公开(公告)号：US07552391B2

公开(公告)日：2009-06-23

申请号：US10606591

申请日：2003-06-26

申请人： Christopher A. Evans ,  Giampiero M. Sierra ,  Victor Tan ,  Praerit Garg ,  David Andrew Matthews ,  Reiner Fink ,  Paul S. Hellyar

发明人： Christopher A. Evans ,  Giampiero M. Sierra ,  Victor Tan ,  Praerit Garg ,  David Andrew Matthews ,  Reiner Fink ,  Paul S. Hellyar

IPC分类号： G06F3/00

CPC分类号： G06F9/451

摘要： Methods and arrangements are provided for use in multiple user computing environments. These methods and arrangements can be configured to allow for a plurality of separate and concurrent desktops and workspaces within the shared computing environment. One method includes creating a separate desktop thread for each user that is authenticated during a logon process, creating a separate desktop associated with each desktop thread, and maintaining a list of desktop threads that are created. In this manner, several users can be logged on simultaneously. In certain implementations, the method further includes establishing a separate user environment associated with each desktop and launching a separate user shell associated with each desktop. The list of desktop threads allows for selective and/or automatic switching from a first desktop to a second desktop without terminating a desktop thread associated with the first desktop. The methods and arrangements are also applicable to remote process logon and switching.

摘要翻译： 提供了在多个用户计算环境中使用的方法和布置。 这些方法和布置可以被配置为允许在共享计算环境内的多个单独的和并发的桌面和工作空间。 一种方法包括为登录过程中进行身份验证的每个用户创建单独的桌面线程，创建与每个桌面线程相关联的单独桌面，以及维护创建的桌面线程列表。 以这种方式，几个用户可以同时登录。 在某些实现中，该方法还包括建立与每个桌面相关联的单独的用户环境并且启动与每个桌面相关联的单独的用户外壳。 桌面线程列表允许从第一桌面到第二桌面的选择性和/或自动切换，而不终止与第一台桌面相关联的桌面线程。 方法和布置也适用于远程进程登录和切换。

公开(公告)号：US06807666B1

公开(公告)日：2004-10-19

申请号：US09573628

申请日：2000-05-17

申请人： Christopher A. Evans ,  Giampiero M. Sierra ,  Victor Tan ,  Praerit Garg ,  David Andrew Matthews ,  Reiner Fink ,  Paul S. Hellyar

发明人： Christopher A. Evans ,  Giampiero M. Sierra ,  Victor Tan ,  Praerit Garg ,  David Andrew Matthews ,  Reiner Fink ,  Paul S. Hellyar

IPC分类号： G06F900

CPC分类号： G06F9/451

摘要： Methods and arrangements are provided for use in multiple user computing environments. These methods and arrangements can be configured to allow for a plurality of separate and concurrent desktops and workspaces within the shared computing environment. One method includes creating a separate desktop thread for each user that is authenticated during a logon process, creating a separate desktop associated with each desktop thread, and maintaining a list of desktop threads that are created. In this manner, several users can be logged on simultaneously. In certain implementations, the method further includes establishing a separate user environment associated with each desktop and launching a separate user shell associated with each desktop. The list of desktop threads allows for selective and/or automatic switching from a first desktop to a second desktop without terminating a desktop thread associated with the first desktop. The methods and arrangements are also applicable to remote process logon and switching.

摘要翻译： 提供了在多个用户计算环境中使用的方法和布置。 这些方法和布置可以被配置为允许在共享计算环境内的多个单独的和并发的桌面和工作空间。 一种方法包括为登录过程中进行身份验证的每个用户创建单独的桌面线程，创建与每个桌面线程相关联的单独桌面，以及维护创建的桌面线程列表。 以这种方式，几个用户可以同时登录。 在某些实现中，该方法还包括建立与每个桌面相关联的单独的用户环境并且启动与每个桌面相关联的单独的用户外壳。 桌面线程列表允许从第一桌面到第二桌面的选择性和/或自动切换，而不终止与第一台桌面相关联的桌面线程。 方法和布置也适用于远程进程登录和切换。

公开(公告)号：US07127719B2

公开(公告)日：2006-10-24

申请号：US10966571

申请日：2004-10-15

申请人： Christopher A. Evans ,  Giampiero M. Sierra ,  Victor Tan ,  Praerit Garg ,  David A. Matthews ,  Reiner Fink ,  Paul S. Hellyar

