公开(公告)号：US20100107113A1

公开(公告)日：2010-04-29

申请号：US12605483

申请日：2009-10-26

申请人： Andrew Innes ,  Richard Hayton ,  Andrew Borzycki ,  Anthony Edward Low ,  Michael Wookey

发明人： Andrew Innes ,  Richard Hayton ,  Andrew Borzycki ,  Anthony Edward Low ,  Michael Wookey

IPC分类号： G06F9/24 ,  G06F3/048

CPC分类号： G06F9/4406 ,  G06F9/44505 ,  H04L41/024 ,  H04L41/22

摘要： A method and system for modifying, in a combined computing environment, a machine base image having a personalized desktop environment includes executing an operating system associated with a base disk; intercepting, by a filter driver, an instruction from at least one of a plurality of resources to modify a setting stored in at least one of a file system and a registry, the plurality of resources executing inside an isolation environment; storing, in a delta disk, a copy of the modified setting; restarting the operating system; replacing the setting stored in the at least one of the file system and the registry with the copy of the modified setting stored on the delta disk; and restarting at least one operating system process incorporating the modified setting.

摘要翻译： 一种用于在组合计算环境中修改具有个性化桌面环境的机器基础图像的方法和系统包括执行与基盘相关联的操作系统; 由过滤器驱动程序拦截来自多个资源中的至少一个的指令，以修改存储在文件系统和注册表中的至少一个中的设置，所述多个资源在隔离环境内执行; 在增量盘中存储修改设置的副本; 重新启动操作系统; 使用存储在增量盘上的修改设置的副本替换存储在文件系统和注册表中的至少一个的设置; 并重新启动包含修改设置的至少一个操作系统进程。

公开(公告)号：US20100281528A1

公开(公告)日：2010-11-04

申请号：US12773007

申请日：2010-05-03

申请人： Richard Hayton ,  Andrew Innes

发明人： Richard Hayton ,  Andrew Innes

IPC分类号： G06F15/16 ,  H04L9/32 ,  G06F9/445

CPC分类号： G06F8/60 ,  G06F9/468 ,  G06F9/54 ,  G06F2209/549

摘要： A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application.

摘要翻译： 一种用于更新和交付交互式应用传送存储的系统，其中所述系统包括在所述服务器上执行的客户端计算机，服务器和应用传送存储器，所述客户端计算机通过通信连接与所述服务器通信。 用户使用客户端计算机访问应用传送存储器，并且使用应用传送存储器订阅不包括在用户的用户简档中的应用。 响应于订阅应用程序，应用传送商店验证用户的用户权限，并确定用户是否被允许订阅该应用。 一旦确定用户可以订阅该应用程序，应用程序传送存储库将使用应用程序更新用户配置文件，并将存根应用程序发送到客户端计算机。 存根应用程序表示用户订阅的应用程序，即存根应用程序包括应用程序的一部分。

公开(公告)号：US09152401B2

公开(公告)日：2015-10-06

申请号：US12773007

申请日：2010-05-03

申请人： Richard Hayton ,  Andrew Innes

发明人： Richard Hayton ,  Andrew Innes

IPC分类号： G06F9/54 ,  G06F9/445 ,  G06F9/46

CPC分类号： G06F8/60 ,  G06F9/468 ,  G06F9/54 ,  G06F2209/549

摘要： A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application.

摘要翻译： 一种用于更新和交付交互式应用传送存储的系统，其中所述系统包括在所述服务器上执行的客户端计算机，服务器和应用传送存储器，所述客户端计算机通过通信连接与所述服务器通信。 用户使用客户端计算机访问应用传送存储器，并且使用应用传送存储器订阅不包括在用户的用户简档中的应用。 响应于订阅应用程序，应用传送商店验证用户的用户权限，并确定用户是否被允许订阅该应用。 一旦确定用户可以订阅该应用程序，应用程序传送存储库将使用应用程序更新用户配置文件，并将存根应用程序发送到客户端计算机。 存根应用程序表示用户订阅的应用程序，即存根应用程序包括应用程序的一部分。

公开(公告)号：US09306737B2

公开(公告)日：2016-04-05

申请号：US13475082

申请日：2012-05-18

申请人： Richard Hayton ,  Andrew Innes

发明人： Richard Hayton ,  Andrew Innes

IPC分类号： H04L9/12 ,  H04L9/08 ,  H04L29/06 ,  G06F21/62 ,  G06F17/30 ,  H04L9/16 ,  G06F21/78

CPC分类号： H04L9/0822 ,  G06F17/30203 ,  G06F21/6272 ,  G06F2221/2115 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/088 ,  H04L9/16 ,  H04L63/045 ,  H04L63/105

摘要： The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.

