专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2005036857A1 AUTOMATICALLY RECONNECTING A CLIENT ACROSS RELIABLE AND PERSISTENT COMMUNICATION SESSIONS 审中-公开
标题翻译：自动重新设置客户端可靠和通信的会话
公开(公告)号：WO2005036857A1
公开(公告)日：2005-04-21
申请号：PCT/US2004/033333
申请日：2004-10-08
申请人： CITRIX SYSTEMS, INC. , PANASYUK, Anatoliy , KRAMER, Andre , PEDERSEN, Bradley, Jay , STONE, David, Sean , TREDER, Terry
发明人： PANASYUK, Anatoliy , KRAMER, Andre , PEDERSEN, Bradley, Jay , STONE, David, Sean , TREDER, Terry
IPC分类号： H04L29/06
CPC分类号： H04L63/0209 , G06F21/31 , H04L12/4633 , H04L63/0272 , H04L63/0281 , H04L63/0428 , H04L63/062 , H04L63/08 , H04L63/0807 , H04L63/166 , H04L67/14 , H04L69/329
摘要： The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service, the connection is reestablished and the user re-authenticated to the host service without the user re-entering his or her authentication credentials or without the user re-establishing the user session with the host service.
摘要翻译：本发明涉及用于重新连接客户端并在可靠和持续的通信会话中提供用户认证的方法和系统。封装多个辅助协议的第一协议被用于通过网络进行通信。使用第一协议的第一协议服务提供会话持久性和客户端与主机服务之间的可靠连接。当客户机和主机服务之间的网络连接中断时，重新建立连接，并且用户重新认证到主机服务，而不用户重新输入他或她的认证凭证，或者没有用户重新建立用户会话与主机服务。

2. 发明申请

WO2005036858A1 A PERSISTENT AND RELIABLE SESSION SECURELY TRAVERSING NETWORK COMPONENTS USING AN ENCAPSULATING PROTOCOL 审中-公开
标题翻译：使用安全协议的安全和可靠会话安全网络组件
公开(公告)号：WO2005036858A1
公开(公告)日：2005-04-21
申请号：PCT/US2004/033334
申请日：2004-10-08
申请人： CITRIX SYSTEMS, INC. , PANASYUK, Anatoliy , KRAMER, Andre , PEDERSEN, Bradley, Jay , STONE, David, Sean , TREDER, Terry
发明人： PANASYUK, Anatoliy , KRAMER, Andre , PEDERSEN, Bradley, Jay , STONE, David, Sean , TREDER, Terry
IPC分类号： H04L29/06
CPC分类号： H04L63/0209 , H04L12/4633 , H04L63/0272 , H04L63/0281 , H04L63/0428 , H04L63/0807 , H04L63/166
摘要： The invention relates to systems and methods for reestablishing client communications by securely traversing network components using an encapsulating communication protocol to provide session persistence and reliability. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network to provide session persistence and a reliable connection between a client and a host service via a first protocol service. A ticket authority generates a first ticket and a second ticket associated with the client. The first ticket is provided to the client and the client uses the first ticket to establish a communication session with the first protocol service. The second ticket is provided to the first protocol service and the first protocol service uses the second ticket to establish a communication session with the host service.
摘要翻译：本发明涉及通过使用封装通信协议安全地遍历网络组件来重新建立客户端通信以提供会话持续性和可靠性的系统和方法。封装多个辅助协议的第一协议用于通过网络进行通信，以经由第一协议服务来提供会话持久性以及客户端和主机服务之间的可靠连接。售票机关生成与客户端相关联的第一张票和第二张票。第一张票被提供给客户端，客户端使用第一张票与第一个协议服务建立通信会话。向第一协议服务提供第二票，第一协议服务使用第二票与主服务建立通信会话。

