-
公开(公告)号:US10346320B2
公开(公告)日:2019-07-09
申请号:US15418011
申请日:2017-01-27
发明人: Salil S Joshi , Puneet Kaushik
摘要: Applications and users can be restricted from making persistent changes to artifacts on a protected volume. In Windows-based systems that include a file-based write filter, a policy-based write filter can be positioned below the file-based write filter and can examine any write requests that target artifacts of a protected volume and are not redirected by the file-based write filter. The policy-based write filter can examine the write requests against any applicable policies to determine whether the write requests should be allowed to proceed. If the policy-based write filter determines that a write request is not allowed by policy, it can fail the write request to thereby prevent the targeted artifact from being updated in the protected volume.
-
公开(公告)号:US20170331878A1
公开(公告)日:2017-11-16
申请号:US15153596
申请日:2016-05-12
发明人: Puneet Kaushik , Rushikesh Patil
CPC分类号: H04L67/06 , G06F16/10 , H04L67/2842 , H04L67/306
摘要: Concurrent access to a user profile in a layering system is provided. When a user logs into a computing device, the server can locate a corresponding user profile to identify which layers should be provided to the user. Rather than sending these layers to the computing device for mounting, the server can mount the layers on the server. Therefore, if a user logs into multiple computing devices, the layering file system and registry filter drivers on those devices can route file system and registry requests to the server where the layers are mounted. Since the layers are mounted to a single device, concurrent access can be provided without the concern of data conflicts.
-
公开(公告)号:US20170316210A1
公开(公告)日:2017-11-02
申请号:US15142035
申请日:2016-04-29
发明人: Rushikesh Patil , Puneet Kaushik
CPC分类号: G06F21/577 , G06F21/55 , G06F21/56
摘要: A security solution can be implemented using a layering system. By using a layering system, any changes that are made to a computing system can be isolated within a separate write layer. Due to this isolation, the changes, which may even be malicious, can be evaluated without fear that the resources in other layers will be negatively affected. In this way, even security threats that are still unknown to antivirus solutions (so-called zero-day attacks) can be prevented from harming the system.
-
公开(公告)号:US10601896B2
公开(公告)日:2020-03-24
申请号:US15153596
申请日:2016-05-12
发明人: Puneet Kaushik , Rushikesh Patil
摘要: Concurrent access to a user profile in a layering system is provided. When a user logs into a computing device, the server can locate a corresponding user profile to identify which layers should be provided to the user. Rather than sending these layers to the computing device for mounting, the server can mount the layers on the server. Therefore, if a user logs into multiple computing devices, the layering file system and registry filter drivers on those devices can route file system and registry requests to the server where the layers are mounted. Since the layers are mounted to a single device, concurrent access can be provided without the concern of data conflicts.
-
公开(公告)号:US10523665B2
公开(公告)日:2019-12-31
申请号:US15423715
申请日:2017-02-03
发明人: Salil Joshi , Puneet Kaushik , Sumit Popli , Suruchi Dubey , Oleg Rombakh , Varun Raghavan
摘要: Authentication can be performed on thin clients using independent mobile devices. Because many users have smart phones or other similar mobile devices that include biometric scanners, such mobile devices can be leveraged to perform authentication of users as part of logging in to a thin client desktop. A mapping can be created on a central server between a user's mobile device and the user's domain identity. A mapping can also be created between the user's domain identity and the user's thin client desktop. Then, when a user desires to log in to his thin client desktop, the user can employ the appropriate biometric scanner on his mobile device to perform authentication. The central server can then rely on this authentication to identify and log the user into his thin client desktop.
-
公开(公告)号:US10409775B2
公开(公告)日:2019-09-10
申请号:US15142041
申请日:2016-04-29
发明人: Rushikesh Patil , Puneet Kaushik
IPC分类号: G06F16/16
摘要: A directory that resides on a layered volume can be renamed. A hooking module can be employed to intercept rename requests. The hooking module can query a layering file system filter driver to determine the volume of the source and target of the rename request. If the source and target are on different volumes, thereby indicating that the source is a directory of a layered volume, the hooking module can append a signature to the target which identifies the actual volume of the source. The modified rename request can then be passed to the operating system which will perform its normal operations including verifying that the source and target are on the same volume. During this verification, the layering file system filter driver can detect the appended signature in the target and can inform the operating system that the target is on the volume identified in the signature.
