公开(公告)号：JP2005318615A

公开(公告)日：2005-11-10

申请号：JP2005129810

申请日：2005-04-27

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： PALEKAR ASHWIN ,  CHOE CALVIN CHOON-HWAN ,  LEWIS ELLIOT D ,  BERK HAKAN ,  BRADIC LJUBOMIR ,  GIDWANI NARENDRA C ,  MOORE TIMOTHY M ,  KAMATH VIVEK P

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/104 ,  H04L63/164

Abstract: PROBLEM TO BE SOLVED: To provide a system and method for surely limiting access from a machine having a status, such as invalidity to a network resource. SOLUTION: A quarantine control client (QCC) that is positioned on a client machine acquires statements of health from a plurality of quarantine policy clients. The QCC packages these statements and provides the package to a quarantine execution client (QEC). The QEC transmits the package to a quarantine execution server (QES) together with a request of network access. The QES delivers the package to a quarantine control server (QCS) and the QCS decomposes the package and delivers each of the statements to a corresponding quarantine policy server (QPS). The QPS inspects the validity of the statement and notifies the QCS of a result. If a client provides a valid statement, the QES permits the client to access a network. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：提供一种可靠地限制来自具有诸如网络资源无效的状态的机器的访问的系统和方法。

解决方案：位于客户端计算机上的隔离控制客户端（QCC）从多个隔离策略客户端获取健康状况。 QCC封装这些语句，并将该包提供给隔离执行客户端（QEC）。 QEC将该包发送到隔离执行服务器（QES）以及网络访问请求。 QES将软件包提供给隔离控制服务器（QCS），QCS分解软件包，并将每个语句传递到相应的隔离策略服务器（QPS）。 QPS检查声明的有效性，并向QCS通知结果。 如果客户端提供有效的语句，则QES允许客户端访问网络。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：JP2005176320A

公开(公告)日：2005-06-30

申请号：JP2004320999

申请日：2004-11-04

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： KRANTZ ANTON W ,  PALEKAR ASHWIN ,  DUPLESSIS JEAN-PIERRE ,  ALAM MOHAMMAD S ,  LYNDERSAY SEAN O ,  MOORE TIMOTHY M

IPC: H04L9/08 ,  H04B7/26 ,  H04L12/26 ,  H04L12/28 ,  H04L29/06 ,  H04W12/02 ,  H04W12/06 ,  H04W48/14 ,  H04W48/18 ,  H04W84/12 ,  H04Q7/38

CPC classification number: H04W12/06 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/20 ,  H04L63/205 ,  H04W12/04 ,  H04W48/16 ,  H04W84/12

Abstract: PROBLEM TO BE SOLVED: To provide a system and method for facilitating automatic wireless network detection. SOLUTION: A wireless network client can automatically detect the "type" of a network (e.g., method of authentication and encryption) without requiring input from the user. For example, unencrypted network, WEP encrypted network requiring a WEP key, WPA encrypted network requiring a pre-shared key, an IEEE 802.1x enabled network supporting WPA and/or an IEEE 802.1x enabled network not supporting WPA. In a wireless network detection system having a connection component and a detection component, the connection component facilitates connection of a client system to at least one of a plurality of wireless networks. The detection component identifies a type of an available wireless network. Identification can be performed based upon information received in an information element and/or repeated probing of the wireless network beacon. COPYRIGHT: (C)2005,JPO&NCIPI

Abstract translation: 要解决的问题：提供一种便于自动无线网络检测的系统和方法。 解决方案：无线网络客户端可以自动检测网络的“类型”（例如，认证和加密的方法），而不需要用户的输入。 例如，未加密网络，需要WEP密钥的WEP加密网络，需要预共享密钥的WPA加密网络，支持WPA的支持IEEE 802.1x的网络和/或不支持WPA的支持IEEE 802.1x的网络。 在具有连接部件和检测部件的无线网络检测系统中，连接部件有助于将客户端系统连接到多个无线网络中的至少一个。 检测组件识别可用无线网络的类型。 可以基于在信息元素中接收的信息和/或无线网络信标的重复探测来执行识别。 版权所有（C）2005，JPO＆NCIPI

