公开(公告)号：US09104837B1

公开(公告)日：2015-08-11

申请号：US13526423

申请日：2012-06-18

申请人： Deepak Khajuria ,  Gaurav Banga ,  Ian Pratt ,  Vikram Kapoor

发明人： Deepak Khajuria ,  Gaurav Banga ,  Ian Pratt ,  Vikram Kapoor

IPC分类号： G06F9/455 ,  G06F21/00 ,  G06F9/50 ,  G06F21/53

CPC分类号： G06F21/00 ,  G06F9/455 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/50 ,  G06F21/53 ,  G06F2009/45579 ,  G06F2009/45587

摘要： Approaches for securing resources of a virtual machine. An application executes on a host operating system. A user instructs the application to display a file. In response, a host module executing on the host operating system instructs a guest module, executing within a virtual machine, to render the file within the virtual machine. The application displays the file using screen data which was created within the virtual machine and defines a rendered representation of the file. The user is prevented from accessing any resource of the virtual machine unrelated to the file. The virtual machine may consult policy data to determine how to perform certain user-initiated actions within the virtual machine. Examples of the file include image, a document, an email, and a web page.

摘要翻译： 保护虚拟机资源的方法。 应用程序在主机操作系统上执行。 用户指示应用程序显示文件。 作为响应，在主机操作系统上执行的主机模块指示在虚拟机内执行的访客模块呈现虚拟机内的文件。 应用程序使用在虚拟机中创建的屏幕数据显示文件，并定义文件的呈现表示。 禁止用户访问与该文件无关的虚拟机的任何资源。 虚拟机可以参考策略数据来确定如何在虚拟机内执行某些用户启动的动作。 该文件的示例包括图像，文档，电子邮件和网页。

公开(公告)号：US20100241821A1

公开(公告)日：2010-09-23

申请号：US12459963

申请日：2009-07-10

申请人： Kaushik Barde ,  Gaurav Banga

发明人： Kaushik Barde ,  Gaurav Banga

IPC分类号： G06F12/00

CPC分类号： G06F9/4418 ,  G06F9/441 ,  G06F9/544 ,  G06F12/109 ,  G06F12/12

摘要： Methods, systems, apparatuses and program products are disclosed for managing memory multiple OSes within a single computer and the like.Provision is made for memory recovery between hot swapped OSes with BIOS assistance and conforming with ACPI features for System State management and capable of use without virtualization.

摘要翻译： 公开了用于在单个计算机等内管理存储器多个OS的方法，系统，装置和程序产品。 提供了在具有BIOS协助的热插拔操作系统之间进行内存恢复，并符合ACPI功能，用于系统状态管理，无需虚拟化即可使用。

公开(公告)号：US20100037323A1

公开(公告)日：2010-02-11

申请号：US12538040

申请日：2009-08-07

申请人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

摘要翻译： 确保客户端的技术。 当诸如便携式计算机的客户端经历操作状态的改变时，操作系统代理向服务器发送状态消息。 状态消息描述客户端操作状态的变化。 操作系统代理是在客户机的操作系统中执行的一个或多个软件模块。 客户端从服务器收到策略消息。 策略消息包含一个BIOS代理存储在客户端的BIOS中的策略数据。 策略数据标识客户端应遵循的一个或多个安全策略。

公开(公告)号：US20100037291A1

公开(公告)日：2010-02-11

申请号：US12538044

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/20

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.

摘要翻译： 确保客户端的技术。 操作系统代理是在诸如便携式计算机的客户端的操作系统中执行的一个或多个软件模块。 操作系统代理的部分可以监视客户端的资源。 操作系统代理向BIOS代理发送一条描述操作系统代理的操作状态的消息。 BIOS代理是在客户端的BIOS中操作的一个或多个软件模块。 BIOS代理根据存储在客户端的BIOS内的策略数据描述的策略来执行动作。 响应于（a）消息描述的操作状态或（b）BIOS代理在预期的时间段之后未接收到消息的情况下，BIOS代理执行动作。

公开(公告)号：US07426576B1

公开(公告)日：2008-09-16

申请号：US10251298

申请日：2002-09-20

申请人： Gaurav Banga ,  James Stewart

发明人： Gaurav Banga ,  James Stewart

IPC分类号： G06F15/16

CPC分类号： H04L29/12066 ,  H04L29/12132 ,  H04L43/0817 ,  H04L61/1511 ,  H04L61/1552 ,  Y10S707/99933

摘要： The present invention relates to an enhanced DNS resolver architecture configured to operate in high availability environments, such as the Internet. Specifically, the DNS resolver code of the present invention may be implemented by a storage operating system in a filer. The resolver code modifies a conventional resolver algorithm so as to reduce the time necessary to map IP addresses to alphanumeric domain names and vice versa. Advantageously, the enhanced resolver code keeps track of non-responsive or “dead” DNS servers as well as non-resolvable or “bad” domain names and IP addresses.

