-implemented method, and computer-readable storage hardware to provide network security through accounts provided just-in-time. techniques for containing lateral movement of intruders through accounts provided just-in-time (jit) comprising an account management component to receive a request from a first account via a client device to a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on the account information associated with the first account, an account provisioning component to provide the second account to allow a client accessing the server's device and an account notification component to provide account information associated with the second account to a client via the client's device. other modalities are described and claimed.

Подробнее
Номер записи: 27
24-09-2015 дата публикации

Techniques to provide network security through just-in-time provisioned accounts

Номер: WO2015142965A1
Автор: David Hetherington, Luke Schoen, Rajalakshmi Dani, Santosh Kumar, Shane Brady, Siddhartha Mathur
Принадлежит: Microsoft Technology Licensing, LLC

Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Подробнее
Номер записи: 28