公开(公告)号：US07752600B2

公开(公告)日：2010-07-06

申请号：US10711732

申请日：2004-09-30

申请人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Huai Chiun Chin ,  Richard James Mazzaferri ,  Pierre Semaan

发明人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Huai Chiun Chin ,  Richard James Mazzaferri ,  Pierre Semaan

IPC分类号： G06F9/44

CPC分类号： G06F9/44505

摘要： A method for associating a file type of a file with one or more programs includes the step of receiving a request to store in a configuration store file type association information. From the request, an application program is determined that is to be associated with a file type in the configuration store. An association of the file type with a chooser tool is written to the configuration store

摘要翻译： 用于将文件的文件类型与一个或多个程序相关联的方法包括接收存储在配置存储文件类型关联信息中的请求的步骤。 从请求中，确定与配置存储中的文件类型相关联的应用程序。 将文件类型与选择器工具的关联写入配置存储

公开(公告)号：US07680758B2

公开(公告)日：2010-03-16

申请号：US10711737

申请日：2004-09-30

申请人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Pierre Semaan ,  Nicholas Bissett ,  Richard James Mazzaferri

发明人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Pierre Semaan ,  Nicholas Bissett ,  Richard James Mazzaferri

IPC分类号： G06F7/00 ,  G06F17/00

CPC分类号： G06F9/4856 ,  G06F8/61 ,  G06F9/45537 ,  G06F9/468 ,  G06F9/5011 ,  G06F9/52 ,  G06F9/541 ,  G06F9/545 ,  G06F17/30067 ,  G06F21/53 ,  G06F2209/542 ,  Y10S707/99931

摘要： A method for isolating access by application programs to native resources provided by an operating system redirects a request for a native resource made by an application program executing on behalf of a user to an isolation environment. The isolation environment includes a user isolation scope and an application isolation scope. An instance of the requested native resource is located in the user isolation scope corresponding to the user. The request for the native resource is fulfilled using the version of the resource located in the user isolation scope. If an instance of the requested native resource is not located in the user isolation scope, the request is redirected to an application isolation scope. The request for the native resource is fulfilled using the version of the resource located in the application isolation scope. If an instance of the requested native resource is not located in the application isolation scope, the request is redirected to a system scope.

摘要翻译： 将由应用程序访问的方法隔离到由操作系统提供的本地资源的方法将由代表用户执行的应用程序所产生的本地资源的请求重定向到隔离环境。 隔离环境包括用户隔离范围和应用程序隔离范围。 所请求的本机资源的实例位于与用户对应的用户隔离范围内。 使用位于用户隔离范围内的资源的版本来满足本机资源的请求。 如果请求的本机资源的实例不位于用户隔离范围内，则该请求将重定向到应用程序隔离范围。 使用位于应用程序隔离范围内的资源的版本来满足本机资源的请求。 如果请求的本机资源的实例不位于应用程序隔离范围内，则请求将重定向到系统作用域。

公开(公告)号：US07853947B2

公开(公告)日：2010-12-14

申请号：US10711735

申请日：2004-09-30

申请人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri

发明人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri

IPC分类号： G06F9/455 ,  G06F17/00 ,  G06F7/00

CPC分类号： G06F21/6218 ,  G06F9/449 ,  G06F21/10 ,  G06F21/53 ,  G06F2221/2141

摘要： A method for virtualizing access to named system objects includes the step of receiving a request to access a system object from a process executing in the context of a user isolation scope, the request including a virtual name for the system object. A rule associated with the request is determined and a literal name for the system object is formed in response to the determined rule. A request to access the system object is issued to the operating system. The issued request including the literal name for the system object.

摘要翻译： 用于虚拟化对命名系统对象的访问的方法包括从在用户隔离范围的上下文中执行的进程接收访问系统对象的请求的步骤，该请求包括系统对象的虚拟名称。 确定与请求相关联的规则，并响应于所确定的规则形成系统对象的文字名称。 向操作系统发出访问系统对象的请求。 发出的请求包括系统对象的文字名称。

公开(公告)号：US08042120B2

公开(公告)日：2011-10-18

申请号：US10956723

申请日：2004-10-01

申请人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri ,  Nicholas Alexander Bissett

发明人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri ,  Nicholas Alexander Bissett

IPC分类号： G06F9/54 ,  G06F15/16

CPC分类号： G06F9/4856 ,  G06F8/61 ,  G06F9/45537 ,  G06F9/468 ,  G06F9/5011 ,  G06F9/52 ,  G06F9/541 ,  G06F9/545 ,  G06F17/30067 ,  G06F21/53 ,  G06F2209/542 ,  Y10S707/99931

摘要： A method for moving an executing process from a source isolation scope to a target isolation scope includes the step of determining that the process is in a state suitable for moving. The association of the process changes from a source isolation scope to a target isolation scope. A rule loads in association with the target isolation scope.

