公开(公告)号：US20080133639A1

公开(公告)日：2008-06-05

申请号：US11565402

申请日：2006-11-30

申请人： Anatoliy Panasyuk ,  Rajesh Kuppuswamy ,  Doug S. Cavit

发明人： Anatoliy Panasyuk ,  Rajesh Kuppuswamy ,  Doug S. Cavit

IPC分类号： G06F15/16

CPC分类号： H04L41/507 ,  H04L43/0817 ,  H04L63/10

摘要： Client statement of health techniques are described herein. In an embodiment, a statement is generated that describes a relative health of a client's resources, such as hardware and/or software resources. The statement is exposed to a service provider over a network, which may be used to manage access of the client to one or more online services of the service provider.

摘要翻译： 本文描述了客户的健康技术声明。 在一个实施例中，生成描述客户端资源（例如硬件和/或软件资源）的相对健康状况的语句。 该语句通过网络暴露给服务提供商，其可以用于管理客户端对服务提供商的一个或多个在线服务的访问。

公开(公告)号：US09912654B2

公开(公告)日：2018-03-06

申请号：US12616789

申请日：2009-11-12

申请人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Abhishek Shukla

发明人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Abhishek Shukla

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F2221/2105 ,  G06F2221/2149 ,  H04L9/3263 ,  H04L63/164 ,  H04L2209/76 ,  H04L2209/80

摘要： Architecture that provides Internet Protocol security (IPsec) certificate exchange based on certificate attributes. An IPsec endpoint can validate the security context of another IPsec endpoint certificate by referencing certificate attributes. By facilitating IPsec certificate exchange using certificate attributes rather than solely certificate roots, it is now possible to build multiple isolated network zones using a single certificate authority rather than requiring one certificate authority per zone. Moreover, the ability to use certificate attributes during the IPsec certificate exchange can be leveraged for more focused communications such as QoS (quality of service). Certificate attributes can be utilized to identify the security context of the endpoint. The IPsec certificate use can be locked down to a single IP or group of IPs.

公开(公告)号：US08527615B2

公开(公告)日：2013-09-03

申请号：US10908202

申请日：2005-05-02

申请人： Martin Duursma ,  Anatoliy Panasyuk ,  Robert Ciraldo ,  Anthony Ungerman ,  Bradley Pedersen ,  Tom Davis, III ,  Marc Bloomfield

发明人： Martin Duursma ,  Anatoliy Panasyuk ,  Robert Ciraldo ,  Anthony Ungerman ,  Bradley Pedersen ,  Tom Davis, III ,  Marc Bloomfield

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L29/12113 ,  G06F9/54 ,  H04L29/06 ,  H04L61/1541 ,  H04L63/08 ,  H04L63/102 ,  H04L63/104 ,  H04L67/16 ,  H04L67/306 ,  H04L67/34 ,  H04L67/36 ,  H04L67/42 ,  H04L69/24 ,  H04L69/329

摘要： An apparatus and method for determining a program neighborhood of a client node in a client-server network is described. The program neighborhood of the client node includes application programs hosted by application servers on the network. The present invention enables a user of a client node to learn of these application programs. The user is not required to know where to find such applications or to manually establish links to such applications. To make the client node aware of its program neighborhood, a host server collects application-related information corresponding to application programs hosted by the servers in the network. The application-related information can include the application name, the server location of the application, minimum capabilities required of client nodes for executing the application, and those users who are authorized to use that application. User credentials are received from the client system. The user credentials are used to filter the application-related information. Information representing those application programs that are available to the client node is transmitted from the host server to the client system for display. In a Windows-based client node, the information can be represented by a graphical icon for each available application program.

公开(公告)号：US20120060204A1

公开(公告)日：2012-03-08

申请号：US13294965

申请日：2011-11-11

申请人： Anatoliy Panasyuk ,  Abolfazl Sirjani ,  Ben Walters ,  Michael Burr ,  Min-Chih Lu Earl

发明人： Anatoliy Panasyuk ,  Abolfazl Sirjani ,  Ben Walters ,  Michael Burr ,  Min-Chih Lu Earl

IPC分类号： G06F21/20

CPC分类号： H04L63/102 ,  G06F21/31 ,  G06F21/41 ,  G06F21/604 ,  G06F2221/2111

摘要： The invention provides scalable, secure, and easily administerable methods and systems for providing remote access to networked resources by combing aspects of physical access limitation measures with traditional computer access limitation measures. The methods and systems utilize an enrollment administration system for specifying enrollment rules, an enrollment system configured to communicate with the enrollment administration system to permit enrolling a first networked resource if permitted by specified enrollment rules, and a remote access system for granting a user remote access to the first networked resource if the user successfully enrolled the first networked resource.

