利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

56 条记录 (耗时 0.031 秒)

    Secure and modifiable configuration files used for remote sessions
    32.
    发明授权
    Secure and modifiable configuration files used for remote sessions 有权
    用于远程会话的安全和可修改的配置文件

    公开(公告)号:US07730302B2

    公开(公告)日:2010-06-01

    申请号:US11429003

    申请日:2006-05-05

    申请人: Ashwin Palekar Elton Saul Ersev Samim Erdogan Jeson Patel Rajneesh Mahajan Russell S. Morgan Kevin London

    发明人: Ashwin Palekar Elton Saul Ersev Samim Erdogan Jeson Patel Rajneesh Mahajan Russell S. Morgan Kevin London

    IPC分类号: H04L9/12 G06F15/177

    CPC分类号: G06F21/577 H04L63/123

    摘要: Embodiments herein address some of the problems associated with compromised configuration files used in a remote sessions of a virtual computing environment. Accordingly, a subset of settings in a configuration file are secured from malicious or accidental modification, while other portions of the configuration file are modifiable by a user as desired without invalidating the integrity of the secure subset. This not only allows for the user to be assured of the integrity of the settings, but also allows an administrator of the remote or terminal server with the ability to control how and what access a client has to resources thereon. Such access may be further controlled based on a trust level between the client, server, and/or publisher of the configuration file.

    摘要翻译: 这里的实施例解决了与虚拟计算环境的远程会话中使用的受损配置文件相关联的一些问题。 因此,配置文件中的一组设置可以防止恶意或意外修改,而配置文件的其他部分可由用户根据需要修改,而不会使安全子集的完整性无效。 这不仅允许用户确保设置的完整性,而且允许远程或终端服务器的管理员能够控制客户端对其的资源的访问以及访问方式。 可以基于配置文件的客户端,服务器和/或发布者之间的信任级别来进一步控制这种访问。

    TLS tunneling
    33.
    发明授权
    TLS tunneling 有权
    TLS隧道

    公开(公告)号:US07529933B2

    公开(公告)日:2009-05-05

    申请号:US10157806

    申请日:2002-05-30

    申请人: Ashwin Palekar Arun Ayyagari Daniel R. Simon

    发明人: Ashwin Palekar Arun Ayyagari Daniel R. Simon

    IPC分类号: H04L9/00 H04K1/00

    CPC分类号: H04L63/0428 H04L63/08 H04L63/162

    摘要: An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.

    摘要翻译: 可以使用认证协议来建立网络上的两个设备之间的安全通信方法。 一旦建立,安全通信可以用于通过各种认证方法认证客户端,在中间设备不能被信任的环境中提供安全性,例如无线网络或外部网络接入点。 此外,会话密钥和其他相关信息的高速缓存可以使得两个安全通信的端点能够快速恢复其通信,尽管中断,例如当一个端点改变其连接到网络的接入点时。 而且,两台设备之间的安全通信可以使用户能够从家庭网络中漫游,从而提供通过外部网络进行访问的机制,同时允许外部网络监视和控制其带宽的使用。

    Method for providing user authentication/authorization and distributed firewall utilizing same
    35.
    发明申请
    Method for providing user authentication/authorization and distributed firewall utilizing same 审中-公开

    公开(公告)号:US20060015935A1

    公开(公告)日:2006-01-19

    申请号:US11232553

    申请日:2005-09-22

    申请人: William Dixon Gurdeep Pall Ashwin Palekar Bernard Aboba Brian Swander

    发明人: William Dixon Gurdeep Pall Ashwin Palekar Bernard Aboba Brian Swander

    IPC分类号: G06F15/16

    CPC分类号: H04L63/0218 H04L63/164

    摘要: The distributed firewall performs user authentication at a first level to establish a user security context for traffic from that user, and an authority context provides authorization for subsequent traffic. This authority context may be based on an underlying policy for particular types of traffic, access to particular applications, etc. Additionally, the system includes the ability to allow a user/process/application to define its own access control. The linking of the user security context from the traffic to the application is accomplished by enabling IPSec on a socket and forcing the socket to be bound in exclusive mode. The most common policy definitions may be included by default. Extensions of the Internet key exchange protocol (IKE) to provide the desired user authentication plus application/purpose are also provided. The architecture includes pluggable authorization module(s) that are called after IKE has successfully authenticated the peer, but before the connection is allowed to complete.

