{"DNS API"}

API DNS Patents

I have been tracking on API related patents for some years, trying to understand how APIs are being referenced in patents, and in some cases the focus of the patent. Here are the patents I've tagged as being DNS related from the companies who are doing interesting things with DNS APIs.

Application programming interface and generalized network address translator for translation of transport-layer sessions

Owner: Microsoft Corporation
Publication #: 07305477
Publication Date: 2007-12-04

An application programming interface for translation of transport-layer sessions is presented. The system includes kernel-mode support for application-controlled network address translation and user-mode implementation of the redirect API routines. An application process may request that a network gateway modify the source and/or destination of a given network session in a manner transparent to the original source host and/or the replacement destination host. With the generalized NAT (gNAT) of the instant invention and its associated API, both the source and the destination addresses of message packets may be changed. The address changes are mapped in the gNAT, and may result in apparent sessions between different clients and servers. Depending on the protocol in use (e.g. TCP or UDP), the address translation may be made dynamically by the gNAT, under the command of the application, and take place at the kernel level.


Web address converter for dynamic web pages

Owner: Microsoft Corporation
Publication #: 07299298
Publication Date: 2007-11-20

Herein is described an implementation of a Web address converter, which helps dynamic Web sites get the attention of spiders of Internet search engines. With the Web address converter, requests from Web browsers using static addresses access corresponding dynamic Web pages and requests from search engines generate an instance of a Web page having links with static addresses pointing to corresponding dynamic Web pages. The Web address converter performs either or both Dynamic-to-Static (D-to-S) address conversion and Static-to-Dynamic (S-to-D) address conversion. D-to-S address conversion is done when generating a spider-friendly main page for a spider of a search engine to crawl. S-to-D address conversion is used when a browser uses a static address to access a corresponding dynamic Web page. The static address that the browser uses was originally created when the spider-friendly main page was generated.


Method and system for a second level address translation in a virtual machine environment

Owner: Microsoft Corporation
Publication #: 07428626
Publication Date: 2008-09-23

A method of performing a translation from a guest virtual address to a host physical address in a virtual machine environment includes receiving a guest virtual address from a host computer executing a guest virtual machine program and using the hardware oriented method of the host CPU to determine the guest physical address. A second level address translation to a host physical address is then performed. In one embodiment, a multiple tier tree is traversed which translates the guest physical address into a host physical address. In another embodiment, the second level of address translation is performed by employing a hash function of the guest physical address and a reference to a hash table. One aspect of the invention is the incorporation of access overrides associated with the host physical address which can control the access permissions of the host memory.


Method and system for caching address translations from multiple address spaces in virtual machines

Owner: Microsoft Corporation
Publication #: 07363463
Publication Date: 2008-04-22

A method of virtualizing memory through shadow page tables that cache translations from multiple guest address spaces in a virtual machine includes a software version of a hardware tagged translation look-aside buffer. Edits to guest page tables are detected by intercepting the creation of guest-writable mappings to guest page tables with translations cached in shadow page tables. The affected cached translations are marked as stale and purged upon an address space switch or an indiscriminate flush of translations by the guest. Thereby, non-stale translations remain cached but stale translations are discarded. The method includes tracking the guest-writable mappings to guest page tables, deferring discovery of such mappings to a guest page table for the first time until a purge of all cached translations when the number of untracked guest page tables exceeds a threshold, and sharing shadow page tables between shadow address spaces and between virtual processors.


Method and system for a guest physical address virtualization in a virtual machine environment

Owner: Microsoft Corporation
Publication #: 07334076
Publication Date: 2008-02-19

A method of sharing pages between virtual machines in a multiple virtual machine environment includes initially allocating a temporary guest physical address range of a first virtual machine for sharing pages with a second virtual machine. The temporary range is within a guest physical address space of the first virtual machine. An access request, such as with a DMA request, from a second virtual machine for pages available to the first virtual machine is received. A reference count of pending accesses to the pages is incremented to indicate a pending access and the ages are mapped into the temporary guest physical address range. The pages are accessed and the reference count is decremented. The mapping in the temporary guest physical address range is then removed if the reference count is zero.