摘要翻译： 本发明提供可扩展，安全且易于管理的方法和系统，用于通过将物理访问限制措施的各个方面与传统的计算机访问限制措施相结合来提供对网络资源的远程访问。 所述方法和系统利用注册管理系统来指定注册规则，注册系统被配置为与注册管理系统进行通信，以允许在指定的注册规则允许的情况下注册第一联网资源;以及用于授予用户远程访问的远程访问系统 如果用户成功注册了第一个联网资源，则连接到第一个联网资源。

公开(公告)号：US20120054859A1

公开(公告)日：2012-03-01

申请号：US12872728

申请日：2010-08-31

申请人： Hans Christian Andersen ,  Anatoliy Panasyuk ,  Venkata Somanadha Sarma Remany ,  Bart Kus

发明人： Hans Christian Andersen ,  Anatoliy Panasyuk ,  Venkata Somanadha Sarma Remany ,  Bart Kus

IPC分类号： G06F15/16 ,  G06F21/00

CPC分类号： H04L51/12 ,  G06Q10/107

摘要： The present invention extends to methods, systems, and computer program products for adaptive electronic message scanning. Embodiments of the invention relate to dynamically (and potentially unpredictably) varying the depth/thoroughness of classifying electronic messages to protect against undesirable message content (e.g., SPAM, viruses, digital leakage, etc.). A minimum effectiveness is maintained and, when available resources permit, can be exceeded to provide increased protection. An optimal subset of available message classification rules can be selected on a per message basis. The selection of rules is based on available system resources, minimum desired effectiveness (e.g., defined in a Service Level Agreement (“SLA”)), and rule characteristics. Feedback loops can be used to optimize selected classification rule subsets.

摘要翻译： 本发明扩展到用于自适应电子消息扫描的方法，系统和计算机程序产品。 本发明的实施例涉及动态（并且潜在地不可预测地）改变分类电子消息的深度/彻底性，以防止不期望的消息内容（例如，垃圾邮件，病毒，数字泄漏等）。 维持最低限度的效力，并且在可获得资源的情况下可以超过这些有效性，以提供更多的保护。 可以在每个消息的基础上选择可用消息分类规则的最佳子集。 规则的选择基于可用的系统资源，最小期望的有效性（例如，在服务水平协议（“SLA”）中定义）和规则特征。 反馈回路可用于优化所选择的分类规则子集。

公开(公告)号：US08090874B2

公开(公告)日：2012-01-03

申请号：US11157289

申请日：2005-06-20

申请人： Anatoliy Panasyuk ,  Andre Kramer ,  Bradley Jay Pedersen ,  David Sean Stone ,  Terry Treder

发明人： Anatoliy Panasyuk ,  Andre Kramer ,  Bradley Jay Pedersen ,  David Sean Stone ,  Terry Treder

IPC分类号： G06F15/16

CPC分类号： H04L63/0209 ,  G06F21/31 ,  H04L12/4633 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/166 ,  H04L67/14 ,  H04L69/329

摘要： The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service when a client roams between networks, the connection is reestablished and the client's network connection is maintained thru a change in a network identifier assigned to the client.

摘要翻译： 本发明涉及用于重新连接客户端并在可靠和持续的通信会话中提供用户认证的方法和系统。 封装多个辅助协议的第一协议被用于通过网络进行通信。 使用第一协议的第一协议服务提供会话持久性和客户端与主机服务之间的可靠连接。 当客户端和主机服务之间的网络连接发生中断时，客户端在网络之间漫游时，重新建立连接，并通过分配给客户端的网络标识符进行更改来维护客户端的网络连接。

公开(公告)号：US07984192B2

公开(公告)日：2011-07-19

申请号：US10711583

申请日：2004-09-27

申请人： Michael Burr ,  Min-Chih Lu Earl ,  Anatoliy Panasyuk ,  Abolfazl Sirjani

发明人： Michael Burr ,  Min-Chih Lu Earl ,  Anatoliy Panasyuk ,  Abolfazl Sirjani

IPC分类号： G06F13/00

CPC分类号： H04L29/12311 ,  H04L29/12226 ,  H04L29/12301 ,  H04L29/12783 ,  H04L29/12952 ,  H04L61/2015 ,  H04L61/2076 ,  H04L61/2084 ,  H04L61/35 ,  H04L61/6077

摘要： The invention relates to systems and methods for assigning a unique network identifier to one or more programs invoked on a computer. The computer obtains a plurality of network identifiers and associates a first network identifier to a first program invoked on the computer and associates a second network identifier, different from the first network identifier, to a second program invoked on the computer. The program may be a user session hosted by the computer, an application or an application isolation environment. The computer through a network communication interface transmits the first network identifier with the network communication of the first program and transmits the second network identifier with network communication of the second program.

