公开(公告)号：US08756660B2

公开(公告)日：2014-06-17

申请号：US12105247

申请日：2008-04-17

申请人： Meher Malakapalli ,  Lisen Ding ,  Ido Ben-Shachar ,  Ashwin Palekar

发明人： Meher Malakapalli ,  Lisen Ding ,  Ido Ben-Shachar ,  Ashwin Palekar

IPC分类号： H04L29/06

CPC分类号： H04L63/0838 ,  H04L63/105

摘要： Techniques for enabling two-factor authentication for terminal services are described. A client receives an authentication token from an authentication server. The authentication token is used as a factor for authenticating the client to a terminal services device. Native authentication of the client is also performed.

摘要翻译： 描述了用于启用终端服务的双因素认证的技术。 客户端从认证服务器接收认证令牌。 身份验证令牌用作向终端服务设备认证客户端的一个因素。 还执行客户端的本地认证。

公开(公告)号：US08640131B2

公开(公告)日：2014-01-28

申请号：US12016869

申请日：2008-01-18

申请人： Ara Bernardi ,  Costin Hagiu ,  Nelamangal Krishnaswamy Srinivas ,  Ashwin Palekar ,  Arun U. Kishan ,  Karthik Thirumalai

发明人： Ara Bernardi ,  Costin Hagiu ,  Nelamangal Krishnaswamy Srinivas ,  Ashwin Palekar ,  Arun U. Kishan ,  Karthik Thirumalai

IPC分类号： G06F9/46

CPC分类号： G06F9/5061 ,  G06F9/4881 ,  G06F2209/483 ,  G06F2209/5012 ,  G06F2209/508

摘要： Embodiments that facilitate the fair and dynamic distribution of central processing unit (CPU) time are disclosed. In accordance with one embodiment, a method includes organizing one or more processes into one or more groups. The method further includes allocating a CPU time interval for each group. The allocation of a CPU time interval for each group is accomplished by equally distributing a CPU cycle based on the number of groups. The method also includes adjusting the allocated CPU time intervals based on a change in the quantity of the one or more groups.

摘要翻译： 公开了促进中央处理单元（CPU）时间的公平和动态分配的实施例。 根据一个实施例，一种方法包括将一个或多个过程组织成一个或多个组。 该方法还包括为每个组分配CPU时间间隔。 每个组的CPU时间间隔的分配通过基于组的数量均等地分配CPU周期来实现。 该方法还包括基于一个或多个组的数量的改变来调整分配的CPU时间间隔。

公开(公告)号：US08413210B2

公开(公告)日：2013-04-02

申请号：US12331293

申请日：2008-12-09

申请人： Sergey Kuzin ,  Olga Ivanova ,  Ashwin Palekar ,  Kashif Mehmood ,  Sriram Sampath ,  Ersev Samim Erdogan

发明人： Sergey Kuzin ,  Olga Ivanova ,  Ashwin Palekar ,  Kashif Mehmood ,  Sriram Sampath ,  Ersev Samim Erdogan

IPC分类号： G06F7/04 ,  G06F17/30

CPC分类号： H04L63/0815 ,  G06F21/41

摘要： Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.

摘要翻译： 公开了在连接到一组远程资源时在多个客户端应用之间共享用户凭证的技术。 该机制能够在终端服务器Web访问服务与通过服务访问的远程应用程序，远程桌面和相应的终端服务器之间进行单一登录。 用户凭证可以由客户端应用程序之一接收，并被传递给作为与用户的登录会话相关联的本地软件对象运行的凭证存储。 进一步请求启动新的远程连接可能会通过凭据存储。 在成功验证请求之后，凭证存储可以将用户凭证信息附加到请求，并将请求传递给所请求的客户端。 请求的客户端也可以作为与当前登录会话相关联的软件对象执行。 然后，客户端可以使用提供的凭证来对所请求的资源或应用进行认证。

公开(公告)号：US20120266214A1

公开(公告)日：2012-10-18

申请号：US13532593

申请日：2012-06-25

申请人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

发明人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

IPC分类号： G06F21/00

CPC分类号： H04L63/0823 ,  G06F21/42 ,  G06F21/606 ,  G06F2221/2107 ,  H04L67/14 ,  H04L67/141

摘要： Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

摘要翻译： 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议，并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后，客户端和服务器交换适当的认证信息，然后建立实现所选通信协议的连接会话，并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接，而不必重新承担大量的连接资源开销。

公开(公告)号：US20120117245A1

公开(公告)日：2012-05-10

申请号：US13346196

申请日：2012-01-09

申请人： Ara Bernardi ,  Nelamangal Krishnaswamy Srinivas ,  Ashwin Palekar

发明人： Ara Bernardi ,  Nelamangal Krishnaswamy Srinivas ,  Ashwin Palekar

IPC分类号： G06F15/173

CPC分类号： H04L47/10 ,  H04L47/125 ,  H04L47/2441 ,  H04L47/2475

摘要： The present invention extends to methods, systems, and computer program products for group based allocation of terminal server network bandwidth. Output packets are classified into groups based on classification criteria. Output packets for each group are queue into a corresponding queue. During a queue flush cycle each queue containing data is flushed for an essentially equal amount of time. Flushing each queue essentially equally reduces the negative impact that can otherwise result when a subset of sessions (or even a single session) request(s) a disproportional share of terminal server network bandwidth. Responsiveness can be further increased by distributing the essentially equal amount for each queue across the queue flush cycle.