System and method for providing a relational application domain model

Owner: Computer Associates Think, Inc.
Publication #: 07542990
Publication Date: 2009-06-02

This disclosure provides a system and method for providing a relational application domain model. In one embodiment, the system is operable to or includes software that is operable to receive a structured query language (SQL) query for one or more services by at least a first of a plurality of resources. The software may be further operable to convert the SQL query into an object-oriented request compatible with at least the first resource and execute the object-oriented request at at least the first resource.


Domain name resolution using a distributed DNS network

Owner: Akamai Technologies, Inc.
Publication #: 07725602
Publication Date: 2010-05-25

A distributed DNS network includes a central origin server that actually controls the zone, and edge DNS cache servers configured to cache the DNS content of the origin server. The edge DNS cache servers are published as the authoritative servers for customer domains instead of the origin server. When a request for a DNS record results in a cache miss, the edge DNS cache servers get the information from the origin server and cache it for use in response to future requests. Multiple edge DNS cache servers can be deployed at multiple locations. Since an unlimited number of edge DNS cache servers can be deployed, the system is highly scalable. The disclosed techniques protect against DoS attacks, as DNS requests are not made to the origin server directly.


System using router in a web browser for inter-domain communication

Owner: Google Inc.
Publication #: 07809785
Publication Date: 2010-10-05

A computer-implemented method for performing inter-domain communication in a web browser includes receiving first data from a first domain at a router associated with one or more domains other than the first domain, identifying at the router the one or more domains for receiving data associated with the received data, and transmitting second data associated with the received data to the one or more domains.


Address bar user interface control

Owner: Microsoft Corporation
Publication #: 07853890
Publication Date: 2010-12-14

An address bar user interface control includes a plurality of interactive segments, each segment including one or more filters or selection criteria for selecting content from physical and/or virtual locations. A segment may include two or more filters or selection criteria which are logically combined such as by a logical “OR” operation. A user may select a child control associated with an interactive segment, i.e., a parent segment, to provide a list of selectable child filters or selection criteria. In response to selection of a child filter or selection criteria, an interactive segment representing the child filter or selection criteria is added to the address bar succeeding the parent segment and the interactive segments subsequent to the parent segment are removed.


Embedding overlay virtual network addresses in underlying substrate network addresses

Owner: Amazon Technologies, Inc.
Publication #: 08046480
Publication Date: 2011-10-25

Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are separated by one or more physical networks. In some situations, the techniques may be used to provide a virtual network between multiple computing nodes that are separated by one or more intermediate physical networks, such as from the edge of the one or more intermediate physical networks by modifying communications that enter and/or leave the intermediate physical networks. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users (e.g., users of a program execution service). The managing of the communications may include using substrate network addresses that are configured to embed virtual network addresses for a virtual network that is overlaid on the underlying physical substrate network.


Cross-domain communication in domain-restricted communication environments

Owner: Amazon Technologies, Inc.
Publication #: 07984170
Publication Date: 2011-07-19

A messaging frame can be used to allow different domains to communicate in an electronic environment that are otherwise prevented from directly communicating. A messaging frame or other communication element can be configured to receive messages or communications from any frame, object, or element in the same domain as the messaging frame. The messaging frame then can switch to a target domain in order to provide the message or communication to a frame, object, or element in the target domain. The messaging frame can include an interface definition that allows only approved messages to be passed between domains, such that the risk of malicious attack is minimized.


System using router in a web browser for inter-domain communication

Owner: Google Inc.
Publication #: 08032584
Publication Date: 2011-10-04

A computer-implemented method for performing inter-domain communication in a web browser includes receiving first data from a first domain at a router associated with one or more domains other than the first domain, identifying at the router the one or more domains for receiving data associated with the received data, and transmitting second data associated with the received data to the one or more domains.