摘要翻译： 本发明涉及用于将唯一网络标识符分配给在计算机上调用的一个或多个程序的系统和方法。 计算机获得多个网络标识符并将第一网络标识符与在计算机上调用的第一程序相关联，并将不同于第一网络标识符的第二网络标识符与在计算机上调用的第二程序相关联。 程序可以是由计算机，应用程序或应用程序隔离环境托管的用户会话。 通过网络通信接口的计算机通过第一程序的网络通信发送第一网络标识符，并用第二程序的网络通信发送第二网络标识符。

公开(公告)号：US20110110268A1

公开(公告)日：2011-05-12

申请号：US12616800

申请日：2009-11-12

申请人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Ram Viswanathan ,  Anthony S. Chavez ,  Jiazhen Chen ,  Morgan Brown ,  Hasan S. Alkhatib ,  Geoffrey H. Outhred

发明人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Ram Viswanathan ,  Anthony S. Chavez ,  Jiazhen Chen ,  Morgan Brown ,  Hasan S. Alkhatib ,  Geoffrey H. Outhred

IPC分类号： H04L12/28

CPC分类号： H04L41/145 ,  H04L41/12 ,  H04L63/102 ,  H04L63/20

摘要： Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.

摘要翻译： 有助于物理端点之间连接的虚拟规范的体系结构。 可以将网络定义为以连接意图表示的抽象连接模型，而不是任何特定技术。 连接模型被转换为配置设置，策略，防火墙规则等，以实现基于可用物理网络和设备功能的连接意图。 连接模型定义了网络的连接语义，并控制物理网络中的物理节点之间的通信。 所得到的虚拟网络可以是独立于物理层的虚拟覆盖。 或者，虚拟覆盖也可以包括物理网络的元素和摘要。 此外，可以从网络的连接性模型导出自动网络安全规则（例如，因特网协议安全IPSec）。

公开(公告)号：US20080126444A1

公开(公告)日：2008-05-29

申请号：US11563509

申请日：2006-11-27

申请人： Catharine van Ingen ,  Anatoliy Panasyuk ,  Steve E. Olsson ,  Guhan Suriyanarayanan

发明人： Catharine van Ingen ,  Anatoliy Panasyuk ,  Steve E. Olsson ,  Guhan Suriyanarayanan

IPC分类号： G06F12/16

CPC分类号： G06F11/1464 ,  G06F11/1469

摘要： A backup file is generated to capture the current state of a computer. The computer state may be restored to the computer in a hybrid manner at a later time by accessing some files and/or data included in the backup file and downloading other files contained in a list in the backup file. By listing some files rather than including the actual files in the backup file, the backup file may be generated faster and require less processing and memory resources. When the computer state is restored, secondary files and computer state data contained in the backup file are installed to the computer. A list of primary files in the backup file is accessed, each primary file is retrieved from one or more remote publishers over a network, and the retrieved primary files are installed.

摘要翻译： 生成备份文件以捕获计算机的当前状态。 计算机状态可以通过访问备份文件中包括的一些文件和/或数据并下载备份文件中的列表中包含的其他文件，以稍后的混合方式恢复到计算机。 通过列出一些文件，而不是将实际文件包含在备份文件中，备份文件可能会更快生成，并且需要更少的处理和内存资源。 当计算机状态恢复时，备份文件中包含的辅助文件和计算机状态数据将安装到计算机。 访问备份文件中的主文件列表，通过网络从一个或多个远程发布者检索每个主文件，并安装检索到的主文件。

公开(公告)号：US07340772B2

公开(公告)日：2008-03-04

申请号：US11157315

申请日：2005-06-20

申请人： Anatoliy Panasyuk ,  Andre Kramer ,  Bradley Jay Pedersen ,  David Sean Stone ,  Terry Treder

发明人： Anatoliy Panasyuk ,  Andre Kramer ,  Bradley Jay Pedersen ,  David Sean Stone ,  Terry Treder

IPC分类号： G06F12/16 ,  G06F15/18

CPC分类号： H04L63/0209 ,  G06F21/31 ,  H04L12/4633 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/166 ,  H04L67/14 ,  H04L69/329

摘要： The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a server. An operation may be executed or transacted between the client and the server. When there is a disruption in the network connection between the client and the server that interrupts the operation, the connection is automatically reestablished and the operation is continued.

摘要翻译： 本发明涉及用于重新连接客户端并在可靠和持续的通信会话中提供用户认证的方法和系统。 封装多个辅助协议的第一协议被用于通过网络进行通信。 使用第一协议的第一协议服务提供会话持久性和客户端与服务器之间的可靠连接。 可以在客户端和服务器之间执行或处理操作。 当中断操作的客户端和服务器之间的网络连接中断时，连接将自动重新建立，并继续操作。