公开(公告)号：US20120185930A1

公开(公告)日：2012-07-19

申请号：US13006634

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyan Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyan Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F2221/2141

摘要： Domains can be used to secure resources of a cluster. An administrator can configure a node of a cluster as a member of a particular domain. Membership in a cluster can be restricted to nodes that are members of the particular domain. When a node generates a cluster message, a kernel process or operating system process of the node will indicate the domain(s) of the node in the cluster message. The cluster message can be a command message to read or write to a storage resource of the cluster. When the cluster storage resource node or node that controls the storage resource receives the command message, the node will examine the command message to ensure the message indicates a domain that aligns with the cluster. If the proper domain is indicated in the command message, then the command message is processed. Otherwise, the command message is denied.

摘要翻译： 可以使用域来保护群集的资源。 管理员可以将集群的节点配置为特定域的成员。 群集中的成员资格可以限制为属于特定域的成员的节点。 当节点生成集群消息时，节点的内核进程或操作系统进程将指示集群消息中节点的域。 集群消息可以是用于读取或写入集群的存储资源的命令消息。 当控制存储资源的集群存储资源节点或节点接收到命令消息时，节点将检查命令消息，以确保消息指示与集群对齐的域。 如果在命令消息中指示了适当的域，则处理命令消息。 否则命令消息被拒绝。

公开(公告)号：US20120185581A1

公开(公告)日：2012-07-19

申请号：US13006618

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L63/0236 ,  H04L63/104

摘要： When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.

摘要翻译： 当操作系统进程评估在逻辑网络端口上尝试的操作的规则时，操作系统进程确定目标逻辑端口是否落入逻辑端口的范围内，然后确定该操作是否与允许的域 逻辑端口的范围。 如果操作是绑定操作，则如果目标端口在范围内，并且操作/进程与允许的域相关联，则尝试绑定到目标端口的进程将被允许绑定。 否则，将不允许绑定操作继续。

公开(公告)号：US06938155B2

公开(公告)日：2005-08-30

申请号：US09864136

申请日：2001-05-24

申请人： Ajit Clarence D'Sa ,  William Alton Fiveash ,  Denise Marie Genty ,  Guha Prasad Venkataraman ,  Jacqueline Hegedus Wilson

发明人： Ajit Clarence D'Sa ,  William Alton Fiveash ,  Denise Marie Genty ,  Guha Prasad Venkataraman ,  Jacqueline Hegedus Wilson

IPC分类号： H04L29/06 ,  H04L9/00

CPC分类号： H04L63/0272 ,  H04L63/0823

摘要： A system and method for providing multiple virtual private networks from a computer system. The computer system communicates with a remote computer system in order to allow encrypted data traffic to flow between the respective systems. Two phases are used to authenticate the computer systems to one another. During the first phase, digital certificates or pre-shared keys are used to authenticate the computer systems. A phase 1 ID rules list contains authentication rules for local-remote computer pairs. During the second phase, a hash value is used to authenticate the computer systems and a security association payload is created. The remote system's IP address is used for connecting. The phase 1 ID rules list corresponds to one or more phase 2 ID rules lists. If the remote ID is not found in the phase 2 ID rules list, a default rule is used based upon the phase 1 ID rules list.

摘要翻译： 一种用于从计算机系统提供多个虚拟专用网络的系统和方法。 计算机系统与远程计算机系统进行通信，以允许加密的数据流量在各个系统之间流动。 两个阶段用于将计算机系统彼此认证。 在第一阶段，数字证书或预共享密钥用于认证计算机系统。 第1阶段ID规则列表包含本地远程计算机对的身份验证规则。 在第二阶段期间，使用散列值来认证计算机系统，并创建安全关联有效载荷。 远程系统的IP地址用于连接。 阶段1 ID规则列表对应于一个或多个阶段2 ID规则列表。 如果在第2阶段ID规则列表中找不到远程ID，则将根据第1阶段规则列表使用默认规则。

公开(公告)号：US06598072B1

公开(公告)日：2003-07-22

申请号：US09453250

申请日：1999-12-02

申请人： Gerald Francis McBrearty ,  Shawn Patrick Mullen ,  Johnny Meng-Han Shieh ,  Guha Prasad Venkataraman

发明人： Gerald Francis McBrearty ,  Shawn Patrick Mullen ,  Johnny Meng-Han Shieh ,  Guha Prasad Venkataraman