Internet location coordinate enhanced domain name system

Owner: Microsoft Corporation
Publication #: 07991879
Publication Date: 2011-08-02

An exemplary architecture is for an Internet Location Coordinate enhanced Domain Name System (DNS). An exemplary method includes requesting information for a plurality of servers associated with a network domain name of a Domain Name System (DNS) where the information includes information based in part on packets transmitted by each of the plurality of servers to a plurality of network beacons; receiving the requested information from a name server associated with the Domain Name System (DNS); and, based in part on the received information, selecting an optimal server for the network domain name. Other methods, devices and systems are also disclosed.


Validation of domain name control

Owner: Microsoft Corporation
Publication #: 07987251
Publication Date: 2011-07-26

A system, operable on one or more computers, and a computer-readable media are presented for validating an assertion made by a user that he or she controls a domain name. The system comprises an assertion receiver, authorization code generator, and a validation component. The assertion receiver receives either an explicit or an implicit indication that a particular user exercises control over a domain name. The authorization code generator provides an authorization code, to be electronically published in a Domain Name System (DNS) record associated with the domain name. After the authorization code has been inserted in a DNS record, the validation component accesses the DNS record to determine presence of the authorization code within the DNS records. If the authorization code is present, control of the domain by the user is established.


Cross-domain communication technique for execution of web mashups

Owner: Microsoft Corporation
Publication #: 07941546
Publication Date: 2011-05-10

A system and method is described for communicating requests from a Web mashup being executed within the context of a Web browser to third-party Web services in a manner that does not violate the Same Origin Policy (SOP) observed by many Web browsers. In one embodiment, a workflow engine operating in the context of a Web browser executes a plurality of executable components comprising a Web mashup. The workflow engine transparently redirects Web service requests generated by the executing components to a proxy server that acts as an intermediate between the workflow engine and third-party Web services. The proxy server, which is not subject to SOP, transmits the Web service requests to the third-party Web service and obtains requested data therefrom. The proxy server further returns the requested data in a manner that is useable by the Web mashup components.


Domain name resolution using a distributed DNS network

Owner: Akamai Technologies, Inc.
Publication #: 08117296
Publication Date: 2012-02-14

A distributed DNS network includes a central origin server that actually controls the zone, and edge DNS cache servers configured to cache the DNS content of the origin server. The edge DNS cache servers are published as the authoritative servers for customer domains instead of the origin server. When a request for a DNS record results in a cache miss, the edge DNS cache servers get the information from the origin server and cache it for use in response to future requests. Multiple edge DNS cache servers can be deployed at multiple locations. Since an unlimited number of edge DNS cache servers can be deployed, the system is highly scalable. The disclosed techniques protect against DoS attacks, as DNS requests are not made to the origin server directly.


Inter-domain communication system using remote procedure calls for message communications between applications in different domains

Owner: Google Inc.
Publication #: 08316078
Publication Date: 2012-11-20

A computer-implemented method for performing inter-domain communication in a web browser includes receiving first data from a first domain at a router associated with one or more domains other than the first domain, identifying at the router the one or more domains for receiving data associated with the received data, and transmitting second data associated with the received data to the one or more domains.


Cross-domain communications with a shared worker application

Owner: Google Inc.
Publication #: 08260937
Publication Date: 2012-09-04

Techniques are described herein that provide for inter-domain communications with one or more shared worker applications. A parent web application associated with a first domain may create a child web application associated with a second domain different than the first domain. The child web application may determine whether a shared worker associated with the second domain is operating. The shared worker acquires information associated with the second domain in response to one or more requests, and stores acquired information associated with the second domain in a memory of the local computing device. The parent web application may request, via the child web application, information associated with the second domain from the shared worker. In response to the request, the parent web application may receive, from the shared worker, information associated with the second domain stored in the memory of the local computing device.