摘要翻译： 本发明涉及被配置为在诸如因特网的高可用性环境中操作的增强型DNS解析器架构。 具体地，本发明的DNS解析器代码可以由文件管理器中的存储操作系统来实现。 解算器代码修改常规的解算器算法，以便减少将IP地址映射到字母数字域名所需的时间，反之亦然。 有利地，增强的解算器代码跟踪非响应或“死”的DNS服务器以及不可解析或“不良”的域名和IP地址。

公开(公告)号：US06240447B1

公开(公告)日：2001-05-29

申请号：US09366345

申请日：1999-08-02

申请人： Gaurav Banga ,  Frederick Douglis ,  Hosagrahar Visvesvaraya Jagadish ,  Michael Rabinovich

发明人： Gaurav Banga ,  Frederick Douglis ,  Hosagrahar Visvesvaraya Jagadish ,  Michael Rabinovich

IPC分类号： G06F1730

CPC分类号： G06F17/30899 ,  G06F17/30902 ,  H04L29/06 ,  H04L67/2842 ,  H04L67/2876 ,  H04L69/329

摘要： The apparent speed of a connection between a browser at a user station and a proxy or gateway on a network such as the Internet is increased by providing a local proxy at the user station which interacts with a remote proxy. While the remote proxy is retrieving a newly requested World Wide Web page, for example, from the appropriate content provider, it may also be sending to the local proxy a stale cached version of that page. When the new version of the page is finally retrieved, the remote proxy determines the differences between the new version and the stale version, and, assuming the differences do not exceed the new page in size, sends the differences to the local proxy which then reconstructs the new page from the differences and the stale version. The local proxy delivers the new page to the browser, which need not even be aware that a local proxy exists; it is aware only that it received the page it requested. Because computational speed and power are frequently higher and cheaper than transmission speed, the apparent speed of the connection between the user station and the network has been increased at modest cost.

摘要翻译： 通过在与远程代理进行交互的用户站处提供本地代理来增加在用户站处的浏览器与诸如因特网的网络上的代理或网关之间的连接的速度。 虽然远程代理正在检索新请求的万维网页面，例如，从适当的内容提供商，它也可能会向本地代理发送该页面的陈旧的缓存版本。 当最终检索到新版本的页面时，远程代理确定新版本和陈旧版本之间的差异，并且假设差异不超过新页面的大小，将差异发送到本地代理，然后重建 新页面的差异和陈旧的版本。 本地代理将新页面传递到浏览器，甚至不需要知道本地代理存在; 它只知道它收到了它要求的页面。 由于计算速度和功率通常比传输速度更高和便宜，所以用户站和网络之间的连接的速度已经以适度的成本增加。

公开(公告)号：US5931904A

公开(公告)日：1999-08-03

申请号：US729105

申请日：1996-10-11

申请人： Gaurav Banga ,  Frederick Douglis ,  Hosagrahar Visvesvaraya Jagadish ,  Michael Rabinovich ,  Kiem-Phong Vo

发明人： Gaurav Banga ,  Frederick Douglis ,  Hosagrahar Visvesvaraya Jagadish ,  Michael Rabinovich ,  Kiem-Phong Vo

IPC分类号： G06F12/00 ,  G06F13/00 ,  G06F17/30 ,  H04L29/06 ,  H04L29/08

CPC分类号： G06F17/30899 ,  G06F17/30902 ,  H04L29/06 ,  H04L67/2842 ,  H04L67/2876 ,  H04L69/329

摘要： The apparent speed of a connection between a browser at a user station and a proxy or gateway on a network such as the Internet is increased by providing a local proxy at the user station which interacts with a remote proxy. While the remote proxy is retrieving a newly requested World Wide Web page, for example, from the appropriate content provider, it may also be sending to the local proxy a stale cached version of that page. When the new version of the page is finally retrieved, the remote proxy determines the differences between the new version and the stale version, and, assuming the differences do not exceed the new page in size, sends the differences to the local proxy which then reconstructs the new page from the differences and the stale version. The local proxy delivers the new page to the browser, which need not even be aware that a local proxy exists; it is aware only that it received the page it requested. Because computational speed and power are frequently higher and cheaper than transmission speed, the apparent speed of the connection between the user station and the network has been increased at modest cost.