发明人： Christopher A. Evans ,  Giampiero M. Sierra ,  Victor Tan ,  Praerit Garg ,  David A. Matthews ,  Reiner Fink ,  Paul S. Hellyar

IPC分类号： G06F9/00 ,  G06F9/54

CPC分类号： G06F9/451

摘要： Methods and arrangements are provided for use in multiple user computing environments. These methods and arrangements can be configured to allow for a plurality of separate and concurrent desktops and workspaces within the shared computing environment. One method includes creating a separate desktop thread for each user that is authenticated during a logon process, creating a separate desktop associated with each desktop thread, and maintaining a list of desktop threads that are created. In this manner, several users can be logged on simultaneously. In certain implementations, the method further includes establishing a separate user environment associated with each desktop and launching a separate user shell associated with each desktop. The list of desktop threads allows for selective and/or automatic switching from a first desktop to a second desktop without terminating a desktop thread associated with the first desktop. The methods and arrangements are also applicable to remote process logon and switching.

摘要翻译： 提供了在多个用户计算环境中使用的方法和布置。 这些方法和布置可以被配置为允许在共享计算环境内的多个单独的和并发的桌面和工作空间。 一种方法包括为登录过程中进行身份验证的每个用户创建单独的桌面线程，创建与每个桌面线程相关联的单独桌面，以及维护创建的桌面线程列表。 以这种方式，几个用户可以同时登录。 在某些实现中，该方法还包括建立与每个桌面相关联的单独的用户环境并且启动与每个桌面相关联的单独的用户外壳。 桌面线程列表允许从第一桌面到第二桌面的选择性和/或自动切换，而不终止与第一台桌面相关联的桌面线程。 方法和布置也适用于远程进程登录和切换。

公开(公告)号：US20050066202A1

公开(公告)日：2005-03-24

申请号：US10966571

申请日：2004-10-15

申请人： Christopher Evans ,  Giampiero Sierra ,  Victor Tan ,  Praerit Garg ,  David Matthews ,  Reiner Fink ,  Paul Hellyar

发明人： Christopher Evans ,  Giampiero Sierra ,  Victor Tan ,  Praerit Garg ,  David Matthews ,  Reiner Fink ,  Paul Hellyar

IPC分类号： G06F21/20 ,  G06F9/44 ,  G06F9/46 ,  H04L9/00

CPC分类号： G06F9/451

摘要： Methods and arrangements are provided for use in multiple user computing environments. These methods and arrangements can be configured to allow for a plurality of separate and concurrent desktops and workspaces within the shared computing environment. One method includes creating a separate desktop thread for each user that is authenticated during a logon process, creating a separate desktop associated with each desktop thread, and maintaining a list of desktop threads that are created. In this manner, several users can be logged on simultaneously. In certain implementations, the method further includes establishing a separate user environment associated with each desktop and launching a separate user shell associated with each desktop. The list of desktop threads allows for selective and/or automatic switching from a first desktop to a second desktop without terminating a desktop thread associated with the first desktop. The methods and arrangements are also applicable to remote process logon and switching.

摘要翻译： 提供了在多个用户计算环境中使用的方法和布置。 这些方法和布置可以被配置为允许在共享计算环境内的多个单独的和并发的桌面和工作空间。 一种方法包括为登录过程中进行身份验证的每个用户创建单独的桌面线程，创建与每个桌面线程相关联的单独桌面，以及维护创建的桌面线程列表。 以这种方式，几个用户可以同时登录。 在某些实现中，该方法还包括建立与每个桌面相关联的单独的用户环境并且启动与每个桌面相关联的单独的用户外壳。 桌面线程列表允许从第一桌面到第二桌面的选择性和/或自动切换，而不终止与第一台桌面相关联的桌面线程。 方法和布置也适用于远程进程登录和切换。

公开(公告)号：US07869383B2

公开(公告)日：2011-01-11

申请号：US12179527

申请日：2008-07-24

申请人： Bassam Tabbara ,  Praerit Garg

发明人： Bassam Tabbara ,  Praerit Garg

IPC分类号： H04L12/28

CPC分类号： H04L47/70 ,  G06Q30/06 ,  H04L67/1097

摘要： A hardware and/or software facility for durably and securely storing data within a shared community storage network. A user may have a storage device that they intend to share with others in the network. All or a portion of the storage device is registered with the community storage network as a storage node. Once registered with the network, third party data may be stored on the storage node and remotely accessed by third parties. In addition, data stored on the storage device by the user may be stored in the shared community storage network by encrypting the data, adding redundancy, and distributing it to other storage nodes within the storage network. Data that is stored in the storage network is accessible to the user even if their storage device is inaccessible or fails.

