公开(公告)号：US07730302B2

公开(公告)日：2010-06-01

申请号：US11429003

申请日：2006-05-05

申请人： Ashwin Palekar ,  Elton Saul ,  Ersev Samim Erdogan ,  Jeson Patel ,  Rajneesh Mahajan ,  Russell S. Morgan ,  Kevin London

发明人： Ashwin Palekar ,  Elton Saul ,  Ersev Samim Erdogan ,  Jeson Patel ,  Rajneesh Mahajan ,  Russell S. Morgan ,  Kevin London

IPC分类号： H04L9/12 ,  G06F15/177

CPC分类号： G06F21/577 ,  H04L63/123

摘要： Embodiments herein address some of the problems associated with compromised configuration files used in a remote sessions of a virtual computing environment. Accordingly, a subset of settings in a configuration file are secured from malicious or accidental modification, while other portions of the configuration file are modifiable by a user as desired without invalidating the integrity of the secure subset. This not only allows for the user to be assured of the integrity of the settings, but also allows an administrator of the remote or terminal server with the ability to control how and what access a client has to resources thereon. Such access may be further controlled based on a trust level between the client, server, and/or publisher of the configuration file.

摘要翻译： 这里的实施例解决了与虚拟计算环境的远程会话中使用的受损配置文件相关联的一些问题。 因此，配置文件中的一组设置可以防止恶意或意外修改，而配置文件的其他部分可由用户根据需要修改，而不会使安全子集的完整性无效。 这不仅允许用户确保设置的完整性，而且允许远程或终端服务器的管理员能够控制客户端对其的资源的访问以及访问方式。 可以基于配置文件的客户端，服务器和/或发布者之间的信任级别来进一步控制这种访问。

公开(公告)号：US20070260738A1

公开(公告)日：2007-11-08

申请号：US11429003

申请日：2006-05-05

申请人： Ashwin Palekar ,  Elton Saul ,  Ersev Erdogan ,  Jeson Patel ,  Rajneesh Mahajan ,  Russell Morgan ,  Kevin London

发明人： Ashwin Palekar ,  Elton Saul ,  Ersev Erdogan ,  Jeson Patel ,  Rajneesh Mahajan ,  Russell Morgan ,  Kevin London

IPC分类号： G06F15/177 ,  G06F15/173 ,  G06F15/16

CPC分类号： G06F21/577 ,  H04L63/123

摘要： Embodiments herein address some of the problems associated with compromised configuration files used in a remote sessions of a virtual computing environment. Accordingly, a subset of settings in a configuration file are secured from malicious or accidental modification, while other portions of the configuration file are modifiable by a user as desired without invalidating the integrity of the secure subset. This not only allows for the user to be assured of the integrity of the settings, but also allows an administrator of the remote or terminal server with the ability to control how and what access a client has to resources thereon. Such access may be further controlled based on a trust level between the client, server, and/or publisher of the configuration file.

摘要翻译： 这里的实施例解决了与虚拟计算环境的远程会话中使用的受损配置文件相关联的一些问题。 因此，配置文件中的一组设置可以防止恶意或意外修改，而配置文件的其他部分可由用户根据需要修改，而不会使安全子集的完整性无效。 这不仅允许用户确保设置的完整性，而且允许远程或终端服务器的管理员能够控制客户端对其的资源的访问以及访问方式。 可以基于配置文件的客户端，服务器和/或发布者之间的信任级别来进一步控制这种访问。

公开(公告)号：US20120266214A1

公开(公告)日：2012-10-18

申请号：US13532593

申请日：2012-06-25

申请人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

发明人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

IPC分类号： G06F21/00

CPC分类号： H04L63/0823 ,  G06F21/42 ,  G06F21/606 ,  G06F2221/2107 ,  H04L67/14 ,  H04L67/141

摘要： Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

摘要翻译： 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议，并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后，客户端和服务器交换适当的认证信息，然后建立实现所选通信协议的连接会话，并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接，而不必重新承担大量的连接资源开销。

公开(公告)号：US09038162B2

公开(公告)日：2015-05-19

申请号：US13532593

申请日：2012-06-25

申请人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

发明人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F21/42 ,  G06F21/60 ,  H04L29/08

CPC分类号： H04L63/0823 ,  G06F21/42 ,  G06F21/606 ,  G06F2221/2107 ,  H04L67/14 ,  H04L67/141

摘要： Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

摘要翻译： 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议，并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后，客户端和服务器交换适当的认证信息，然后建立实现所选通信协议的连接会话，并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接，而不必重新承担大量的连接资源开销。

公开(公告)号：US08220042B2

公开(公告)日：2012-07-10

申请号：US11354456

申请日：2006-02-15

申请人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

发明人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey A. Kuzin ,  Joy Chik ,  John E. Parsons ,  Ashwin Palekar ,  Ara Bernardi

IPC分类号： G06F9/00

CPC分类号： H04L63/0823 ,  G06F21/42 ,  G06F21/606 ,  G06F2221/2107 ,  H04L67/14 ,  H04L67/141

摘要： Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

摘要翻译： 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议，并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后，客户端和服务器交换适当的认证信息，然后建立实现所选通信协议的连接会话，并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接，而不必重新承担大量的连接资源开销。

公开(公告)号：US20070061878A1

公开(公告)日：2007-03-15

申请号：US11354456

申请日：2006-02-15

申请人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey Kuzin ,  Joy Chik ,  John Parsons ,  Ashwin Palekar ,  Ara Bernardi