Cross-domain communicating using data files

Owner: Google Inc.
Publication #: 08219598
Publication Date: 2012-07-10

In one implementation, a computer-implemented method includes receiving at a data server computer hosted at a first internet domain a request from a client computer for data to be used by an application SWF file received from a web server hosted at a second internet domain and executed by the client computer, the request includes the second internet domain and information specifying the requested data. The method further includes generating at least a portion of a data SWF file including the requested data and a domain identifier corresponding to the second internet domain, the domain identifier configured to specify that SWF formatted files associated with the second internet domain are permitted to access the requested data within the data SWF file. The method also includes transmitting the data SWF file from the data server computer to the client computer.


Cross-domain linking of data types

Owner: Google Inc.
Publication #: 08103740
Publication Date: 2012-01-24

In one implementation, a computer-implemented method can include receiving, at a first server corresponding to a first domain, a request from a client computer for a vector graphics file that includes instructions that implement a first method. The method can further include sending the vector graphics file to the client computer, the client computer having received a library file from a second server corresponding to a second domain, wherein the library file includes instructions that implement a second method to direct calls to the first method, and wherein executing the vector graphics file and the library file causes the client computer to perform operations. The operations performed by the client computer can include establishing a link between the first method and the second method and directing a call made to the second method with an argument associated with a data type, to the first method using the established link.


Internet location coordinate enhanced domain name system

Owner: Microsoft Corporation
Publication #: 08275873
Publication Date: 2012-09-25

An exemplary architecture is for an Internet Location Coordinate enhanced Domain Name System (DNS). An exemplary method includes requesting information for a plurality of servers associated with a network domain name of a Domain Name System (DNS) where the information includes information based in part on packets transmitted by each of the plurality of servers to a plurality of network beacons; receiving the requested information from a name server associated with the Domain Name System (DNS); and, based in part on the received information, selecting an optimal server for the network domain name. Other methods, devices and systems are also disclosed.


Transactions for an application domain manager

Owner: Microsoft Corporation
Publication #: 08140985
Publication Date: 2012-03-20

Through one or more transaction calls, an application domain manager enables a host application to create, initialize, customize, and otherwise manage an isolation construct within the application.


Domain name resolution using a distributed DNS network

Owner: Akamai Technologies, Inc.
Publication #: 08423672
Publication Date: 2013-04-16

A distributed DNS network includes a central origin server that actually controls the zone, and edge DNS cache servers configured to cache the DNS content of the origin server. The edge DNS cache servers are published as the authoritative servers for customer domains instead of the origin server. When a request for a DNS record results in a cache miss, the edge DNS cache servers get the information from the origin server and cache it for use in response to future requests. Multiple edge DNS cache servers can be deployed at multiple locations. Since an unlimited number of edge DNS cache servers can be deployed, the system is highly scalable. The disclosed techniques protect against DoS attacks, as DNS requests are not made to the origin server directly.


Managing communications using alternative packet addressing

Owner: Amazon Technologies, Inc.
Publication #: 08560646
Publication Date: 2013-10-15

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications involving computing nodes of the managed virtual computer network that use an alternative addressing scheme to direct network packets and other network communications to intended destination locations by using textual network node monikers instead of numeric IP addresses to represent computing nodes at a layer 3 or “network layer” of a corresponding computer networking stack in use by the computing nodes. The techniques are provided without modifying or configuring the network devices of the substrate computer network, by using configured modules to manage and modify communications from the logical edge of the substrate network.


Methods and apparatuses for providing internet-based proxy services

Owner: Cloudflare, Inc.
Publication #: 08572737
Publication Date: 2013-10-29

A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.


Methods and apparatuses for providing internet-based proxy services

Owner: Cloudflare, Inc.
Publication #: 08370940
Publication Date: 2013-02-05

A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.


Cross site request forgery mitigation in multi-domain integrations

Owner: Amazon Technologies, Inc.
Publication #: 08505106
Publication Date: 2013-08-06

Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.


