摘要:
Client statement of health techniques are described herein. In an embodiment, a statement is generated that describes a relative health of a client's resources, such as hardware and/or software resources. The statement is exposed to a service provider over a network, which may be used to manage access of the client to one or more online services of the service provider.
摘要:
Architecture that provides Internet Protocol security (IPsec) certificate exchange based on certificate attributes. An IPsec endpoint can validate the security context of another IPsec endpoint certificate by referencing certificate attributes. By facilitating IPsec certificate exchange using certificate attributes rather than solely certificate roots, it is now possible to build multiple isolated network zones using a single certificate authority rather than requiring one certificate authority per zone. Moreover, the ability to use certificate attributes during the IPsec certificate exchange can be leveraged for more focused communications such as QoS (quality of service). Certificate attributes can be utilized to identify the security context of the endpoint. The IPsec certificate use can be locked down to a single IP or group of IPs.
摘要:
An apparatus and method for determining a program neighborhood of a client node in a client-server network is described. The program neighborhood of the client node includes application programs hosted by application servers on the network. The present invention enables a user of a client node to learn of these application programs. The user is not required to know where to find such applications or to manually establish links to such applications. To make the client node aware of its program neighborhood, a host server collects application-related information corresponding to application programs hosted by the servers in the network. The application-related information can include the application name, the server location of the application, minimum capabilities required of client nodes for executing the application, and those users who are authorized to use that application. User credentials are received from the client system. The user credentials are used to filter the application-related information. Information representing those application programs that are available to the client node is transmitted from the host server to the client system for display. In a Windows-based client node, the information can be represented by a graphical icon for each available application program.
摘要:
The invention provides scalable, secure, and easily administerable methods and systems for providing remote access to networked resources by combing aspects of physical access limitation measures with traditional computer access limitation measures. The methods and systems utilize an enrollment administration system for specifying enrollment rules, an enrollment system configured to communicate with the enrollment administration system to permit enrolling a first networked resource if permitted by specified enrollment rules, and a remote access system for granting a user remote access to the first networked resource if the user successfully enrolled the first networked resource.
摘要:
The present invention extends to methods, systems, and computer program products for adaptive electronic message scanning. Embodiments of the invention relate to dynamically (and potentially unpredictably) varying the depth/thoroughness of classifying electronic messages to protect against undesirable message content (e.g., SPAM, viruses, digital leakage, etc.). A minimum effectiveness is maintained and, when available resources permit, can be exceeded to provide increased protection. An optimal subset of available message classification rules can be selected on a per message basis. The selection of rules is based on available system resources, minimum desired effectiveness (e.g., defined in a Service Level Agreement (“SLA”)), and rule characteristics. Feedback loops can be used to optimize selected classification rule subsets.
摘要:
The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service when a client roams between networks, the connection is reestablished and the client's network connection is maintained thru a change in a network identifier assigned to the client.
摘要:
The invention relates to systems and methods for assigning a unique network identifier to one or more programs invoked on a computer. The computer obtains a plurality of network identifiers and associates a first network identifier to a first program invoked on the computer and associates a second network identifier, different from the first network identifier, to a second program invoked on the computer. The program may be a user session hosted by the computer, an application or an application isolation environment. The computer through a network communication interface transmits the first network identifier with the network communication of the first program and transmits the second network identifier with network communication of the second program.
摘要:
Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.
摘要:
A backup file is generated to capture the current state of a computer. The computer state may be restored to the computer in a hybrid manner at a later time by accessing some files and/or data included in the backup file and downloading other files contained in a list in the backup file. By listing some files rather than including the actual files in the backup file, the backup file may be generated faster and require less processing and memory resources. When the computer state is restored, secondary files and computer state data contained in the backup file are installed to the computer. A list of primary files in the backup file is accessed, each primary file is retrieved from one or more remote publishers over a network, and the retrieved primary files are installed.
摘要:
The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a server. An operation may be executed or transacted between the client and the server. When there is a disruption in the network connection between the client and the server that interrupts the operation, the connection is automatically reestablished and the operation is continued.