3. 发明申请

WO1998008163A1 ISOLATED EXECUTION LOCATION 审中-公开
标题翻译：隔离执行位置
公开(公告)号：WO1998008163A1
公开(公告)日：1998-02-26
申请号：PCT/IB1997000973
申请日：1997-08-07
申请人： APM LIMITED , BULL, John, Albert , OTWAY, David, John , KRAMER, Andre
发明人： APM LIMITED
IPC分类号： G06F09/46
CPC分类号： G06F9/46 , G06F9/44589 , G06F21/53 , G06F2211/009
摘要： The present invention provides an end user computer system programmed to operate in response to an imported data stream containing or having associated therewith one or more mobile program components from an external source, characterised in that: a) the incoming data stream is screened to identify mobile program components within or associated with that data stream; b) a selected some or all of the mobile program components are passed to one or more program execution locations selectively isolated from or within the end user system prior to being executed to operate in a desired manner; c) the execution location is one in which one or more of the selected program components are retained and which has one or more interfaces with the external source of the data stream and one or more interfaces with the end user system whereby program component(s) within the execution location can be executed within the execution location to interact with the external source of data and/or the data and/or a program held by the end user system; and d) the operation of the interface(s) between the execution location and the end user system are programmed so that only data which has been interacted on by the program component(s) within the execution location in a specified and controlled manner and/or program components which operate in a specified manner can be passed to and from the end user system.
摘要翻译：本发明提供一种终端用户计算机系统，其被编程为响应于从外部源包含或与其相关联的一个或多个移动节目组件的导入数据流进行操作，其特征在于：a）输入数据流被筛选以识别移动在该数据流内或与该数据流相关联的程序组件; b）所选择的一些或所有移动节目组件在被执行以期望的方式操作之前被传递到选择性地与最终用户系统隔离或在最终用户系统内的一个或多个程序执行位置; c）执行位置是其中一个或多个所选程序组件被保留并且与数据流的外部源的一个或多个接口以及与最终用户系统的一个或多个接口的执行位置，其中程序组件执行位置内的执行位置可以在执行位置内执行以与外部的数据源和/或数据和/或终端用户系统所保存的程序进行交互; 以及d）执行位置和最终用户系统之间的接口的操作被编程，使得只有由执行位置内的程序组件以规定和受控的方式进行交互的数据和/ 或以指定方式操作的程序组件可以被传递到终端用户系统或从终端用户系统传递。

4. 发明申请

WO2006014210A1 A SYSTEM AND METHOD FOR EXECUTING INTERACTIVE APPLICATIONS WITH MINIMAL PRIVILEGES 审中-公开
标题翻译：用最小特权执行互动应用的系统和方法
公开(公告)号：WO2006014210A1
公开(公告)日：2006-02-09
申请号：PCT/US2005/020171
申请日：2005-06-08
申请人： CITRIX SYSTEMS, INC. , KRAMER, Andre
发明人： KRAMER, Andre
IPC分类号： G06F1/00
CPC分类号： G06F21/52 , Y10S707/99939
摘要： A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of 10 permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system. The policy-based decision system makes its determination based on an analysis of the application requirements, an analysis of the data security and privacy concerns associated with the execution of the application, the identity of the user and user's role and any other policy considerations previously specified by an administrator. Once the determination as to the appropriate set of privileges to be afforded in the execution environment has been made, the execution environment is created and provisioned or a pre-existing execution environment possessing the requisite privileges is identified and the remote user is logged into the server-side account. The application-specific accounts may be audited by audit trail tools that provide evidence of policy enforcement.
摘要翻译：公开了一种以最小权限集运行交互式应用程序的机制。权限形成了向用户请求应用程序提供的权限的一部分，并且被分配与最小权限的原则一致。应用程序以完成其分配任务所需的最少10个权限运行。为用户请求访问的每个应用程序创建和配置或标识新的用户帐户。这些帐户具有访问权限和操作系统权限的子集或超集，用户登录到系统并请求对应用程序的访问通常享有权限。用户权限的子集/超集由基于策略的决策系统确定。基于策略的决策系统基于对应用需求的分析，与应用的执行相关的数据安全性和隐私问题的分析，用户的身份和用户的角色以及先前指定的任何其他策略考虑由管理员。一旦确定了在执行环境中提供的适当权限集合，就会创建和配置执行环境，或者识别拥有必需权限的预先存在的执行环境，并且远程用户登录到服务器边帐户特定于应用程序的帐户可以通过审计跟踪工具进行审计，这些工具提供了政策执行的证据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式