公开(公告)号：US08407720B1

公开(公告)日：2013-03-26

申请号：US12751008

申请日：2010-03-31

申请人： Peter Chen ,  Scott E. Joyce ,  Gregory W. Lazar ,  Robert A. Ballantyne ,  Bryant C. Martin

发明人： Peter Chen ,  Scott E. Joyce ,  Gregory W. Lazar ,  Robert A. Ballantyne ,  Bryant C. Martin

IPC分类号： G06F13/00

CPC分类号： G06F9/54 ,  G06F3/0604

摘要： Inter-process communication management allows a first data storage system management application to execute a second data storage system management application. For example, when a user directs a client device to execute a second application while executing a first application, the client device establishes an inter-process communication (IPC) channel between the two applications to allow for security and navigation commands to be passed from the first application to the second application. With such a configuration, the first application does not require the user to re-enter information, such as a target IP address, and encrypted password to execute the second application. In one arrangement, the IPC channel is configured to detect the termination of either the first or the second application. Once detected, the client device can safely terminate the IPC channel between the two applications and execute the remaining, non-terminated application as a standalone product.

摘要翻译： 进程间通信管理允许第一数据存储系统管理应用程序执行第二数据存储系统管理应用程序。 例如，当用户在执行第一应用程序时指示客户端设备执行第二应用程序时，客户端设备在两个应用程序之间建立进程间通信（IPC）通道，以允许安全和导航命令从 第一个应用程序到第二个应用程序。 通过这样的配置，第一应用程序不需要用户重新输入诸如目标IP地址和加密密码之类的信息来执行第二应用。 在一种布置中，IPC通道被配置为检测第一或第二应用的终止。 一旦检测到，客户端设备可以安全地终止两个应用程序之间的IPC通道，并将剩余的非终止应用程序作为独立产品执行。

公开(公告)号：US07010622B1

公开(公告)日：2006-03-07

申请号：US09877862

申请日：2001-06-08

申请人： Andreas L. Bauer ,  Brian R. Gruttadauria ,  Gregory W. Lazar ,  Walter T. Dobberpuhl

发明人： Andreas L. Bauer ,  Brian R. Gruttadauria ,  Gregory W. Lazar ,  Walter T. Dobberpuhl

IPC分类号： G06F15/16 ,  H04L12/28

CPC分类号： H04L41/0233

摘要： There is disclosed a technique for achieving scalable communication within a distributed system using dynamic communication trees. In a client server environment, and particularly in such an environment in which storage systems and storage area networks are managed by distributed management software, embodiments of the present invention are presented by which communication trees are built in a manner that evenly distributes load throughout nodes in the network, whereby scalability is enhanced allowing a larger number of nodes than otherwise allowable without such trees. Other advantages achievable by utilization of such trees are also disclosed.

摘要翻译： 公开了一种使用动态通信树在分布式系统内实现可伸缩通信的技术。 在客户服务器环境中，特别是在存储系统和存储区域网络由分布式管理软件管理的这种环境中，呈现本发明的实施例，通过哪些通信树被构建为以均匀的方式在 网络，从而增加可扩展性，允许在没有这种树的情况下允许更多数量的节点。 还公开了通过利用这种树可实现的其它优点。

公开(公告)号：US08751827B1

公开(公告)日：2014-06-10

申请号：US12823636

申请日：2010-06-25

申请人： William M. Duane ,  Robert W. Griffin ,  John S. Harwood ,  Gregory W. Lazar ,  Thomas E. Linnell

发明人： William M. Duane ,  Robert W. Griffin ,  John S. Harwood ,  Gregory W. Lazar ,  Thomas E. Linnell

IPC分类号： G06F11/30 ,  G06F3/12 ,  H04L12/417 ,  H04L9/08

CPC分类号： G06F3/1204 ,  G06F21/32 ,  G06F21/34 ,  G06F21/577 ,  G06F21/60 ,  G06F21/6209 ,  G06F21/79 ,  H04L9/0894 ,  H04L2209/12

摘要： A method of securely operating a computerized system includes forming a connection to a user-removable physical security device (PSD) which is uniquely paired with the computerized system and which stories cryptographically secured data required for performing a protected function on the computerized system. The PSD may be realized as a USB or similar peripheral device containing security-related data and potentially security processing capability as well. The protected function could be decrypting of encrypted data encryption keys used to encrypt/decrypt user data for example. A user who has an established association with the PSD (e.g. by some preceding registration process) is authenticated, resulting in activation of the PSD on the computerized system. Upon such activation of the PSD, the computerized system engages in a security operation using the cryptographically secured data from the PSD to enable the protected function to be performed under control of the user on the computerized system.