公开(公告)号：AU2006291347A1

公开(公告)日：2007-03-22

申请号：AU2006291347

申请日：2006-08-15

Applicant: MICROSOFT CORP

Inventor： CHIK JOY ,  BEN-SHACHAR IDO ,  MALAKAPALLI MEHER ,  BARABOI TUDOR ,  STEERE DAVID ,  PALEKAR ASHWIN

IPC: G06F15/00 ,  G06F17/00

Abstract: Implementations of the present invention relate to a communication framework that is readily adaptable to a wide variety of resources intended to be accessible through a firewall. In general, a communication framework at a gateway server can provide a specific connection to a requested resource in accordance with a wide range of resource and/or network access policies. In one instance, a client requests a connection to a specific resource behind a firewall. The communication framework authenticates the connection, and quarantines the connection until determining, for example, that the client is using an appropriate resource features. If appropriately authenticated, the communication framework can pass control of the connection to an appropriately identified protocol plug-in processor, which facilitates a direct connection to the requested resource at an application layer of a communication stack.

公开(公告)号：WO2009005966A3

公开(公告)日：2009-03-12

申请号：PCT/US2008066404

申请日：2008-06-10

Applicant: MICROSOFT CORP

Inventor： PALEKAR ASHWIN ,  DOPSON DAVID T ,  BELETSKI ROUSLAN ,  BEN-SHACHAR IDO ,  LEITMAN ROBERT K ,  WANG HUEI CHUNG ,  SAMPATH SRIRAM ,  BROCKWAY TAD DENNIS

IPC: G06F15/16 ,  G06F15/00

CPC classification number: G06F9/5027 ,  G06F2209/5015 ,  G06F2209/503 ,  H04L67/14 ,  H04L67/40

Abstract: An integration system is disclosed that provides a virtual desktop integration with terminal services. A client computer is connected to one the virtual desktops operating in a server. The client computer examines information contained in a remote desktop protocol (RDP) compliant packet supplied by the server. The client computer connects to one of the many virtual desktops based on information. Use of the information enables integration of the virtual desktop with the existing terminal session deployment model. Client devices can establish a session using a single network name and can be appropriately directed to either a virtual desktop or terminal session.

Abstract translation: 公开了一种集成系统，其提供与终端服务的虚拟桌面集成。 客户端计算机连接到在服务器中运行的虚拟桌面之一。 客户端计算机检查服务器提供的远程桌面协议（RDP）兼容数据包中包含的信息。 客户端计算机根据信息连接到许多虚拟桌面之一。 使用这些信息可以将虚拟桌面与现有的终端会话部署模型进行集成。 客户端设备可以使用单个网络名称建立会话，并可以适当地指向虚拟桌面或终端会话。

公开(公告)号：WO2012050719A2

公开(公告)日：2012-04-19

申请号：PCT/US2011051657

申请日：2011-09-14

Applicant: MICROSOFT CORP

Inventor： ALLADI MAHADEVA ,  SAMPATH SRIRAM ,  BEN-SHACHAR IDO ,  GREEN DUSTIN L ,  PALEKAR ASHWIN

IPC: G06F9/06 ,  G06F9/44 ,  G06F13/14 ,  G06F15/16

CPC classification number: G06F9/544 ,  G06F8/60 ,  G06F9/4445 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: Techniques for configuring and operating a virtual desktop session are disclosed herein. In an exemplary embodiment, an inter-partition communication channel can be established between a virtualization platform and a virtual machine. The inter-partition communication channel can be used to configure a guest operating system to conduct virtual desktop sessions and manage running virtual desktop sessions. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract translation: 这里公开了用于配置和操作虚拟桌面会话的技术。 在示例性实施例中，可以在虚拟化平台和虚拟机之间建立分区间通信信道。 分区间通信通道可用于配置客户操作系统以执行虚拟桌面会话并管理正在运行的虚拟桌面会话。 除了前述之外，在权利要求，详细描述和附图中描述了其他技术。