摘要翻译： 用于在共享社区存储网络中持久和安全地存储数据的硬件和/或软件设施。 用户可以具有他们打算在网络中与他人共享的存储设备。 存储设备的全部或一部分作为存储节点向社区存储网络注册。 一旦向网络注册，第三方数据可能存储在存储节点上，并被第三方远程访问。 此外，用户存储在存储设备上的数据可以通过加密数据，添加冗余并将其分发到存储网络中的其他存储节点来存储在共享社区存储网络中。 即使存储设备无法访问或出现故障，用户也可以访问存储在存储网络中的数据。

公开(公告)号：US20100020718A1

公开(公告)日：2010-01-28

申请号：US12179527

申请日：2008-07-24

申请人： Bassam Tabbara ,  Praerit Garg

发明人： Bassam Tabbara ,  Praerit Garg

IPC分类号： H04L12/28

CPC分类号： H04L47/70 ,  G06Q30/06 ,  H04L67/1097

摘要： A hardware and/or software facility for durably and securely storing data within a shared community storage network. A user may have a storage device that they intend to share with others in the network. All or a portion of the storage device is registered with the community storage network as a storage node. Once registered with the network, third party data may be stored on the storage node and remotely accessed by third parties. In addition, data stored on the storage device by the user may be stored in the shared community storage network by encrypting the data, adding redundancy, and distributing it to other storage nodes within the storage network. Data that is stored in the storage network is accessible to the user even if their storage device is inaccessible or fails.

摘要翻译： 用于在共享社区存储网络中持久和安全地存储数据的硬件和/或软件设施。 用户可以具有他们打算在网络中与他人共享的存储设备。 存储设备的全部或一部分作为存储节点向社区存储网络注册。 一旦向网络注册，第三方数据可能存储在存储节点上，并被第三方远程访问。 此外，用户存储在存储设备上的数据可以通过加密数据，添加冗余并将其分发到存储网络中的其他存储节点来存储在共享社区存储网络中。 即使存储设备无法访问或出现故障，用户也可以访问存储在存储网络中的数据。

公开(公告)号：US07568218B2

公开(公告)日：2009-07-28

申请号：US10285175

申请日：2002-10-31

申请人： Praerit Garg ,  Cliff Van Dyke ,  Karthik Jaganathan ,  Mark Pustilnik ,  Donald E. Schmidt

发明人： Praerit Garg ,  Cliff Van Dyke ,  Karthik Jaganathan ,  Mark Pustilnik ,  Donald E. Schmidt

IPC分类号： H04L9/32

CPC分类号： H04L63/10 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/101

摘要： A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.

摘要翻译： 选择性跨域认证器将标识符与来自在一个领域中认证的实体的请求相关联，以访问与第二领域相关联的资源。 该标识符表示该实体在与所请求的资源相关联的领域以外的领域中被认证。 与资源相关联的域控制器执行访问检查，以验证经过身份验证的用户是否被授权对请求的资源进行身份验证。 与该资源相关联的权限可用于指定授予由与另一领域相关联的域控制器认证的实体的访问级别。

公开(公告)号：US20070112847A1

公开(公告)日：2007-05-17

申请号：US11266156

申请日：2005-11-02

申请人： Pratul Dublish ,  Bassam Tabbara ,  Geoffrey Outhred ,  Jeffrey Parham ,  Kevin Grealish ,  Praerit Garg

发明人： Pratul Dublish ,  Bassam Tabbara ,  Geoffrey Outhred ,  Jeffrey Parham ,  Kevin Grealish ,  Praerit Garg

IPC分类号： G06F7/00

CPC分类号： G06F21/577 ,  G06Q10/06

摘要： Modeling operational policies of operating a business's or institution's actual or planned IT system. The IT system may include components such as applications, application hosts, one or more networks or components thereof, hardware, and interrelationships between the components. The IT system is to be operated in accordance with operational policies that govern existence or numerosity of components, how the components are interrelated, how the components and interrelationships are configured, and/or manual or automated processes for managing and maintaining the IT system. The modeling may involve generating code that conforms to a language by declaring abstractions using types that correspond to the components of the IT system, by declaring types of interrelationships that correspond to the interrelationships of the IT system, and by defining constraints upon and between the abstract types, where the constraints correspond to operational policies of operating the IT system.