摘要翻译： 安全地操作计算机化系统的方法包括形成到与计算机化系统唯一配对的用户可移动物理安全设备（PSD）的连接以及在计算机化系统上执行受保护功能所需的哪些故障密码保护数据。 PSD可以被实现为包含安全相关数据和潜在安全处理能力的USB或类似的外围设备。 受保护的功能可以解密用于加密/解密用户数据的加密数据加密密钥。 与PSD建立关联的用户（例如通过一些先前的注册过程）被认证，导致计算机化系统上的PSD的激活。 在PSD的这种激活之后，计算机化系统使用来自PSD的加密安全数据进行安全操作，以使受保护功能能够在计算机化系统上的用户的控制下执行。

公开(公告)号：US08566595B1

公开(公告)日：2013-10-22

申请号：US13075756

申请日：2011-03-30

申请人： Scott E. Joyce ,  Gregory W. Lazar ,  Christopher S. Lacasse

发明人： Scott E. Joyce ,  Gregory W. Lazar ,  Christopher S. Lacasse

IPC分类号： H04L29/06

CPC分类号： G06F21/335 ,  G06F21/445 ,  H04L67/1097

摘要： A method and system for use in managing secure communications with software environments is disclosed. In at least one embodiment, the method and system comprises maintaining, in a Java operating environment, a regulatory compliant communications facility that is accessible to a Flex operating environment. The Flex and Java operating environments are caused to use the regulatory compliant communications facility for network communications with a data storage system.

摘要翻译： 公开了一种用于管理与软件环境的安全通信的方法和系统。 在至少一个实施例中，该方法和系统包括在Java操作环境中维护可由Flex操作环境访问的符合规定的通信设施。 导致Flex和Java操作环境使用符合规定的通信设施进行与数据存储系统的网络通信。

公开(公告)号：US07269648B1

公开(公告)日：2007-09-11

申请号：US09964977

申请日：2001-09-27

申请人： Sriram Krishnan ,  Gregory W. Lazar

发明人： Sriram Krishnan ,  Gregory W. Lazar

IPC分类号： G06F15/173

CPC分类号： G06F17/30575

摘要： In a computer network having a plurality of computer nodes, a directory database (DDB) distributed throughout the network in each of the nodes, the contents of the DDB being maintained consistent or replicated throughout the network through the use of one of its nodes having been appointed as master node. The master node has a privileged status as compared to the other nodes. The master node updates each DDB in each node in its network or domain configuration when the configuration changes. A global administrator is a privileged user compared to other computer network users who has authority to replace or select a master node and to configure a domain, and who performs these and other functions by way of computer terminal screen dialogs offered by a graphical user interface (GUI) associated with the computer network. Only one master node per domain is permitted and if the password-protected global administrator's security is breached, other users may select other master nodes for the same network resulting in master to master conflict. In the case of multiple master nodes attempting to be master for the same nodes in the same network at the same time, this conflict is resolved in one embodiment of the present invention by allowing the most recently selected purported master node to be the actual master node. This resolution is obtained in a manner that avoids a single point of failure. After resolution of this conflict the result is communicated by the prevailing master node to all nodes in the network. This resolution takes into account a global network with varying time zones, and further takes into account the remote possibility of a simultaneous appointment of two masters.

摘要翻译： 在具有多个计算机节点的计算机网络中，分布在每个节点中的整个网络中的目录数据库（DDB），通过使用其一个节点来维护DDB的内容在整个网络中保持一致或复制 任命为主节点。 主节点与其他节点相比具有特权状态。 主节点在配置更改时更新其网络或域配置中每个节点中的每个DDB。 与具有取代或选择主节点和配置域的权限的其他计算机网络用户相比，全局管理员是特权用户，以及通过图形用户界面提供的计算机终端屏幕对话来执行这些和其他功能的人（ GUI）与计算机网络相关联。 允许每个域只有一个主节点，如果受到密码保护的全局管理员的安全性被破坏，其他用户可以为同一个网络选择其他主节点，从而导致主对主冲突。 在多个主节点同时尝试对相同网络中的相同节点进行主机的情况下，通过允许最近选择的所声称的主节点是实际主节点来解决本发明的一个实施例中的这种冲突 。 该解决方案以避免单点故障的方式获得。 解决此冲突后，结果将由主节点传送到网络中的所有节点。 该决议考虑到具有不同时区的全球网络，并进一步考虑到同时预约两位主人的远程可能性。