发明人： Costin Hagiu ,  Elton Saul ,  Rajneesh Mahajan ,  Sergey Kuzin ,  Joy Chik ,  John Parsons ,  Ashwin Palekar ,  Ara Bernardi

IPC分类号： G06F15/16

CPC分类号： H04L63/0823 ,  G06F21/42 ,  G06F21/606 ,  G06F2221/2107 ,  H04L67/14 ,  H04L67/141

摘要： Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

摘要翻译： 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议，并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后，客户端和服务器交换适当的认证信息，然后建立实现所选通信协议的连接会话，并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接，而不必重新承担大量的连接资源开销。

公开(公告)号：US20110153716A1

公开(公告)日：2011-06-23

申请号：US12643892

申请日：2009-12-21

申请人： Meher P. Malakapalli ,  Ido Ben-Shachar ,  Mahadeva K. Alladi ,  Vadim Ponomarev ,  Ersev Samim Erdogan ,  Ashwin Palekar

发明人： Meher P. Malakapalli ,  Ido Ben-Shachar ,  Mahadeva K. Alladi ,  Vadim Ponomarev ,  Ersev Samim Erdogan ,  Ashwin Palekar

IPC分类号： G06F15/16 ,  G06F9/455

CPC分类号： G06F9/45533 ,  G06F9/452 ,  G06F9/505

摘要： Disclosed are techniques for providing a platform that allows a user to remotely establish a connection with a virtual machine operating on a server farm In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may interact with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers.

摘要翻译： 公开了用于提供允许用户远程建立与在服务器场上运行的虚拟机的连接的平台的技术。在典型情况下，当用户请求连接以访问第三方插件应用时，应用程序接口 可以与会话代理进程交互以识别用户可以连接的会话或合适的服务器。 用户可以通过识别的会话或合适的服务器访问第三方插件应用程序。

公开(公告)号：US08413210B2

公开(公告)日：2013-04-02

申请号：US12331293

申请日：2008-12-09

申请人： Sergey Kuzin ,  Olga Ivanova ,  Ashwin Palekar ,  Kashif Mehmood ,  Sriram Sampath ,  Ersev Samim Erdogan

发明人： Sergey Kuzin ,  Olga Ivanova ,  Ashwin Palekar ,  Kashif Mehmood ,  Sriram Sampath ,  Ersev Samim Erdogan

IPC分类号： G06F7/04 ,  G06F17/30

CPC分类号： H04L63/0815 ,  G06F21/41

摘要： Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.

摘要翻译： 公开了在连接到一组远程资源时在多个客户端应用之间共享用户凭证的技术。 该机制能够在终端服务器Web访问服务与通过服务访问的远程应用程序，远程桌面和相应的终端服务器之间进行单一登录。 用户凭证可以由客户端应用程序之一接收，并被传递给作为与用户的登录会话相关联的本地软件对象运行的凭证存储。 进一步请求启动新的远程连接可能会通过凭据存储。 在成功验证请求之后，凭证存储可以将用户凭证信息附加到请求，并将请求传递给所请求的客户端。 请求的客户端也可以作为与当前登录会话相关联的软件对象执行。 然后，客户端可以使用提供的凭证来对所请求的资源或应用进行认证。

公开(公告)号：US10146566B2

公开(公告)日：2018-12-04

申请号：US12643892

申请日：2009-12-21

申请人： Meher P. Malakapalli ,  Ido Ben-Shachar ,  Mahadeva K. Alladi ,  Vadim Ponomarev ,  Ersev Samim Erdogan ,  Ashwin Palekar

发明人： Meher P. Malakapalli ,  Ido Ben-Shachar ,  Mahadeva K. Alladi ,  Vadim Ponomarev ,  Ersev Samim Erdogan ,  Ashwin Palekar

IPC分类号： G06F9/455 ,  G06F9/50 ,  G06F9/451

摘要： Disclosed are techniques for providing a platform that allows a user to remotely establish a connection with a virtual machine operating on a server farm In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may interact with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers.

公开(公告)号：US20100146611A1

公开(公告)日：2010-06-10

申请号：US12331293

申请日：2008-12-09

申请人： Sergey Kuzin ,  Olga Ivanova ,  Ashwin Palekar ,  Kashif Mehmood ,  Sriram Sampath ,  Ersev Samim Erdogan

发明人： Sergey Kuzin ,  Olga Ivanova ,  Ashwin Palekar ,  Kashif Mehmood ,  Sriram Sampath ,  Ersev Samim Erdogan

IPC分类号： H04L9/32

CPC分类号： H04L63/0815 ,  G06F21/41

摘要： Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.

摘要翻译： 公开了在连接到一组远程资源时在多个客户端应用之间共享用户凭证的技术。 该机制能够在终端服务器Web访问服务与通过服务访问的远程应用程序，远程桌面和相应的终端服务器之间进行单一登录。 用户凭证可以由客户端应用程序之一接收，并被传递给作为与用户的登录会话相关联的本地软件对象运行的凭证存储。 进一步请求启动新的远程连接可能会通过凭据存储。 在成功验证请求之后，凭证存储可以将用户凭证信息附加到请求，并将请求传递给所请求的客户端。 请求的客户端也可以作为与当前登录会话相关联的软件对象执行。 然后，客户端可以使用提供的凭证来对所请求的资源或应用进行认证。