公开(公告)号：US07676573B2

公开(公告)日：2010-03-09

申请号：US12028102

申请日：2008-02-08

申请人： Shai Herzog ,  Marie Hagman ,  Eric S. Vandenberg ,  Michael E. Deem

发明人： Shai Herzog ,  Marie Hagman ,  Eric S. Vandenberg ,  Michael E. Deem

IPC分类号： G06F15/173

CPC分类号： H04L41/0869 ,  H04L41/082 ,  H04L41/0859 ,  H04L43/0817 ,  H04W24/02

摘要： A stateful cache layer is created at a mobile device client that tracks the state on both the mobile device and management service. The states are synchronized between the mobile device and the management service on every management session. Through the statefulness of the cache layer, unauthorized changes on the mobile device are detected and accordingly handled such as internal correction or reporting to the management service for actionable instructions. A cache layer on the management server is configured to identify organizational policy changes that affect specific devices and initiate unsolicited immediate management sessions to update the configuration to the specific devices.

摘要翻译： 在移动设备客户端创建状态缓存层，跟踪移动设备和管理服务上的状态。 在每个管理会话上，移动设备和管理服务之间的状态是同步的。 通过缓存层的有状态，检测移动设备的未经授权的更改，并进行相应的处理，例如内部校正或向管理服务报告可执行的指令。 管理服务器上的缓存层被配置为识别影响特定设备的组织策略更改，并启动未经请求的立即管理会话以将配置更新到特定设备。

公开(公告)号：US20080183800A1

公开(公告)日：2008-07-31

申请号：US11698639

申请日：2007-01-26

申请人： Shai Herzog ,  Marie Hagman ,  Bogdan M. Tepordei ,  Michael E. Deem

发明人： Shai Herzog ,  Marie Hagman ,  Bogdan M. Tepordei ,  Michael E. Deem

IPC分类号： G06F15/16 ,  G06F15/18 ,  G06F9/46

CPC分类号： H04L67/1095 ,  H04L67/125 ,  H04L67/28 ,  H04L67/2838 ,  H04L67/2847 ,  H04L67/325

摘要： A general-purpose proxy mobile device management architecture. The architecture serves as a proxy for a mobile client seeking services from backend systems. A virtual client image of state information associated with the mobile client is stored such that when the mobile client interacts with the proxy, the virtual image updates to the latest client state. Based on the changes to the state, the proxy system asynchronously accesses one or more arbitrary services of the backend systems on behalf of the mobile client. When the mobile client connects to the proxy, the proxy will have the latest services associated with the states of the virtual image, and updates the state of the mobile client. Updating and accessing occurs asynchronously on the frontend between the proxy and mobile devices and on the backend between the proxy and the backend systems.

摘要翻译： 通用代理移动设备管理架构。 该架构作为从后端系统寻求服务的移动客户端的代理。 存储与移动客户端相关联的状态信息的虚拟客户端映像，使得当移动客户端与代理交互时，虚拟映像更新到最新的客户端状态。 基于状态的变化，代理系统代表移动客户端异步访问后端系统的一个或多个任意服务。 当移动客户端连接到代理时，代理将具有与虚拟映像的状态相关联的最新服务，并更新移动客户端的状态。 在代理和移动设备之间的前端以及代理服务器和后端系统之间的后台，异步地进行更新和访问。

公开(公告)号：US07987471B2

公开(公告)日：2011-07-26

申请号：US11698639

申请日：2007-01-26

申请人： Shai Herzog ,  Marie Hagman ,  Bogdan M. Tepordei ,  Michael E. Deem

发明人： Shai Herzog ,  Marie Hagman ,  Bogdan M. Tepordei ,  Michael E. Deem

IPC分类号： G06F9/44 ,  G06F15/16 ,  G06F9/46

CPC分类号： H04L67/1095 ,  H04L67/125 ,  H04L67/28 ,  H04L67/2838 ,  H04L67/2847 ,  H04L67/325

摘要： A general-purpose proxy mobile device management architecture. The architecture serves as a proxy for a mobile client seeking services from backend systems. A virtual client image of state information associated with the mobile client is stored such that when the mobile client interacts with the proxy, the virtual image updates to the latest client state. Based on the changes to the state, the proxy system asynchronously accesses one or more arbitrary services of the backend systems on behalf of the mobile client. When the mobile client connects to the proxy, the proxy will have the latest services associated with the states of the virtual image, and updates the state of the mobile client. Updating and accessing occurs asynchronously on the frontend between the proxy and mobile devices and on the backend between the proxy and the backend systems.

