公开(公告)号：EP3001326A1

公开(公告)日：2016-03-30

申请号：EP15192463.6

申请日：2010-12-14

申请人： Citrix Systems Inc.

发明人： PRATT, Ian ,  GUYADER, Jean ,  HANQUEZ, Vincent ,  MCKENZIE, James ,  PHILIPSON, Ross ,  SMITH, Steven ,  NARASIMHAN, Kamala ,  HALLS, David ,  VAN DER LINDEN, Rob

IPC分类号： G06F15/16 ,  G06F13/14 ,  G06F21/83 ,  G06F21/31 ,  G06F21/62 ,  G06F21/84 ,  G06F21/53 ,  G06F21/55 ,  G06F21/57

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/31 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F21/57 ,  G06F21/629 ,  G06F21/79 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2143 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/20

摘要： The methods and systems described herein provide for a method for preventing a non-trusted virtual machine from reading the graphical output of a trusted virtual machine, the virtual machines being hosted by a hypervisor executing on a computing device. A graphics manager executed by a processor of a computing device receives a request from a trusted virtual machine executed by the computing device to render graphical data using a graphics processing unit of the computing device. The graphics manager assigns, to the trusted virtual machine, a secure section of a memory of the graphics processing unit. The graphics manager renders graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory. The graphics manager receives a request from a non-trusted virtual machine executed by the computing device to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory. The graphics manager prevents the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory.

摘要翻译： 描述在提供用于从读取受信任的虚拟机的图形输出防止非可信虚拟机的方法的方法和系统，所述虚拟机是由在计算设备上执行的管理程序托管。 由计算设备的处理器执行的图形管理器接收从由所述计算设备执行以使得使用所述计算设备的图形处理单元的图形数据的可信虚拟机的请求。 图形管理器分配到可信虚拟机，图形处理单元的存储器中的安全部分。 图形管理器使得从所述可信虚拟机的图形数据到图形处理单元的存储器的安全部分的图形。 图形管理器接收从由所述计算设备执行以读取来自可信虚拟机的图形数据来呈现存储在图形处理单元存储器的安全部分的图形不可信虚拟机的请求。 图形管理器从读出存储在所述图形处理单元的存储器的安全部分中的可信虚拟机呈现的图形防止非可信虚拟机。

公开(公告)号：EP3009941B1

公开(公告)日：2017-07-26

申请号：EP15192462.8

申请日：2010-12-14

申请人： Citrix Systems Inc.

发明人： PRATT, Ian ,  GUYADER, Jean ,  HANQUEZ, Vincent ,  MCKENZIE, James ,  PHILIPSON, Ross ,  SMITH, Steven ,  NARASIMHAN, Kamala ,  HALLS, David ,  VAN DER LINDEN, Rob

IPC分类号： G06F15/16 ,  G06F13/14 ,  G06F21/83 ,  G06F21/31 ,  G06F21/62 ,  G06F21/53 ,  G06F21/55 ,  G06F21/57 ,  G06F21/79 ,  G06F21/85 ,  G06F21/84

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/31 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F21/57 ,  G06F21/629 ,  G06F21/79 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2143 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/20

摘要： The methods and systems described herein provide for securing sensitive information using a hypervisor-trusted client, in a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine. A user of a non-trusted virtual machine executed by a processor of a computing device requests to establish a connection to a remote computing device. A control virtual machine executed by the processor of the computing device launches a client agent, responsive to the request. A graphics manager executed by the processor of the computing device assigns a secure section of a memory of a graphics processing unit of the computing device to the client agent. The graphics manager renders graphical data generated by the client agent to the secure section of the graphics processing unit memory.

公开(公告)号：EP3002703B1

公开(公告)日：2017-08-30

申请号：EP15192459.4

申请日：2010-12-14

申请人： Citrix Systems Inc.

发明人： PRATT, Ian ,  GUYADER, Jean ,  HANQUEZ, Vincent ,  MCKENZIE, James ,  PHILIPSON, Ross ,  SMITH, Steven ,  NARASIMHAN, Kamala ,  HALLS, David ,  VAN DER LINDEN, Rob

IPC分类号： G06F21/84 ,  G06F21/55 ,  G06F21/53 ,  G06F21/79 ,  G06F21/85 ,  G06F21/83 ,  G06F21/31 ,  G06F21/57 ,  G06F21/62

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/31 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F21/57 ,  G06F21/629 ,  G06F21/79 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2143 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/20

摘要： The methods and systems described herein provide for securing sensitive information using a hypervisor-trusted client, in a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine. A user of a non-trusted virtual machine executed by a processor of a computing device requests to establish a connection to a remote computing device. A control virtual machine executed by the processor of the computing device launches a client agent, responsive to the request. A graphics manager executed by the processor of the computing device assigns a secure section of a memory of a graphics processing unit of the computing device to the client agent. The graphics manager renders graphical data generated by the client agent to the secure section of the graphics processing unit memory.