Cross-domain communications with a shared worker application

Owner: Google Inc.
Publication #: 08438289
Publication Date: 2013-05-07

Techniques are described herein that provide for inter-domain communications with one or more shared worker applications. A parent web application associated with a first domain may create a child web application associated with a second domain different than the first domain. The child web application may determine whether a shared worker associated with the second domain is operating. The shared worker acquires information associated with the second domain in response to one or more requests, and stores acquired information associated with the second domain in a memory of the local computing device. The parent web application may request, via the child web application, information associated with the second domain from the shared worker. In response to the request, the parent web application may receive, from the shared worker, information associated with the second domain stored in the memory of the local computing device.


Cross-domain communications with a shared worker application

Owner: Google Inc.
Publication #: 08423651
Publication Date: 2013-04-16

Techniques are described herein that provide for inter-domain communications with one or more shared worker applications. A parent web application associated with a first domain may create a child web application associated with a second domain different than the first domain. The child web application may determine whether a shared worker associated with the second domain is operating. The shared worker acquires information associated with the second domain in response to one or more requests, and stores acquired information associated with the second domain in a memory of the local computing device. The parent web application may request, via the child web application, information associated with the second domain from the shared worker. In response to the request, the parent web application may receive, from the shared worker, information associated with the second domain stored in the memory of the local computing device.


Domain name buckets in a hosted storage system

Owner: Google Inc.
Publication #: 08396969
Publication Date: 2013-03-12

In one general aspect, this document describes a computer-implemented method for creating buckets in a hosted storage platform. The method may include receiving, at a hosted storage computer system that utilizes a single namespace across data stores of the hosted storage computer system, a request from a user of the hosted storage computer system to create a bucket having a name that includes a domain name. The method may also include verifying that the user is an authorized manager of a domain that corresponds to the domain name. The method may also include creating the bucket on the hosted storage computer system upon verification that the user is an authorized manager of the domain.


Systems and methods for using a domain-specific security sandbox to facilitate secure transactions

Owner: Google Inc.
Publication #: 08364959
Publication Date: 2013-01-29

Computer systems, methods, and computer readable media for facilitating a secure transaction are provided in which a client application is executed on a client computer. The client application initiates a request to a first domain comprising (i) a credential for the client application, (ii) a transaction identifier that uniquely identifies the request, and (iii) optionally, an identification of a user of the client application. Responsive to this request, the client receives a validated transaction module from the first domain. The client application loads the validated transaction module into a separate domain security sandbox that is segregated from memory space in which the client application is run. The validated transaction module conducts a validated transaction between the second domain and the validated transaction module. Separately, through the client application, a determination is made as to whether the transaction is complete by querying the first domain.


Direct addressability and direct server return

Owner: Microsoft Corporation
Publication #: 08510447
Publication Date: 2013-08-13

Cloud computing platforms having computer-readable media that perform methods for direct addressability and direct server return are provided. The cloud computing platform includes a load balancer and several servers. The servers are configured with public addresses, private addresses, and an address of the load balancer. The loopback interface of the servers is configured with the address of the load balancer. This allows a server to bypass the load balancer when replying to communication messages. Additionally, the public and private addresses of the servers enable direct addressability in the cloud computing platform. Accordingly, an application executing in the cloud computing platform may connect two or more clients on the same server.


Failover in an internet location coordinate enhanced domain name system

Owner: Microsoft Corporation
Publication #: 08458298
Publication Date: 2013-06-04

An exemplary failover module includes (a) instructions to respond to a connection problem to a host server at an IP address by selecting a different IP address from a cached list of IP addresses for a domain name associated with the host server and (b) instructions to return the selected, different IP address to future name queries where the instructions to respond, the instructions to initiate, and the instructions to return execute at an operating system level of a computing device configurable to connect to at least one of a plurality of host servers. Such a module may include instructions to optionally initiate a connection to a host server at the selected, different IP address. An exemplary failover module may optionally select an IP address based in part on Internet Location Coordinates (ILCs) where the host servers reside in an ILC enhanced Domain Name System (DNS). Other methods, devices and systems are also disclosed.