IPC分类号： G06F1300

CPC分类号： G06F17/30873

摘要： In a search session through a browser for pages on the World Wide Web (Web), a system for precluding repetitive accessing of documents linked to hyperlinks in a plurality of hypertext documents. The system is directed to a Web communication network with user access via a plurality of data processor controlled interactive receiving display stations for displaying received hypertext documents of at least one display page containing text, images and a plurality of embedded hyperlinks, each hyperlink being user selectable to access and display a respective linked hypertext document. In addition to precluding hyperlinks which had been activated in previous pages and/or hyperlinks which have been discounted merely by having been present in previous pages, the Web browser may be setup to permit the user to specifically discount individual hyperlinks or groups of hyperlinks. Also, the Web browser may be setup to preclude repetitive hyperlinks in subsequent Web pages from searches from different search engines. The basic system comprises search means for locating and providing to receiving display stations hypertext documents, combined with a Web browsing system operatively associated with the receiving display station including means for querying said search means for hypertext documents, means for activating hyperlinks to linked documents and means responsive to said activating means for accessing the linked documents. The browser also has user interactive means for discounting hyperlinks in received Web documents, and means precluding the accessing of any document linked to previously discounted hyperlinks.

摘要翻译： 在通过用于万维网（Web）上的页面的浏览器的搜索会话中，用于排除重复访问与多个超文本文件中的超链接相关联的文档的系统。 该系统被引导到经由多个数据处理器控制的交互式接收显示站的用户访问的Web通信网络，用于显示包含文本，图像和多个嵌入式超链接的至少一个显示页面的接收的超文本文件，每个超链接是用户可选择的 以访问和显示相应的链接超文本文件。 除了排除以前页面中激活的超链接和/或仅通过已经存在于先前页面中已被打折的超链接之外，Web浏览器可以被设置为允许用户专门打折单个超链接或超链接组。 此外，Web浏览器可以被设置为排除来自不同搜索引擎的搜索的后续网页中的重复超链接。基本系统包括搜索装置，用于定位和提供接收显示站超文本文档，与与 接收显示站，包括用于查询所述搜索装置的超文本文件的装置，用于激活到链接的文档的超链接的装置以及响应于所述激活装置访问所链接的文档的装置。 浏览器还具有用于对接收的Web文档中的超链接进行折扣的用户交互方式，并且意味着排除访问与先前打折的超链接相关联的任何文档。

公开(公告)号：US08832389B2

公开(公告)日：2014-09-09

申请号：US13006626

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G06F13/00 ,  G06F12/14

CPC分类号： G06F12/1491

摘要： Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.

摘要翻译： 域也可用于控制对物理内存空间的访问。 在进程停止使用物理内存空间（例如，进程终止）之后，进程使用的物理内存空间中的数据有时会持续。 此外，虚拟存储器管理器可以允许不同应用的进程访问相同的存储器空间。 为了防止敏感/机密数据的暴露，物理内存空间可以在分配物理内存空间时为特定域或域指定。

公开(公告)号：US08595821B2

公开(公告)日：2013-11-26

申请号：US13006634

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G06F9/00

CPC分类号： G06F21/6218 ,  G06F2221/2141

摘要： Domains can be used to secure resources of a cluster. An administrator can configure a node of a cluster as a member of a particular domain. Membership in a cluster can be restricted to nodes that are members of the particular domain. When a node generates a cluster message, a kernel process or operating system process of the node will indicate the domain(s) of the node in the cluster message. The cluster message can be a command message to read or write to a storage resource of the cluster. When the cluster storage resource node or node that controls the storage resource receives the command message, the node will examine the command message to ensure the message indicates a domain that aligns with the cluster. If the proper domain is indicated in the command message, then the command message is processed. Otherwise, the command message is denied.

摘要翻译： 可以使用域来保护群集的资源。 管理员可以将集群的节点配置为特定域的成员。 群集中的成员资格可以限制为属于特定域的成员的节点。 当节点生成集群消息时，节点的内核进程或操作系统进程将指示集群消息中节点的域。 集群消息可以是用于读取或写入集群的存储资源的命令消息。 当控制存储资源的集群存储资源节点或节点接收到命令消息时，节点将检查命令消息，以确保消息指示与集群对齐的域。 如果在命令消息中指示了适当的域，则处理命令消息。 否则命令消息被拒绝。

公开(公告)号：US20120185510A1

公开(公告)日：2012-07-19

申请号：US13006621

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G06F17/30

CPC分类号： G06F21/6281 ,  G06F2221/2141

摘要： Functionality can be implemented in an operating system to increase the granularity of isolation for objects. A domain can be defined to represent each of different entities (e.g., different departments or work groups). User identifiers and/or user credentials can be associated with the appropriate domain or domains. An administrator can then define a set of rules that govern operation(s) that can be performed on the objects based on the domains. Processes running on a system will inherit the domains of a user account logged into the system. When a process running on the system attempts to perform an operation on an object, an operating system process evaluates the domain isolation rules with an identifier of the object and a domain identifier to determine whether the operation is permitted to proceed.