摘要翻译： 将执行过程从源隔离范围移动到目标隔离范围的方法包括确定进程处于适于移动的状态的步骤。 从源隔离范围到目标隔离范围的进程更改关联。 与目标隔离范围相关联的规则加载。

公开(公告)号：US08171479B2

公开(公告)日：2012-05-01

申请号：US10711736

申请日：2004-09-30

申请人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri

发明人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri

IPC分类号： G06F9/46 ,  H04L29/06

CPC分类号： G06F8/61 ,  G06F9/52

摘要： A method for presenting an aggregate view of native resources includes the step of enumerating a plurality of system-scoped native resources provided by a system scope. A plurality of application-scoped native resources provided by an application isolation scope are enumerated, some of which correspond to some of the plurality of system-scoped resources. For one of the plurality of system-scoped resources, the existence of a corresponding one of the plurality of application-scoped resources is determined and the corresponding one of the plurality of application-scoped resources is included in an aggregate view of native resources.

摘要翻译： 用于呈现本地资源的聚合视图的方法包括枚举由系统范围提供的多个系统范围本地资源的步骤。 枚举由应用隔离范围提供的多个应用范围本地资源，其中一些对应于多个系统范围的资源中的一些。 对于多个系统范围资源中的一个，确定多个应用范围资源中相应的一个资源的存在，并且多个应用范围资源中的对应的一个被包括在本地资源的聚合视图中。

公开(公告)号：US08117559B2

公开(公告)日：2012-02-14

申请号：US10711733

申请日：2004-09-30

申请人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Huai Chiun Chin ,  Richard James Mazzaferri

发明人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Huai Chiun Chin ,  Richard James Mazzaferri

IPC分类号： G06F3/048

CPC分类号： G06F9/542 ,  G06F9/451

摘要： A method and apparatus for virtualizing access to windows includes a hooking mechanism, a window name virtualization engine, and an operating system interface. A request relating to a window from a process executing in the context of a user account is received, the request including a virtual window name. A determination is made for a literal name for the window, using a scope-specific identifier. A request is issued to the operating system including the determined literal window name. A window handle is associated with the determined virtual window name.

摘要翻译： 用于虚拟化对Windows的访问的方法和装置包括挂钩机制，窗口名称虚拟化引擎和操作系统接口。 接收到与在用户帐户的上下文中执行的进程相关的请求的请求，该请求包括虚拟窗口名称。 使用范围特定的标识符确定窗口的文字名称。 向操作系统发出请求，包括确定的文字窗口名称。 窗口句柄与确定的虚拟窗口名称相关联。

公开(公告)号：US20110173618A1

公开(公告)日：2011-07-14

申请号：US13052931

申请日：2011-03-21

申请人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri ,  Nicholas Alexander Bissett

发明人： Lee George Laborczfalvi ,  Anil Roychoudhry ,  Andrew Gerard Borzycki ,  Jeffrey Dale Muir ,  Huai Chiun Chin ,  Richard James Mazzaferri ,  Nicholas Alexander Bissett

IPC分类号： G06F9/50

CPC分类号： G06F9/4856 ,  G06F8/61 ,  G06F9/45537 ,  G06F9/468 ,  G06F9/5011 ,  G06F9/52 ,  G06F9/541 ,  G06F9/545 ,  G06F17/30067 ,  G06F21/53 ,  G06F2209/542 ,  Y10S707/99931

摘要： A method for moving an executing process from a source isolation scope to a target isolation scope includes the step of determining that the process is in a state suitable for moving. The association of the process changes from a source isolation scope to a target isolation scope. A rule loads in association with the target isolation scope.

摘要翻译： 将执行过程从源隔离范围移动到目标隔离范围的方法包括确定进程处于适于移动的状态的步骤。 从源隔离范围到目标隔离范围的进程更改关联。 与目标隔离范围相关联的规则加载。

公开(公告)号：US20130179673A1

公开(公告)日：2013-07-11

申请号：US13784178

申请日：2013-03-04

申请人： ANDREW INNES ,  Richard Hayton ,  Andrew Gerard Borzycki ,  Anthony Edward Low ,  Michael Wookey

发明人： ANDREW INNES ,  Richard Hayton ,  Andrew Gerard Borzycki ,  Anthony Edward Low ,  Michael Wookey

IPC分类号： G06F9/44

CPC分类号： G06F9/4406 ,  G06F9/44505 ,  H04L41/024 ,  H04L41/22

摘要： A method and system for modifying, in a combined computing environment, a machine base image having a personalized desktop environment includes executing an operating system associated with a base disk; intercepting, by a filter driver, an instruction from at least one of a plurality of resources to modify a setting stored in at least one of a file system and a registry, the plurality of resources executing inside an isolation environment; storing, in a delta disk, a copy of the modified setting; restarting the operating system; replacing the setting stored in the at least one of the file system and the registry with the copy of the modified setting stored on the delta disk; and restarting at least one operating system process incorporating the modified setting.