公开(公告)号：WO2012050721A2

公开(公告)日：2012-04-19

申请号：PCT/US2011051659

申请日：2011-09-14

Applicant: MICROSOFT CORP

Inventor： LOTLIKAR MAHESH ,  SAMPATH SRIRAM ,  PALEKAR ASHWIN ,  IVANOVA OLGA B ,  GREEN DUSTIN L ,  BEN-SHACHAR IDO

IPC: G06F9/06 ,  G06F9/44 ,  G06F13/14 ,  G06F15/16

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  H04L67/1097

Abstract: Techniques for configuring a commodity server to host virtual hard disks are disclosed herein. In an exemplary embodiment, a virtual hard disk file can be split into a plurality of differencing VHD files and one or more of the files can be downloaded to a virtualization host as it runs off the VHD files stored on the server. After the one or more VHD files are downloaded, the virtualization host can be configured to use the local copy instead of the copy on the commodity server. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract translation: 这里公开了用于配置商品服务器以托管虚拟硬盘的技术。 在示例性实施例中，可以将虚拟硬盘文件拆分成多个差异VHD文件，并且可以在虚拟化主机运行存储在服务器上的VHD文件时将一个或多个文件下载到虚拟化主机。 在下载一个或多个VHD文件后，可以将虚拟化主机配置为使用本地副本，而不是商品服务器上的副本。 除了前述之外，在权利要求，详细描述和附图中描述了其他技术。

公开(公告)号：NO20081455L

公开(公告)日：2008-04-11

申请号：NO20081455

申请日：2008-03-25

Applicant: MICROSOFT CORP

Inventor： CHIK JOY ,  BEN-SHACHAR IDO ,  MALAKAPALLI MEHER ,  PALEKAR ASHWIN ,  BARABOI TUDOR ,  STEERE DAVID

IPC: G06F15/00 ,  G06F17/00

Abstract: FIELD: information technology. ^ SUBSTANCE: method involves receiving a connection request from a client, where the connection request identifies a resource, identification, based on the resource, of an access policy from communication infrastructure installed on a gateway, wherein said one or more access policies are general for said communication infrastructure and are not created specifically for said resource, quarantining the connection with the client in order to determine whether the minimum set of one or more features which are determined by said one or more policies is installed on the client, identification of the plug-in of the protocol processor, wherein the identified plug-in processes the connection to multiple resources which have the same resource type, and redirecting the connection with the client to the identified plug-in of the protocol processor by controlling the channel of the tunnel connection to the plug-in of the protocol processor such that the next communications between the client and the resource is processed through the plug-in of the protocol process independent of the communication infrastructure. ^ EFFECT: faster operation. ^ 17 cl, 3 dwg

公开(公告)号：BRPI0615752A2

公开(公告)日：2011-05-24

申请号：BRPI0615752

申请日：2006-08-15

Applicant: MICROSOFT CORP

Inventor： BEN-SHACHAR IDO ,  MALAKAPALLI MEHER ,  PALEKAR ASHWIN ,  BARABOI TUDOR ,  STEERE DAVID ,  CHIK JOY

IPC: G06F15/00 ,  G06F17/00

Abstract: FIELD: information technology. ^ SUBSTANCE: method involves receiving a connection request from a client, where the connection request identifies a resource, identification, based on the resource, of an access policy from communication infrastructure installed on a gateway, wherein said one or more access policies are general for said communication infrastructure and are not created specifically for said resource, quarantining the connection with the client in order to determine whether the minimum set of one or more features which are determined by said one or more policies is installed on the client, identification of the plug-in of the protocol processor, wherein the identified plug-in processes the connection to multiple resources which have the same resource type, and redirecting the connection with the client to the identified plug-in of the protocol processor by controlling the channel of the tunnel connection to the plug-in of the protocol processor such that the next communications between the client and the resource is processed through the plug-in of the protocol process independent of the communication infrastructure. ^ EFFECT: faster operation. ^ 17 cl, 3 dwg