摘要翻译： 可以在操作系统中实现功能，以增加对象的隔离粒度。 可以定义域以表示不同实体（例如，不同部门或工作组）。 用户标识符和/或用户凭证可以与适当的域或域相关联。 然后，管理员可以定义一组管理基于域的对象执行的操作的规则。 在系统上运行的进程将继承登录系统的用户帐户的域。 当在系统上运行的进程尝试对对象执行操作时，操作系统进程将使用对象的标识符和域标识符来评估域隔离规则，以确定是否允许该操作继续。

公开(公告)号：US06829638B1

公开(公告)日：2004-12-07

申请号：US09631722

申请日：2000-08-03

申请人： Gerald Francis McBrearty ,  Shawn Patrick Mullen ,  Johnny Meng-Han Shieh ,  Guha Prasad Venkataraman

发明人： Gerald Francis McBrearty ,  Shawn Patrick Mullen ,  Johnny Meng-Han Shieh ,  Guha Prasad Venkataraman

IPC分类号： G06F1516

CPC分类号： H04L67/1008 ,  H04L67/1002 ,  H04L67/1012 ,  H04L67/1036 ,  H04L67/28 ,  H04L67/2819 ,  H04L67/289 ,  H04L69/329

摘要： A system and method for managing multiple proxy servers by a client computer. In one embodiment, the client computer's configuration is set to the fastest proxy server available. In another embodiment, a proxy table is accessed by the client computer to determine which proxy to use for a given web address. When a web address is included in the table, the corresponding proxy server is used to request the contents of the web address. If the web address is not included in the table, a default proxy server is used to request the information. In another embodiment, a periodic test is made to determine the speed of the current proxy server. If the speed is less than a predetermined threshold, the available proxy servers are all tested and the best-performing proxy server is selected. In another embodiment, aspects of each of the above-described embodiments are combined to provide a proxy server to a client computer based upon either a given web address (URL) or the fastest current proxy server.

摘要翻译： 一种用于由客户端计算机管理多个代理服务器的系统和方法。 在一个实施例中，将客户端计算机的配置设置为可用的最快的代理服务器。 在另一个实施例中，客户端计算机访问代理表以确定用于给定网址的哪个代理。 当网址包含在表中时，相应的代理服务器用于请求网址的内容。 如果表中未包含网址，则使用默认代理服务器来请求该信息。 在另一个实施例中，进行周期性测试以确定当前代理服务器的速度。 如果速度小于预定阈值，则可以使用可用的代理服务器进行测试，并选择性能最好的代理服务器。 在另一个实施例中，组合每个上述实施例的方面，以基于给定的网址（URL）或最快的当前代理服务器向客户端计算机提供代理服务器。

公开(公告)号：US08631123B2

公开(公告)日：2014-01-14

申请号：US13006618

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L63/0236 ,  H04L63/104

摘要： When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.

摘要翻译： 当操作系统进程评估在逻辑网络端口上尝试的操作的规则时，操作系统进程确定目标逻辑端口是否落入逻辑端口的范围内，然后确定该操作是否与允许的域 逻辑端口的范围。 如果操作是绑定操作，则如果目标端口在范围内，并且操作/进程与允许的域相关联，则尝试绑定到目标端口的进程将被允许绑定。 否则，将不允许绑定操作继续。

公开(公告)号：US07171685B2

公开(公告)日：2007-01-30

申请号：US09935395

申请日：2001-08-23

申请人： Gaurav Batra ,  Dave Kemper ,  Charles Kunzinger ,  Guha Prasad Venkataraman ,  Jacqueline Hegedus Wilson

发明人： Gaurav Batra ,  Dave Kemper ,  Charles Kunzinger ,  Guha Prasad Venkataraman ,  Jacqueline Hegedus Wilson

IPC分类号： G06F9/00 ,  G06F17/21

CPC分类号： H04L63/0272 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/20

摘要： A data processing system, method, and product are disclosed for automatically configuring IP security tunnels. A security policy specification format is established that is capable of being utilized by any one of multiple different operating systems and any one of multiple different machine types. An IP security tunnel is automatically configured utilizing the security policy specification format.

摘要翻译： 公开了一种数据处理系统，方法和产品，用于自动配置IP安全隧道。 建立了能够被多个不同操作系统中的任何一个和多种不同机器类型中的任何一种使用的安全策略规范格式。 使用安全策略规范格式自动配置IP安全隧道。