摘要翻译： 通用代理移动设备管理架构。 该架构作为从后端系统寻求服务的移动客户端的代理。 存储与移动客户端相关联的状态信息的虚拟客户端映像，使得当移动客户端与代理交互时，虚拟映像更新到最新的客户端状态。 基于状态的变化，代理系统代表移动客户端异步访问后端系统的一个或多个任意服务。 当移动客户端连接到代理时，代理将具有与虚拟映像的状态相关联的最新服务，并更新移动客户端的状态。 在代理和移动设备之间的前端以及代理服务器和后端系统之间的后台，异步地进行更新和访问。

公开(公告)号：US07881318B2

公开(公告)日：2011-02-01

申请号：US11712123

申请日：2007-02-28

申请人： Shai Herzog ,  Marie Hagman

发明人： Shai Herzog ,  Marie Hagman

IPC分类号： H04L12/28 ,  H04L12/56 ,  G06F15/16

CPC分类号： H04L61/2514 ,  H04L61/2553 ,  H04L63/02 ,  H04L67/14 ,  H04L67/142 ,  H04L69/28

摘要： Architecture for maintaining connection state of network address translation (NAT) devices by employing an out-of-band (OOB) technique externally to application connections without imposing additional requirements on the underlying native application(s). The OOB solution can be applied to arbitrary connections without requiring modification to an application protocol and works with TCP and UDP. A keep-alive (KA) application is employed as an OOB mechanism that injects KA packets that appear to the NAT device to be coming from the native connection. These injected packets fool the NAT device into resetting the inactivity timer for that connection, but do not fool or confuse the native application, which is oblivious to the spoofing. Accordingly, the connection will not terminate due to NAT timeouts, and therefore, a client/server protocol, for example, will not need to generate fake activity packets to keep the connection alive.

摘要翻译： 用于通过在应用程序连接外部采用带外（OOB）技术来维护网络地址转换（NAT）设备的连接状态的体系结构，而不对本底应用程序施加额外要求。 OOB解决方案可以应用于任意连接，而无需修改应用协议，并与TCP和UDP协同工作。 使用保持活动（KA）应用程序作为OOB机制，将出现在NAT设备上的KA数据包注入来自本机连接。 这些注入的数据包愚弄NAT设备，以重置该连接的不活动计时器，但不要愚弄或混淆本机应用程序，而这些本机应用程序与欺骗性无关。 因此，由于NAT超时，连接不会终止，因此，例如，客户端/服务器协议将不需要生成假活动分组来保持连接的活动。

公开(公告)号：US20080209068A1

公开(公告)日：2008-08-28

申请号：US11712123

申请日：2007-02-28

申请人： Shai Herzog ,  Marie Hagman

发明人： Shai Herzog ,  Marie Hagman

IPC分类号： G06F15/16

CPC分类号： H04L61/2514 ,  H04L61/2553 ,  H04L63/02 ,  H04L67/14 ,  H04L67/142 ,  H04L69/28

摘要： Architecture for maintaining connection state of network address translation (NAT) devices by employing an out-of-band (OOB) technique externally to application connections without imposing additional requirements on the underlying native application(s). The OOB solution can be applied to arbitrary connections without requiring modification to an application protocol and works with TCP and UDP. A keep-alive (KA) application is employed as an OOB mechanism that injects KA packets that appear to the NAT device to be coming from the native connection. These injected packets fool the NAT device into resetting the inactivity timer for that connection, but do not fool or confuse the native application, which is oblivious to the spoofing. Accordingly, the connection will not terminate due to NAT timeouts, and therefore, a client/server protocol, for example, will not need to generate fake activity packets to keep the connection alive.

摘要翻译： 用于通过在应用程序连接外部采用带外（OOB）技术来维护网络地址转换（NAT）设备的连接状态的体系结构，而不对本底应用程序施加额外要求。 OOB解决方案可以应用于任意连接，而无需修改应用协议，并与TCP和UDP协同工作。 使用保持活动（KA）应用程序作为OOB机制，将出现在NAT设备上的KA数据包注入来自本机连接。 这些注入的数据包愚弄NAT设备，以重置该连接的不活动计时器，但不要愚弄或混淆本机应用程序，而这些本机应用程序与欺骗性无关。 因此，由于NAT超时，连接不会终止，因此，例如，客户端/服务器协议将不需要生成假活动分组来保持连接的活动。