公开(公告)号：US10216939B2

公开(公告)日：2019-02-26

申请号：US15142035

申请日：2016-04-29

Applicant: Wyse Technology L.L.C.

Inventor： Rushikesh Patil ,  Puneet Kaushik

IPC: G06F21/56 ,  G06F21/57 ,  G06F21/55

Abstract: A security solution can be implemented using a layering system. By using a layering system, any changes that are made to a computing system can be isolated within a separate write layer. Due to this isolation, the changes, which may even be malicious, can be evaluated without fear that the resources in other layers will be negatively affected. In this way, even security threats that are still unknown to antivirus solutions (so-called zero-day attacks) can be prevented from harming the system.

公开(公告)号：US20180217996A1

公开(公告)日：2018-08-02

申请号：US15418074

申请日：2017-01-27

Applicant: Wyse Technology L.L.C.

Inventor： Salil S. Joshi ,  Puneet Kaushik ,  Sumit Popli

IPC: G06F17/30

CPC classification number: G06F21/00 ,  G06F16/1734 ,  G06F21/6218 ,  G06F21/79

Abstract: Access to functionality of a file-based write filter can be secured. A policy-based filter can be configured to monitor and filter calls to APIs that access functionality of the file-based write filter. Based on policy, the policy-based filter can selectively block such calls to ensure that only permitted applications and/or users are allowed to access the functionality of the file-based write filter. In some cases, the policy-based filter can be configured to communicate with a server component to determine whether a particular attempt to access the functionality of the file-based write filter should be allowed.

公开(公告)号：US10657245B2

公开(公告)日：2020-05-19

申请号：US15458249

申请日：2017-03-14

Applicant: Wyse Technology L.L.C.

Inventor： Puneet Kaushik ,  Salil Joshi

IPC: G06F21/44 ,  G06F13/366 ,  G06F13/40 ,  G06F9/4401 ,  G06F21/85 ,  G06F21/60 ,  H04L29/06 ,  G06F21/70 ,  G06F21/57

Abstract: Access to devices can be controlled dynamically. A device control driver can function as an upper filter driver so that it can intercept I/O requests that target a particular device. The device control driver can be configured to communicate with a device control server to dynamically determine whether the current user is allowed to access the particular device. The device control server can employ policy or administrator input to determine whether access should be allowed and can then notify the device control driver accordingly. When access is granted, the device control driver can pass I/O requests down the device driver stack. Otherwise, the device control driver can block the I/O requests. Also, when access is granted, the device control server can specify a permission expiration time after which the device control driver should again resume blocking I/O requests.

公开(公告)号：US10235187B2

公开(公告)日：2019-03-19

申请号：US15142049

申请日：2016-04-29

Applicant: Wyse Technology L.L.C.

Inventor： Rushikesh Patil ,  Puneet Kaushik

IPC: G06F9/54 ,  G06F9/445

Abstract: Application configurations can be merged to enhance multi-layer performance. When a layering system is employed, a layering registry filter driver can create a merged registry hive that includes the contents of each operating system registry hive as well as the contents of each registry hive of a mounted layer. The merged registry hive will therefore form a single location that the layering registry filter driver can access to complete a registry operation.

公开(公告)号：US20180227296A1

公开(公告)日：2018-08-09

申请号：US15423715

申请日：2017-02-03

Applicant: Wyse Technology L.L.C.

Inventor： Salil Joshi ,  Puneet Kaushik ,  Sumit Popli ,  Suruchi Dubey ,  Oleg Rombakh ,  Varun Raghavan

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L63/0853 ,  H04L63/0861 ,  H04W12/06

Abstract: Authentication can be performed on thin clients using independent mobile devices. Because many users have smart phones or other similar mobile devices that include biometric scanners, such mobile devices can be leveraged to perform authentication of users as part of logging in to a thin client desktop. A mapping can be created on a central server between a user's mobile device and the user's domain identity. A mapping can also be created between the user's domain identity and the user's thin client desktop. Then, when a user desires to log in to his thin client desktop, the user can employ the appropriate biometric scanner on his mobile device to perform authentication. The central server can then rely on this authentication to identify and log the user into his thin client desktop.

公开(公告)号：US20180217946A1

公开(公告)日：2018-08-02

申请号：US15418011

申请日：2017-01-27

Applicant: Wyse Technology L.L.C.