公开(公告)号：EP3001326B1

公开(公告)日：2017-07-26

申请号：EP15192463.6

申请日：2010-12-14

申请人： Citrix Systems Inc.

发明人： PRATT, Ian ,  GUYADER, Jean ,  HANQUEZ, Vincent ,  MCKENZIE, James ,  PHILIPSON, Ross ,  SMITH, Steven ,  NARASIMHAN, Kamala ,  HALLS, David ,  VAN DER LINDEN, Rob

IPC分类号： G06F21/79 ,  G06F21/85 ,  G06F21/57 ,  G06F21/84 ,  G06F21/83 ,  G06F21/31 ,  G06F21/62 ,  G06F21/53 ,  G06F21/55

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/31 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F21/57 ,  G06F21/629 ,  G06F21/79 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2143 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/20

摘要： The methods and systems described herein provide for securing sensitive information using a hypervisor-trusted client, in a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine. A user of a non-trusted virtual machine executed by a processor of a computing device requests to establish a connection to a remote computing device. A control virtual machine executed by the processor of the computing device launches a client agent, responsive to the request. A graphics manager executed by the processor of the computing device assigns a secure section of a memory of a graphics processing unit of the computing device to the client agent. The graphics manager renders graphical data generated by the client agent to the secure section of the graphics processing unit memory.

公开(公告)号：EP2513810A2

公开(公告)日：2012-10-24

申请号：EP10841530.8

申请日：2010-12-14

申请人： Citrix Systems, Inc.

发明人： PRATT, Ian ,  GUYADER, Jean ,  HANQUEZ, Vincent ,  MCKENZIE, James ,  PHILIPSON, Ross ,  SMITH, Steven ,  NARASIMHAN, Kamala ,  HALLS, David ,  VAN DER LINDEN, Rob

IPC分类号： G06F15/16 ,  G06F13/14

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/31 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F21/57 ,  G06F21/629 ,  G06F21/79 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2143 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/20

摘要： The methods and systems described herein provide for securing sensitive information using a hypervisor-trusted client, in a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine. A user of a non-trusted virtual machine executed by a processor of a computing device requests to establish a connection to a remote computing device. A control virtual machine executed by the processor of the computing device launches a client agent, responsive to the request. A graphics manager executed by the processor of the computing device assigns a secure section of a memory of a graphics processing unit of the computing device to the client agent. The graphics manager renders graphical data generated by the client agent to the secure section of the graphics processing unit memory.

公开(公告)号：EP3009941A1

公开(公告)日：2016-04-20

申请号：EP15192462.8

申请日：2010-12-14

申请人： Citrix Systems Inc.

发明人： PRATT, Ian ,  GUYADER, Jean ,  HANQUEZ, Vincent ,  MCKENZIE, James ,  PHILIPSON, Ross ,  SMITH, Steven ,  NARASIMHAN, Kamala ,  HALLS, David ,  VAN DER LINDEN, Rob

IPC分类号： G06F15/16 ,  G06F13/14 ,  G06F21/83 ,  G06F21/31 ,  G06F21/62 ,  G06F21/53 ,  G06F21/55 ,  G06F21/57 ,  G06F21/79 ,  G06F21/85

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/31 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F21/57 ,  G06F21/629 ,  G06F21/79 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2143 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/20

摘要： The methods and systems described herein provide for managing forwarding of input events to one virtual machine of a plurality of guest virtual machines, in a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine. An input manager executed by a hypervisor executed by a processor of a computing device receives a first item of input data from an input device communicating with the computing device. The input manager identifies whether the first item of input data includes a predetermined string. The input manager, responsive to the identification, forwards the first item of input data to one of (i) a first virtual machine of a plurality of guest virtual machines executed by the processor of the computing device and (ii) an application executed by the control virtual machine, wherein at least one virtual machine of the plurality of guest virtual machines is a trusted virtual machine.

摘要翻译： 描述的方法和系统提供一种用于在执行寄可信虚拟机和不可信虚拟机的管理程序的计算装置管理的输入事件转发到客户虚拟机中的多个一个虚拟机。 通过由计算设备的处理器执行的管理程序所执行的输入管理器从在与所述计算设备进行通信的输入设备接收输入数据的第一项。 输入管理器识别是否输入数据的第一项包括预定字符串。输入管理器，响应于该识别，输入数据的第一项转发到的一种：（i）执行的客户虚拟机中的多个第一虚拟机 由控制虚拟机中执行的计算装置和（ii）应用程序的处理器，worin客户虚拟机的多个所述至少一个虚拟机是可信虚拟机。

公开(公告)号：EP2513810B1

公开(公告)日：2016-02-17

申请号：EP10841530.8

申请日：2010-12-14

申请人： Citrix Systems, Inc.