摘要翻译： 一种用于在组合计算环境中修改具有个性化桌面环境的机器基础图像的方法和系统包括执行与基盘相关联的操作系统; 由过滤器驱动程序拦截来自多个资源中的至少一个的指令，以修改存储在文件系统和注册表中的至少一个中的设置，所述多个资源在隔离环境内执行; 在增量盘中存储修改设置的副本; 重新启动操作系统; 使用存储在增量盘上的修改设置的副本替换存储在文件系统和注册表中的至少一个的设置; 并重新启动包含修改设置的至少一个操作系统进程。

公开(公告)号：US20090106834A1

公开(公告)日：2009-04-23

申请号：US11875256

申请日：2007-10-19

申请人： Andrew Gerard Borzycki ,  Nicholas Alexander Bissett ,  Donovan Ross Hackett ,  Michael John Wookey ,  Richard Jason Croft ,  Jeffrey Dale Muir

发明人： Andrew Gerard Borzycki ,  Nicholas Alexander Bissett ,  Donovan Ross Hackett ,  Michael John Wookey ,  Richard Jason Croft ,  Jeffrey Dale Muir

IPC分类号： H04L9/32

CPC分类号： H04L63/166 ,  H04L63/08

摘要： The present solution reduces the attack surface of a server by selectively opening a server port for listening when a client has been authenticated/authorized via another machine or process, and directed to connect to the server in question. When not selectively listening on a port, the server does not listen or open ports for connections or otherwise minimizes the number of open ports. By selectively listening for connections, the server reduces the opportunity for hackers to attack the server process, and improves the security of the server. The ability to selectively listen on a port at specific times may be combined with additional meta information—like ticketing and prior authentication information to help further secure the server. The meta information may identify and ensure that only the correct remote endpoint is allowed to connect via the port. Instead of first listening for connections and then authenticate and authorize the received connection as with typical servers, the present solution first authenticates/authorizes a connection via another machine or process, then listens for an expected and authorized connection.

摘要翻译： 本解决方案通过选择性地打开服务器端口来减少服务器的攻击面，以便在客户端通过另一机器或进程进行身份验证/授权后进行侦听，并指示连接到有问题的服务器。 当没有选择性地监听端口时，服务器不会侦听或打开端口进行连接，否则会最小化打开端口的数量。 通过选择性地监听连接，服务器减少了黑客攻击服务器进程的机会，并提高了服务器的安全性。 在特定时间选择性地侦听端口的能力可以与额外的元信息类似的票据和先前的认证信息组合以帮助进一步保护服务器。 元信息可以标识并确保仅允许通过端口连接正确的远程端点。 而不是首先监听连接，然后与典型的服务器一样认证和授权接收到的连接，本解决方案首先通过另一个机器或进程来认证/授权连接，然后监听预期和授权的连接。

公开(公告)号：US08266688B2

公开(公告)日：2012-09-11

申请号：US11875256

申请日：2007-10-19

申请人： Andrew Gerard Borzycki ,  Nicholas Alexander Bissett ,  Donovan Ross Hackett ,  Michael John Wookey ,  Richard Jason Croft ,  Jeffrey Dale Muir

发明人： Andrew Gerard Borzycki ,  Nicholas Alexander Bissett ,  Donovan Ross Hackett ,  Michael John Wookey ,  Richard Jason Croft ,  Jeffrey Dale Muir

IPC分类号： H04L29/06

CPC分类号： H04L63/166 ,  H04L63/08

摘要： The present solution reduces the attack surface of a server by selectively opening a server port for listening when a client has been authenticated/authorized via another machine or process, and directed to connect to the server in question. When not selectively listening on a port, the server does not listen or open ports for connections or otherwise minimizes the number of open ports. By selectively listening for connections, the server reduces the opportunity for hackers to attack the server process, and improves the security of the server. The ability to selectively listen on a port at specific times may be combined with additional meta information—like ticketing and prior authentication information to help further secure the server. The meta information may identify and ensure that only the correct remote endpoint is allowed to connect via the port. Instead of first listening for connections and then authenticate and authorize the received connection as with typical servers, the present solution first authenticates/authorizes a connection via another machine or process, then listens for an expected and authorized connection.

摘要翻译： 本解决方案通过选择性地打开服务器端口来减少服务器的攻击面，以便在客户端通过另一机器或进程进行身份验证/授权后进行侦听，并指示连接到有问题的服务器。 当没有选择性地监听端口时，服务器不会侦听或打开端口进行连接，否则会最小化打开端口的数量。 通过选择性地监听连接，服务器减少了黑客攻击服务器进程的机会，并提高了服务器的安全性。 在特定时间选择性地侦听端口的能力可以与额外的元信息类似的票据和先前的认证信息组合以帮助进一步保护服务器。 元信息可以标识并确保仅允许通过端口连接正确的远程端点。 而不是首先监听连接，然后与典型的服务器一样认证和授权接收到的连接，本解决方案首先通过另一个机器或进程来认证/授权连接，然后监听预期和授权的连接。