Inventor： Salil S. Joshi ,  Puneet Kaushik

IPC: G06F12/14

CPC classification number: G06F12/1458 ,  G06F12/1433 ,  G06F21/79 ,  G06F2212/1052

Abstract: Applications and users can be restricted from making persistent changes to artifacts on a protected volume. In Windows-based systems that include a file-based write filter, a policy-based write filter can be positioned below the file-based write filter and can examine any write requests that target artifacts of a protected volume and are not redirected by the file-based write filter. The policy-based write filter can examine the write requests against any applicable policies to determine whether the write requests should be allowed to proceed. If the policy-based write filter determines that a write request is not allowed by policy, it can fail the write request to thereby prevent the targeted artifact from being updated in the protected volume.

公开(公告)号：US20170315999A1

公开(公告)日：2017-11-02

申请号：US15142041

申请日：2016-04-29

Applicant: Wyse Technology L.L.C.

Inventor： Rushikesh Patil ,  Puneet Kaushik

IPC: G06F17/30

CPC classification number: G06F16/164

Abstract: A directory that resides on a layered volume can be renamed A hooking module can be employed to intercept rename requests. The hooking module can query a layering file system filter driver to determine the volume of the source and target of the rename request. If the source and target are on different volumes, thereby indicating that the source is a directory of a layered volume, the hooking module can append a signature to the target which identifies the actual volume of the source. The modified rename request can then be passed to the operating system which will perform its normal operations including verifying that the source and target are on the same volume. During this verification, the layering file system filter driver can detect the appended signature in the target and can inform the operating system that the target is on the volume identified in the signature.

公开(公告)号：US09319452B2

公开(公告)日：2016-04-19

申请号：US14699849

申请日：2015-04-29

Applicant: Wyse Technology L.L.C.

Inventor： Puneet Kaushik

IPC: H04L29/00 ,  H04L29/08 ,  G06F3/06 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L67/02 ,  G06F3/0601 ,  H04L29/08846 ,  H04L41/00 ,  H04L63/10 ,  H04L63/105 ,  H04L67/2861 ,  H04L67/42

Abstract: Restricting access to a device from a server, where the device is remote to the server and is connected locally to a client that is remote to the server, is described. The operations may include facilitating interception, at the server, of a function call to create a symbolic link; facilitating determination that the intercepted function call to create the symbolic link corresponds to a device object associated with the device that is remote to the server and is connected locally to a client that is remote to the server; facilitating obtaining configuration data indicating whether access to the device is to be restricted; and facilitating creation of the symbolic link in a local namespace of an object manager namespace of the server, upon obtaining configuration data indicating that access to the device is to be restricted.

公开(公告)号：US10810164B2

公开(公告)日：2020-10-20

申请号：US15418074

申请日：2017-01-27

Applicant: Wyse Technology L.L.C.

Inventor： Salil S Joshi ,  Puneet Kaushik ,  Sumit Popli

IPC: G06F16/176 ,  G06F21/00 ,  G06F21/62 ,  G06F21/79 ,  G06F16/17

Abstract: Access to functionality of a file-based write filter can be secured. A policy-based filter can be configured to monitor and filter calls to APIs that access functionality of the file-based write filter. Based on policy, the policy-based filter can selectively block such calls to ensure that only permitted applications and/or users are allowed to access the functionality of the file-based write filter. In some cases, the policy-based filter can be configured to communicate with a server component to determine whether a particular attempt to access the functionality of the file-based write filter should be allowed.

公开(公告)号：US20180268126A1

公开(公告)日：2018-09-20

申请号：US15458249

申请日：2017-03-14

Applicant: Wyse Technology L.L.C.

Inventor： Puneet Kaushik ,  Salil Joshi

IPC: G06F21/44 ,  G06F9/445 ,  G06F13/366 ,  G06F13/40

CPC classification number: G06F21/44 ,  G06F9/4411 ,  G06F13/366 ,  G06F13/4072 ,  G06F21/606 ,  G06F21/85

Abstract: Access to devices can be controlled dynamically. A device control driver can function as an upper filter driver so that it can intercept I/O requests that target a particular device. The device control driver can be configured to communicate with a device control server to dynamically determine whether the current user is allowed to access the particular device. The device control server can employ policy or administrator input to determine whether access should be allowed and can then notify the device control driver accordingly. When access is granted, the device control driver can pass I/O requests down the device driver stack. Otherwise, the device control driver can block the I/O requests. Also, when access is granted, the device control server can specify a permission expiration time after which the device control driver should again resume blocking I/O requests.