摘要翻译： 建立运营企业或机构实际或计划的IT系统的运营策略。 IT系统可以包括诸如应用，应用主机，一个或多个网络或其组件，硬件和组件之间的相互关系的组件。 IT系统将根据管理组件的存在或数量，组件相互关联的操作策略，组件和相互关系的配置方式以及/或用于管理和维护IT系统的手动或自动化过程来运行。 建模可能涉及生成符合语言的代码，通过使用与IT系统的组件相对应的类型声明抽象，通过声明与IT系统的相互关系相对应的相互关系的类型，以及通过在抽象之间和之间定义约束 类型，其中的约束对应于操作IT系统的操作策略。

公开(公告)号：US20060184646A1

公开(公告)日：2006-08-17

申请号：US11379998

申请日：2006-04-24

申请人： Donald Schmidt ,  Clifford Van Dyke ,  Paul Leach ,  Praerit Garg ,  Murli Satagopan

发明人： Donald Schmidt ,  Clifford Van Dyke ,  Paul Leach ,  Praerit Garg ,  Murli Satagopan

IPC分类号： G06F15/16

CPC分类号： H04L63/0815 ,  H04L63/083

摘要： An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.

摘要翻译： 企业网络架构具有建立在两个自主网络系统之间的信任链路，能够实现两个网络系统的网络域之间的传递资源访问。 信任链接由相应网络系统中的每一个维护的数据结构来定义。 第一网络系统维护对应于第二网络系统的命名空间和第一网络系统中的域控制器，或者第一网络系统管理员指示是否信任个体命名空间。 由第二网络系统中的域管理的帐户可以通过第一网络系统中的域控制器请求认证。 第一网络系统从信任链路确定将认证请求传送到第二网络系统。 当管理员管理组成员身份和访问控制列表时，第一个网络系统还从信任链接确定何处传达授权请求。

公开(公告)号：US06249866B1

公开(公告)日：2001-06-19

申请号：US08931774

申请日：1997-09-16

申请人： Peter Brundrett ,  Praerit Garg ,  Jianrong Gu ,  James W. Kelly, Jr. ,  Keith S. Kaplan ,  Robert P. Reichel ,  Brian Andrew ,  Gary D. Kimura ,  Thomas J. Miller

发明人： Peter Brundrett ,  Praerit Garg ,  Jianrong Gu ,  James W. Kelly, Jr. ,  Keith S. Kaplan ,  Robert P. Reichel ,  Brian Andrew ,  Gary D. Kimura ,  Thomas J. Miller

IPC分类号： H04L930

CPC分类号： G06F12/1408 ,  G06F21/602 ,  G06F21/604 ,  G06F21/6227 ,  G06F2211/008 ,  G06F2221/2131 ,  G06F2221/2141 ,  G06F2221/2145 ,  G06F2221/2153 ,  H04L9/0897

摘要： A system and method for encryption and decryption of files. The system and method operate in conjunction with the file system to transparently encrypt and decrypt files in using a public key-private key pair encryption scheme. When a user puts a file in an encrypted directory or encrypts a file, all data writes to the disk for that file are encrypted with a random file encryption key generated from a random number and encrypted with the public key of a user and the public key of at least one recovery agent. The encrypted key information is stored with the file, whereby the user or a recovery agent can decrypt the file data using the private key thereof. When a proper private key is used, encrypted reads from the disk are decrypted transparently by the file system and returned to the user.

摘要翻译： 用于文件加密和解密的系统和方法。 系统和方法与文件系统一起运行，以使用公钥 - 私钥对加密方案对文件进行透明加密和解密。 当用户将文件放入加密目录或加密文件时，对该文件的磁盘进行的所有数据写入都使用随机数生成的随机文件加密密钥进行加密，并使用用户的公开密钥和公钥加密 的至少一种回收剂。 加密的密钥信息与文件一起存储，由此用户或恢复代理可以使用其私钥对文件数据进行解密。 当使用适当的私钥时，磁盘的加密读取将被文件系统透明地解密并返回给用户。