摘要翻译： 通过在与远程代理进行交互的用户站处提供本地代理来增加在用户站处的浏览器与诸如因特网的网络上的代理或网关之间的连接的速度。 虽然远程代理正在检索新请求的万维网页面，例如，从适当的内容提供商，它也可能会向本地代理发送该页面的陈旧的缓存版本。 当最终检索到新版本的页面时，远程代理确定新版本和陈旧版本之间的差异，并且假设差异不超过新页面的大小，将差异发送到本地代理，然后重建 新页面的差异和陈旧的版本。 本地代理将新页面传递到浏览器，甚至不需要知道本地代理存在; 它只知道它收到了它要求的页面。 由于计算速度和功率通常比传输速度更高和便宜，所以用户站和网络之间的连接的速度已经以适度的成本增加。

公开(公告)号：US09104544B1

公开(公告)日：2015-08-11

申请号：US13468843

申请日：2012-05-10

申请人： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

发明人： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

IPC分类号： G06F3/06 ,  G06F12/02

CPC分类号： G06F12/02 ,  G06F3/0608 ,  G06F3/0641 ,  G06F3/0671 ,  G06F9/45558 ,  G06F9/5027 ,  G06F9/5077 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2209/5018

摘要： Mitigating eviction of the memory pages of virtualized machines. Upon detecting that a request to perform an I/O operation has been issued against a block stored a disk, a determination is made as to whether a pristine copy of the contents of the block is stored in memory. If a pristine copy of the contents of the block is stored in memory, then the request may be performed by updating mapping data that maps a page of memory to a location in memory at which the pristine copy is stored. In this way, the request is performed without performing the I/O operation against the block stored on disk. Various approaches for resharing memory, including memory of a template virtual machine, are discussed.

摘要翻译： 减轻虚拟化机器的内存页面。 在检测到针对存储的盘的块发出对I / O操作的请求时，确定块的内容的原始副本是否存储在存储器中。 如果块的内容的原始副本存储在存储器中，则可以通过更新将存储器页映射到存储原始副本的存储器中的位置的映射数据来执行请求。 以这种方式，执行请求而不对存储在磁盘上的块执行I / O操作。 讨论了重新共享内存的各种方法，包括模板虚拟机的内存。

公开(公告)号：US08752047B2

公开(公告)日：2014-06-10

申请号：US13223091

申请日：2011-08-31

申请人： Gaurav Banga ,  Kiran Bondalapati ,  Ian Pratt ,  Vikram Kapoor

发明人： Gaurav Banga ,  Kiran Bondalapati ,  Ian Pratt ,  Vikram Kapoor

IPC分类号： G06F9/455 ,  G06F9/44 ,  G06F21/00

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/45587

摘要： Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content, originating from an external source, is to be received or processed by the client, the client identifies, without human intervention, one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data to determine a placement policy, a containment policy, and a persistence policy for any virtual machine to receive the digital content. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

摘要翻译： 通过在或多个虚拟机中安全接收数据来将数据传输到客户端的方法。 响应于客户端确定来自外部源的数字内容将被客户端接收或处理，客户端在没有人为干预的情况下识别一个或多个虚拟机，在客户机上执行或执行， 数字内容将被存储。 在这样做时，客户端可以查询策略数据以确定放置策略，收容策略和任何虚拟机接收数字内容的持久性策略。 以这种方式，客户端可以安全地接收到具有未知可信度的数字内容，例如可执行代码或解释数据，而不存在任何恶意代码在客户端上不会产生任何不良后果的可能性。

公开(公告)号：US08667594B1

公开(公告)日：2014-03-04

申请号：US13419356

申请日：2012-03-13

申请人： Gaurav Banga ,  Rahul Kashyap ,  Andrew Southgate

发明人： Gaurav Banga ,  Rahul Kashyap ,  Andrew Southgate

IPC分类号： G06F21/00

CPC分类号： G06F21/568 ,  G06F21/56

摘要： Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.

摘要翻译： 确保数字文件的方法不包含恶意代码。 原始格式的数字文件可能包含或不包含恶意代码。 以原始格式从数字文件创建中间格式的数字文件的中间拷贝。 中间格式保留数字文件的视觉或音频呈现，而不支持原始格式的元数据或文件格式数据结构。 从中间拷贝创建数字文件的无菌拷贝。 灭菌副本是原始格式。 灭菌副本包括指示灭菌副本已经从中间格式转换为原始格式的数字签名。 有利地，保证无菌拷贝不具有任何恶意代码。