摘要翻译： 本文描述的方法和系统提供企业环境中的外部存储提供商的安全实现。 具体地，本发明提供了允许安全地使用可以将文件传输到外部存储提供商或从外部存储提供商访问文件的过程。 在一些安排中，诸如不受信任的过程之类的进程可以请求访问文件。 安全代理可以拦截请求并加密文件。 然后可以将文件传输到外部存储提供商。 用户可以随后请求访问该文件。 安全代理人可以拦截与该请求有关的消息，确定用户是否被授权访问该文件，并对该文件进行解密。

公开(公告)号：US20120297189A1

公开(公告)日：2012-11-22

申请号：US13475082

申请日：2012-05-18

申请人： Richard Hayton ,  Andrew Innes

发明人： Richard Hayton ,  Andrew Innes

IPC分类号： H04L9/00

CPC分类号： H04L9/0822 ,  G06F17/30203 ,  G06F21/6272 ,  G06F2221/2115 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/088 ,  H04L9/16 ,  H04L63/045 ,  H04L63/105

摘要： The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.

摘要翻译： 本文描述的方法和系统提供企业环境中的外部存储提供商的安全实现。 具体地，本发明提供了允许安全地使用可以将文件传输到外部存储提供商或从外部存储提供商访问文件的过程。 在一些安排中，诸如不受信任的过程之类的进程可以请求访问文件。 安全代理可以拦截请求并加密该文件。 然后可以将文件传输到外部存储提供商。 用户可以随后请求访问该文件。 安全代理可以拦截与该请求相关的消息，确定用户是否被授权访问该文件，并解密该文件。

公开(公告)号：US08042165B2

公开(公告)日：2011-10-18

申请号：US10905655

申请日：2005-01-14

申请人： Andrew Innes ,  Chris Mayers ,  Mark James Syms ,  David John Otway

发明人： Andrew Innes ,  Chris Mayers ,  Mark James Syms ,  David John Otway

IPC分类号： G06F7/04

CPC分类号： H04L63/0807 ,  H04L9/3213 ,  H04L9/3236 ,  H04L63/166 ,  H04L2209/80

摘要： A server transmits to a server in a server farm a request for membership in the server farm and a first nonce. The server derives a Kerberos service ticket and a Kerberos authenticator, responsive to generating a hash of the server farm name, a passphrase, the name of the server, the name of the server in the server farm, the first nonce, and a second nonce. The server transmits the Kerberos service ticket and the Kerberos authenticator to the server in the server farm. The server in the server farm authenticates the requesting server responsive to the received Kerberos service ticket and the Kerberos authenticator and a generated hash. The server in the server farm transmits, responsive to the authentication, a secret to the requesting server.

摘要翻译： 一个服务器向服务器场中的服务器发送服务器场中的成员身份请求和第一个随机数。 服务器导出Kerberos服务票证和Kerberos身份验证器，响应于生成服务器场名称的散列，密码，服务器名称，服务器场中的服务器名称，第一个随机数和第二个随机数 。 服务器将Kerberos服务票证和Kerberos身份验证器发送到服务器场中的服务器。 服务器场中的服务器根据接收到的Kerberos服务票证和Kerberos身份验证器以及生成的散列来对请求服务器进行身份验证。 服务器场中的服务器响应于认证向请求服务器发送秘密。

公开(公告)号：US20110138295A1

公开(公告)日：2011-06-09

申请号：US12897871

申请日：2010-10-05

申请人： Georgy Momchilov ,  Andrew Innes ,  Kevin Harvey

发明人： Georgy Momchilov ,  Andrew Innes ,  Kevin Harvey

IPC分类号： G06F3/01 ,  G06F15/16

CPC分类号： G06F3/0484 ,  G06F3/0481 ,  G06F3/14 ,  G06F9/452 ,  G09G5/14

摘要： The present disclosure features methods and systems for updating an application-centric interface or dock, generated and displayed by a local computer, with a user interface element representative of a remote application executing on a remote computer to provide integration between remote (“published”) applications and their local counterparts. This functionality provides a seamless, unified user experience by allowing hosted applications to appear as if they are running locally in a dock interface, in the same way that local applications appear.