-
公开(公告)号:US20180217940A1
公开(公告)日:2018-08-02
申请号:US15422012
申请日:2017-02-01
发明人: Salil S. Joshi , Puneet Kaushik
IPC分类号: G06F12/128 , G06F12/0875 , G06F3/06
CPC分类号: G06F12/0875 , G06F12/0638 , G06F12/12 , G06F21/74 , G06F21/78
摘要: An overlay of a file-based write filter can be freed up to thereby minimize the likelihood that the overlay will become full and force a system reboot. An overlay-managing write filter can be employed in conjunction with the file-based write filter to monitor files that are stored in the overlay and move files that are not currently being accessed. If a request is made to access a moved file, the overlay-managing write filter can modify the request so that it targets the location of the moved file rather than the location of the original file on the protected volume. In this way, the fact that modified files are being moved from the overlay but not discarded can be hidden from the file-based write filter. As a result, the effective size of the overlay will be increased while still allowing the file-based write filter to function in a normal fashion.
-
8.发明申请SYSTEM AND METHOD FOR PROVIDING PRIVATE SESSION-BASED ACCESS TO A REDIRECTED USB DEVICE OR LOCAL DEVICE 有权用于提供基于会话访问的重定向USB设备或本地设备的系统和方法公开(公告)号:US20150244766A1
公开(公告)日:2015-08-27
申请号:US14699849
申请日:2015-04-29
发明人: Puneet Kaushik
CPC分类号: H04L67/02 , G06F3/0601 , H04L29/08846 , H04L41/00 , H04L63/10 , H04L63/105 , H04L67/2861 , H04L67/42
摘要: Restricting access to a device from a server, where the device is remote to the server and is connected locally to a client that is remote to the server, is described. The operations may include facilitating interception, at the server, of a function call to create a symbolic link; facilitating determination that the intercepted function call to create the symbolic link corresponds to a device object associated with the device that is remote to the server and is connected locally to a client that is remote to the server; facilitating obtaining configuration data indicating whether access to the device is to be restricted; and facilitating creation of the symbolic link in a local namespace of an object manager namespace of the server, upon obtaining configuration data indicating that access to the device is to be restricted.
摘要翻译: 描述了从设备远离服务器并在本地连接到远程服务器的客户端的服务器对设备的访问。 操作可以包括促进在服务器处的拦截以创建符号链接的函数调用; 有助于确定被拦截的功能调用以创建符号链接对应于与远程服务器的设备相关联并且本地连接到远程服务器的客户端的设备对象; 便于获得指示是否限制对设备的访问的配置数据; 并且在获得指示对该设备的访问被限制的配置数据时,便于在服务器的对象管理器命名空间的本地命名空间中创建符号链接。
-
公开(公告)号:US10558450B2
公开(公告)日:2020-02-11
申请号:US15426578
申请日:2017-02-07
发明人: Puneet Kaushik , Salil Joshi
摘要: When it is desired to update a group of thin clients that have a common configuration, the update can be deployed to a reference device on which a replicate tool executes. The replicate tool can examine the file system and registry of the reference device and create a manifest that describes the current state. The manifest can then be published for access by an agent that executes on the thin clients in the group. When the agent receives the manifest, it can compare the received manifest to an existing manifest on the thin client that defines the thin client's current state to identify any artifacts that differ. The agent can then retrieve and install any artifacts the thin client needs to match the current state of the reference device.
-
公开(公告)号:US10353636B2
公开(公告)日:2019-07-16
申请号:US15424977
申请日:2017-02-06
发明人: Puneet Kaushik , Salil S Joshi , Sumit Popli
摘要: A write filter can be configured to employ a dynamically expandable overlay. The size of the overlay could initially be small and could then grow and shrink during the current session based on demand. The overlay can span both RAM and disk to thereby allow the size of the overlay to be relatively large. When sufficient RAM is available, the overlay can be allowed to grow in RAM. In contrast, if RAM is low, the overlay can grow on disk. Also, artifacts in the overlay can be moved from the RAM portion to the disk portion to reduce the amount of RAM consumed by the overlay. Because the overlay is dynamically expandable, it will typically not become full and will therefore not force a reboot.
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.018 秒)