公开(公告)号：NO20081455A

公开(公告)日：2008-04-11

申请号：NO20081455

申请日：2008-03-25

Applicant: MICROSOFT CORP

Inventor： CHIK JOY ,  BEN-SHACHAR IDO ,  MALAKAPALLI MEHER ,  PALEKAR ASHWIN ,  BARABOI TUDOR ,  STEERE DAVID

IPC: G06F15/00 ,  G06F17/00

公开(公告)号：ES2389651T3

公开(公告)日：2012-10-30

申请号：ES04025545

申请日：2004-10-27

Applicant: MICROSOFT CORP

Inventor： KRANTZ ANTON W ,  PALEKAR ASHWIN ,  DUPLESSIS JEAN-PIERRE ,  ALAM MOHAMMAD SHABBIR ,  LYNDERSAY SEAN O ,  MOORE TIMOTHY M

IPC: H04L9/08 ,  H04W48/16 ,  H04B7/26 ,  H04L12/26 ,  H04L12/28 ,  H04L29/06 ,  H04W12/02 ,  H04W12/06 ,  H04W48/14 ,  H04W48/18 ,  H04W84/12

Abstract: Un sistema implementado por ordenador para facilitar la detección automática de un tipo de red inalámbrica sinrequerir indicaciones del usuario, refiriéndose el tipo al procedimiento de autenticación y cifrado que requiere lared, comprendiendo el sistema:un componente (110) de conexión que puede conectar un dispositivo con una pluralidad de redesinalámbricas (210-250); yun componente (120) de detección que identifica automáticamente un tipo de cifrado de una red inalámbricadisponible (140), en el que la identificación del tipo de cifrado se basa en la detección de un fallo de unaporción de una secuencia de autenticación de la red inalámbrica disponible o en la superación de un umbralde tiempo sin haber detectado una porción esperada de la secuencia de autenticación de la red inalámbricadisponible, en el que la identificación del tipo de cifrado incluye:que el componente de detección intente (310) una secuencia de autenticación 802.1x con la redinalámbrica y determine (330) que la red inalámbrica, como una red (222) de privacidad equivalente auna cableada, requiere una clave de privacidad equivalente a una cableada cuando ocurren un fallo deuna porción de la secuencia de autenticación 802.1x o la superación de un umbral de tiempo sin haberdetectado una porción esperada de la secuencia de autenticación 802.1x;que el componente de detección, en respuesta a la tentativa de una secuencia de autenticación 802.1x,identifique (432) la red inalámbrica como una red 802.1x (224) cuando no ocurren el fallo de una porciónde la secuencia de autenticación 802.1x ni la superación de un umbral de tiempo sin haber detectado laporción esperada de la secuencia de autenticación 802.1x;que el componente de detección, en respuesta a la identificación de la red inalámbrica como una red802.1x, intente una secuencia de servicios de dotación inalámbrica y determine (444) que la redinalámbrica no soporta servicios (244) de dotación inalámbrica cuando ocurren un fallo de una porciónde la secuencia de autenticación de servicios de dotación inalámbrica o la superación de un umbral detiempo sin haber detectado una porción esperada de la secuencia de autenticación de servicios dedotación inalámbrica; yque el componente de detección, en respuesta a la tentativa de una secuencia de servicios de dotacióninalámbrica, identifique (370) la red inalámbrica como una red (242) de servicios de dotación inalámbricacon soporte de 802.1x cuando no ocurren el fallo de una porción de la secuencia de autenticación deservicios de dotación inalámbrica ni la superación de un umbral de tiempo sin haber detectado unaporción esperada de la secuencia de autenticación de servicios de dotación inalámbrica.