摘要翻译： 本公开的特征在于用于更新由本地计算机生成和显示的以应用为中心的接口或坞站的方法和系统，所述用户界面元素代表在远程计算机上执行的远程应用程序，以提供远程（“已发布”） 申请及其当地同行。 该功能通过允许托管应用程序以与本地应用程序显示相同的方式在Dock接口中本地运行，从而提供无缝统一的用户体验。

公开(公告)号：US09268466B2

公开(公告)日：2016-02-23

申请号：US12897871

申请日：2010-10-05

申请人： Georgy Momchilov ,  Andrew Innes ,  Kevin Harvey

发明人： Georgy Momchilov ,  Andrew Innes ,  Kevin Harvey

IPC分类号： G06F3/048 ,  G06F3/0484 ,  G06F9/44 ,  G06F3/0481 ,  G06F3/14 ,  G09G5/14

CPC分类号： G06F3/0484 ,  G06F3/0481 ,  G06F3/14 ,  G06F9/452 ,  G09G5/14

摘要： The present disclosure features methods and systems for updating an application-centric interface or dock, generated and displayed by a local computer, with a user interface element representative of a remote application executing on a remote computer to provide integration between remote (“published”) applications and their local counterparts. This functionality provides a seamless, unified user experience by allowing hosted applications to appear as if they are running locally in a dock interface, in the same way that local applications appear.

摘要翻译： 本公开的特征在于用于更新由本地计算机生成和显示的以应用为中心的接口或坞站的方法和系统，所述用户界面元素代表在远程计算机上执行的远程应用程序，以提供远程（“已发布”） 申请及其当地同行。 该功能通过允许托管应用程序以与本地应用程序显示相同的方式在Dock接口中本地运行，从而提供无缝统一的用户体验。

公开(公告)号：US20060161974A1

公开(公告)日：2006-07-20

申请号：US10905655

申请日：2005-01-14

申请人： Andrew Innes ,  Chris Mayers ,  Mark Syms ,  David Otway

发明人： Andrew Innes ,  Chris Mayers ,  Mark Syms ,  David Otway

IPC分类号： H04L9/32

CPC分类号： H04L63/0807 ,  H04L9/3213 ,  H04L9/3236 ,  H04L63/166 ,  H04L2209/80

摘要： A server transmits to a server in a server farm a request for membership in the server farm and a first nonce. The server derives a Kerberos service ticket and a Kerberos authenticator, responsive to generating a hash of the server farm name, a passphrase, the name of the server, the name of the server in the server farm, the first nonce, and a second nonce. The server transmits the Kerberos service ticket and the Kerberos authenticator to the server in the server farm. The server in the server farm authenticates the requesting server responsive to the received Kerberos service ticket and the Kerberos authenticator and a generated hash. The server in the server farm transmits, responsive to the authentication, a secret to the requesting server.

摘要翻译： 一个服务器向服务器场中的服务器发送服务器场中的成员身份请求和第一个随机数。 服务器导出Kerberos服务票证和Kerberos身份验证器，响应于生成服务器场名称的散列，密码，服务器名称，服务器场中的服务器名称，第一个随机数和第二个随机数 。 服务器将Kerberos服务票证和Kerberos身份验证器发送到服务器场中的服务器。 服务器场中的服务器根据接收到的Kerberos服务票证和Kerberos身份验证器以及生成的散列来对请求服务器进行身份验证。 服务器场中的服务器响应于认证向请求服务器发送秘密。

公开(公告)号：US08549596B2

公开(公告)日：2013-10-01

申请号：US12370891

申请日：2009-02-13

申请人： Andrew Innes

发明人： Andrew Innes

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC分类号： G06F21/305 ,  G06F9/452 ,  G06F21/31 ,  G06F2221/2115 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L67/08

摘要： A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.