Communication across domains

Owner: Microsoft Corporation
Publication #: 08489878
Publication Date: 2013-07-16

Communication across domains is described. In at least one implementation, a determination is made that an amount of data to be communicated via an Iframe exceeds a threshold amount. The data is divided into a plurality of portions that do not exceed the threshold amount. A plurality of messages is formed to communicate the divided data across domains.


Methods and apparatus for remapping public network addresses on a network to an external network via an intermediate network

Owner: Amazon Technologies, Inc.
Publication #: 08751691
Publication Date: 2014-06-10

Methods and apparatus for remapping IP addresses of a network to endpoints within a different network. A provider network may allocate IP addresses and resources to a customer. The provider network may allow the customer to map an IP address to remap an IP address to an endpoint on the customer's network. When a packet is received from a client addressed to the IP address, the provider network may determine that the IP address has been remapped to the endpoint. The provider network may translate the source and destination addresses of the packet and modify the source address of the packet to indicate the endpoint as the destination, and send the modified packet to the endpoint via the Internetan intermediate network. Response traffic may be routed to the client through the provider network, or may be directly routed to the client by the customer network.


Validating updates to domain name system records

Owner: Amazon Technologies, Inc.
Publication #: 08719900
Publication Date: 2014-05-06

Disclosed are various embodiments for validating updates to domain name system (DNS) records. A request is received to modify at least one DNS record associated with a domain owned by a domain owner. The request to modify the at least one DNS record is compared with at least one policy. The at least one policy is configurable by the domain owner. The requested modification to the at least one DNS record is selectively granted based at least upon the comparison.


Cross-domain communication

Owner: Amazon Technologies, Inc.
Publication #: 08689099
Publication Date: 2014-04-01

Disclosed are various embodiments for performing cross-domain communication using messenger frames. One or more messenger frames are dynamically generated in response to determining that a message is to be sent from a first frame in one domain to a second frame in another domain in a client. The message is sent from the first frame to the second frame by embedding the message in addresses of the messenger frames. Code executing in the first frame and code executing in the second frame are restricted from direct communication in the client.


Recording internet visitor threat information through an internet-based proxy service

Owner: Cloudflare, Inc.
Publication #: 08751633
Publication Date: 2014-06-10

An Internet-based proxy service server accesses a set of visitor characteristics for multiple visitors to a set of one or more domains operated by a customer. The set of visitor characteristics are reported from a set of one or more proxy servers that are situated between client devices and a set of one or more origin servers for the set of domains. The service server causes the set of visitor characteristics to be displayed through a threat reporting interface that allows the customer to report visitors as posing an Internet security threat. The service server receives input from the customer through the threat reporting interface that at least one of the visitors poses an Internet security threat, and records that visitor as an Internet security threat in one or more threat databases that are used by the proxy servers when determining whether to allow visitors to access network resources hosted at a set of one or more origin servers.


Validating pointer records in a domain name system (DNS) service

Owner: Rackspace US, Inc.
Publication #: 08800011
Publication Date: 2014-08-05

In one embodiment a method for receiving a request from a user to update a pointer record of a domain name system (DNS) in a DNS service includes issuing a query from the DNS service to a resource of a first service of the data center from the DNS service using a uniform resource indicator (URI) of the request corresponding to the resource, receiving a list of Internet protocol (IP) addresses in the DNS service from the first service, determining whether an IP address received in the request corresponds to one of the IP addresses of the list, and if so, enabling the user to update the pointer record.


Distributed network address translation

Owner: Amazon Technologies, Inc.
Publication #: 09055117
Publication Date: 2015-06-09

Systems and methods are disclosed that facilitate the management of network address information utilized by hosted computing devices. Each host computing device includes a local network and port address management component that is configured with port address translation information for the specific host computing device. Additionally, one or more edge computing devices also include a local network and port address management component that is configured with network and port address translation information. The network and port address translation information facilitates the correlation of internal network address information associated with a virtual machine instance with a tuple of an externally accessible network address and port address information. The local network and port address translation management components utilize the network and port address translation information to translate communication requests to and from the virtual machine instances without requiring a centralized network and port address translation component.