摘要翻译： 本发明扩展到用于基于组的终端服务器网络带宽分配的方法，系统和计算机程序产品。 输出数据包根据分类标准分为组。 每个组的输出数据包都被排队到相应的队列中。 在队列刷新循环期间，每个包含数据的队列刷新基本相等的时间量。 刷新每个队列基本上同样地减少了当会话（或甚至单个会话）的子集要求终端服务器网络带宽的不成比例的共享时可能导致的负面影响。 通过在队列刷新循环中为每个队列分配基本上相等的量来进一步提高响应性。

公开(公告)号：US20090132642A1

公开(公告)日：2009-05-21

申请号：US11941071

申请日：2007-11-15

申请人： Amos Ortal ,  Nir Nice ,  Ashwin Palekar ,  Craig Alan Nelson ,  Paresh Ramchandra Haridas

发明人： Amos Ortal ,  Nir Nice ,  Ashwin Palekar ,  Craig Alan Nelson ,  Paresh Ramchandra Haridas

IPC分类号： G06F15/16

CPC分类号： G06F9/5027 ,  G06F9/451 ,  G06F9/452 ,  G06F9/5055 ,  G06F2209/509

摘要： Aspects of the subject matter described herein relate to delegating application invocation back to a client. In aspects, a server hosts an application that has a user interface that is presented on a client. User interaction on the user interface is encoded and sent to the server to give to the application. When the user uses the application such that another application is to be executed, a server delegator determines whether to execute the other application on the server or the client. If the application is to be executed on the client, the server delegator instructs a component that executes on the client to execute the application on the client. Otherwise, the application is executed on the server and data representing the user interface of the application is sent to the client so that the client may present the user interface to a user.

摘要翻译： 本文描述的主题的方面涉及将应用调用委托给客户端。 在方面，服务器托管具有在客户端上呈现的用户界面的应用程序。 用户界面上的用户交互被编码并发送给服务器给予应用程序。 当用户使用应用程序使得另一个应用程序被执行时，服务器委托者确定是否在服务器或客户机上执行其他应用程序。 如果应用程序要在客户机上执行，则服务器委托者指示在客户机上执行的组件在客户机上执行应用程序。 否则，在服务器上执行应用程序，并将表示应用程序的用户界面的数据发送给客户端，以便客户端可以向用户呈现用户界面。

公开(公告)号：US07533407B2

公开(公告)日：2009-05-12

申请号：US10823686

申请日：2004-04-14

申请人： Elliot D. Lewis ,  Hakan Berk ,  Narendra C. Gidwani ,  Jesper M. Johansson ,  Timothy M. Moore ,  Ashwin Palekar ,  Calvin C. Choe

发明人： Elliot D. Lewis ,  Hakan Berk ,  Narendra C. Gidwani ,  Jesper M. Johansson ,  Timothy M. Moore ,  Ashwin Palekar ,  Calvin C. Choe

IPC分类号： G06F7/04 ,  G06F21/00

CPC分类号： H04L63/10 ,  G06F21/552 ,  G06F21/57 ,  G06F21/577 ,  G06F2221/2105 ,  H04L29/12226 ,  H04L61/2015 ,  H04L67/34

摘要： A client quarantine agent requests bill of health from a quarantine server, and receives a manifest of checks that the client computer must perform. The quarantine agent then sends a status report on the checks back to the quarantine server. If the client computer is in a valid security state, the bill of health is issued to the client. If the client computer is in an invalid state, the client is directed to install the appropriate software/patches to achieve a valid state. When a client requests the use of network resources from a network administrator, the network administrator requests the client's bill of health. If the bill of health is valid, the client is admitted to the network. If the bill of health is invalid, the client is placed in quarantine.

摘要翻译： 客户端隔离代理从隔离服务器请求健康状况，并收到客户端计算机必须执行的检查清单。 然后，隔离代理将检查的状态报告发送到隔离服务器。 如果客户端计算机处于有效的安全状态，则会向客户端发送健康证明。 如果客户端计算机处于无效状态，客户端将被指示安装相应的软件/修补程序以实现有效状态。 当客户端请求网络管理员使用网络资源时，网络管理员请求客户的健康状况。 如果身体健康状况有效，客户可以进入网络。 如果健康状况无效，客户将被隔离。

公开(公告)号：US20050125693A1

公开(公告)日：2005-06-09

申请号：US10729209

申请日：2003-12-05

申请人： Jean-Pierre Duplessis ,  Sean Lyndersay ,  Anton Krantz ,  Mohammad Alam ,  Ashwin Palekar ,  Timothy Moore