    Delegating application invocation back to client
    38.
    发明授权
    Delegating application invocation back to client 有权
    将应用程序调用委托给客户端

    公开(公告)号:US08849897B2

    公开(公告)日:2014-09-30

    申请号:US11941071

    申请日:2007-11-15

    申请人: Amos Ortal Nir Nice Ashwin Palekar Craig Alan Nelson Paresh Ramchandra Haridas

    发明人: Amos Ortal Nir Nice Ashwin Palekar Craig Alan Nelson Paresh Ramchandra Haridas

    IPC分类号: G06F15/16

    CPC分类号: G06F9/5027 G06F9/451 G06F9/452 G06F9/5055 G06F2209/509

    摘要: Aspects of the subject matter described herein relate to delegating application invocation back to a client. In aspects, a server hosts an application that has a user interface that is presented on a client. User interaction on the user interface is encoded and sent to the server to give to the application. When the user uses the application such that another application is to be executed, a server delegator determines whether to execute the other application on the server or the client. If the application is to be executed on the client, the server delegator instructs a component that executes on the client to execute the application on the client. Otherwise, the application is executed on the server and data representing the user interface of the application is sent to the client so that the client may present the user interface to a user.

    摘要翻译: 本文描述的主题的方面涉及将应用调用委托给客户端。 在方面,服务器托管具有在客户端上呈现的用户界面的应用程序。 用户界面上的用户交互被编码并发送给服务器给予应用程序。 当用户使用应用程序使得另一个应用程序被执行时,服务器委托者确定是否在服务器或客户机上执行其他应用程序。 如果应用程序要在客户机上执行,则服务器委托者指示在客户机上执行的组件在客户机上执行应用程序。 否则,在服务器上执行应用程序,并将表示应用程序的用户界面的数据发送给客户端,以便客户端可以向用户呈现用户界面。

    Techniques for Streaming Virtual Machines from a Server to a Host
    39.
    发明申请
    Techniques for Streaming Virtual Machines from a Server to a Host 有权
    将虚拟机从服务器流式传输到主机的技术

    公开(公告)号:US20120084775A1

    公开(公告)日:2012-04-05

    申请号:US12895685

    申请日:2010-09-30

    申请人: Mahesh Lotlikar Sriram Sampath Ashwin Palekar Olga B. Ivanova Dustin L. Green Ido Ben-Shachar

    发明人: Mahesh Lotlikar Sriram Sampath Ashwin Palekar Olga B. Ivanova Dustin L. Green Ido Ben-Shachar

    IPC分类号: G06F9/455 G06F15/173

    CPC分类号: G06F9/45558 G06F2009/4557 H04L67/1097

    摘要: Techniques for configuring a commodity server to host virtual hard disks are disclosed herein. In an exemplary embodiment, a virtual hard disk file can be split into a plurality of differencing VHD files and one or more of the files can be downloaded to a virtualization host as it runs off the VHD files stored on the server. After the one or more VHD files are downloaded, the virtualization host can be configured to use the local copy instead of the copy on the commodity server. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

    摘要翻译: 这里公开了用于配置商品服务器以托管虚拟硬盘的技术。 在示例性实施例中,虚拟硬盘文件可以被分割成多个差分VHD文件,并且一个或多个文件可以在它们运行在存储在服务器上的VHD文件时被下载到虚拟化主机。 在下载一个或多个VHD文件之后,可以将虚拟化主机配置为使用本地副本而不是商品服务器上的副本。 除了上述之外,在权利要求书,详细描述和附图中描述了其它技术。