Using virtual networking devices and routing information to associate network addresses with computing nodes

Owner: Amazon Technologies, Inc.
Publication #: 09036504
Publication Date: 2015-05-19

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.


Cross site request forgery mitigation in multi-domain integrations

Owner: Amazon Technologies, Inc.
Publication #: 09015820
Publication Date: 2015-04-21

Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.


Registering for internet-based proxy services

Owner: CloudFlare, Inc.
Publication #: 09049244
Publication Date: 2015-06-02

A domain name is received from a customer. DNS is queried for multiple possible subdomains of the domain. For each subdomain that resolves, information about that subdomain's corresponding resource record is stored in a zone file that also includes a resource record for the domain name. The zone file is presented to the customer. A designation from the customer of which of the resource records are to point to an IP address of a proxy server is received. The resource records are modified according to the input of the customer and the zone file is propagated including the modified resource records.


Internet-based proxy service to limit internet visitor connection speed

Owner: Cloudflare, Inc.
Publication #: 09009330
Publication Date: 2015-04-14

A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.


Cross-domain communications with a shared worker application

Owner: Google Inc.
Publication #: 09047393
Publication Date: 2015-06-02

Techniques are described herein that provide for inter-domain communications with one or more shared worker applications. A parent web application associated with a first domain may create a child web application associated with a second domain different than the first domain. The child web application may determine whether a shared worker associated with the second domain is operating. The shared worker acquires information associated with the second domain in response to one or more requests, and stores acquired information associated with the second domain in a memory of the local computing device. The parent web application may request, via the child web application, information associated with the second domain from the shared worker. In response to the request, the parent web application may receive, from the shared worker, information associated with the second domain stored in the memory of the local computing device.


Location bound secure domains

Owner: Google Technology Holdings LLC
Publication #: 09223938
Publication Date: 2015-12-29

A method, apparatus, and electronic device with secure operation based on geography are disclosed. A positioning mechanism may determine a geographic location of the apparatus or electronic device. A processor may identify a secure domain for a virtual machine application. The processor may determine an availability of an application programming interface for the virtual machine application based on the geographic location.


Systems and methods for using a domain-specific security sandbox to facilitate secure transactions

Owner: GOOGLE INC.
Publication #: 09160717
Publication Date: 2015-10-13

Computer systems, methods, and computer readable media for facilitating a secure transaction are provided in which a client application is executed on a client computer. The client application initiates a request to a first domain comprising (i) a credential for the client application, (ii) a transaction identifier that uniquely identifies the request, and (iii) optionally, an identification of a user of the client application. Responsive to this request, the client receives a validated transaction module from the first domain. The client application loads the validated transaction module into a separate domain security sandbox that is segregated from memory space in which the client application is run. The validated transaction module conducts a validated transaction between the second domain and the validated transaction module. Separately, through the client application, a determination is made as to whether the transaction is complete by querying the first domain.


Client-side management of domain name information

Owner: Microsoft Corporation
Publication #: 08966121
Publication Date: 2015-02-24

An exemplary method includes booting a computing device, in response to the booting, accessing a file that includes domain names and resolving at least one of the domain names by issuing a request to a server where the resolving occurs as a background process. An exemplary method includes receiving a notice to invalidate client DNS resolver cache information for a domain name, accessing a list of client subscribers to an invalidation service for the domain name and issuing an instruction to the client subscribers to invalidate their respective client DNS resolver cache information for the domain name. An exemplary method includes receiving a request to resolve a domain name, resolving the domain name and transmitting information for the resolved domain name and additional information for at least one other domain name. Other methods, devices and systems are also disclosed.