发明人： Jean-Pierre Duplessis ,  Sean Lyndersay ,  Anton Krantz ,  Mohammad Alam ,  Ashwin Palekar ,  Timothy Moore

IPC分类号： H04L9/08 ,  H04B7/26 ,  H04L12/26 ,  H04L12/28 ,  H04L29/06 ,  H04W12/02 ,  H04W12/06 ,  H04W48/14 ,  H04W48/18 ,  H04W84/12 ,  H04L9/00

CPC分类号： H04W12/06 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/20 ,  H04L63/205 ,  H04W12/04 ,  H04W48/16 ,  H04W84/12

摘要： A system and method for facilitating automatic detection of a type of wireless network is provided. In accordance with an aspect of the present invention, wireless network client(s) can automatically detect the “type” of a network (e.g., method of authentication and encryption) without requiring input from the user. For example, unencrypted network, WEP encrypted network requiring a WEP key, WPA encrypted network requiring a pre-shared key, an IEEE 802.1x enabled network supporting WPA and/or an IEEE 802.1x enabled network not supporting WPA. In accordance with an aspect of the present invention, a wireless network detection system having a connection component and a detection component is provided. The connection component facilitates connection of a client system to at least one of a plurality of wireless networks. The detection component identities a type of an available wireless network. Identification can be based, for example, upon information received in an information element and/or iterative probing of the wireless network beacon.

摘要翻译： 提供了一种便于自动检测一种无线网络的系统和方法。 根据本发明的一个方面，无线网络客户端可以自动地检测网络的“类型”（例如，认证和加密的方法），而不需要用户的输入。 例如，未加密网络，需要WEP密钥的WEP加密网络，需要预共享密钥的WPA加密网络，支持WPA的支持IEEE 802.1x的网络和/或不支持WPA的支持IEEE 802.1x的网络。 根据本发明的一个方面，提供一种具有连接部件和检测部件的无线网络检测系统。 连接组件便于将客户端系统连接到多个无线网络中的至少一个。 检测组件识别可用无线网络的类型。 识别可以例如基于在信息元素中接收到的信息和/或无线网络信标的迭代探测。

公开(公告)号：US08102865B2

公开(公告)日：2012-01-24

申请号：US12122475

申请日：2008-05-16

申请人： Ara Berdardi ,  Nelamangal Krishnaswamy Srinivas ,  Ashwin Palekar

发明人： Ara Berdardi ,  Nelamangal Krishnaswamy Srinivas ,  Ashwin Palekar

IPC分类号： H04L12/28 ,  G06F15/173

CPC分类号： H04L47/10 ,  H04L47/125 ,  H04L47/2441 ,  H04L47/2475

摘要： The present invention extends to methods, systems, and computer program products for group based allocation of terminal server network bandwidth. Output packets are classified into groups based on classification criteria. Output packets for each group are queue into a corresponding queue. During a queue flush cycle each queue containing data is flushed for an essentially equal amount of time. Flushing each queue essentially equally reduces the negative impact that can otherwise result when a subset of sessions (or even a single session) request(s) a disproportional share of terminal server network bandwidth. Responsiveness can be further increased by distributing the essentially equal amount for each queue across the queue flush cycle.

摘要翻译： 本发明扩展到用于基于组的终端服务器网络带宽分配的方法，系统和计算机程序产品。 输出数据包根据分类标准分为组。 每个组的输出数据包都被排队到相应的队列中。 在队列刷新循环期间，每个包含数据的队列刷新基本相等的时间量。 刷新每个队列基本上同样地减少了当会话（或甚至单个会话）的子集要求终端服务器网络带宽的不成比例的共享时可能导致的负面影响。 通过在队列刷新循环中为每个队列分配基本上相等的量来进一步提高响应性。

公开(公告)号：US20110153716A1

公开(公告)日：2011-06-23

申请号：US12643892

申请日：2009-12-21

申请人： Meher P. Malakapalli ,  Ido Ben-Shachar ,  Mahadeva K. Alladi ,  Vadim Ponomarev ,  Ersev Samim Erdogan ,  Ashwin Palekar

发明人： Meher P. Malakapalli ,  Ido Ben-Shachar ,  Mahadeva K. Alladi ,  Vadim Ponomarev ,  Ersev Samim Erdogan ,  Ashwin Palekar

IPC分类号： G06F15/16 ,  G06F9/455

CPC分类号： G06F9/45533 ,  G06F9/452 ,  G06F9/505

摘要： Disclosed are techniques for providing a platform that allows a user to remotely establish a connection with a virtual machine operating on a server farm In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may interact with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers.

摘要翻译： 公开了用于提供允许用户远程建立与在服务器场上运行的虚拟机的连接的平台的技术。在典型情况下，当用户请求连接以访问第三方插件应用时，应用程序接口 可以与会话代理进程交互以识别用户可以连接的会话或合适的服务器。 用户可以通过识别的会话或合适的服务器访问第三方插件应用程序。