发明人： PRATT, Ian ,  GUYADER, Jean ,  HANQUEZ, Vincent ,  MCKENZIE, James ,  PHILIPSON, Ross ,  SMITH, Steven ,  NARASIMHAN, Kamala ,  HALLS, David ,  VAN DER LINDEN, Rob

IPC分类号： G06F21/53 ,  G06F21/55 ,  G06F21/57 ,  G06F21/79 ,  G06F21/85 ,  G06F21/31 ,  G06F21/62 ,  G06F21/83

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/31 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F21/57 ,  G06F21/629 ,  G06F21/79 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2143 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/20

摘要： The methods and systems described herein provide for securing sensitive information using a hypervisor-trusted client, in a computing device executing a hypervisor hosting a control virtual machine and a non-trusted virtual machine. A user of a non-trusted virtual machine executed by a processor of a computing device requests to establish a connection to a remote computing device. A control virtual machine executed by the processor of the computing device launches a client agent, responsive to the request. A graphics manager executed by the processor of the computing device assigns a secure section of a memory of a graphics processing unit of the computing device to the client agent. The graphics manager renders graphical data generated by the client agent to the secure section of the graphics processing unit memory.

公开(公告)号：EP2425341A1

公开(公告)日：2012-03-07

申请号：EP10723443.7

申请日：2010-05-03

申请人： Citrix Systems, Inc.

发明人： VAN DER LINDEN, Rob ,  HALLS, David ,  WATERHOUSE, Simon ,  BENOIT, Peter, H.

IPC分类号： G06F9/50 ,  H04L29/08 ,  G06F3/06

CPC分类号： H04L47/70 ,  G06F9/5077 ,  H04L63/20 ,  H04L67/1097 ,  H04L69/08

摘要： Methods and systems for establishing a cloud bridge between two virtual storage resources and for transmitting data from one first virtual storage resource to the other virtual storage resource. The system can include a first virtual storage resource or cloud, and a storage delivery management service that executes on a computer and within the first virtual storage resource. The storage delivery management service can receive user credentials of a user that identify a storage adapter. Upon receiving the user credentials, the storage delivery management service can invoke the storage adapter which executes an interface that identifies a second virtual storage resource and includes an interface translation file. The storage delivery management service accesses the second virtual storage resource and establishes a cloud bridge with the second virtual storage resource using information obtained from the second virtual storage resource and information translated by the storage adapter using the interface translation file.

公开(公告)号：EP1240603A1

公开(公告)日：2002-09-18

申请号：EP00988253.1

申请日：2000-12-20

申请人： Citrix Systems, Inc.

发明人： WATERHOUSE, Simon ,  HALLS, David ,  VAN DER LINDEN, Robert

IPC分类号： G06F17/30

CPC分类号： G06F17/30899

摘要： The invention relates to an apparatus and method for displaying the contents (38) of an active document (10) on a client (18) while retaining and executing the executable portion (34) of the active document on a server (14). In one embodiment, the method includes the step of transmitting, from the server to the client, the contents portion of the active document. The server executes the executable portion of the active document to generate output data associated with the active document. The server transmits the output data to manipulate the active document being displayed by the client.

公开(公告)号：EP2425341B1

公开(公告)日：2018-07-11

申请号：EP10723443.7

申请日：2010-05-03

申请人： Citrix Systems, Inc.

发明人： VAN DER LINDEN, Rob ,  HALLS, David ,  WATERHOUSE, Simon ,  BENOIT, Peter H.

IPC分类号： G06F9/50 ,  H04L29/08 ,  G06F3/06

CPC分类号： H04L47/70 ,  G06F9/5077 ,  H04L63/20 ,  H04L67/1097 ,  H04L69/08

摘要： Methods and systems for establishing a cloud bridge between two virtual storage resources and for transmitting data from one first virtual storage resource to the other virtual storage resource. The system can include a first virtual storage resource or cloud, and a storage delivery management service that executes on a computer and within the first virtual storage resource. The storage delivery management service can receive user credentials of a user that identify a storage adapter. Upon receiving the user credentials, the storage delivery management service can invoke the storage adapter which executes an interface that identifies a second virtual storage resource and includes an interface translation file. The storage delivery management service accesses the second virtual storage resource and establishes a cloud bridge with the second virtual storage resource using information obtained from the second virtual storage resource and information translated by the storage adapter using the interface translation file.